Page MenuHomeVyOS Platform
Create Task
Maniphest T1251

IKEv2 Agile VPN Support
Closed, DuplicatePublicFEATURE REQUEST
Actions

Description

Since I've written the support for IKEv2 Agile VPN Support for EdgeOS/VyOS back in the day, I think it's time to revisit this community provided package.

As it currently stands, the extensions I've written currently supports:

  • Basic IKEv2 Agile Remote Access VPN
  • Users Authenticated against a RADIUS Server

Since IKEv2 Agile Remote Access VPN's were meant to be integrated within a Microsoft Active Directory environment, I've only tested this implementation against a Microsoft NPS based RADIUS server, but however this in theory should work with most RADIUS compliant servers that implements at the very least EAP-MSCHAPv2.

The code for the IKEv2 Agile VPN configuration scripts could be found here:

https://github.com/TriJetScud/vyos-agile-vpn/

Since I haven't made any changes to it in the past year or so, I don't even know if it'll work on the current releases of VyOS, but then again go ahead and merge this into VyOS mainline :P

Details

Version
-

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedsarthurdevT2816 Rewrite IPsec scripts with the new XML/Python approach
 DuplicateFEATURE REQUESTNoneT1251 IKEv2 Agile VPN Support

Event Timeline

TriJetScud created this task.Feb 18 2019, 9:58 AM
TriJetScud edited a custom field.
syncer triaged this task as Wishlist priority.Feb 18 2019, 10:12 AM
syncer subscribed.

I think we have a much fresher strongman,
maybe someone picks it up to rewrite in python

pasik subscribed.Mar 12 2019, 6:06 PM
dongjunbo subscribed.Dec 31 2019, 10:15 AM
dongjunbo added a comment.Jan 1 2020, 2:53 PM

@TriJetScud How about this feature request? Will it works on vyos 1.3 ?

syncer raised the priority of this task from Wishlist to Normal.Jan 1 2020, 3:12 PM
dongjunbo added a comment.Jan 23 2020, 1:14 AM

@TriJetScud Would please make it works on vyos latest version ?

dongjunbo added a comment.Feb 1 2020, 4:08 PM

@TriJetScud @syncer We really need this feature to replace pfsense with vyos in our production environment.

dongjunbo added a comment.Feb 1 2020, 4:53 PM

@sync Is that possible merge it to vyos mainline ?

Alfa80 subscribed.Feb 1 2020, 6:13 PM
Unknown Object (User) added a parent task: T2816: Rewrite IPsec scripts with the new XML/Python approach.Sep 18 2020, 10:40 AM
c-po closed this task as a duplicate of T1210: About IKEv2 IPSec VPN remote access.Jul 3 2021, 5:20 PM
c-po mentioned this in rVYOSONEX405954522b8e: ipsec: T1210: T1251: add dependency on libcharon-extauth-plugins.Jul 3 2021, 5:58 PM
c-po subscribed.Jul 4 2021, 10:00 AM

https://github.com/vyos/vyos-1x/pull/908

c-po added a comment.Jul 4 2021, 10:03 AM

@dongjunbo this is a very very basic PR for VyOS 1.4 with the goal to implement this into the main VyOS release.

I still have some issues getting an iOS 14 device to connect using eap-mschapv2, maybe you have some ideas?

Features that will be added later on will be radius auth and relay to a dhcp server

Restricted Repository Identity mentioned this in rVYOSONEXcaed454a1d15: Merge pull request #908 from c-po/ipsec-ikev2-remote-access.Jul 4 2021, 7:19 PM
c-po mentioned this in rVYOSONEX1c727bd25ef2: ipsec: T1210: T1251: add "local" traffic-selector include definition.Jul 4 2021, 7:19 PM
c-po mentioned this in rVYOSONEXc8bf1deec9ce: ipsec: T1210: T1251: add remote-access "name-server" definition to pool config.
c-po mentioned this in rVYOSONEX79f1c891f3ae: ipsec: T1210: T1251: extend ra config with address pools/traffic selectors.
c-po mentioned this in rVYOSONEXb2bf1592189f: ipsec: T1210: T1251: IKEv2 road-warrior support.
Restricted Repository Identity mentioned this in rVYOSONEX0b93fce06526: ipsec: T1210: T1251: Add more features to remote-access connections.Jul 6 2021, 10:22 AM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 8:40 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:15 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.