[arch-general] ikev2 strongswan client on Arch

Fulcrum fulcrummike at hotmail.com
Thu Mar 17 16:31:32 UTC 2016 

Hi



On 03/18/2016 12:13 AM, Kenneth Jensen wrote:
> Hi,
> Have you read
> https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup ?

Yes, I read it. But as per my ipsec.conf, my strongswan configuration 
doesn't support L2TP protocol. (please find my ipsec.conf towards the 
bottom of this email). My other clients are using IKEv2 without any 
problem. I haven't tested any other client with L2TP yet.



# ipsec.conf - strongSwan IPsec configuration file

config setup
	# uniqueids=never
	charondebug="cfg 2, dmn 2, ike 2, net 2"

conn %default
	keyexchange=ikev2
	ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
	esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
	dpdaction=clear
	dpddelay=300s
	rekey=no
	left=%any
	leftsubnet=0.0.0.0/0
	leftcert=vpnHostCert.pem
	right=%any
	rightdns=8.8.8.8,8.8.4.4
	rightsourceip=172.16.16.0/24

conn IPSec-IKEv2
	keyexchange=ikev2
	auto=add

conn IPSec-IKEv2-EAP
	also="IPSec-IKEv2"
	rightauth=eap-mschapv2
	rightsendcert=never
	eap_identity=%any

conn CiscoIPSec
	keyexchange=ikev1
	# forceencaps=yes
	rightauth=pubkey
	rightauth2=xauth
	auto=add

More information about the arch-general mailing list