RedPacket SecurityCVE Alert: CVE-2026-25075 - strongSwan - strongSwan - https://www.redpacketsecurity.com/cve-alert-cve-2026-25075-strongswan-strongswan/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-25075 #strongswan #
Xabi#TIL Fortinet IPsec VPNs: they claim to support IKEv2 2FA (Certificate + EAP password), but they don't strictly enforce RFC 4739 for multiple authentication rounds.
If a native client (like strongSwan) ignores the cert and just asks for EAP, the FortiGate silently accepts it and falls back to password-only. It literally fails open!
Sven GeggusDa muss man auch erst mal drauf kommen dass das #vici plugin für #strongswan im Paket strongswan-swanctl steckt.
Robert Dahlem@beeb
If you are using #StrongSwan on your #Proxmox hypervisors: look out for https://github.com/strongswan/strongswan/discussions/2906
If you are using #StrongSwan on your #Proxmox hypervisors: look out for https://github.com/strongswan/strongswan/discussions/2906
[solved] charon-systemd gets terminated by systemd under Debian 13 with Proxmox kernel 6.14.11-3-pve · strongswan strongswan · Discussion #2906
This is probably more of a kernel problem caused by changes made by the Proxmox team to the kernel. I am asking for some guidance to diagnosing this so I can write a proper bug report against Proxm...
AliveDevilAnything missing for a general purpose x86 router?
#StrongSwan for my reverse proxy setup, and #netbird eventually for future usage.
Alexander DunkelWow! After delving into IPSec strongSwan rekeying, I now know that the initial 'data key' (Child SA) is like a quick handshake with no fancy secret exchange (PFS) (RTFM! [1]). However, for rekeys, it's full secret agent handshake mode! Writing the GitHub bug report, which turned out not to be a bug, helped me to understand my situation better. [2] Finally migrated to the new IPSEC connection setup in OPNsense and updated my blog post. [3]
(Now I expect to get answers, aka 'Use WireGuard!')
[1]: https://docs.strongswan.org/docs/latest/config/rekeying.html#_ikev2
[2]: https://github.com/opnsense/core/issues/8631
[3]: https://du.nkel.dev/blog/2021-11-19_pfsense_opnsense_ipsec_cgnat/
СтранникНастраиваем собственный IKEv2/IPSec VPN сервер с помощью StrongSwan.
https://dalek.zone/videos/watch/d85f7c47-0050-42f3-9da8-e3f82f54dc44
Настраиваем собственный IKEv2/IPSec VPN сервер с помощью StrongSwan.
Nick B. 🇬🇧 🌳I am struggling to get my #archlinux IKE2 VPN working. I used to be able to just add the certificate and private key with the NetworkManager plug- in but now it complains about not being able to find the private key.
HabrХарденинг strongSwan на всякий постквантовый
strongSwan — опенсорсная имплементация IPsec, фреймворка VPN. Несмотря на полувековой стаж, проект продолжает развиваться: последняя на сегодня версия приложения вышла в декабре. У него подробная документация , есть блог с CVE и публичная база тестов . По полезной пропускной способности, задержке и утилизации CPU strongSwan превосходит Wireguard, но остаётся в тени — из-за сложности и малой пригодности для обхода блокировок. Зато перед теми, кто не ленится, он открывает широкий простор для экспериментов.
bls@lns Amen! I use strongSwan (maybe even more complex than ovpn?) but have it all tooled up, and not that impressed with #wg except on #pi4 and earlier where it smokes. But both #ovpn and #strongswan pretty much match it on a #pi5. I also like that literally EVERY OS has built-in drivers for strongSwan (#ipsec). https://github.com/gitbls/pistrong
