On Mon, 13 Mar 2017, Brendan Kearney wrote:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_with_L2TP
If you are using only one client, you can get away with hardcoding the
one IP address you want to hand out as a subnet/32.
i am working on L2TP with PPP pointing to RADIUS
Ah, then see the above L2TP link.
I'm a little confused, as I am seeing IKEv2 and not IKEv1. Are you using
the strongswan client on android? In that case, you want to look at:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
Paul
android 4.4.2 gives options for advanced IPSec VPNs:
pre-shared key (IKEv1)
pre-shared key (IKEv2)
certificate (IKEv1)
certificate (IKEv2)
EAP and certificate (IKEv2)
L2TP pre-shared key (IKEv1)
L2TP certificate (IKEv1)
SecurID (IKEv1)
Oh, I did not know Android can now do IKEv2 as well natively. I wonder
what code they are using. racoon2 ?
i selected PSK IKEv2, which does not look like it matches what i am trying to
do on the server side. more digging to do...
You would need to pick either "L2TP pre-shared key (IKEv1)" or "L2TP
certificate (IKEv1)" depending on whether you want to use CERTS or PSK.
If you want to use certs, then look at:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH_with_Certificates
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
