IPSEC connection through Wifi on a Orange Livebox

Recently I had to connect to my client's IPSEC based VPN. To do so, I use Strongswan 5.9.1 on Debian Linux. I use the wifi of my ISP router (Orange Livebox).

With NetworkManager, it works without much trouble. But as I'm a weirdo aiming at having a minimalist system, I want to get rid of NetworkManager and use directly wpa_supplicant. I found a way to configure Strongswan's client with ipsec.conf. And, it fails to connect. Server does not evn respond to IKE_SA_INIT request. Why is there a difference of behaviour, comparing to a connection with NetworkManager?

Later on, I give another try using the 4G connection of my phone. And it works with wpa_supplicant and ipsec.

Once I'm back home, new try and it's failing again! So, the problem is the router. Google is my friend and the problem is coined. IPSEC does not work on wifi with 5GHz frequency. Only with 2.4 GHz. So I split SSIDs to distinguish both channels and I connect to the 2.4Hz with wpa_supplicant. VPN now work like a charm! Computers are crazy beasts.

For French readers, here is the thread that led me to the solution.

Posted on 2023-06-23 at 00:19

Previous Back Next