Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ikev2]

82 questions
8
votes
2 answers

Strongswan IKEv2 vpn on Windows 10 client "policy match error"

I have the newest version of Strongswan vpn on my ubuntu server running. I followed this tutorial here and got it to work on my android and Iphone. Now I want to get it to work on my windows 10 laptop but when I try to connect via the vpn settings…
sirzento
  • 183
  • 1
  • 1
  • 5
6
votes
0 answers

How to limit bandwidth per VPN connection?

I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s. After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the manual pages. DEV=eth0 tc qdisc del dev $DEV…
Houman
  • 1,325
  • 3
  • 18
  • 30
6
votes
2 answers

Setting up IPSEC on LAN between two hosts (OpenBSD)

Trying to use IPSEC between two hosts on a LAN. No VPN involved Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party. Two hosts: 10.0.2.10 (host "A") and 10.0.2.11 (host…
Neil McGuigan
  • 204
  • 4
  • 14
6
votes
1 answer

Docker container can not access hosts behind VPN

I have a VPN gateway which allows remote access to a network with subnet 171.30.0.0/16. I have a local machine setup with ubuntu 14.04 and strongswan which connects to that VPN server using IKEv2 RSA and while connected, I'm successfully able to…
mohamnag
  • 171
  • 2
  • 8
5
votes
2 answers

pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?

I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down. Since the RADIUS is behind the pfSense box, in an event of a…
Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
3
votes
1 answer

strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed

I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually did everything like in the tutorial, except the…
BestimmungGefördert
  • 111
  • 1
  • 1
  • 5
3
votes
0 answers

Strongswan stops working after a while

I'm trying hard to resolve one question with my strongswan IKEv2 VPN. I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, Android. The connection is being established…
Виталий Захаров
  • 31
  • 1
  • 3
3
votes
0 answers

How to connect to ikev2 vpn from docker container using bridge net mode?

I'm trying to connect to a VPN from inside a docker container via ikev2, Ubuntu host. If I try the following: docker run -i -t --privileged --net host --entrypoint /bin/bash ikev It then do ipsec start and ipsec up vpn it connects without an issue.…
Debrian
  • 154
  • 2
  • 12
3
votes
2 answers

EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator

I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux. I am running: StrongSwan 5.4.0 with eap-radius plugin Currently, we use FreeRadius to speak EAP-MSCHAPv2 with various client…
Domokun
  • 31
  • 5
2
votes
1 answer

How to block an IP for IPSec VPN connections?

This is my current IpTables setup: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere …
Houman
  • 1,325
  • 3
  • 18
  • 30
2
votes
0 answers

Bandwidth control with TC for clients yet to be connected

I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server. The bandwidth control works fine ONLY if that specific client is already connected. For example: In my Strongswan VPN server, i am trying to…
Ajji
  • 131
  • 7
2
votes
1 answer

firehol ipsec configuration

Just discovered that apple dropped pptp support in the newest MacOSes, so configured ikev2 ipsec access instead. Clients are happy, everything is simple and good except one thing - ipsec clients cannot access any services running on the same host…
BbIKTOP
  • 155
  • 8
2
votes
1 answer

VPN from WatchGuard to Google Cloud Platform: "establishing IKE_SA failed, peer not responding"

We are trying to "Build a VPN from a Watchguard to Google Cloud Platform" just like what is described here: https://querblick-it.de/build-vpn-watchguard-google-cloud-platform/ And under Remote peer IP address in Interconnect/VPN section of the the…
mountainclimber11
  • 131
  • 9
2
votes
2 answers

how to use wildcard certificate with ikev2 on strongswan

I am using a wildcard certificate. I have managed to setup ikev2 protocol, applied my own certificate but it won't work for subdomains. Is there any workaround for this or the wildcard should be of a certain format ?
Vitalik Jimbei
  • 125
  • 2
  • 7
2
votes
0 answers

MacOS native IKEv2 VPN client instead of AnyConnect?

Similar to this question from half a decade ago.. Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client? example anyconnect profile:
goofology
  • 382
  • 2
  • 14
1
2 3 4 5 6