Questions tagged [ikev1]
11 questions
1
vote
1 answer
LibreSwan IKEv1 XAUTH VPN server -- so close and yet so far
Here's an ASCII-art diagram of my situation
192.168.10.0/24
|
+---+ .7 |
| A |------+ _____
+---+ | ( )
| .254 +---+ Ext IP ( )
+----Ri|…
Ex Umbris
- 804
- 7
- 24
1
vote
2 answers
IKEv1 phase 2 fails with NO_PROPOSAL_CHOSEN but ESP proposal is correct. What else could cause this to fail?
Trying to troubleshoot an IPSec/IKEv1 VPN connection with Strongswan that is failing to complete phase 2 with NO_PROPOSAL_CHOSEN.
I know the solution for this error is nearly always "double-check your phase 2 proposal", but I am 100% sure that the…
aucuparia
- 125
- 1
- 6
1
vote
1 answer
What could cause "Selected peer config inacceptable" errors bringing up VPN with strongswan?
Trying to use Strongswan to connect to a work VPN and getting "selected peer config inacceptable" errors in the logs which I haven't been able to find any info on in Google:
~$ sudo ipsec up VDI
initiating Aggressive Mode IKE_SA VDI[1] to…
aucuparia
- 125
- 1
- 6
0
votes
2 answers
Setup l2tp using Strongswan
I setup ikev2 using Strongswan, Now I need to add l2tp support to that
What is the best and easy method to add l2tp support to Strongswan?
Appreciate for any help
Farhad Sakhaei
- 131
- 2
- 10
0
votes
1 answer
GCP: Routing to ip alias over IKEv1 VPN without BGP
I have a private GKE cluster running in a single subnet and region. The nodes in the cluster utilize the subnet's CIDR of 10.60.0.0/16. The cluster has two secondary CIDR ranges for its pods and services (172.24.0.0/19 and 172.24.32.0/20…
Ryan Smith
- 101
- 1
0
votes
1 answer
Strongswan: Connecting PSK & EAP at a time
I have successfully setup strongswan on a virtual Server. I basically have two kinds of configurations
Using EAP (username/password for Android Strongswan Client).
PSK (for IOS devices using built in VPN client)
I am able to connect more than…
Ajji
- 131
- 7
0
votes
1 answer
Strongswan IKEv2 for iOS devices
I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users.
It's already working perfectly on Android and Windows devices. but when I try to connect using the iOS device it shows the below logs. I'm manually…
Varun Taliyan
- 26
- 1
- 7
0
votes
0 answers
How to use aggressive mode + transport mode + PSK to negotiate SAs with strongswan server in NAT-T environment
I used the transport mode and NAT-T environment to negotiate SAs, and the method to authenticate the peer is PSK.
When I use Main Mode, IKE negotiation can be completed normally, the logs of PSK is:
Jan 6 01:24:06 09[CFG] <1> looking for pre-shared…
0
votes
0 answers
how to allow ipsec connection only with pre shared key authentication and rest of connections should be rejected
l2tpd configuration file :
remote access vpn configuration
conn L2TP-PSK
authby=psk
pfs=no
rekey=no
keyingtries=3
keyexchange=ikev1
forceencaps=yes
leftfirewall=yes
leftnexthop=%defaultroute
type=transport
#…
0
votes
1 answer
Does ikev1 or ikev2 support a no-authentication option? If so, how can I enable that in strongswan?
For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec tunnel and skipping the authentication.
Is such an…
xeyipes
- 15
- 2
-1
votes
1 answer
Cannot connect a Fortigate VPN behind a static NAT to a GCP VPN gateway
Here's the need:
Connect a Fortigate device behind a static 1:1 NAT to the Internet to a Google Cloud Platform (GCP) VPN gateway.
Simplified ASCII Diagram:
LOCAL_LAN ---- Fortigate ----- Fiber modem ---- Internet ---- GCP VPN Gateway -----…
Hawkmx
- 1