[strongSwan] Strongswan doesn't route through VPN on Windows 10, but works on android.

Hi. I've got a strange problem, and I hope you could help: I am currently using StrongSwan to protect my mobile devices when using Free Wifi Access Points. On Android, using the StrongSwan App, I can connect to the VPN, and all Traffic is routed through the VPN (if I disable the forwarding

Re: [strongSwan] dhcp plugin: migration from IKEv1 to IKEv2 breaks dhcp leases

Hi Harald, > if I migrate the road warriors from IKEv1 to IKEv2, then > they get new mac addresses (using identity_lease = yes in > dhcp.conf). Is that the only thing you changed? Same strongSwan version? > Each road warrior has kept his certificate and his ID > (AFAICT), so I wonder if missed

Re: [strongSwan] Cert and EAP-mschapv2 Auth?

Hi Mike, > Is this a client software limitation? Yes, Microsoft's built-in IKEv2 client does not support RFC 4739 that defines multiple authentication exchanges. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswa

Re: [strongSwan] manual bypass policy for client-server architecture using transport mode

Hi Plevin, >> conn client-1-bypass >> left=192.168.0.1 >> right=192.168.0.2 >> rightsubnet=192.168.0.2[tcp/5001] >> leftfirewall=yes >> type=passthrough >> authby=secret >> auto=add You configured this like

Re: [strongSwan] Can strongswan work with ip port forwarding and not NAT

Hi Christopher, > Jul 8 11:47:06 localhost charon: 04[CFG] left=41.60.182.160 You shouldn't set `left` to the public IP address of the NAT, the host won't be able to send messages from it: > Jul 8 11:47:11 localhost charon: 03[NET] sending packet: from > 41.60.182.160[500] to 185.3.95.94[500

Re: [strongSwan] Setup site-to-site VPN via central server

Hi Martin, > There are basically 2 separate questions: > 1. Do I need to setup ip route on vpn.example.org? What do you mean? > 2. What are the right iptables to route traffic from the two home > networks to each other? Depends on the existing firewall configuration. But traffic between the su

Re: [strongSwan] Same config for strongSwan, different outcome between Android and iOS

Hi Laurens, > I've added 'fragmentation=yes' to the server, same issue. Please have a look at the client log. Does it send an IKE_AUTH message? Is it fragmented? If so, check with Wireshark/tcpdump on the server whether any packets arrive. >>> >>> I can send log file

Re: [strongSwan] Strongswan doesn't route through VPN on Windows 10, but works on android.

Hi Dirk, > But in Windows, the connection status states "IP 10.1.1.21, Netmask > 255.255.255.255, No Gateway", so that any traffic to the internet is > send unencryptedly via the normal internet connection. > > What do I have to do to let windows route everything through the VPN? You might have t

[strongSwan] manual bypass policy for client-server architecture using transport mode

Hello, Any pointers on this request are greatly appreciated... I'm trying to configure a client-server architecture using transport mode and shared secret auth. By default, all communication will be encrypted, but there will be a small exception list based on port and protocol. Anything

Re: [strongSwan] Setup site-to-site VPN via central server

Hi Tobias Thanks for your reply. Please find more details below. Regarding #1, on the server I have configured another IP address for the network device: ip addr add 192.168.1.0/24 dev eth0 Do I need to add a route as well? Central server internal IP: 192.168.1.0, external IP: vpn.example.org