Page MenuHomeVyOS Platform
Create Task
Maniphest T1251

IKEv2 Agile VPN Support
Closed, DuplicatePublicFEATURE REQUEST
Actions

Description

Since I've written the support for IKEv2 Agile VPN Support for EdgeOS/VyOS back in the day, I think it's time to revisit this community provided package.

As it currently stands, the extensions I've written currently supports:

  • Basic IKEv2 Agile Remote Access VPN
  • Users Authenticated against a RADIUS Server

Since IKEv2 Agile Remote Access VPN's were meant to be integrated within a Microsoft Active Directory environment, I've only tested this implementation against a Microsoft NPS based RADIUS server, but however this in theory should work with most RADIUS compliant servers that implements at the very least EAP-MSCHAPv2.

The code for the IKEv2 Agile VPN configuration scripts could be found here:

https://github.com/TriJetScud/vyos-agile-vpn/

Since I haven't made any changes to it in the past year or so, I don't even know if it'll work on the current releases of VyOS, but then again go ahead and merge this into VyOS mainline :P

Details

Difficulty level
Easy (less than an hour)
Version
-
Why the issue appeared?
Will be filled on close

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedsarthurdevT2816 Rewrite IPsec scripts with the new XML/Python approach
 DuplicateFEATURE REQUESTNoneT1251 IKEv2 Agile VPN Support

Event Timeline

TriJetScud created this task.Feb 18 2019, 9:58 AM
TriJetScud changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
syncer triaged this task as Wishlist priority.Feb 18 2019, 10:12 AM
syncer added a subscriber: syncer.

I think we have a much fresher strongman,
maybe someone picks it up to rewrite in python

pasik added a subscriber: pasik.Mar 12 2019, 6:06 PM
dongjunbo added a subscriber: dongjunbo.Dec 31 2019, 10:15 AM
dongjunbo added a comment.Jan 1 2020, 2:53 PM

@TriJetScud How about this feature request? Will it works on vyos 1.3 ?

syncer raised the priority of this task from Wishlist to Normal.Jan 1 2020, 3:12 PM
dongjunbo added a comment.Jan 23 2020, 1:14 AM

@TriJetScud Would please make it works on vyos latest version ?

dongjunbo added a comment.Feb 1 2020, 4:08 PM

@TriJetScud @syncer We really need this feature to replace pfsense with vyos in our production environment.

dongjunbo added a comment.Feb 1 2020, 4:53 PM

@sync Is that possible merge it to vyos mainline ?

Alfa80 added a subscriber: Alfa80.Feb 1 2020, 6:13 PM
Unknown Object (User) added a parent task: T2816: Rewrite IPsec scripts with the new XML/Python approach.Sep 18 2020, 10:40 AM
c-po closed this task as a duplicate of T1210: About IKEv2 IPSec VPN remote access.Jul 3 2021, 5:20 PM
c-po added a subscriber: c-po.Jul 4 2021, 10:00 AM

https://github.com/vyos/vyos-1x/pull/908

c-po added a comment.Jul 4 2021, 10:03 AM

@dongjunbo this is a very very basic PR for VyOS 1.4 with the goal to implement this into the main VyOS release.

I still have some issues getting an iOS 14 device to connect using eap-mschapv2, maybe you have some ideas?

Features that will be added later on will be radius auth and relay to a dhcp server

syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 8:40 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:15 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.