Highest Voted 'strongswan' Questions - Server Fault Stack Exchange

2

votes

1 answer

strongswan ikv2 loading EAP_RADIUS method failed

My environment are windows radius server and active directory, linux strongswan server. My configuration is setup for the ikv2 vpn to accept active directory users vis a windows radius server. I keep getting this error : Jan 21 18:52:36 coniston…

linux vpn strongswan

asked Jan 21 '21 at 20:35

Chuks

21
2

2

votes

2 answers

How to disable all strongSwan logging?

Tried the following but that didn’t work. config setup charondebug="ike -1, knl -1, cfg -1" My gut feeling is it has something to do with /etc/strongswan.d/charon-logging.conf? I have read the docs but want to make sure I don’t miss…

strongswan

asked Jul 15 '20 at 13:50

sunknudsen

701
3
14
28

2

votes

0 answers

Site to Site VPN between Strongswan and Cisco ASA

I am trying to configure a VPN between a Cisco ASA firewall and Strongswan. From the logs, it looks like Phase 1 is completing without any issue, but phase is giving the following error: "received NO_PROPOSAL_CHOSEN error notify". Strongswan…

ubuntu vpn cisco strongswan

asked Jul 14 '20 at 10:22

Armand K.

21
2

2

votes

0 answers

NAT with strongswan - howto?

Network Topology I have the following setup where Office 1 and Office 2 have the same IP address range (192.168.0.0/16) and both are using strongSwan running on Ubuntu VM (with two NICs one connected to LAN (eth1 192.168.1.4) and one in the DMZ…

networking iptables linux-networking nat strongswan

asked May 02 '20 at 18:30

Waddah Shamroukh

21
2

1

vote

1 answer

How to add plugin strongswan on yocto ( embedder linux )

i know i missing some strongswan plugin, depending on your configuration. especially plugin eap-... but with this file .bb i don't know how to add plugin on strongswan. if you have ideal. Thank you File strongswan.bb DESCRIPTION = "strongSwan is an…

vpn ipsec strongswan embedded-linux

asked Jan 08 '20 at 02:40

Quang Anh Trần Đỗ

11
1
4

1

vote

1 answer

How can I suppress the Old Runlevel warning while installing Strongswan

When I install strongswan and dependent packages using apt install, I get the following warning prompt: This inhibits me from installing strongswan through an automated unattended install script. Therefore, how can I suppress this prompt. I am…

installation ipsec strongswan debian-stretch runlevel

asked Jan 03 '20 at 06:51

0xF1

155
1
5

1

vote

1 answer

How do I set up a VPN to access specific subnets?

I would like to set up a point-to-site VPN that is only used to access a specific set of subnets so that I can access services via the VPN but without routing all traffic through it. In my test setup, I have three servers, one of which (fra1-02) is…

vpn routing ipsec strongswan

asked Dec 13 '19 at 05:25

Stefano Palazzo

227
1
13

1

vote

1 answer

"NO_PROPOSAL_CHOSEN" when trying to authenticate with a certificate from smartcard using swanctl

I'm trying to create a VPN tunnel between two VMs (named A and B) with strongSwan (for what matters, I use swanctl here) using a host-to-host configuration (as described here ) and a smartcard for B's authentication I generated CA certificate and I…

strongswan yubikey

asked Nov 15 '19 at 10:45

Nobozoa

11
5

1

vote

0 answers

Strongswan high latency on LTE

Allow me to ask for help to solve the following problem with latency. I have a network which is on one side the Strongswan server and on the opposite side are terminals connected through DSL, cable or wifi. When I am testing latency through the…

ipsec latency strongswan

asked Nov 10 '19 at 12:01

Petr W.

23
1
8

1

vote

1 answer

strongSwan VPN no LAN access when Wi-Fi gateway has same IP as VPN server gateway

I've recently setup my StrongSwan VPN, mostly following this DigitalOcean guide. It worked nicely until I encountered this weird routing issue. Network diagram below: +-----------+ +-----------+ Internet +------------+ +-------------+ |VPN…

linux vpn routing ipsec strongswan

asked Aug 07 '19 at 15:35

mihai

111
3

1

vote

1 answer

When configuring strongSwan servers, is it safer to use `rekey=yes`?

Currently, I use the following configuration. Should I switch to rekey=yes and, if so, why? I’m looking to enforce perfect forward secrecy (PFS). Other security suggestions are welcomed. config setup charondebug="ike 1, knl 1, cfg 0" …

strongswan

asked Jun 26 '19 at 00:07

sunknudsen

701
3
14
28

1

vote

1 answer

Using strongSwan as VPN server to supervised (always-on) iOS VPN clients. Two associations to the server are established by iOS clients. Why?

I’m using rightsourceip=%dhcp on the server so two clients cannot have the same leftid. Prior to using rightsourceip=%dhcp, I used uniqueids=never and 10.0.2.0/24 to allow multiple clients with the same leftid, but that doesn’t appear to work with…

ios strongswan

asked Jun 05 '19 at 16:52

sunknudsen

701
3
14
28

1

vote

0 answers

Strongswan ipsec site to site vpn to aws virtual private gateway

I have configured ipsec tunnel between strongswan and aws vpc. Below is my ipsec conf: ---- config setup charondebug="all" uniqueids=no conn vpc mobike=no type=tunnel compress=no keyexchange=ikev1 …

amazon-web-services ipsec site-to-site-vpn strongswan

asked Jun 05 '19 at 11:14

tenzin

19
2

1

vote

0 answers

Strongswan CentOS 7 to Mikrotik Router L2TP VPN "NO_PRPOSAL_CHOSEN"

I have reviewed existing Q&A on this issue and, maybe there's a hook I'm not seeing, but I don't know what else to try. I get this output when attempting to launch VPN from CentOS "client": [root@hostname etc]# strongswan up casanova_vpn initiating…

vpn centos7 strongswan mikrotik l2tp

asked Jun 05 '19 at 06:44

dmmooney

11
2

1

vote

1 answer

How can I route all traffic through strongSwan VPN?

Server ipsec.conf config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=never conn ikev2 auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes ike=aes256gcm16-sha384-modp3072! …

strongswan

asked May 23 '19 at 18:34

sunknudsen

701
3
14
28

Questions tagged [strongswan]