romikb Posted April 29, 2018 Report Share Posted April 29, 2018 What is the prefered software for building ipsec based vpn inside funtoo container? With ikev2 and certificate based auth. PS: move pls to Funtoo Hosting forum. Link to comment Share on other sites More sharing options...
palica Posted April 30, 2018 Report Share Posted April 30, 2018 there is no preferred software use what you want :) net-vpn/strongswan [1] Homepage: http://www.strongswan.org/ Description: IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE net-vpn/libreswan [1] Homepage: https://libreswan.org/ Description: IPsec implementation for Linux, fork of Openswan [1] "net-kit" let me know if you encounter any problems along the way. Link to comment Share on other sites More sharing options...
romikb Posted April 30, 2018 Author Report Share Posted April 30, 2018 Funtoo Containers are Containers so possible have some restrictions for this. IPsec configuration not trivial so it is better to know what software are compatible. Link to comment Share on other sites More sharing options...
romikb Posted June 2, 2018 Author Report Share Posted June 2, 2018 I install and configure strongswan but network packets not going from host, plase help. ipsec.conf conn %default left=%any leftauth=pubkey leftcert=rb-ipsec-server-60.pem leftsubnet=0.0.0.0/0 right=%any rightauth=pubkey rightsourceip=192.168.14.0/24 conn ikev2 keyexchange=ikev2 auto=add Other configs are default. # eix strongswan [I] net-vpn/strongswan [1] Available versions: 5.5.3 (~)5.6.0 5.6.0-r1 (~)5.6.2 {+caps +constraints curl debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl pam pkcs11 selinux sqlite strongswan_plugins_blowfish strongswan_plugins_ccm strongswan_plugins_ctr strongswan_plugins_gcm strongswan_plugins_ha strongswan_plugins_ipseckey +strongswan_plugins_led +strongswan_plugins_lookip strongswan_plugins_ntru strongswan_plugins_padlock strongswan_plugins_rdrand +strongswan_plugins_systime-fix strongswan_plugins_unbound +strongswan_plugins_unity +strongswan_plugins_vici strongswan_plugins_whitelist} Installed versions: 5.6.2(04:27:39 PM 05/15/2018)(caps constraints gmp non-root openssl pam strongswan_plugins_led strongswan_plugins_lookip strongswan_plugins_systime-fix strongswan_plugins_unity strongswan_plugins_vici -curl -debug -dhcp -eap -farp -gcrypt -ldap -mysql -networkmanager -pkcs11 -selinux -sqlite -strongswan_plugins_blowfish -strongswan_plugins_ccm -strongswan_plugins_ctr -strongswan_plugins_gcm -strongswan_plugins_ha -strongswan_plugins_ipseckey -strongswan_plugins_ntru -strongswan_plugins_padlock -strongswan_plugins_rdrand -strongswan_plugins_unbound -strongswan_plugins_whitelist) Homepage: http://www.strongswan.org/ Description: IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE # sysctl -a | grep net.ipv4.ip_forward net.ipv4.ip_forward = 1 Traceroute from android client # traceroute 8.8.8.8 1: hostip 2: * ... 3: * Link to comment Share on other sites More sharing options...
Recommended Posts