configuring an IPSec VPN is super fucking annoying
configuring an IPSec VPN is super fucking annoying
09[IKE] DH group ECP_256 unacceptable, requesting ECP_256
7 comments
-
-
Is there a reason you can’t use wireguard or whatever the thing I was using before I switched to it that I can’t remember the name of right now?
-
no, in fact I gave up on IPSec since I posted this and have started working on a wireguard setup because fuck this unmaintained pile of shit
-
It can be easier to find help with wireguard setups. I hope you succeed.
I learned how to do IPsec by using a perfectly functional example config in one room and changing things one tiny step at a time until it got where I needed it. IPsec can be very stable and simple but you gotta have your ducks in a row first.
-
-
-
I'm gonna shill it again on here, but Pangolin is actually a really great tunnel manager if you need one. I toss it up on a vps then just spool up the newt containers on an endpoint in any network and it lets you expose ports and reverse proxy services through an admin UI.
It's really just some sugar on top of Traefik and Wireguard, so you could just configure all that yourself, but sometimes I like having an admin pannel.
You can even specify multiple endpoints for an exposed service and it'll load balance for you. Exposing raw TCP/UDP ports through the tunnel drops the internal validation (all services require authentication through Pangolin before you are allowed to access them), but as long as you set up like fail2ban or ssh key only access on the endpoint server you should be fine.
It does let you toggle availability through the admin panel or the config files and that kills the tunnel instantly so I usually just leave them off till I need them.
7 comments
[IKE] KDF_PRF with PRF_HMAC_SHA2_256 not supported[IKE] key derivation failed