Questions tagged [ipsec]
IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.
1,059 questions
1
vote
0
answers
126
views
Windows Server 2022 and strongswan/swanctl on SLES15 IPSEC transport mode - empty ESP proposal
I am trying to establish an IPSEC transport mode connection between a Windows Server 2022 host and a SLES15 server in order to secure access to ports 22 and 3389.
The connection is secured by ...
0
votes
0
answers
232
views
Ipsec l2tp, ikev2 and xauth does not work on strongswan in Centos
So i have centos 7.9 with strongswan and xl2tpd installed.
I can only connect with success when i setup client with a l2tp connection without ipsec psk - just unencrypted l2tp.
Other connections - ...
0
votes
0
answers
185
views
Debug an IPsec connection
I have a PFsense firewall that is rejecting authentication on a peer to peer IPsec.
Why? Very hard to tell if you don't know where to look.
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] is all I have.
...
0
votes
0
answers
137
views
Azure site-to-site VPN and RDP issues
I have a site-to-site VPN created and connected, I have a local network gateway configured with my datacentre public IP along with the require local subnets at that datacentre listed. All public ...
0
votes
0
answers
392
views
iOS IKEv2 VPN fails to connect to MikroTik RouterOS 7.8 using Certificate Authentication
I am trying to connect an iPhone (iOS 16/17) to a MikroTik RouterOS 7.8 using IKEv2 + IPsec and it consistently fails.
The same configuration does work with a Debian 13 client using strongSwan.
The ...
0
votes
1
answer
96
views
Unable to access Cisco switch web interface under masquerade
I cannot access my Cisco Catalyst 3560 web interface from outside LAN (via ipsec VPN), even though I'm sourcenatted as the LAN IP. I can ping it and telnet to it, but http won't go.
Port 80 is opened ...
0
votes
0
answers
100
views
Docker and IPsec on same host: VPN reachable from Docker but no internet connection
We have a problem with the network configuration on a server running both IPsec and Docker. The server is a Ubuntu 24.04 and we are using strongSwan for IPsec.
The server itself has a public IP ...
0
votes
1
answer
364
views
Limit RDP connections to specific hosts
We need to limit RDP connections to a specific laptop. This means users are allowed to logon using RDP only from a specific laptop and not fron any other computers.
We checked Windows Firewall, but ...
1
vote
1
answer
224
views
Two "conn" sections in ipsec.conf, but only one used by Libreswan
I am building a setup so that I can connect to my home LAN from anywhere. It looks like this:
Mobile device (roadwarrior) <- IPSec -> VPN server <- IPSec -> Home router
I have successfully ...
0
votes
1
answer
225
views
Merge multiple IPsec VPN connections
I have three local networks at different locations:
Network A with IP range 192.168.20.0 Network B with IP range 192.168.10.0 Network C with IP range 192.168.178.0
Eventually, I want to be able to ...
0
votes
0
answers
117
views
ESP packets sent from my Ubuntu server, but no response from VPN server
I'm trying to set up an IPsec VPN from my Ubuntu server to a remote VPN endpoint. The connection seems to initiate correctly, but I only see outgoing ESP packets and no incoming responses.
From ...
0
votes
1
answer
468
views
How to configure Strongswan server to use my ECP-256 private key in Ubuntu Linux?
I am setting up a Strongswan server in Linux Ubuntu 24.04. I have a certificate from LetsEncrypt, which generated an ECP-256 private key. The problem is that when I try to connect to the charon ...
0
votes
0
answers
71
views
Can't Reach Specific Host Over IPsec LAN-to-LAN VPN (pfSense ↔ DrayTek)
I'm setting up a site-to-site IPsec VPN (IKEv2) between two networks:
Network A: 192.168.1.0/24 (behind a DrayTek router)
Network B: 10.1.24.0/24 (behind a pfSense firewall)
The tunnel is ...
1
vote
0
answers
385
views
Strongswan (swanctl) example config results in: cant install route.... Conflicts with IKE
Since upgrading to 5.9.14 (previous i think was 5.9.10) i get an error like the following:
can't install route for 192.168.0.10/32 == 192.168.0.20/32 out, conflics with IKE traffic.
insatlled trap ...
0
votes
1
answer
342
views
nftables syntax for ipsec/xfrm policy matching
I have an IPtables matching as -m policy --dir out --pol ipsec --mode tunnel --tunnel-src 1.1.1.2 --tunnel-dst 1.1.1.1. I know that this matching works with nftables in compatible mode as xt "...