Jump to content
funtoo forums
Sign in to follow this  
romikb

ipsec based vpn

Recommended Posts

there is no preferred software use what you want :)
 

net-vpn/strongswan [1]
     Homepage:            http://www.strongswan.org/
     Description:         IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE
net-vpn/libreswan [1]

     Homepage:            https://libreswan.org/
     Description:         IPsec implementation for Linux, fork of Openswan

[1] "net-kit"

let me know if you encounter any problems along the way.

Share this post


Link to post
Share on other sites

I install and configure strongswan but network packets not going from host, plase help.

ipsec.conf

conn %default
        left=%any
        leftauth=pubkey
        leftcert=rb-ipsec-server-60.pem
        leftsubnet=0.0.0.0/0
        right=%any
        rightauth=pubkey
        rightsourceip=192.168.14.0/24

conn ikev2
        keyexchange=ikev2
        auto=add

Other configs are default.

# eix strongswan
[I] net-vpn/strongswan [1]
     Available versions:  5.5.3 (~)5.6.0 5.6.0-r1 (~)5.6.2 {+caps +constraints curl debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl pam pkcs11 selinux sqlite strongswan_plugins_blowfish strongswan_plugins_ccm strongswan_plugins_ctr strongswan_plugins_gcm strongswan_plugins_ha strongswan_plugins_ipseckey +strongswan_plugins_led +strongswan_plugins_lookip strongswan_plugins_ntru strongswan_plugins_padlock strongswan_plugins_rdrand +strongswan_plugins_systime-fix strongswan_plugins_unbound +strongswan_plugins_unity +strongswan_plugins_vici strongswan_plugins_whitelist}
     Installed versions:  5.6.2(04:27:39 PM 05/15/2018)(caps constraints gmp non-root openssl pam strongswan_plugins_led strongswan_plugins_lookip strongswan_plugins_systime-fix strongswan_plugins_unity strongswan_plugins_vici -curl -debug -dhcp -eap -farp -gcrypt -ldap -mysql -networkmanager -pkcs11 -selinux -sqlite -strongswan_plugins_blowfish -strongswan_plugins_ccm -strongswan_plugins_ctr -strongswan_plugins_gcm -strongswan_plugins_ha -strongswan_plugins_ipseckey -strongswan_plugins_ntru -strongswan_plugins_padlock -strongswan_plugins_rdrand -strongswan_plugins_unbound -strongswan_plugins_whitelist)
     Homepage:            http://www.strongswan.org/
     Description:         IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE
# sysctl -a | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Traceroute from android client

# traceroute 8.8.8.8
1: hostip
2: *
...
3: *

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...