Questions tagged [ikev2]
The ikev2 tag has no usage guidance.
108 questions
0
votes
0
answers
124
views
Strongswan as a IPSec/IKEv2 server for Android and iOS clients
Setting up Strongswan as a VPN IPSec/IKEv2 server
I want to setup a VPN server for my mobile devices to connect to my home network: smartphones (iPhone, Android), tablets (iPad) and laptops (Windows ...
- 1
0
votes
0
answers
38
views
Failed to connect CHILD_SA | Getting zabbix alerts due to errors with strongswan
We have configured VPN connection from Zabix Server to server name deluxe with the connection named "Zabbix-to-Deluxe"
Please find the configuration as below
conn Zabbix-to-vyatta
type=...
0
votes
0
answers
167
views
Libreswan tunnel (only based on IP addresses) does not connect to the remote site
There is an organization for which I have to set up an IPsec tunnel.
This organization has an internal firewall.
And I have a VM that is located outside the organization on the Internet.
I have ...
0
votes
0
answers
538
views
Establishing an IPsec IKEv2 VPN connection fails with "IKE failed to find valid machine certificate." on Windows 11
I'm trying to setup a remote access VPN server with IPSec/IKEv2 for a medium sized company. Users are expected to be connecting to this server (a FortiGate firewall) using the native Windows client ...
0
votes
0
answers
91
views
Libreswan IKEv2 VPN connection successful, client IP not updated
I'm setting up an IKEv2 VPN using Libreswan 3.25, and I'm encountering an issue where I can successfully connect to the VPN, but my laptop's IP address is not being updated to reflect the VPN ...
- 101
0
votes
0
answers
166
views
Connect MacOS Sonoma 14.5 to an IKEv2 VPN hosted by Windows Server 2012R2 - NEIKEv2ProtocolErrorDomain Code=12345 "12345"
Tl;DR the error on my mac is EAP only authentication, received notify error Error Domain=NEIKEv2ProtocolErrorDomain Code=12345 "12345" UserInfo={NSDebugDescription=12345}
I need to connect ...
- 101
0
votes
0
answers
188
views
Strongswan: only android client can connect to server but no internet access
I'm a beginner in the Strongswan. I set up the StrongSwan and IKEv2 on ubuntu. And it is working great. Some android client(samsung galaxy) can connect to server but no internet access. Other devices ...
- 1
2
votes
0
answers
815
views
Windows 10 builtin IKEv2 VPN does not have option for preshared key
I configured Routing and Remote Access on Windows Server 2019, then built-in VPN Type IKEv2 + PSK:
Filled the PSK in "Allow custom IPsec policy for L2TP/IKEv2 connection" (rrasmgmt.msc)
...
- 632
0
votes
0
answers
133
views
Swastrong IPSec with Password Authentication
I'm in the exact same situation as sashok_bg here : I'm trying to access my Freebox pro VPN through Swanstrong client vpn on Debian.
So far, with what has been said in his converstation with ecdsa, ...
- 11
0
votes
0
answers
260
views
IKEv2 with certificate + EAP between an IPsec client a VPN server on an OpenWRT router, and a FreeRADIUS - Auhtntication issue
I need your help and expertise to resolve a situation I'm facing. I'm currently testing an IPsec tunnel using IKEv2 with certificate + EAP between an IPsec client (TheGreenBow), a VPN server on an ...
- 1
0
votes
1
answer
890
views
Strongswan VPN Client (Android) can't connect to my test Kerio Control server
I have the following issue: I set up a Kerio Control 9.4.4 build 8365 and tried to connect to VPN server through Android 14+ device. I used Strongswan(Android) for this, but I got the following error ...
- 1
0
votes
0
answers
77
views
strongSwan: Accessing LAN of a Windows client (reversed remote access)
I am currently having an Ubuntu Server strongSwan setup (IKEv2, EAP-MSCHAPv2) that will allow any authorized remote Windows client to access server's LAN (192.168.7.0/24). It works perfectly, but I ...
0
votes
0
answers
47
views
Is iptables NAT forwarding possible bewteen two libvirt VMs?
I'm building a test VPN setup using two libvirt VMs with StrongSwan
IKEv2 but can't get traffic to forward. I can see the client sending
traffic to the server using tcpdump but the server doesn't do
...
- 1
0
votes
0
answers
225
views
Change IPSec IKEV2 VPN Default Ports 500 & 4500 To Anothers
For some reason OpenVPN is working on my local machine very well, But IPSec IKEV2 VPN not & it only works when OpenVPN is connect.
I have a domain for IPSec IKEV2 VPN & in local machine vpn is ...
- 15
0
votes
0
answers
88
views
Unable to acces on some websites when connected to VPN IKEv2 server from linux
I have a VPN server hosted on Windows 2019 and configured on IKEv2,
Everything works very well from all clients, however on Linux clients I have one last point to adjust, so for clarification I use ...
0
votes
0
answers
416
views
StrongSwan IPSec VPN - IKEv2 - LetsEncrypt Certificate Issue (building CRED_PRIVATE_KEY - RSA failed, tried 10 builders)
I followed the link below for setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7.
How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7
But info on that link has been ...
- 15
0
votes
0
answers
1k
views
IPSec Example for a Password Authentication
I am trying to configure an ipsec (strongswan) vpn client to connect to my ISP-provided router's VPN.
I only have a username and password, no certificates.
In the documentation the provided (https://...
- 101
0
votes
0
answers
697
views
Cannot access network resources after connecting to Always On VPN
Background: recently moved offices to a new network that did not have any domain controllers. The network here has a basic WiFi router that has both DNS and DHCP. We moved our DC here that has our ...
- 1
0
votes
0
answers
645
views
Why is my EdgeRouter-X IKEv2 VPN tunnel not working for HTTP/HTTPS on port 5000/5001?
I've configured my EdgeRouter-X for an IKEv2 VPN Tunnel using self signed certificates. I'm using this VPN to access my home network from my Android phone and my iPad.
I can connect from both devices ...
0
votes
0
answers
632
views
RRAS IKEv2 MacOS 13.4.1 unable to connect since upgrade to Ventura
I encountered a problem when trying to connect to a VPN server configured in IKEv2 from MacOS (Ventura 13.4.1) on a fresh install.
The VPN server is a RRAS hosted in a Windows server 2019, its ...
0
votes
0
answers
719
views
AWS StrongSwan IPSec Tunnel with Cisco fails during Phase 2 with TS_UNACCEPTABLE
I need to to setup a site-to-site IPSec tunnel with a vendor whom We need to access each other's API servers seating on the LANs using their respective Public IPs. We're using AWS, And I have ...
- 101
0
votes
0
answers
1k
views
Windows native client not connecting to IKEv2 EAP VPN
We are investigating the possibility of replacing pfSense/opnSense with Mikrotik for our office routers. Our current routers provide site-to-site tunnels between locations, as well as RADIUS-backed ...
- 1,003
0
votes
0
answers
3k
views
How to set up StrongSwan (behind NAT) IKEv2/IPSec with PSK (pre-shared key)?
I set up my strongswan server on a virtual Ubuntu 22 behind a NAT. It works well for RCA using login password.
But I need to work using only PSK key. I tried a bunch of options, I can not connect from ...
0
votes
0
answers
896
views
Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227
I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility.
It also configured for L2TP/IPSec,...
- 167
1
vote
1
answer
1k
views
My Win 11 Pro VPN client for IKEv2 is perpetually broken
I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
- 11
1
vote
0
answers
578
views
issue with connecting to IKEV2 VPN server from android devices
We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting.
Android devices trying to connect via StrongSwan official app from Google ...
0
votes
0
answers
408
views
ike-scan 0 returned handshake 0 returned notify
I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
1
vote
1
answer
2k
views
Site-to-Site VPN and Remote Access VPN with Strongswan
I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
- 11
-1
votes
1
answer
965
views
Strongswan & Windows client: connection freezes in a few minutes
On an AWS VPS, I installed Strongswan to use it as a VPN. It works fine with iPhone client. However, when I try to connect from a Windows client, the SA connection gets established successfully and ...
- 1
0
votes
1
answer
1k
views
Failed to start the IKEv2 VPN connection to surfshark via NetworkManager
I try to connect to surfshark VPN provider through IKEv2 manually. Here are the logs
charon-nm[5070]: 05[CFG] received initiate for NetworkManager connection Surfshark IKE2
charon-nm[5070]: 05[CFG] ...
- 103
0
votes
1
answer
1k
views
EAP-MS-CHAPv2 verification failed Arch Linux (strongswan)
I cannot get Strongswan, networkmanager-strongswan (client)
work on your Arch-PC. My vpn-strongswan server (hereinafter deb (server)) has been configured for a long time, any devices (such as android, ...
0
votes
1
answer
1k
views
pfSense as IPSec remote access client
I have a pfSense router in a residential environment and need to use IPSec/IKEv2 as a remote access client to a commercial VPN provider. I know the pfSense web UI doesn't support the router being the ...
- 1
-1
votes
1
answer
2k
views
Cannot connect a Fortigate VPN behind a static NAT to a GCP VPN gateway
Here's the need:
Connect a Fortigate device behind a static 1:1 NAT to the Internet to a Google Cloud Platform (GCP) VPN gateway.
Simplified ASCII Diagram:
LOCAL_LAN ---- Fortigate ----- Fiber modem --...
google-cloud-platform
1
vote
0
answers
373
views
libreswan with Ikev2 client and plain text password
I need to set up a connection to VPN server with Libreswan. I can't use strongswan, since they are not working well together when installed on the same OC.
My system is Linux Debian 10 (Buster)
Kernel ...
0
votes
0
answers
388
views
Vpn . Nps . Active directory . Strongswan ikev2
please help me
I configured a strongswan IKEV2 On Centos7 vps
and NPS and Active Directory for my authentication and accounting(radius) on windows server 2016 vps
when i want to connect to my ikev2 ...
- 1
5
votes
1
answer
5k
views
iPhone users does not connect to StrongSwan VPN, while Android and Windows 10 users do?
I have a StrongSwan VPN that for some reason unknown to me cannot connect iOS users to my VPN server.
A few quick notes:
My StrongSwan server is front for VPN clients who connects to my network. I ...
- 1,253
0
votes
0
answers
2k
views
Cannot connect MacOS to StrongSwan VPN server installed on ubuntu
I have an issue connecting to IKEv2 VPN running on an Ubuntu VM on GCP. I am trying to connect with MacOS and Windows. I followed this tutorial to install the VPN on an Ubuntu VM. I need a VPN so that ...
- 131
-1
votes
1
answer
168
views
How to run Windows Ikev2 with NonetworkFirewall?
I have a small problem.I setup Firewall App Blocker in whtielist Mode(means basically It cut all Internet except allowed apps by setting "block all connection that not match firewall rule" ...
1
vote
0
answers
171
views
How to disable all default cryptographic algorithms but the explicitly defined ones in OpenIKED?
I am having issues with setting up highly secure but still high performance IKEv2 tunnels between multiple data centers on OpenBSD nodes, by using very strict security features and allowing the use of ...
- 11
0
votes
1
answer
9k
views
StrongSwan clients fail to connect, Constraint checking failure
Client devices (Runs Windows 10 and Android with StrongSwan app) fail to connect. Certificates signed by one authority, CN is set as server public ip.
Here's ipsec.conf:
config setup
include /var/lib/...
2
votes
1
answer
8k
views
Strongswan Error: no config named 'foo'
On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan.
However, even though I have the file /etc/ipsec.conf as shown
# ipsec.conf - strongSwan IPsec ...
- 1,509
0
votes
0
answers
1k
views
Is it possible to have 2 left ids in strongswan?
I need my strongswan server to operate on 2 domain names .
ipsec.conf currently contains : [email protected]
How can I add another domain ? Is this syntax gonna work?
[email protected],@sub2....
- 27
0
votes
1
answer
990
views
IKEv2 VPN on server 2019 suddenly stops working
We have a number of customers using Server 2019 as a VPN server with the IKEv2 protocol through the Routing and Remote Access (RRAS) service. Suddenly, every single one of them gets the following ...
0
votes
1
answer
456
views
Does ikev1 or ikev2 support a no-authentication option? If so, how can I enable that in strongswan?
For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec ...
- 25
0
votes
1
answer
6k
views
IKev2 strongswan got deleting half open IKE_SA with x.x.x.x after timeout with iOS device
I installed an IKEv2 strongswan vpn server on ubuntu 18.04 and also I use a valid Let's encrypte CA for that. I want to use it on an application for iOS.
So here is the IPSec.conf :
config setup
...
- 113
0
votes
1
answer
1k
views
How to set remoteId and server certificate check Strongswan IKEv2 ubuntu 18.04
I am a new member in IKEv2, and I want to install an IKEv2 vpn on an ubuntu 18.04 server, I did it through this tutorial , but I have a couple of questions.
First how can I configure its remote id, ...
- 113
0
votes
0
answers
3k
views
StrongSwan config issue: no matching peer config found
I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec.
I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior
...
- 1
3
votes
2
answers
5k
views
EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator
I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux.
I am running: StrongSwan 5.4.0 with eap-radius plugin
Currently, we use FreeRadius ...
- 31
2
votes
1
answer
2k
views
Mikrotik IKEv2/ipsec + Windows 10 = no split include routes
I am deploying a solution using IKEv2+ipsec with certificates to connect roadwarriors to corporate network. Mikrotik CHR is used as entry point.
All was swift until I started deploying the solution on ...
- 297
0
votes
1
answer
295
views
What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?
Everything works fine over Wi-Fi.
I tried disabling IPv6 using a provisioning profile.
I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each ...
- 801
Related Tags
vpn × 70
strongswan × 61
ipsec × 40
windows × 9
linux × 8
rras × 6
ikev1 × 5
ubuntu × 5
mac-osx × 4
mikrotik × 4
networking × 4
nat × 4
eap × 4
android × 4
radius × 4
remote-access × 4
iptables × 3
firewall × 3
libreswan × 3
certificate × 3
centos7 × 3
apple-ios × 2
more related tags
Hot Network Questions
- What are the philosophical arguments for and against existential inertia?
- Город (plural form)
- Protons and neutrons dont get ejected During Photoelectric effect, why's that so?
- Is there a reason that the McCallister house has a doggie door?
- Bracket matching - Advent of Code 2021 Day 10
- How does WRED achieve congestion avoidance?
- Where can I buy the book Hanosein Imrei Shefer?
- Enabling "Iterate over feature" in QGIS Graphical Modeler
- Do the order statistics give a good approximation of uniform random variables?
- Can Peter Enns still be considered an orthodox protestant?
- Graphs of 1/|x| and sin(1/x) does not look good
- Why are CHACHA20 TLS ciphers not compliant with the NIST guidelines and FIPS/HIPAA standards?
- More robust MOSFET gate: Which parameter to watch?
- How do we provide permission to use a figure that we hired a graphic designer to create in SciRep?
- Pins in Chapter 1 of David Copperfield
- Why are there no no-attribution licenses other than "public domain"?
- How does the TeX primitive `\radical"270370` work?
- Package jsonparse not working with \ifthenelse
- How do I install a small pet door in a hollow interior door? Do I need to purchase a solid door to do this installation?
- Bitcoin Core Development
- Can you achieve 3 attacks using Dual Wield [Feat], light weapons, and nick?
- 'exec fish' at the very bottom of my '.zshrc' - is it possible to bypass it?
- How is the contraction for "one of" spelled?
- In the era where Mad Men is set, are smoke alarms not triggered by cigarette smoke?