Jump to content
Read the Funtoo Newsletter: Summer 2023 ×

ipsec based vpn


romikb

Recommended Posts

there is no preferred software use what you want :)
 

net-vpn/strongswan [1]
     Homepage:            http://www.strongswan.org/
     Description:         IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE
net-vpn/libreswan [1]

     Homepage:            https://libreswan.org/
     Description:         IPsec implementation for Linux, fork of Openswan

[1] "net-kit"

let me know if you encounter any problems along the way.

Link to comment
Share on other sites

  • 1 month later...

I install and configure strongswan but network packets not going from host, plase help.

ipsec.conf

conn %default
        left=%any
        leftauth=pubkey
        leftcert=rb-ipsec-server-60.pem
        leftsubnet=0.0.0.0/0
        right=%any
        rightauth=pubkey
        rightsourceip=192.168.14.0/24

conn ikev2
        keyexchange=ikev2
        auto=add

Other configs are default.

# eix strongswan
[I] net-vpn/strongswan [1]
     Available versions:  5.5.3 (~)5.6.0 5.6.0-r1 (~)5.6.2 {+caps +constraints curl debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl pam pkcs11 selinux sqlite strongswan_plugins_blowfish strongswan_plugins_ccm strongswan_plugins_ctr strongswan_plugins_gcm strongswan_plugins_ha strongswan_plugins_ipseckey +strongswan_plugins_led +strongswan_plugins_lookip strongswan_plugins_ntru strongswan_plugins_padlock strongswan_plugins_rdrand +strongswan_plugins_systime-fix strongswan_plugins_unbound +strongswan_plugins_unity +strongswan_plugins_vici strongswan_plugins_whitelist}
     Installed versions:  5.6.2(04:27:39 PM 05/15/2018)(caps constraints gmp non-root openssl pam strongswan_plugins_led strongswan_plugins_lookip strongswan_plugins_systime-fix strongswan_plugins_unity strongswan_plugins_vici -curl -debug -dhcp -eap -farp -gcrypt -ldap -mysql -networkmanager -pkcs11 -selinux -sqlite -strongswan_plugins_blowfish -strongswan_plugins_ccm -strongswan_plugins_ctr -strongswan_plugins_gcm -strongswan_plugins_ha -strongswan_plugins_ipseckey -strongswan_plugins_ntru -strongswan_plugins_padlock -strongswan_plugins_rdrand -strongswan_plugins_unbound -strongswan_plugins_whitelist)
     Homepage:            http://www.strongswan.org/
     Description:         IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE
# sysctl -a | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Traceroute from android client

# traceroute 8.8.8.8
1: hostip
2: *
...
3: *
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...