StrongSwan: Difference between revisions

Line 298:

* The connection should now be ready to use!

Note: <code>GCMAES256</code> is used under <code>AuthenicationTransformConstants</code>, <code>CipherTransformsConstants</code> and <code>EncryptionMethod</code>, even though strongSwan only supports ESP over IKEv2. This is due to an oddity within Windows where if only <code>CipherTransformsConstants</code> and <code>EncryptionMethod</code> are configured, Windows either sends the wrong encryption proposal (AES256 without GCM) or refused to connect with a policy mismatch. Once all three fields are defined, the connection works correctly.

Note: <code>GCMAES256</code> is used under <code>AuthenicationTransformConstants</code>, <code>CipherTransformsConstants</code> and <code>EncryptionMethod</code>, even though strongSwan only supports ESP over IKEv2. This is due to an oddity within Windows where if only <code>CipherTransformsConstants</code> and <code>EncryptionMethod</code> are configured, Windows either sends the wrong encryption proposal (AES256 without GCM) or refused to connect with a policy mismatch. Once all three fields are defined, the connection works correctly

== Forwarding all traffic through the VPN (Full Tunnel)==

By default, at least in Windows 10 1809, only traffic for your local network behind the VPN server will be forwarded over the VPN connection. Connections to the internet will be forwarded over your local internet connection. This is known as "split-tunnelling". If you are creating this connection for ultimate security and want all your traffic to be forwarded over the tunnel, we need to configure a "full-tunnel".

* Open the Control Panel

* Click "Network and Sharing Centre"

* Click "Change adapter settings" down the left pane.

* Find the VPN connection (Thinkserver). Right-click it and click "Properties"

* Click the "Networking" tab

* Under the "This connection uses the following items:" header, click on "Internet Protocol Version 4 (TCP/IPv4)" line (not the check box)

* Towards the bottom of the new window, click the "Advanced" button

* Tick the "Use default gateway on remote network" checkbox. Click OK on all the settings windows.

This changes the tunnel from a split-tunnel to a full-tunnel. All traffic will be forwarded over the tunnel now.

= Miscellaneous Settings =

@@ Line 298: / Line 298: @@
 * The connection should now be ready to use!
-Note: <code>GCMAES256</code> is used under <code>AuthenicationTransformConstants</code>, <code>CipherTransformsConstants</code> and <code>EncryptionMethod</code>, even though strongSwan only supports ESP over IKEv2. This is due to an oddity within Windows where if only <code>CipherTransformsConstants</code> and <code>EncryptionMethod</code> are configured, Windows either sends the wrong encryption proposal (AES256 without GCM) or refused to connect with a policy mismatch. Once all three fields are defined, the connection works correctly.
+Note: <code>GCMAES256</code> is used under <code>AuthenicationTransformConstants</code>, <code>CipherTransformsConstants</code> and <code>EncryptionMethod</code>, even though strongSwan only supports ESP over IKEv2. This is due to an oddity within Windows where if only <code>CipherTransformsConstants</code> and <code>EncryptionMethod</code> are configured, Windows either sends the wrong encryption proposal (AES256 without GCM) or refused to connect with a policy mismatch. Once all three fields are defined, the connection works correctly
+== Forwarding all traffic through the VPN (Full Tunnel)==
+By default, at least in Windows 10 1809, only traffic for your local network behind the VPN server will be forwarded over the VPN connection. Connections to the internet will be forwarded over your local internet connection. This is known as "split-tunnelling". If you are creating this connection for ultimate security and want all your traffic to be forwarded over the tunnel, we need to configure a "full-tunnel".
+* Open the Control Panel
+* Click "Network and Sharing Centre"
+* Click "Change adapter settings" down the left pane.
+* Find the VPN connection (Thinkserver). Right-click it and click "Properties"
+* Click the "Networking" tab
+* Under the "This connection uses the following items:" header, click on "Internet Protocol Version 4 (TCP/IPv4)" line (not the check box)
+* Towards the bottom of the new window, click the "Advanced" button
+* Tick the "Use default gateway on remote network" checkbox. Click OK on all the settings windows.
+This changes the tunnel from a split-tunnel to a full-tunnel. All traffic will be forwarded over the tunnel now.
 = Miscellaneous Settings =