Newest strongswan Questions

Q&A for system and network administrators

Permission issue with charon-cmd on ubuntu

I am using charon-cmd to connect to strongswan vpn on a ubuntu host. When I use the command, it gives me some kind of permission error. root@8add2362b05f:~# sudo charon-cmd --host example.com --p12 ...

Forwarding UPnP, DLNA traffic via computer to server

I'm about to tear out what is left of my hair with this. I was able to finally see traffic coming through, but not working in full, when using socat but this setup is not ideal. The idea: I have a ...

Enable IKE tracing on windows 10 VPN

I have an IKEV2 VPN setup (including certs) that worked fine on windows 7. On Windows 10, the same config fails with 'IKE authentication credentials are unacceptable'. Server is StrongSwan. The last ...

IPSec VPN works on LAN only

I've set up a cisco RV320 VPN box using IPSec IKEv1. My SA are the same on each end, using 2-factor authentication. My network topology is as follows: Topology M = Modem, A = Router A, B = Router ...

How to fix failing connection to VPN(ipsec+ikev2)?

Auth made with certificates ubuntu 16.04 + strongswan. Client connecting from win7, certificate was added like said in strongswan Wiki. Config made also like in strongswan wiki, but i got error: '...

strongSwan + xl2tpd VPN server: how to configure several config files?

I set up my VPN server with strongSwan and xl2tpd on Ubuntu server 16.04. After configuring, I tried to connect from a iPad, but got the errors as follows: Mar 26 02:22:13 myname-ubuntu-server charon:...

Strongswan IKEv2 VPN on OS X 10.11 and iOS 10 Clients

After many days of searching on Google, through Serverfault, and even on the StrongSwan website, I have been unsuccessful in attempting to get StrongSwan IPSec/IKEv2 VPN working on OS X 10.11.5 and ...

IPsec tunnel won't stay up

I have a static IPsec tunnel configured between a Debian cloud server running StrongSwan and a Juniper SRX 210. The tunnel goes up just fine, but it never stays up for long, the longest may be about ...

IPsec tunnel, receiving data with wrong destination address

I've managed to stablish an IPsec tunnel using strongswan to a Cisco router. My server is an Azure VM, so it is behind NAT. I do not have control over the Cisco router. This is my /etc/ipsec.conf: ...

Routing through IPSec tunnel

I have two servers establishing an IPSec VPN as a site-to-side kind of setup. I use StrongSwan on Ubuntu 16.04 for both servers and the VPN itself works. What may be a bit special is that the subnet ...

Strongswan VPN Client works for OS X & iOS, but not Linux

I've spent 10 hours scouring strongSwan and other discussion threads, to no avail. I set up a mostly standard strongSwan 5.2.1 server on a Debian 8 host. I can successfully connect to the VPN from my ...

Strongswan not routing between two subnets

My ipsec.conf configuration on 192.168.2.192 (left): config setup conn sample-self-signed left=192.168.2.192 leftsubnet=192.168.2.0/24 leftid=cbw right=192.168.2.20 rightid=control ...

Strongswan running in container to create VPN tunnel between LAN and GCE?

I've got a CentOS 7 VM running strongSwan which sets up a VPN tunnel between our LAN and Google Compute Engine (Google Cloud VPN). This makes local machines on the LAN accessible by GCE instances and ...

Ipsec: How to forward certains IPs to use VPN

I connected to a VPN using Strongswan IPsec in Ubuntu. Im trying to telnet to an IP address but is giving time out due that it would need to be done through the VPN. How can I "only requests to ...

Traffic cannot be routed despite Strongswan VPN connection being established

I have setup a host to host (tunnel) VPN connection with Strongswan (doing this for the first time) between peers B and C so that hosts A and D can connect securely. A and B are on my side which I ...

Two road warrior clients behind the same NAT device (IKEv2, StrongSwan, LibreSwan)

I have an IKEv2 VPN that is set up and works properly, however I run into issues when I have two road warriors behind the same NAT device. Both devices connect however the second device seems to kick ...

Why does traffic info not show in an IPSec VPN connection?

I recently set up an strongSwan server. In my android phone, I noticed that the IPSec VPN connection only shows Duration info. There is no traffic info (sent and received bytes/packets) of the ...

How do i get Strongswan / IPTables to route data back to my road warrior client correctly?

I have a simple VPN. I have a client on 10.185.28.241 who gets a virtual IP of 10.42.42.0/24 from the VPN which is located at 10.112.18.105 and is providing access to machines in the 10.112.0.0/16 ...

is it possible to use strong swan to set host to host vpn for many clients which have dynamic ips?

I want my server to set a vpn connection for each client trying to connect, where clients would usually have dynamic addresses. Most importantly, is it possible to do this with unique psk given for ...

IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]

Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference? I found these projects. ...

Two users behind same NAT (PSK or EAP) - strongswan

I have a strongswan implementation and am running into an issue where when there are two users behind the same NAT, the second one "kicks off" the first one. I was able to resolve the issue using: ...

Strongswan VPN: no matching peer config found

I'm trying to setup a Strongswan VPN but can't get it to work. It does not find a matching peer config and I don't know why: LOG: [ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(...

StrongSwan stuck on connecting on tunnel

I know this may be vague, but I'm stuck. I'm trying to establish a tunnel between a workstation of mine and a remote server with a PSK, but the server does not see my request. I can ping their ip ...

IPSec - Is it possible to have remote access clients (road warriors) all behind the same NAT device?

This is a topic that I find mixed information on. Is it possible to have two IPSec road warriors that are behind the same NAT, even with an ASA as the VPN endpoint? I have been trying with Libreswan ...

IKEV2 configuration file IP pool

I have some problems with configuring VPN using IKEV2. Here is my server configuration file config setup # Uncomment to allow few simultaneous connections with one user account. # By ...

Strongswan ubuntu client setup?

I have setup strongswan VPN server and tested the connection from windows machine. Its working fine. But can't connect from Ubuntu desktop client using Strongswan-network-manager. Someone please give ...

IOS + StrongSwan + Windows RADIUS (NAP)

We've got Windows NAP, Windows Certification Services and many kind of clients wich uses Windows, android, OS X and iOS. All clients have certificates issued Windows CA, and I need that they connect ...

Strongswan with mysql backend authentication not autneticating

I have Strongswan installed and configured on my server. I've been able to successfully authentication against it when using the standard ipsec.secrets for the list of users. I want to enable the ...

Strongswan to Cisco ASA

I have a problem with connection two nets with IPsec. On the one side is Cisco ASA 55xx on the other TP-Link router with Debian 8.3 with StrongSwan behind the NAT. The problem also that I have ...

strongSwan: multiple rightsubnet using IKEv1

https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection According to strongSwan documentation rightsubnet with multiple network addresses only works with IKEv2. There is a common (?) ...

Strongswan issue with source IP

I have established a VPN connection between a region in AWS and a datacenter implemented with OpenStack: |---AWS------------------| |-----OpenStack----------| Private IP EIP ...

Why does 'ipsec statusall' not show any connections?

I've finally been able to get a tunnel between my computer (strongswan) and a Zyxel Zywall 110 up and running. I'm connecting using certificates, and judging from the logs the actual VPN connection ...

Strongswan - Cisco ASA Transaction Request failure

I am trying to create a S2S VPN between an Ubuntu StrongSwan (in Azure) and a Cisco ASA at a client site. Currently using ikev1 (the Cisco won't support v2 for a few months) and it appears to be ...

Strongswan: Transport mode with non-specific remote hosts

I am using strongSwan 5.2.1 on Debian Jessie, and am having trouble configuring it to do what I want. Premise In a test environment, I am seeking to use transport mode IPsec between a Linux virtual ...

How to redirect traffic through IPv6 IPSec (strongswan) gateway?

I'm trying to set up IPSec secured connection to the gateway. Have three hosts: A: eth1 - fec0:1::1/64 B: eth1 - fec0:1::2/64 eth2 - fec0:2::2/64 which is gateway between A and C; forwarding is set ...

IPSEC help using Strongswan on CENTOS 6.6

I have been tasked with setting up an IPSEC tunnel to our remote data provider. They require my Phase 2 traffic to be PAT'd behind a public address. I am using strongswan 5.3.2 on CentOS 6.6 on a ...

ipsec/strongswan - how to use remote router as local gateway using the route command

Ok, this should be an easy one, but its driving me nuts. Scenario: Site A (San Francisco) Site B (Colombia) Both sites are connected successfully via IPSec (openswan, debian 8): SiteA----...

unable to install source route - RTNETLINK answers: No such process (IPsec / strongswan)

Basically I'm trying to connect a pfSense to an EdgeRouter via IPsec site2site. (public ip networks obfuscated by '1.2.') [pfsense] <-> [edgerouter] public: 1.2.156.229/30 <-&...

StrongSwan ikev2 routing through VPN in Windows 10

I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server. Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...

Reassemble fragmented UDP packet

there is a Strongswan roadwarrior configured to send fragmented ISAKMP packets to the clients. The client is behind NAT (Debian Jessie, IPTABLES). The fragmented UDP packets are reassembled on the ...

Strongswan auto disconnect

I need to setup vpn connection (IPSec) and i'm using it for a mobile payment method. the problem is : StrongSwan is auto disconnecting and i need to login to my server through SSH and start the ...

xl2tp + strongswan ipsec — xl2tp timeout

I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I ...

How can I secure all traffic using strongSwan/IPSec except SSH access?

how can I configure strongSwan to require IPSec for all connections except SSH connections? I tried creating two connections: Create a "connection" for SSH using passthrough mode (left=%any/right=%...

Strongswan site to site tunnel

I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial: http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/ but i want to run this senario: ...

Strongswan - Split-tunneling

I have a server that is running Ubuntu 14.04.5 LTS on EC2 with strongSwan U5.1.2/K3.13.0-107-generic installed on it, currently i can connect through VPN and my traffic is routed to eth0 "the default ...

Having trouble while setting VPN tunnel

I want to setup VPN tunnel between hosts, such that their subnetworks can connect each other. Ex:- DummyNetwork ---> PC1 (HOST A) ------------- PC2( HOST B)------ >DummyNetwork PC1 IP address : 192....

Can't establish site to site vpn connection between Cisco 3900 and strongSwan client

I have website, which displays data, received from gsm modems. So i am trying to connect my website to GSM network provider using vpn. Provider side there is a Cisco 3900, configured as site to site ...

Strongswan RA and Strongswan site-2-site with ASA

Task: Establish communication between remote clients (192.168.79.0/24) that are connecting to VPN server (on Ubuntu) and corporate network (10.1.2.0/24) connected to Cisco ASA. Schema: 192.168.79.0/...

Configuring multiple ipsec tunnels on vlan

I am trying to create a vlan between two machines, they are located on separate physical boards. And then create separate ipsec tunnels on each vlan link. Such that: eth2 10.0.1.1 ------------------...

IKEV2 VPN doesn't hides real IP from Windows client

I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...
Translating... 0%