Discussion:
[arch-general] ikev2 strongswan client on Arch
Fulcrum
2016-03-17 15:59:06 UTC
Permalink
Hi

I have successfully setup strongswan VPN server following instructions
here[1]. I tested the server by connecting a Blackberry client and a
Windows Phone client. Both used IKEv2 and worked fine.

I have another laptop, running Arch, that I want to connect to the VPN
server. But I can't figure how to configure strongswan as client. The
link [1] doesn't describe it. Neither could I find such information from
google.

Regards,


[1] https://wiki.archlinux.org/index.php/StrongSwan
Kenneth Jensen
2016-03-17 16:13:30 UTC
Permalink
Hi,
Have you read
https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup ?
Post by Fulcrum
Hi
I have successfully setup strongswan VPN server following instructions
here[1]. I tested the server by connecting a Blackberry client and a
Windows Phone client. Both used IKEv2 and worked fine.
I have another laptop, running Arch, that I want to connect to the VPN
server. But I can't figure how to configure strongswan as client. The link
[1] doesn't describe it. Neither could I find such information from google.
Regards,
[1] https://wiki.archlinux.org/index.php/StrongSwan
Fulcrum
2016-03-17 16:29:23 UTC
Permalink
Hi
Post by Kenneth Jensen
Hi,
Have you read
https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup ?
Yes, I read it. But as per my ipsec.conf, my strongswan configuration
doesn't support L2TP protocol. (please find my ipsec.conf towards the
bottom of this email). My other clients are using IKEv2 without any
problem. I haven't tested any other client with L2TP yet.



# ipsec.conf - strongSwan IPsec configuration file

config setup
# uniqueids=never
charondebug="cfg 2, dmn 2, ike 2, net 2"

conn %default
keyexchange=ikev2
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=vpnHostCert.pem
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=172.16.16.0/24

conn IPSec-IKEv2
keyexchange=ikev2
auto=add

conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any

conn CiscoIPSec
keyexchange=ikev1
# forceencaps=yes
rightauth=pubkey
rightauth2=xauth
auto=add
Fulcrum
2016-03-17 16:31:32 UTC
Permalink
Hi
Post by Kenneth Jensen
Hi,
Have you read
https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup ?
Yes, I read it. But as per my ipsec.conf, my strongswan configuration
doesn't support L2TP protocol. (please find my ipsec.conf towards the
bottom of this email). My other clients are using IKEv2 without any
problem. I haven't tested any other client with L2TP yet.



# ipsec.conf - strongSwan IPsec configuration file

config setup
# uniqueids=never
charondebug="cfg 2, dmn 2, ike 2, net 2"

conn %default
keyexchange=ikev2
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=vpnHostCert.pem
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=172.16.16.0/24

conn IPSec-IKEv2
keyexchange=ikev2
auto=add

conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any

conn CiscoIPSec
keyexchange=ikev1
# forceencaps=yes
rightauth=pubkey
rightauth2=xauth
auto=add

Loading...