Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [strongswan]

strongSwan is an open source, multi-platform IPsec-based VPN solution, with IKEv2 & IKEv1 support

strongSwan is an open source, multi-platform -based solution, with IKEv2 & IKEv1 support.

More information can be found on strongswan.org.

435 questions
1
vote
0 answers

Strongswan site-to-site VPN initiated but no traffic

I´ve seen this sort of question posted a few times before, but so far, none of them have solved my issue. I'm trying to set up an IKEv2 VPN on an VM in GCP using Strongswan. The connection seems to be set up correctly, but no packets are routed and…
Alex Tbk
  • 111
  • 4
1
vote
1 answer

How to check which crypto a strongSwan client is using?

When you configure an IKEv2/IPsec client on iOS or macOS using the built-in VPN client, you can’t configure which crypto the client uses (unless you are using deployment profiles). So how can you know which crypto is used to encrypt the VPN traffic?
sunknudsen
  • 701
  • 3
  • 14
  • 28
1
vote
1 answer

Is strongSwan eap-mschapv2 authentication secure vs using certs?

What level of encryption is used during the authentication part of the connection? Here’s a sample /etc/ipsec.conf configuration. config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no conn ikev2 auto=add compress=no …
sunknudsen
  • 701
  • 3
  • 14
  • 28
1
vote
1 answer

IDir '193.174.193.64' does not match to 'vpngw.fh-kempten.de

I am trying to configure my client using VPN (strongswan) to access the remote server whose DNS is vpngw.fh-kempten.de Details of my remote VPN Server are: Authentication Method = Mutual +XAuth PSK =**** Phase 1 Exchange Type = aggressive DH…
Saqib Shakeel
  • 111
  • 1
  • 3
1
vote
1 answer

How to configure strongswan peer-to-peer vpn tunnel using public IP as encryption domain?

I'm required to configure an ipsec tunnel to communicate with a remote vpn (Cisco ASA 5555). I have created an Amazon Lightsail instance with ubuntu 18.04 installed. Upon doing some studying i came across Strongswan which I've used to configure the…
KareimQ
  • 76
  • 4
1
vote
1 answer

Build strongswan-systemd using the "apt-get" repo on Ubuntu

I have built strongswan using the legacy ipsec interface, however reading the following document I am able to build the newer version with the systemd unit file approach: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd I'd quite…
Owensteam
  • 120
  • 2
  • 10
1
vote
1 answer

Strongswan 5.7.1 IKEv2 Certificate configuration for Android client

I'm trying to configure strongswan 5.7.1 for Android strongswan "IKEv2 Certificate" connection. I'm using a self signed user certificate and a godaddy wildcard server certificate. I am unable to connect and in the log I see "local id match: 0 and…
user1247196
  • 41
  • 1
  • 3
1
vote
1 answer

Strongswan: “received NO_PROPOSAL_CHOSEN error notify” while connecting to Cisco Router

I'm trying to establish an ipsec connection from a raspberry pi with Strongswan (Linux strongSwan U5.5.1/K4.14.50+) to a Cisco Router. This is the Strongswan output: root@raspberrypi:~# ipsec up Ciscoios initiating Main Mode IKE_SA Ciscoios[1] to…
NazgulNr5
  • 13
  • 1
  • 3
1
vote
1 answer

StrongSwan on Amazon Linux with RADIUS

I'm trying to run strongSwan on an Amazon Linux instance with authentication against RADIUS but I receive an error when trying to start strongSwan charon[9518]: 00[CFG] RADIUS initialization failed, HMAC/MD5/RNG required To install strongSwan I…
Christian
  • 796
  • 3
  • 13
  • 31
1
vote
0 answers

Strongswan - traffic from servers in the same IP block are not going through VPN tunnel

Site A: Device: CentOS Server eth0: public IP address eth1: 10.0.0.1/24 (dedicated vlan) Site B: Device: Juniper SRX ge-0/0/0: public IP address ge-0/0/5: 192.168.1.1/24 I've configured a site to site VPN using strongswan between two locations.…
netmat
  • 61
  • 2
  • 4
1
vote
1 answer

ipsec tunnel blocks google services

I set up a strongswan responder on debian in GCE. I can connect to it via the strongswan app on android. No problems. I can also connect using the native vpn client in Windows 10. And when I do, the responder becomes my default gateway. (The whole…
K. Werner
  • 11
  • 3
1
vote
1 answer

strongSwan VPN Intermediate Certificate Authority

I have been testing out strongSwan VPN on a Linux server in a Windows Active Directory domain. I have managed to get a single-tier PKI with EAP authentication to work, but when I attempt to add a intermediate certificate authority to the setup…
0B51D14N
  • 83
  • 2
  • 9
1
vote
1 answer

Strongswan Routing Roadwarrior with the VM IP, instead of the virtual IP

I'm at my wit's-end here with this issue. I have a stongswan VM with only 1 private internet interface (ens18). I can successfully connect to it and get a virtual IP, but my problem is the network beyond the strongswan VM sees the roadwarrior user's…
David Michalczuk
  • 11
  • 1
1
vote
2 answers

VPN : Cannot reach my own gateway using ipsec/strongswan

I've followed this tutorial to setup my private VPN using StrongSwan and IPSec. It works very well. But when I try to connect directly to my gateway/server (using SSH), the connection does not go trough the VPN. If I look for the tables in my…
iero
  • 123
  • 5
1
vote
1 answer

Strongswan IKEv2 auth - pubkey and EAP

I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials. My certificate is ok. I tested pubkey auth and it was ok, also EAP is working, but when i trying run this two auth…
user9443103
  • 15
  • 5
1 2 3
28 29