Mastodawn

-=Kernel-Error=-Apr 4, 2019

FreeBSD als IPsec/L2TP-Client für Microsoft Windows Routing und RAS VPN

FreeBSD 12 als IPsec/L2TP-Client gegen Windows RRAS konfiguriert: strongSwan + mpd5, IKEv1, 3DES-SHA1, MS-CHAPv2-Auth, MPPE-Encryption. Manuelle Route-Verwaltung. Windows-Enterprise-VPN erfordert Spezialwissen, aber machbar.

https://www.kernel-error.de/2019/04/04/freebsd-als-ipsec-l2tp-client-an-einem-microsoft-windows-routing-und-ras-vpn-server/

Websplaining Apr 3

How To Set Up An IPsec With IKEv2 VPN Server On An Ubuntu Linux Cloud Server (VPS) https://youtu.be/RdgoB8HBx-I #Websplaining #IKEv2 #IPsec #VPN #VPS #CloudServer #VirtualPrivateServer #Ubuntu #Linux #strongSwan #hwdsl2 #Libreswan #xl2tpd #L2TP #Cisco #XAuth #VirualPrivateNetwork

How To Set Up An IPsec With IKEv2 VPN Server On An Ubuntu Linux Cloud Server (VPS)

YouTube

Hackread.com Mar 30

A 15-year-old flaw in strongSwan lets attackers crash VPNs using a simple integer underflow flaw. No auth needed, affects versions used for over a decade. Patch now.

Read: https://hackread.com/strongswan-flaw-attackers-crash-vpn-integer-underflow/

#CyberSecurity #Infosec #VPN #Vulnerability #strongSwan

15-Year-Old “Ghost” Bug in strongSwan Could Take VPN Networks Offline

15-year-old strongSwan flaw allows attackers to crash VPNs via integer underflow bug, affecting EAP-TTLS plugin and multiple versions worldwide.

Hackread - Cybersecurity News, Data Breaches, AI and More

RedPacket Security Mar 23

CVE Alert: CVE-2026-25075 - strongSwan - strongSwan - https://www.redpacketsecurity.com/cve-alert-cve-2026-25075-strongswan-strongswan/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-25075 #strongswan #

CVE Alert: CVE-2026-25075 - strongSwan - strongSwan - RedPacket Security

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to

RedPacket Security

Xabi Feb 26

#TIL Fortinet IPsec VPNs: they claim to support IKEv2 2FA (Certificate + EAP password), but they don't strictly enforce RFC 4739 for multiple authentication rounds.

If a native client (like strongSwan) ignores the cert and just asks for EAP, the FortiGate silently accepts it and falls back to password-only. It literally fails open!

#fortinet #fortigate #ipsec #vpn #strongswan #infosec

Sven Geggus Nov 17

Da muss man auch erst mal drauf kommen dass das #vici plugin für #strongswan im Paket strongswan-swanctl steckt.

Show thread

Robert Dahlem Nov 6

@beeb
If you are using #StrongSwan on your #Proxmox hypervisors: look out for https://github.com/strongswan/strongswan/discussions/2906

[solved] charon-systemd gets terminated by systemd under Debian 13 with Proxmox kernel 6.14.11-3-pve · strongswan strongswan · Discussion #2906

This is probably more of a kernel problem caused by changes made by the Proxmox team to the kernel. I am asking for some guidance to diagnosing this so I can write a proper bug report against Proxm...

GitHub

AliveDevil May 18, 2025

Anything missing for a general purpose x86 router?
#StrongSwan for my reverse proxy setup, and #netbird eventually for future usage.

#OpenWRT

Alexander Dunkel May 12, 2025

Wow! After delving into IPSec strongSwan rekeying, I now know that the initial 'data key' (Child SA) is like a quick handshake with no fancy secret exchange (PFS) (RTFM! [1]). However, for rekeys, it's full secret agent handshake mode! Writing the GitHub bug report, which turned out not to be a bug, helped me to understand my situation better. [2] Finally migrated to the new IPSEC connection setup in OPNsense and updated my blog post. [3]

(Now I expect to get answers, aka 'Use WireGuard!')

[1]: https://docs.strongswan.org/docs/latest/config/rekeying.html#_ikev2
[2]: https://github.com/opnsense/core/issues/8631
[3]: https://du.nkel.dev/blog/2021-11-19_pfsense_opnsense_ipsec_cgnat/

#IPsec #PFS #strongSwan #GeekAdventures #OPNsense