Newest strongswan Questions

Q&A for system and network administrators

strongSwan site2site to a docker subnet

The problem I'm running docker on a public server and want to connect the subnet of the docker containers to a private subnet on a remote site and use strongSwan with a modified IKEv1 net2net PSK ...

StrongSwan stuck on connecting on tunnel

I know this may be vague, but I'm stuck. I'm trying to establish a tunnel between a workstation of mine and a remote server with a PSK, but the server does not see my request. I can ping their ip ...

Strongswan VPN: no matching peer config found

I'm trying to setup a Strongswan VPN but can't get it to work. It does not find a matching peer config and I don't know why: LOG: [ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(...

IOS + StrongSwan + Windows RADIUS (NAP)

We've got Windows NAP, Windows Certification Services and many kind of clients wich uses Windows, android, OS X and iOS. All clients have certificates issued Windows CA, and I need that they connect ...

Strongswan IKEv2 VPN on OS X 10.11 and iOS 10 Clients

After many days of searching on Google, through Serverfault, and even on the StrongSwan website, I have been unsuccessful in attempting to get StrongSwan IPSec/IKEv2 VPN working on OS X 10.11.5 and ...

Why does traffic info not show in an IPSec VPN connection?

I recently set up an strongSwan server. In my android phone, I noticed that the IPSec VPN connection only shows Duration info. There is no traffic info (sent and received bytes/packets) of the ...

Two road warrior clients behind the same NAT device (IKEv2, StrongSwan, LibreSwan)

I have an IKEv2 VPN that is set up and works properly, however I run into issues when I have two road warriors behind the same NAT device. Both devices connect however the second device seems to kick ...

How to fix failing connection to VPN(ipsec+ikev2)?

Auth made with certificates ubuntu 16.04 + strongswan. Client connecting from win7, certificate was added like said in strongswan Wiki. Config made also like in strongswan wiki, but i got error: '...

Routing through IPSec tunnel

I have two servers establishing an IPSec VPN as a site-to-side kind of setup. I use StrongSwan on Ubuntu 16.04 for both servers and the VPN itself works. What may be a bit special is that the subnet ...

Strongswan issue with source IP

I have established a VPN connection between a region in AWS and a datacenter implemented with OpenStack: |---AWS------------------| |-----OpenStack----------| Private IP EIP ...

Strongswan running in container to create VPN tunnel between LAN and GCE?

I've got a CentOS 7 VM running strongSwan which sets up a VPN tunnel between our LAN and Google Compute Engine (Google Cloud VPN). This makes local machines on the LAN accessible by GCE instances and ...

Forwarding UPnP, DLNA traffic via computer to server

I'm about to tear out what is left of my hair with this. I was able to finally see traffic coming through, but not working in full, when using socat but this setup is not ideal. The idea: I have a ...

IPsec tunnel won't stay up

I have a static IPsec tunnel configured between a Debian cloud server running StrongSwan and a Juniper SRX 210. The tunnel goes up just fine, but it never stays up for long, the longest may be about ...

Enable IKE tracing on windows 10 VPN

I have an IKEV2 VPN setup (including certs) that worked fine on windows 7. On Windows 10, the same config fails with 'IKE authentication credentials are unacceptable'. Server is StrongSwan. The last ...

Connection of a Server to my home network via Strongswan (received INVALID_ID_INFORMATION error notify)

I try to establish a VPN connection from my root server to my home network via strongswan. I've configured my router (FritzBox 7490) for VPN PSK XAUTH connections. A VPN connection from my Android-...

is it possible to use strong swan to set host to host vpn for many clients which have dynamic ips?

I want my server to set a vpn connection for each client trying to connect, where clients would usually have dynamic addresses. Most importantly, is it possible to do this with unique psk given for ...

Strongswan using FQDN

I currently have a VPN server with Stongswan running. We use this to make sure that you can reach some of our internal tools, only when connected to the VPN. Let's assume we have the following URLs, ...

strongSwan: multiple rightsubnet using IKEv1

https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection According to strongSwan documentation rightsubnet with multiple network addresses only works with IKEv2. There is a common (?) ...

StrongSwan IPsec and NAT

I have an IPSec tunnel to the network of our customer running on a Linux box with StrongSwan. On there I have to do source NAT to translate our network addresses to the subnet they assigned us. This ...

IPsec tunnel, receiving data with wrong destination address

I've managed to stablish an IPsec tunnel using strongswan to a Cisco router. My server is an Azure VM, so it is behind NAT. I do not have control over the Cisco router. This is my /etc/ipsec.conf: ...

How to troubleshoot strongswan error: “unable to allocate SPIs from kernel”?

I am trying to setup an IPsec tunnel to a Juniper security gateway using a strongswan client on a Linux machine and preshared keys. This is what I get when trying to bring the connection up: root@...

ipsec/strongswan - how to use remote router as local gateway using the route command

Ok, this should be an easy one, but its driving me nuts. Scenario: Site A (San Francisco) Site B (Colombia) Both sites are connected successfully via IPSec (openswan, debian 8): SiteA----...

IPSEC help using Strongswan on CENTOS 6.6

I have been tasked with setting up an IPSEC tunnel to our remote data provider. They require my Phase 2 traffic to be PAT'd behind a public address. I am using strongswan 5.3.2 on CentOS 6.6 on a ...

Two users behind same NAT (PSK or EAP) - strongswan

I have a strongswan implementation and am running into an issue where when there are two users behind the same NAT, the second one "kicks off" the first one. I was able to resolve the issue using: ...

Can't establish site to site vpn connection between Cisco 3900 and strongSwan client

I have website, which displays data, received from gsm modems. So i am trying to connect my website to GSM network provider using vpn. Provider side there is a Cisco 3900, configured as site to site ...

How do i get Strongswan / IPTables to route data back to my road warrior client correctly?

I have a simple VPN. I have a client on 10.185.28.241 who gets a virtual IP of 10.42.42.0/24 from the VPN which is located at 10.112.18.105 and is providing access to machines in the 10.112.0.0/16 ...

Strongswan with mysql backend authentication not autneticating

I have Strongswan installed and configured on my server. I've been able to successfully authentication against it when using the standard ipsec.secrets for the list of users. I want to enable the ...

IPSec VPN works on LAN only

I've set up a cisco RV320 VPN box using IPSec IKEv1. My SA are the same on each end, using 2-factor authentication. My network topology is as follows: Topology M = Modem, A = Router A, B = Router ...

IKEV2 VPN doesn't hides real IP from Windows client

I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...

Why does 'ipsec statusall' not show any connections?

I've finally been able to get a tunnel between my computer (strongswan) and a Zyxel Zywall 110 up and running. I'm connecting using certificates, and judging from the logs the actual VPN connection ...

Configuring multiple ipsec tunnels on vlan

I am trying to create a vlan between two machines, they are located on separate physical boards. And then create separate ipsec tunnels on each vlan link. Such that: eth2 10.0.1.1 ------------------...

Strongswan RA and Strongswan site-2-site with ASA

Task: Establish communication between remote clients (192.168.79.0/24) that are connecting to VPN server (on Ubuntu) and corporate network (10.1.2.0/24) connected to Cisco ASA. Schema: 192.168.79.0/...

Strongswan to Cisco ASA

I have a problem with connection two nets with IPsec. On the one side is Cisco ASA 55xx on the other TP-Link router with Debian 8.3 with StrongSwan behind the NAT. The problem also that I have ...

how to use aesni in openvpn and ipsec (strongswan)

I'm trying out different VPN technologies. I successfully created openvpn and ipsec connections to my server, and now I'm trying to use aesni (or AES-NI) to see how much impact it will have on the ...

Having trouble while setting VPN tunnel

I want to setup VPN tunnel between hosts, such that their subnetworks can connect each other. Ex:- DummyNetwork ---> PC1 (HOST A) ------------- PC2( HOST B)------ >DummyNetwork PC1 IP address : 192....

IPSec - Is it possible to have remote access clients (road warriors) all behind the same NAT device?

This is a topic that I find mixed information on. Is it possible to have two IPSec road warriors that are behind the same NAT, even with an ASA as the VPN endpoint? I have been trying with Libreswan ...

Strongswan site to site tunnel

I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial: http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/ but i want to run this senario: ...

How to redirect traffic through IPv6 IPSec (strongswan) gateway?

I'm trying to set up IPSec secured connection to the gateway. Have three hosts: A: eth1 - fec0:1::1/64 B: eth1 - fec0:1::2/64 eth2 - fec0:2::2/64 which is gateway between A and C; forwarding is set ...

IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]

Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference? I found these projects. ...

Strongswan - Cisco ASA Transaction Request failure

I am trying to create a S2S VPN between an Ubuntu StrongSwan (in Azure) and a Cisco ASA at a client site. Currently using ikev1 (the Cisco won't support v2 for a few months) and it appears to be ...

Strongswan: Transport mode with non-specific remote hosts

I am using strongSwan 5.2.1 on Debian Jessie, and am having trouble configuring it to do what I want. Premise In a test environment, I am seeking to use transport mode IPsec between a Linux virtual ...

Strongswan ubuntu client setup?

I have setup strongswan VPN server and tested the connection from windows machine. Its working fine. But can't connect from Ubuntu desktop client using Strongswan-network-manager. Someone please give ...

Traffic cannot be routed despite Strongswan VPN connection being established

I have setup a host to host (tunnel) VPN connection with Strongswan (doing this for the first time) between peers B and C so that hosts A and D can connect securely. A and B are on my side which I ...

Reassemble fragmented UDP packet

there is a Strongswan roadwarrior configured to send fragmented ISAKMP packets to the clients. The client is behind NAT (Debian Jessie, IPTABLES). The fragmented UDP packets are reassembled on the ...

IKEV2 configuration file IP pool

I have some problems with configuring VPN using IKEV2. Here is my server configuration file config setup # Uncomment to allow few simultaneous connections with one user account. # By ...

Ipsec: How to forward certains IPs to use VPN

I connected to a VPN using Strongswan IPsec in Ubuntu. Im trying to telnet to an IP address but is giving time out due that it would need to be done through the VPN. How can I "only requests to ...

xl2tp + strongswan ipsec — xl2tp timeout

I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I ...

Strongswan not routing between two subnets

My ipsec.conf configuration on 192.168.2.192 (left): config setup conn sample-self-signed left=192.168.2.192 leftsubnet=192.168.2.0/24 leftid=cbw right=192.168.2.20 rightid=control ...

Strongswan VPN Client works for OS X & iOS, but not Linux

I've spent 10 hours scouring strongSwan and other discussion threads, to no avail. I set up a mostly standard strongSwan 5.2.1 server on a Debian 8 host. I can successfully connect to the VPN from my ...

How can I secure all traffic using strongSwan/IPSec except SSH access?

how can I configure strongSwan to require IPSec for all connections except SSH connections? I tried creating two connections: Create a "connection" for SSH using passthrough mode (left=%any/right=%...
Translating... 0%