strongSwan is an open source, multi-platform IPsec-based VPN solution, with IKEv2 & IKEv1 support
strongSwan is an open source, multi-platform ipsec-based vpn solution, with IKEv2 & IKEv1 support.
More information can be found on strongswan.org.
Questions tagged [strongswan]
420 questions
6
votes
3 answers
Using strongswan, what's the difference between auto=add, and auto=start?
The docs on this are pretty vague,
what operation, if any, should be done automatically at IPsec startup. add loads a connection without starting it. route loads a connection and installs kernel traps. If traffic is detected between leftsubnet and…
Evan Carroll
- 2,245
- 10
- 34
- 50
6
votes
1 answer
Simultaneous IKEv1 and IKEv2 connection support in Strongswan
I'm using Strongswan to handle IPsec connections, and need a way to support both Windows (IKEv2) and OS X (IKEv1) clients. I would prefer to use pure IPsec (i.e. avoid having to setup L2TP) unless there's a compelling reason to use L2TP/IPsec.
I…
Alex
- 471
- 7
- 18
6
votes
1 answer
strongSwan IPsec server with AWS EC2 VPC VPN client
I'm trying to create a VPN tunnel between 2 AWS regions. The way I'm trying to do this is by setting up a IPsec server in Linux with strongSwan in one region, and then a VPC VPN in the other region.
The problem is I can't come up with a…
phemmer
- 5,789
- 2
- 26
- 35
5
votes
1 answer
Site-to-site IPSec routing (Ubuntu, StrongSwan)
I am stuck in trying to connect two networks.
SiteA: is a number of VPS in different locations and office workstations connected with OpenVPN in a private network 10.113.0.0/24. Each has it's own internet access and default gateway. OpenVPN server…
Ivan Yaremchuk
- 153
- 1
- 1
- 5
5
votes
2 answers
Enable IKE tracing on windows 10 VPN
I have an IKEV2 VPN setup (including certs) that worked fine on windows 7. On Windows 10, the same config fails with 'IKE authentication credentials are unacceptable'. Server is StrongSwan. The last line in the log for a connection attempt…
FatalFlaw
- 171
- 1
- 1
- 4
5
votes
1 answer
AWS StrongSwan IPSec VPN
I've been playing around with StrongSwan recently as a replacement to Amazons VPN which cost money.
I'm having trouble completely configuring a IPSec tunnel between a remote server and a Ubuntu EC2 machine running StrongSwan.
My goal is to have our…
anders
- 191
- 2
- 8
5
votes
2 answers
TCP connection through IPSec (Linux/Strongswan) stalls after exceeding PMTU
The backups (via Bacula) of one of my servers (“A”) connected via IPSec (Strongswan on Debian testing) to a storage daemon (“B”) don't finish 95% of the times they run.
What apparently happens, is:
Bacula opens a TCP connection to the storage…
al.
- 915
- 6
- 17
5
votes
1 answer
strongswan: entirely virtual subnet
I recently set up a strongswan IPSec VPN to access some non-public services of my home server from my android smartphone. I am using OpenVPN on some other devices for the same task, but chose strongswan for the phone, as IKEv2 is supposed (correct…
Fabian Henze
- 213
- 3
- 6
5
votes
1 answer
strongswan VPN on OpenWrt
Hi I'm running Barrier Breaker version of OpenWRT and I have setup a VPN according to:
http://wiki.openwrt.org/inbox/strongswan.howto
I can connect to the VPN with my iPhone or Mac (to 10.10.1.0/24 network). I can also connect from Windows 7.
An IP…
Greg Pagendam-Turner
- 873
- 2
- 12
- 19
4
votes
3 answers
How can I route traffic over IPSec tunnel?
I have two sites: MAIN (local subnet 192.168.0.0/24, external IP: M.M.M.M) and CLIENT (10.0.0.0/24, external IP: C.C.C.C). I created an IPSec tunnel between the sites and both sites can ping computers in both subnets. So far so good.
# ipsec…
Michal B.
- 97
- 1
- 10
4
votes
2 answers
StrongSwan build and run at startup
I've been asked to deploy an IPSEC server for a project and after doing some research, StrongSwan looks like a good candidate. Since this project requires top security, I decided to install the latest version of StrongSwan (5.6.2) as it seems to fix…
Christian
- 746
- 3
- 13
- 30
4
votes
1 answer
Strongswan IKEv2 VPN on OS X 10.11 and iOS 10 Clients
After many days of searching on Google, through Serverfault, and even on the StrongSwan website, I have been unsuccessful in attempting to get StrongSwan IPSec/IKEv2 VPN working on OS X 10.11.5 and iOS 10. I have been very successful in getting it…
Olivia
- 181
- 1
- 5
4
votes
1 answer
How do i get Strongswan / IPTables to route data back to my road warrior client correctly?
I have a simple VPN. I have a client on 10.185.28.241 who gets a virtual IP of 10.42.42.0/24 from the VPN which is located at 10.112.18.105 and is providing access to machines in the 10.112.0.0/16 CIDR. I'm running StrongSwan…
Ryan Shillington
- 121
- 1
- 9
4
votes
1 answer
Strongswan VPN: no matching peer config found
I'm trying to setup a Strongswan VPN but can't get it to work. It does not find a matching peer config and I don't know why:
LOG:
[ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
[NET] <1> sending…
cgross
- 176
- 1
- 1
- 4
4
votes
1 answer
Windows 7/8 Strongswan IKEv2 Wrong Gateway
I have setup Strongswan on Ubuntu 14.04 from the official package. I use IKEv2 with PKI authentication and a custom authorization plugin. This works great for Android and Ubuntu clients using strongswan but not when using the Native Windows 7/8…
MemCtrl
- 118
- 2
- 10