[arch-general] ikev2 strongswan client on Arch
Hi I have successfully setup strongswan VPN server following instructions here[1]. I tested the server by connecting a Blackberry client and a Windows Phone client. Both used IKEv2 and worked fine. I have another laptop, running Arch, that I want to connect to the VPN server. But I can't figure how to configure strongswan as client. The link [1] doesn't describe it. Neither could I find such information from google. Regards, [1] https://wiki.archlinux.org/index.php/StrongSwan
Hi, Have you read https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup ? On Mar 17, 2016 10:59 AM, "Fulcrum" <fulcrummike@hotmail.com> wrote:
Hi
I have successfully setup strongswan VPN server following instructions here[1]. I tested the server by connecting a Blackberry client and a Windows Phone client. Both used IKEv2 and worked fine.
I have another laptop, running Arch, that I want to connect to the VPN server. But I can't figure how to configure strongswan as client. The link [1] doesn't describe it. Neither could I find such information from google.
Regards,
Hi On 03/18/2016 12:13 AM, Kenneth Jensen wrote:
Hi, Have you read https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup ?
Yes, I read it. But as per my ipsec.conf, my strongswan configuration doesn't support L2TP protocol. (please find my ipsec.conf towards the bottom of this email). My other clients are using IKEv2 without any problem. I haven't tested any other client with L2TP yet. # ipsec.conf - strongSwan IPsec configuration file config setup # uniqueids=never charondebug="cfg 2, dmn 2, ike 2, net 2" conn %default keyexchange=ikev2 ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024! esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1! dpdaction=clear dpddelay=300s rekey=no left=%any leftsubnet=0.0.0.0/0 leftcert=vpnHostCert.pem right=%any rightdns=8.8.8.8,8.8.4.4 rightsourceip=172.16.16.0/24 conn IPSec-IKEv2 keyexchange=ikev2 auto=add conn IPSec-IKEv2-EAP also="IPSec-IKEv2" rightauth=eap-mschapv2 rightsendcert=never eap_identity=%any conn CiscoIPSec keyexchange=ikev1 # forceencaps=yes rightauth=pubkey rightauth2=xauth auto=add
Hi On 03/18/2016 12:13 AM, Kenneth Jensen wrote:
Hi, Have you read https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup ?
Yes, I read it. But as per my ipsec.conf, my strongswan configuration doesn't support L2TP protocol. (please find my ipsec.conf towards the bottom of this email). My other clients are using IKEv2 without any problem. I haven't tested any other client with L2TP yet. # ipsec.conf - strongSwan IPsec configuration file config setup # uniqueids=never charondebug="cfg 2, dmn 2, ike 2, net 2" conn %default keyexchange=ikev2 ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024! esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1! dpdaction=clear dpddelay=300s rekey=no left=%any leftsubnet=0.0.0.0/0 leftcert=vpnHostCert.pem right=%any rightdns=8.8.8.8,8.8.4.4 rightsourceip=172.16.16.0/24 conn IPSec-IKEv2 keyexchange=ikev2 auto=add conn IPSec-IKEv2-EAP also="IPSec-IKEv2" rightauth=eap-mschapv2 rightsendcert=never eap_identity=%any conn CiscoIPSec keyexchange=ikev1 # forceencaps=yes rightauth=pubkey rightauth2=xauth auto=add
participants (2)
-
Fulcrum
-
Kenneth Jensen