IPSec IKEv2 #110
Comments
|
Agreed - IPSec is indeed blocked in China, although I am unable to verify the part about Cisco IPsec. It's still worth looking into, however. |
|
L2TP/IPSec still works fine in some areas, but IKEv2 option as well will be great add on too! |
|
IKEV2 will enable always-on features in android + iOS8 |
|
I am willing to develop this feature. |
|
I've been looking into this today. I think it probably makes the most sense to also use Libreswan for IKEv2 and to provide users with a choice during the setup process between L2TP/IPsec and IKEv2 (probably defaulting to L2TP/IPsec). That approach would involve breaking Libreswan into a shared role that both the L2TP/IPsec and IKEv2 roles could depend upon. Each role would then just apply the correct configuration to the installation. I'm going to try to find some time over the next couple of weeks to get this done. @stevemcquaid: If you wanted to come up with a working IKEv2 configuration for Libreswan, that would be really helpful. They have a couple of examples on their Wiki, but I haven't had a chance to try them yet. We can easily create a dedicated user on new Streisand servers and rely on the PAM integration that appears to be present in Libreswan. On a related note, the iOS support for an always-on VPN is pretty terrible in my recent testing. You have to completely wipe and reset the phone or tablet in order to enable supervision, and then you have to create and apply a Configuration Profile. You cannot re-apply an existing backup after performing these steps; you truly need to start from scratch on your chosen device. Furthermore, an iOS device that has an always-on VPN enabled truly means that it is always on. If the VPN ever goes down for any reason, you completely lose access to the Internet. You cannot disable the always-on VPN from the phone itself, and you must update the Configuration Profile using Apple's Configurator tool on an OS X machine (or have access to a Mobile Device Management Server). Given all of that, always-on VPN support isn't really something that would work well for the average Apple user, which is a shame. The situation on Android is much better. IKEv2 is a far more modern protocol with better roaming and multiple-client support. Even though it isn't as widely supported as L2TP/IPsec, it will be a good option to have. |
|
Thank you so much @jlund for the thoughtful and detailed post I am actually in the process right now of getting this working via manual config for a Proof-Of-Concept: https://expats-in-china.com/t/setup-a-vpn-ipsec-on-centos-7-using-strongswan/27. Based on your thoughts, I will switch to libreswan. Your points about the tough configuration are spot-on. Is there anything we can do except wait for native support to get better? |
|
That guide looks like a really good start. I'm hoping that iOS 10 exposes always-on VPN as an option that doesn't require a Configuration Profile. Right now that feature appears to be targeted exclusively to corporate users and company-owned devices. I think we would be leading people down a very sad road and potentially causing more harm than good (e.g. wiped phones and lost pictures) by trying to make always-on VPN instructions for iOS part of Streisand's documentation right now. |
|
half year has passed. any progress on this feature? |
|
I think most people now who want this feature have switched over to: https://github.com/trailofbits/algo |
|
I didn't know about Algo, nice! I would use it, however.... I have both Android and iOS devices, and as Android does not support IKEv2, I need L2TP as well. Which Algo does not support :( I know you can install the StrongARM client but Android can only use L2TP (Or IKEv1) for "Always-On" VPN and I don't want to be constantly switching my VPN on (and risking data going out unencrypted when it drops off). But anyway I'm a bit verbose, in short, I still think IKEv2 would still be a great feature to have in streisand. |
# This is the 1st commit message: initial fr commit # This is the commit message StreisandEffect#2: readme completed # This is the commit message StreisandEffect#3: corrections # This is the commit message StreisandEffect#4: readme done # This is the commit message StreisandEffect#5: readme even more done # This is the commit message StreisandEffect#6: more corrections # This is the commit message StreisandEffect#7: initial commit for translated instructions # This is the commit message StreisandEffect#8: fixed typos # This is the commit message StreisandEffect#9: fixed markdown # This is the commit message StreisandEffect#10: fixed anchor # This is the commit message StreisandEffect#11: grammar and typos # This is the commit message StreisandEffect#12: fixed markdown # This is the commit message StreisandEffect#13: finished french instructions for windows l2tp/ipsec # This is the commit message StreisandEffect#14: androïde # This is the commit message StreisandEffect#15: finished osx instructions for l2tp/ipsec # This is the commit message StreisandEffect#16: finished linux l2tp/ipsec # This is the commit message StreisandEffect#17: finished ios l2tp/ipsec # This is the commit message StreisandEffect#18: common entries in l2tp translated # This is the commit message StreisandEffect#19: minor corrections # This is the commit message StreisandEffect#20: android l2tp/ipsec translations done # This is the commit message StreisandEffect#21: l2tp/ipsec french done # This is the commit message StreisandEffect#22: typos # This is the commit message StreisandEffect#23: initial commit for openconnect # This is the commit message StreisandEffect#24: partial windows instructions completed # This is the commit message StreisandEffect#25: removed idea files # This is the commit message StreisandEffect#26: renamed readme_fr to readme-fr # This is the commit message StreisandEffect#27: windows oc instructions done # This is the commit message StreisandEffect#28: finished osx instructions, updated brew url to https # This is the commit message StreisandEffect#29: oc linux instructions done, minor corrections # This is the commit message StreisandEffect#30: stuff # This is the commit message StreisandEffect#31: oc instructions french done # This is the commit message StreisandEffect#32: minor correction # This is the commit message StreisandEffect#33: initial commit for openvpn instructions fr # This is the commit message StreisandEffect#34: finished windows ovpn instructions # This is the commit message StreisandEffect#35: copypasta the common stuff # This is the commit message StreisandEffect#36: typos # This is the commit message StreisandEffect#37: removed azure from upcoming features fr # This is the commit message StreisandEffect#38: updated azure Readme-fr.md # This is the commit message StreisandEffect#39: Silence la censure. Automatiser l'effet # This is the commit message StreisandEffect#40: minor corrections # This is the commit message StreisandEffect#41: minor corrections # This is the commit message StreisandEffect#42: more translations # This is the commit message StreisandEffect#43: finished macos ovpn instructions # This is the commit message StreisandEffect#44: eeeeeeeeee # This is the commit message StreisandEffect#45: openvpn linux cli done # This is the commit message StreisandEffect#46: finish linux ovpn network manager # This is the commit message StreisandEffect#47: ovpn android done # This is the commit message StreisandEffect#48: finished ovpn ios instructions # This is the commit message StreisandEffect#49: minor correction # This is the commit message StreisandEffect#50: initial commit for shadowsocks-fr # This is the commit message StreisandEffect#51: windows shadowsocks done # This is the commit message StreisandEffect#52: shadowsocks macos done # This is the commit message StreisandEffect#53: really macos is done # This is the commit message StreisandEffect#54: commit before merge # This is the commit message StreisandEffect#55: finished ff shadowsocks instructions # This is the commit message StreisandEffect#56: shadowsocks done # This is the commit message StreisandEffect#57: initial commit for wg fr # This is the commit message StreisandEffect#58: initial commit for ssh fr # This is the commit message StreisandEffect#59: windows ssh instructions done # This is the commit message StreisandEffect#60: linux-osx ssh done # This is the commit message StreisandEffect#61: linux osx alternative ssh done # This is the commit message StreisandEffect#62: android almost done # This is the commit message StreisandEffect#63: finished instructions for shadowsocks # This is the commit message StreisandEffect#64: mirror index fr done # This is the commit message StreisandEffect#65: tunnel ssh # This is the commit message StreisandEffect#66: progress for streisang-gateway fr # This is the commit message StreisandEffect#67: finished windows gateway instructions # This is the commit message StreisandEffect#68: manual ssl verification done # This is the commit message StreisandEffect#69: one more line # This is the commit message StreisandEffect#70: finished osx android gateway fr # This is the commit message StreisandEffect#71: ios gateway done # This is the commit message StreisandEffect#72: finished all of gateway instructions fr # This is the commit message StreisandEffect#73: initial commit for tor-fr # This is the commit message StreisandEffect#74: tor done # This is the commit message StreisandEffect#75: initial commit for azure-fr.md # This is the commit message StreisandEffect#76: azure-fr done # This is the commit message StreisandEffect#77: preparing to link it all up # This is the commit message StreisandEffect#78: working on i18n generation # This is the commit message StreisandEffect#79: Streisand CI Testing # This is the commit message StreisandEffect#80: attempt i18n.. # This is the commit message StreisandEffect#81: removed commented stuff # This is the commit message StreisandEffect#82: fixed lang loop in md templates # This is the commit message StreisandEffect#83: spelling # This is the commit message StreisandEffect#84: regex_replace # This is the commit message StreisandEffect#85: regex_replace # This is the commit message StreisandEffect#86: langauge_name # This is the commit message StreisandEffect#87: item in loop # This is the commit message StreisandEffect#88: trying iteritems # This is the commit message StreisandEffect#89: ocserv i18n # This is the commit message StreisandEffect#90: openvpn i18n # This is the commit message StreisandEffect#91: fixed stunnel status # This is the commit message StreisandEffect#92: updated shadowsocks instructions # This is the commit message StreisandEffect#93: shadowsocks i18n # This is the commit message StreisandEffect#94: finished ssh i18n # This is the commit message StreisandEffect#95: finished gateway i18n # This is the commit message StreisandEffect#96: adding index and firewall fr # This is the commit message StreisandEffect#97: finished tor i18n, adding .html to templates # This is the commit message StreisandEffect#98: finished wg i18n # This is the commit message StreisandEffect#99: wg with_dict not with_items # This is the commit message StreisandEffect#100: fixed streisand mirror index task # This is the commit message StreisandEffect#101: fixed shadowsocks mirror index fr # This is the commit message #102: streisand_markdown_mirror_page removed # This is the commit message StreisandEffect#103: streisand_ci = no # This is the commit message StreisandEffect#104: fixed tor gateway instructions # This is the commit message StreisandEffect#105: hopefully fixes all page generation issues # This is the commit message StreisandEffect#106: updated index-fr.html # This is the commit message StreisandEffect#107: l2tp oconnect should generate correctly now # This is the commit message StreisandEffect#108: fixed mirror links for i18n # This is the commit message StreisandEffect#109: finished remaining translation, mirror link fixes # This is the commit message StreisandEffect#110: fixed stunnel instructions # This is the commit message StreisandEffect#111: hopefully the last of the corrections # This is the commit message StreisandEffect#112: typos and grammatics # This is the commit message StreisandEffect#113: more corrections # This is the commit message StreisandEffect#114: mirroring french localized tor # This is the commit message StreisandEffect#115: minor corrections # This is the commit message StreisandEffect#116: clarifications # This is the commit message StreisandEffect#117: Somme de contrôle # This is the commit message StreisandEffect#118: s/potatso/cross # This is the commit message StreisandEffect#119: changed google links for fr to hl=fr # This is the commit message StreisandEffect#120: copypasta quirk # This is the commit message StreisandEffect#121: cleanup, removed shadowsocks OTA # This is the commit message StreisandEffect#122: removed shadowsocks from unattended upgrades # This is the commit message StreisandEffect#123: removed unecessary stuff from unattended upgrades # This is the commit message StreisandEffect#124: Streisand CI Testing # This is the commit message StreisandEffect#125: CI updates based on feedback # This is the commit message StreisandEffect#126: permissions # This is the commit message StreisandEffect#127: updated readme-fr # This is the commit message StreisandEffect#128: Update readme-fr No need for brew update anymore # This is the commit message StreisandEffect#129: removed ci
|
Closing in favour of StreisandEffect/discussions#21 |
Would like to have support of IPSec without l2tp.
l2tp is blocked often by GFW,
I hear that IKEv2 is never blocked.
The text was updated successfully, but these errors were encountered: