Newest strongswan Questions

Q&A for system and network administrators

Routing through IPSec tunnel

I have two servers establishing an IPSec VPN as a site-to-side kind of setup. I use StrongSwan on Ubuntu 16.04 for both servers and the VPN itself works. What may be a bit special is that the subnet ...

Why does traffic info not show in an IPSec VPN connection?

I recently set up an strongSwan server. In my android phone, I noticed that the IPSec VPN connection only shows Duration info. There is no traffic info (sent and received bytes/packets) of the ...

Strongswan VPN Client works for OS X & iOS, but not Linux

I've spent 10 hours scouring strongSwan and other discussion threads, to no avail. I set up a mostly standard strongSwan 5.2.1 server on a Debian 8 host. I can successfully connect to the VPN from my ...

Strongswan RA and Strongswan site-2-site with ASA

Task: Establish communication between remote clients (192.168.79.0/24) that are connecting to VPN server (on Ubuntu) and corporate network (10.1.2.0/24) connected to Cisco ASA. Schema: 192.168.79.0/...

Strongswan to Cisco ASA

I have a problem with connection two nets with IPsec. On the one side is Cisco ASA 55xx on the other TP-Link router with Debian 8.3 with StrongSwan behind the NAT. The problem also that I have ...

Can't establish site to site vpn connection between Cisco 3900 and strongSwan client

I have website, which displays data, received from gsm modems. So i am trying to connect my website to GSM network provider using vpn. Provider side there is a Cisco 3900, configured as site to site ...

Strongswan auto disconnect

I need to setup vpn connection (IPSec) and i'm using it for a mobile payment method. the problem is : StrongSwan is auto disconnecting and i need to login to my server through SSH and start the ...

Strongswan VPN: no matching peer config found

I'm trying to setup a Strongswan VPN but can't get it to work. It does not find a matching peer config and I don't know why: LOG: [ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(...

Strongswan not routing between two subnets

My ipsec.conf configuration on 192.168.2.192 (left): config setup conn sample-self-signed left=192.168.2.192 leftsubnet=192.168.2.0/24 leftid=cbw right=192.168.2.20 rightid=control ...

Strongswan site to site tunnel

I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial: http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/ but i want to run this senario: ...

Configuring multiple ipsec tunnels on vlan

I am trying to create a vlan between two machines, they are located on separate physical boards. And then create separate ipsec tunnels on each vlan link. Such that: eth2 10.0.1.1 ------------------...

Two users behind same NAT (PSK or EAP) - strongswan

I have a strongswan implementation and am running into an issue where when there are two users behind the same NAT, the second one "kicks off" the first one. I was able to resolve the issue using: ...

Strongswan: Transport mode with non-specific remote hosts

I am using strongSwan 5.2.1 on Debian Jessie, and am having trouble configuring it to do what I want. Premise In a test environment, I am seeking to use transport mode IPsec between a Linux virtual ...

Two road warrior clients behind the same NAT device (IKEv2, StrongSwan, LibreSwan)

I have an IKEv2 VPN that is set up and works properly, however I run into issues when I have two road warriors behind the same NAT device. Both devices connect however the second device seems to kick ...

IPSec VPN works on LAN only

I've set up a cisco RV320 VPN box using IPSec IKEv1. My SA are the same on each end, using 2-factor authentication. My network topology is as follows: Topology M = Modem, A = Router A, B = Router ...

Strongswan issue with source IP

I have established a VPN connection between a region in AWS and a datacenter implemented with OpenStack: |---AWS------------------| |-----OpenStack----------| Private IP EIP ...

IPsec tunnel won't stay up

I have a static IPsec tunnel configured between a Debian cloud server running StrongSwan and a Juniper SRX 210. The tunnel goes up just fine, but it never stays up for long, the longest may be about ...

Reassemble fragmented UDP packet

there is a Strongswan roadwarrior configured to send fragmented ISAKMP packets to the clients. The client is behind NAT (Debian Jessie, IPTABLES). The fragmented UDP packets are reassembled on the ...

StrongSwan IPsec and NAT

I have an IPSec tunnel to the network of our customer running on a Linux box with StrongSwan. On there I have to do source NAT to translate our network addresses to the subnet they assigned us. This ...

Strongswan IKEv2 VPN on OS X 10.11 and iOS 10 Clients

After many days of searching on Google, through Serverfault, and even on the StrongSwan website, I have been unsuccessful in attempting to get StrongSwan IPSec/IKEv2 VPN working on OS X 10.11.5 and ...

Enable IKE tracing on windows 10 VPN

I have an IKEV2 VPN setup (including certs) that worked fine on windows 7. On Windows 10, the same config fails with 'IKE authentication credentials are unacceptable'. Server is StrongSwan. The last ...

Traffic cannot be routed despite Strongswan VPN connection being established

I have setup a host to host (tunnel) VPN connection with Strongswan (doing this for the first time) between peers B and C so that hosts A and D can connect securely. A and B are on my side which I ...

IPSEC help using Strongswan on CENTOS 6.6

I have been tasked with setting up an IPSEC tunnel to our remote data provider. They require my Phase 2 traffic to be PAT'd behind a public address. I am using strongswan 5.3.2 on CentOS 6.6 on a ...

Strongswan using FQDN

I currently have a VPN server with Stongswan running. We use this to make sure that you can reach some of our internal tools, only when connected to the VPN. Let's assume we have the following URLs, ...

strongSwan: multiple rightsubnet using IKEv1

https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection According to strongSwan documentation rightsubnet with multiple network addresses only works with IKEv2. There is a common (?) ...

Redirect all traffic from one ip to another

I have a server running Ubuntu with Strongswan installed, the server have a web server and an email server. The web server is allowed to be accessed from everywhere but the email server only allow ...

Why does 'ipsec statusall' not show any connections?

I've finally been able to get a tunnel between my computer (strongswan) and a Zyxel Zywall 110 up and running. I'm connecting using certificates, and judging from the logs the actual VPN connection ...

is it possible to use strong swan to set host to host vpn for many clients which have dynamic ips?

I want my server to set a vpn connection for each client trying to connect, where clients would usually have dynamic addresses. Most importantly, is it possible to do this with unique psk given for ...

IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]

Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference? I found these projects. ...

IPSec - Is it possible to have remote access clients (road warriors) all behind the same NAT device?

This is a topic that I find mixed information on. Is it possible to have two IPSec road warriors that are behind the same NAT, even with an ASA as the VPN endpoint? I have been trying with Libreswan ...

How do i get Strongswan / IPTables to route data back to my road warrior client correctly?

I have a simple VPN. I have a client on 10.185.28.241 who gets a virtual IP of 10.42.42.0/24 from the VPN which is located at 10.112.18.105 and is providing access to machines in the 10.112.0.0/16 ...

Strongswan running in container to create VPN tunnel between LAN and GCE?

I've got a CentOS 7 VM running strongSwan which sets up a VPN tunnel between our LAN and Google Compute Engine (Google Cloud VPN). This makes local machines on the LAN accessible by GCE instances and ...

Strongswan - Cisco ASA Transaction Request failure

I am trying to create a S2S VPN between an Ubuntu StrongSwan (in Azure) and a Cisco ASA at a client site. Currently using ikev1 (the Cisco won't support v2 for a few months) and it appears to be ...

IKEV2 configuration file IP pool

I have some problems with configuring VPN using IKEV2. Here is my server configuration file config setup # Uncomment to allow few simultaneous connections with one user account. # By ...

How to redirect traffic through IPv6 IPSec (strongswan) gateway?

I'm trying to set up IPSec secured connection to the gateway. Have three hosts: A: eth1 - fec0:1::1/64 B: eth1 - fec0:1::2/64 eth2 - fec0:2::2/64 which is gateway between A and C; forwarding is set ...

ipsec/strongswan - how to use remote router as local gateway using the route command

Ok, this should be an easy one, but its driving me nuts. Scenario: Site A (San Francisco) Site B (Colombia) Both sites are connected successfully via IPSec (openswan, debian 8): SiteA----...

strongSwan site2site to a docker subnet

The problem I'm running docker on a public server and want to connect the subnet of the docker containers to a private subnet on a remote site and use strongSwan with a modified IKEv1 net2net PSK ...

Having trouble while setting VPN tunnel

I want to setup VPN tunnel between hosts, such that their subnetworks can connect each other. Ex:- DummyNetwork ---> PC1 (HOST A) ------------- PC2( HOST B)------ >DummyNetwork PC1 IP address : 192....

Strongswan ubuntu client setup?

I have setup strongswan VPN server and tested the connection from windows machine. Its working fine. But can't connect from Ubuntu desktop client using Strongswan-network-manager. Someone please give ...

IPsec tunnel, receiving data with wrong destination address

I've managed to stablish an IPsec tunnel using strongswan to a Cisco router. My server is an Azure VM, so it is behind NAT. I do not have control over the Cisco router. This is my /etc/ipsec.conf: ...

IKEV2 VPN doesn't hides real IP from Windows client

I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...

Ipsec: How to forward certains IPs to use VPN

I connected to a VPN using Strongswan IPsec in Ubuntu. Im trying to telnet to an IP address but is giving time out due that it would need to be done through the VPN. How can I "only requests to ...

Strongswan - Split-tunneling

I have a server that is running Ubuntu 14.04.5 LTS on EC2 with strongSwan U5.1.2/K3.13.0-107-generic installed on it, currently i can connect through VPN and my traffic is routed to eth0 "the default ...

Strongswan with mysql backend authentication not autneticating

I have Strongswan installed and configured on my server. I've been able to successfully authentication against it when using the standard ipsec.secrets for the list of users. I want to enable the ...

StrongSwan stuck on connecting on tunnel

I know this may be vague, but I'm stuck. I'm trying to establish a tunnel between a workstation of mine and a remote server with a PSK, but the server does not see my request. I can ping their ip ...

Forwarding UPnP, DLNA traffic via computer to server

I'm about to tear out what is left of my hair with this. I was able to finally see traffic coming through, but not working in full, when using socat but this setup is not ideal. The idea: I have a ...

xl2tp + strongswan ipsec — xl2tp timeout

I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I ...

How can I secure all traffic using strongSwan/IPSec except SSH access?

how can I configure strongSwan to require IPSec for all connections except SSH connections? I tried creating two connections: Create a "connection" for SSH using passthrough mode (left=%any/right=%...

How to fix failing connection to VPN(ipsec+ikev2)?

Auth made with certificates ubuntu 16.04 + strongswan. Client connecting from win7, certificate was added like said in strongswan Wiki. Config made also like in strongswan wiki, but i got error: '...

IOS + StrongSwan + Windows RADIUS (NAP)

We've got Windows NAP, Windows Certification Services and many kind of clients wich uses Windows, android, OS X and iOS. All clients have certificates issued Windows CA, and I need that they connect ...
Translating... 0%