New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please add support for IKEv2 for IPSec VPN #13
Comments
You can port openswan or strongswan. |
http://www.vpnusers.com/viewtopic.php?f=7&t=3056 |
It would be really great if IKEv2 is added. SoftEther is a nice and mature project with userspace IPSec implementation, which is very useful in contailers like OpenVZ, where you can't just load kernel modules. |
If you add IKEV2, I Could migrate from RockhopperVPN and Could connect my Blackberry. |
@balu88, you can use strongSwan with kernel-libipsec, if you need userspace IPsec implementation (I suppose you use rockhopper only because of that). |
@ValdikSS, I use Rockhopper because of its easy configuration and administration. But thanks for the info, didn't knew about the lib.
|
@balu88, by the way, strongSwan has web-interface and pretty easy to configure (if we talk about openswan/libreswan) and is very thoroughly documented. |
IKEv2 is very important for me or other blackberry and nokia lumia users. please do support for IKEv2 |
@ValdikSS are u talking about dumm? send link to strongSwan web-interface please. |
@dnobori - thx for the great SE package. very awesome. do you have a quick start guide on porting strongSwan to SE? |
@complexi https://wiki.strongswan.org/projects/1/wiki/Manager
lol |
@ValdikSS lol indeed. thx for the strongSwan link. |
IKEv2 is the default method for VPN's in windows 7. Lack of support is causing allot of issues |
2015 If IKEv2 isn't supported bump to support it. |
Support for IKEv2 would be good |
+1 IKEv2 |
+1 IKEv2 |
I agree IKEv2 support would be much appreciated. |
+1 IKEv2 |
IKEv2 would be good for mobile applications, would open up a realm of possibility for native VPN apps for iOS. |
Implementing individual cert for IPSEC and OpenVPN is IMNSHO more
|
Also came here to say it would be very nice to see IKEv2 support in the SoftEther project. |
Yes please add IKEv2 support |
Yes please add IKEv2 support |
Hi everyone. Just to let you know I needed IPSec/IKEv1 in tunneling mode, so I'm currently working on implementing it in SoftEther and actually investing time in that. Hopefully after that I'll find time to add IKEv2, doing a port from strongswan. So if anyone wants to help with IPSec tunneling or with IKEv2 or just need to exchange ideas, I'll be glad to talk |
Any update? We can not create vpn connection on iOS programatically. It supports only NEVPNProtocolIPSec or NEVPNProtocolIKEv2 At this point SoftEtherVPN is meanless for iOS Developers 🤒 |
And no news on adding or hint how to make IKEv2 work with SE setup? |
+1 |
+1 IKEv2 |
+1 IKEv2 |
+1 IKEv2 |
+1 IKEv2 |
================================================================= ==1505093==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000366b88 at pc 0x7f72afadc34a bp 0x7f72990fa390 sp 0x7f72990fa388 READ of size 4 at 0x607000366b88 thread T22 #0 0x7f72afadc349 in GetCaps /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 SoftEtherVPN#1 0x7f72afadc382 in GetCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1802 SoftEtherVPN#2 0x7f72afaf72a5 in GetServerCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1098 SoftEtherVPN#3 0x7f72afaf7318 in GetServerCapsBool /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1104 SoftEtherVPN#4 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4887 SoftEtherVPN#5 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4824 SoftEtherVPN#6 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5548 SoftEtherVPN#7 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5515 SoftEtherVPN#8 0x7f72afaf81d6 in SiWriteConfigurationToCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:3166 SoftEtherVPN#9 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6593 SoftEtherVPN#10 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6569 SoftEtherVPN#11 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6561 SoftEtherVPN#12 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6547 SoftEtherVPN#13 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:872 SoftEtherVPN#14 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:827 SoftEtherVPN#15 0x7f72af76eeb4 in UnixDefaultThreadProc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1604 SoftEtherVPN#16 0x7f72af4ffc56 in start_thread (/lib64/libc.so.6+0x8cc56) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2) SoftEtherVPN#17 0x7f72af585a6f in __clone3 (/lib64/libc.so.6+0x112a6f) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2) 0x607000366b88 is located 24 bytes inside of 72-byte region [0x607000366b70,0x607000366bb8) freed by thread T0 here: #0 0x7f72afed7fc8 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xd7fc8) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76ed6f in UnixMemoryFree /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2072 previously allocated by thread T22 here: #0 0x7f72afed92ff in malloc (/lib64/libasan.so.8+0xd92ff) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76f35d in UnixMemoryAlloc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2053 Thread T22 created by T0 here: #0 0x7f72afe48966 in pthread_create (/lib64/libasan.so.8+0x48966) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76f713 in UnixInitThread /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1683 SUMMARY: AddressSanitizer: heap-use-after-free /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 in GetCaps Shadow bytes around the buggy address: 0x607000366900: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 0x607000366980: 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa 0x607000366a00: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa 0x607000366a80: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 0x607000366b00: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fd fd =>0x607000366b80: fd[fd]fd fd fd fd fd fa fa fa fa fa fd fd fd fd 0x607000366c00: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd 0x607000366c80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd 0x607000366d00: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x607000366d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x607000366e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8
================================================================= ==1505093==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000366b88 at pc 0x7f72afadc34a bp 0x7f72990fa390 sp 0x7f72990fa388 READ of size 4 at 0x607000366b88 thread T22 #0 0x7f72afadc349 in GetCaps /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 SoftEtherVPN#1 0x7f72afadc382 in GetCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1802 SoftEtherVPN#2 0x7f72afaf72a5 in GetServerCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1098 SoftEtherVPN#3 0x7f72afaf7318 in GetServerCapsBool /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1104 SoftEtherVPN#4 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4887 SoftEtherVPN#5 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4824 SoftEtherVPN#6 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5548 SoftEtherVPN#7 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5515 SoftEtherVPN#8 0x7f72afaf81d6 in SiWriteConfigurationToCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:3166 SoftEtherVPN#9 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6593 SoftEtherVPN#10 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6569 SoftEtherVPN#11 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6561 SoftEtherVPN#12 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6547 SoftEtherVPN#13 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:872 SoftEtherVPN#14 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:827 SoftEtherVPN#15 0x7f72af76eeb4 in UnixDefaultThreadProc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1604 SoftEtherVPN#16 0x7f72af4ffc56 in start_thread (/lib64/libc.so.6+0x8cc56) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2) SoftEtherVPN#17 0x7f72af585a6f in __clone3 (/lib64/libc.so.6+0x112a6f) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2) 0x607000366b88 is located 24 bytes inside of 72-byte region [0x607000366b70,0x607000366bb8) freed by thread T0 here: #0 0x7f72afed7fc8 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xd7fc8) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76ed6f in UnixMemoryFree /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2072 previously allocated by thread T22 here: #0 0x7f72afed92ff in malloc (/lib64/libasan.so.8+0xd92ff) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76f35d in UnixMemoryAlloc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2053 Thread T22 created by T0 here: #0 0x7f72afe48966 in pthread_create (/lib64/libasan.so.8+0x48966) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76f713 in UnixInitThread /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1683 SUMMARY: AddressSanitizer: heap-use-after-free /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 in GetCaps Shadow bytes around the buggy address: 0x607000366900: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 0x607000366980: 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa 0x607000366a00: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa 0x607000366a80: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 0x607000366b00: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fd fd =>0x607000366b80: fd[fd]fd fd fd fd fd fa fa fa fa fa fd fd fd fd 0x607000366c00: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd 0x607000366c80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd 0x607000366d00: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x607000366d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x607000366e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8
================================================================= ==1505093==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000366b88 at pc 0x7f72afadc34a bp 0x7f72990fa390 sp 0x7f72990fa388 READ of size 4 at 0x607000366b88 thread T22 #0 0x7f72afadc349 in GetCaps /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 SoftEtherVPN#1 0x7f72afadc382 in GetCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1802 SoftEtherVPN#2 0x7f72afaf72a5 in GetServerCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1098 SoftEtherVPN#3 0x7f72afaf7318 in GetServerCapsBool /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1104 SoftEtherVPN#4 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4887 SoftEtherVPN#5 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4824 SoftEtherVPN#6 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5548 SoftEtherVPN#7 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5515 SoftEtherVPN#8 0x7f72afaf81d6 in SiWriteConfigurationToCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:3166 SoftEtherVPN#9 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6593 SoftEtherVPN#10 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6569 SoftEtherVPN#11 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6561 SoftEtherVPN#12 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6547 SoftEtherVPN#13 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:872 SoftEtherVPN#14 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:827 SoftEtherVPN#15 0x7f72af76eeb4 in UnixDefaultThreadProc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1604 SoftEtherVPN#16 0x7f72af4ffc56 in start_thread (/lib64/libc.so.6+0x8cc56) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2) SoftEtherVPN#17 0x7f72af585a6f in __clone3 (/lib64/libc.so.6+0x112a6f) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2) 0x607000366b88 is located 24 bytes inside of 72-byte region [0x607000366b70,0x607000366bb8) freed by thread T0 here: #0 0x7f72afed7fc8 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xd7fc8) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76ed6f in UnixMemoryFree /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2072 previously allocated by thread T22 here: #0 0x7f72afed92ff in malloc (/lib64/libasan.so.8+0xd92ff) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76f35d in UnixMemoryAlloc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2053 Thread T22 created by T0 here: #0 0x7f72afe48966 in pthread_create (/lib64/libasan.so.8+0x48966) (BuildId: 9501248886f79bf1482f3e153f794be742818172) SoftEtherVPN#1 0x7f72af76f713 in UnixInitThread /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1683 SUMMARY: AddressSanitizer: heap-use-after-free /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 in GetCaps Shadow bytes around the buggy address: 0x607000366900: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 0x607000366980: 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa 0x607000366a00: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa 0x607000366a80: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 0x607000366b00: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fd fd =>0x607000366b80: fd[fd]fd fd fd fd fd fa fa fa fa fa fd fd fd fd 0x607000366c00: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd 0x607000366c80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd 0x607000366d00: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x607000366d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x607000366e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8
+1 IKEv2 |
1 similar comment
+1 IKEv2 |
IKEv2 is a pretty complex standard. Using a library is probably a possibility, but I didn't find any which would be suitable for SoftEther. |
One way I see how this could be made is probably borrow parts of OpenIKED (https://github.com/openiked/openiked-portable). Which seems to have a compatible license. But this isn't a library, so still kinda problematic. |
It should be possible to sidestep that issue by letting users download & build StrongSwan/OpenSwan separately from SoftEther, right? SoftEther needs to be able to load their libraries dynamically and then call into them if they're available, but there's no need for SoftEther to actually bundle or distribute them. Would it be possible to consider this approach? |
@mehrdadn |
I would have thought that Google v. Oracle would have included this as fair use? Being able to replace strongSwan with a substitute is an interoperability question, and would necessarily require its headers. If a user happens to download strongSwan itself (rather than a substitute), it will work too—that's exactly what interoperability is. I'm not sure I see how this is different from that case, but I guess I'm not a lawyer either... |
@mehrdadn |
@Evengard That's what the FSF and GNU advertise, but as Wikipedia mentions, it's not really the consensus. This bit is particularly noteworthy:
If we assume the FSF/GNU's prohibition on dynamic linking is correct, and that merely using the headers is a violation, then what about all these closed-source proprietary Linux kernel modules (such as from NVIDIA)? Are they illegal? (Edit: That said though, obviously I think it's quite understandable if the project sees this as a risk, regardless of what I or others may believe about the GPL's limits.) |
Hello, I found myself here looking for a way to connect my Android 13 phone. I understand that, for the time being, it could be done only with a third-party app: what is the suggested one at the moment? Thank you |
@pdario |
@Evengard Does VPN Client Pro support NAT traversal? I also tried both other options, but neither work for me. EDIT: Apparently NAT-T support was added in the beginning of 2023 so I decided to give it a shot and it works like a charm! VPN Client Pro is the way to go if you need NAT-T support. |
I got another idea. Instead of my above suggestion, what if we added a layer of indirection as follows?
I'm not a lawyer/nothing I've said is legal advice, but as a layperson it sounds to me like this may alleviate your concern? Even if you believe compiling against GPL headers would create a derived work, this would avoid that issue, since SoftEther no longer |
I never knew about that fork: https://github.com/NovaVPN/SoftEtherVPN |
Good news. First, folks over at NovaVPN confirmed that their code is Apache 2.0, aka compatible with the main SoftEtherVPN codebase. Second, I started integrating it with the current codebase. That will take some time (I have problems with free time right now), but the work has started. |
hi, any news? |
I have problems with time lately. The implementation is far from complete, as it's lacking authorization. I'll get back to that as soon as I find time... |
Why is this still not resolved after 10 (!) years? Also, I used Openvpn connect app as a workaround with sample config exported from Windows client to connect to my VPN on Android 13. |
@Evengard , your turn )) since you have an appetite for backporting NovaVPN , what can improve your progress ? @vantablack333 , btw, we accept pull requests. |
Yeah, sorry for that. I started doing it, but stumbled upon the fact that in the NordVPN code the authentication wasn't implemented at all. It does use EAP auth, so I started to refactor that from the PPP code to reuse it here, but was too busy lately to keep working on that. |
The current IPSec VPN is based on ISAKMP(IKEv1). Please add support to IKEv2.
You can port openswan or strongswan.
The text was updated successfully, but these errors were encountered: