[Swan] newb confusion
Paul Wouters
paul at nohats.ca
Mon Mar 13 20:45:33 UTC 2017
On Mon, 13 Mar 2017, Brendan Kearney wrote:
>> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_with_L2TP
>>
>> If you are using only one client, you can get away with hardcoding the
>> one IP address you want to hand out as a subnet/32.
> i am working on L2TP with PPP pointing to RADIUS
Ah, then see the above L2TP link.
>> I'm a little confused, as I am seeing IKEv2 and not IKEv1. Are you using
>> the strongswan client on android? In that case, you want to look at:
>>
>> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
>>
>> Paul
> android 4.4.2 gives options for advanced IPSec VPNs:
>
> pre-shared key (IKEv1)
> pre-shared key (IKEv2)
> certificate (IKEv1)
> certificate (IKEv2)
> EAP and certificate (IKEv2)
> L2TP pre-shared key (IKEv1)
> L2TP certificate (IKEv1)
> SecurID (IKEv1)
Oh, I did not know Android can now do IKEv2 as well natively. I wonder
what code they are using. racoon2 ?
> i selected PSK IKEv2, which does not look like it matches what i am trying to
> do on the server side. more digging to do...
You would need to pick either "L2TP pre-shared key (IKEv1)" or "L2TP
certificate (IKEv1)" depending on whether you want to use CERTS or PSK.
If you want to use certs, then look at:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH_with_Certificates
Paul
More information about the Swan
mailing list