Jump to content
funtoo forums
Sign in to follow this  
romikb

ipsec based vpn

Recommended Posts

What is the prefered software for building ipsec based vpn inside funtoo container? With ikev2 and certificate based auth.

 

PS: move pls to Funtoo Hosting forum.

Share this post


Link to post
Share on other sites

there is no preferred software use what you want :)
 

net-vpn/strongswan [1]
     Homepage:            http://www.strongswan.org/
     Description:         IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE
net-vpn/libreswan [1]

     Homepage:            https://libreswan.org/
     Description:         IPsec implementation for Linux, fork of Openswan

[1] "net-kit"

let me know if you encounter any problems along the way.

Share this post


Link to post
Share on other sites

Funtoo Containers are Containers so possible have some restrictions for this. IPsec configuration not trivial so it is better to know what software are compatible.

Share this post


Link to post
Share on other sites

I install and configure strongswan but network packets not going from host, plase help.

ipsec.conf

conn %default
        left=%any
        leftauth=pubkey
        leftcert=rb-ipsec-server-60.pem
        leftsubnet=0.0.0.0/0
        right=%any
        rightauth=pubkey
        rightsourceip=192.168.14.0/24

conn ikev2
        keyexchange=ikev2
        auto=add

Other configs are default.

# eix strongswan
[I] net-vpn/strongswan [1]
     Available versions:  5.5.3 (~)5.6.0 5.6.0-r1 (~)5.6.2 {+caps +constraints curl debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl pam pkcs11 selinux sqlite strongswan_plugins_blowfish strongswan_plugins_ccm strongswan_plugins_ctr strongswan_plugins_gcm strongswan_plugins_ha strongswan_plugins_ipseckey +strongswan_plugins_led +strongswan_plugins_lookip strongswan_plugins_ntru strongswan_plugins_padlock strongswan_plugins_rdrand +strongswan_plugins_systime-fix strongswan_plugins_unbound +strongswan_plugins_unity +strongswan_plugins_vici strongswan_plugins_whitelist}
     Installed versions:  5.6.2(04:27:39 PM 05/15/2018)(caps constraints gmp non-root openssl pam strongswan_plugins_led strongswan_plugins_lookip strongswan_plugins_systime-fix strongswan_plugins_unity strongswan_plugins_vici -curl -debug -dhcp -eap -farp -gcrypt -ldap -mysql -networkmanager -pkcs11 -selinux -sqlite -strongswan_plugins_blowfish -strongswan_plugins_ccm -strongswan_plugins_ctr -strongswan_plugins_gcm -strongswan_plugins_ha -strongswan_plugins_ipseckey -strongswan_plugins_ntru -strongswan_plugins_padlock -strongswan_plugins_rdrand -strongswan_plugins_unbound -strongswan_plugins_whitelist)
     Homepage:            http://www.strongswan.org/
     Description:         IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE
# sysctl -a | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Traceroute from android client

# traceroute 8.8.8.8
1: hostip
2: *
...
3: *

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×