Questions tagged [ipsec]
129
questions
0
votes
0
answers
40
views
Strongswan - Communication doesn't work between hosts
I have created a SITE-TO-SITE IPSEC tunnel between my two branches, the tunnel is up and running and I can ping bidirectional both routers, the problem is that I can't do any type of communications (...
3
votes
1
answer
68
views
What's the "new" way of checking the established connections in strongswan
Previously it was in ipsec statusall.
Now with swanctl I can only see swanctl --list-conns but it only shows the configuration details, not the runtime statistics: eg bytes transferred, negotiated ...
- 829
0
votes
1
answer
240
views
Connect IPSEC VPN to network interface
I have a StrongSwan IPSEC VPN configured on my Ubuntu 22.04.4 LTS server. The VPN starts up and connects to the primary interface (eno1) successfully.
Using qBittorrent, I bind to the IP Address that ...
- 51
0
votes
0
answers
61
views
Gre over IPsec Throuput performance
I am testing FRR DMVPN using Strongswan IPSec + GRE. Tunnels work great and they are easily established between the branch offices. Tunnels work great and they are easily established between the ...
-1
votes
1
answer
375
views
Fix "unmanaged" network interface if it worked before
TL;DR;
Maybe I clicked vpn connect wrong and got disconnected from the network. That's why the answer is easy.
As usual I wanted to connect to my work network using ipsec via network manager applet. ...
- 1
0
votes
0
answers
49
views
OPNsense as an IPsec client
I want to setup a permanent VPN connection from one site to another. I already correctly set up an IPsec server on one site, reachable with a fixed IPv4 and IPv6, and domain.
What I want to do now, is ...
0
votes
0
answers
15
views
Packets not going through vpn (in net2net-same network) scenario
I have followed the guide for an implementation having the same network on both sides ( https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/)
And below are my configuration, I think ...
- 143
1
vote
0
answers
24
views
Unclear delays pinging over IPsec VPN
What could be the cause if every second ping is delayed for a second when pinging through the host-to-network VPN while at the same time pinging the security gateway outside the VPN takes 13 ms on ...
- 722
0
votes
0
answers
87
views
Using Strongswan IPSEC in Nvidia Jetson Device causes kernel crash - BUG: scheduling while atomic: swapper
I have an Nvidia Jetson Orin Nano with Linux for Tegra kernel 5.12.
I'm trying to use Strongswan which requires some modules to be set, which I did.
However, it seems that it is missing other kernel ...
- 101
1
vote
1
answer
884
views
IPSec tunnel works until rekeying, then gets NO_PROPOSAL_CHOSEN
Context
I have set up a site-to-site IPSec tunnel between a Raspberry Pi located in an office and a pfSense firewall in the cloud. I am using Strongswan for the Raspberry Pi side.
Issue
My tunnel ...
0
votes
0
answers
568
views
Debian 11: setting up L2TP + IPSec - IPSec fails?
I'm trying to configure a new VPN client (L2TP and IPSec) on a very small AWS EC2 system running Debian 11 without a desktop. I've got as far as getting NetworkManager to work, but the VPN connection ...
- 717
0
votes
1
answer
247
views
ip xfrm state update not changing auth/enc keys
I was testing the xfrm framework through the ip xfrm commands, and when testing the state update operation, I did not manage to change either the encryption keys or the authentication keys. A similar ...
- 1
0
votes
0
answers
58
views
Does `top` account for all CPU usage?
Does the linux top command account for all CPU time used by the system?
I'm trying to understand bottlenecks for IPsec processing on a linux system. In a particular case in point, the system is a VM ...
- 245
0
votes
1
answer
602
views
CA certificate misses CA basicConstraint
I am trying to create a self signed CA by doing the following:
ipsec pki --issue --cacert selfCA.pem --cakey ecdsaKEY.pem --ca --dn "..." --flag ikeintermediate --flag serverAuth --outform ...
- 11
0
votes
1
answer
628
views
ipsec pki error (plugin-openssl-failed-to-load-openssl-plugin-create-not found and no plugin file available)
Im trying to establish a vpn connection with a self signed certificate between 2 virtual machines in my M1 mac and it seems that its impossible to create the keys and the certificate due to the titles ...
- 11