Replies: 2 comments
-
This is my charon.log file.
|
Beta Was this translation helpful? Give feedback.
0 replies
-
Have you resolved this issue? I'm also in need of a virtual IP and I'm wondering if I need to find a specific driver for it |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Dear Maintainers & Developers
I have successfully set up a remote Libreswan server for IKEv2 connection and tested all the native IKEv2 clients provided by the system (Windows, macOS and iOS), under which I am able to access the resources (in my case, within
10.206.0.0/24
) on my server using certificate authentication method.On the other hand, for the need of enhanced control over IPsec (e.g. the ability to replace encryption components, which is not achievable with native system clients), I am interested in setting up strongSwan as a road warrior client. I have built the applications from source following the official instructions.
My initial attempt was on macOS, using
charon-cmd
along with a few parameters, and I established a connection effortlessly with virtual IP successfully installed. I believe the road warrior client can be also set up on Linux with little discernible difference, since tunnel device is well supported.For my Windows build,
charon-svc
is used with thekernel-iph
andkernel-wfp
plugins enabled (kernel-libipsec
disabled). However, I have noticed that tun_device_t is not supported, thus making it impossible to install virtual IP on Windows.So I tried the roadwarrior configuration without virtual IP. Below is the
swanctl.conf
configuration file on my Windows 10 client machine.I start the service, the SAs are established successfully. But I am not able to access the
10.206.0.0/24
resources.I look up the charon log file, it seems that the server proposed my public IP address
124.42.60.YY/32
on ISP as the traffic selector for me. But the actual network traffic is not going through the tunnel.I am wondering if there is any solution to this scenario without virtual IP with proper configuration.
Or must I create tunnel device to solve the problem? Since I have some experience working with Wireguard on Windows previously, I guess it is possible to port the
Wintun
network adapter driver for use in the strongSwan Windows plugin. If tunnel device can be created for this particular situation, which kernel plugin should I focus on?Beta Was this translation helpful? Give feedback.
All reactions