Page MenuHomeVyOS Platform

IKEv2 Agile VPN Support
Closed, DuplicatePublicFEATURE REQUEST


Since I've written the support for IKEv2 Agile VPN Support for EdgeOS/VyOS back in the day, I think it's time to revisit this community provided package.

As it currently stands, the extensions I've written currently supports:

  • Basic IKEv2 Agile Remote Access VPN
  • Users Authenticated against a RADIUS Server

Since IKEv2 Agile Remote Access VPN's were meant to be integrated within a Microsoft Active Directory environment, I've only tested this implementation against a Microsoft NPS based RADIUS server, but however this in theory should work with most RADIUS compliant servers that implements at the very least EAP-MSCHAPv2.

The code for the IKEv2 Agile VPN configuration scripts could be found here:

Since I haven't made any changes to it in the past year or so, I don't even know if it'll work on the current releases of VyOS, but then again go ahead and merge this into VyOS mainline :P


Difficulty level
Easy (less than an hour)
Why the issue appeared?
Will be filled on close

Related Objects

Needs testingsdev

Event Timeline

TriJetScud changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
syncer triaged this task as Wishlist priority.Feb 18 2019, 10:12 AM
syncer added a subscriber: syncer.

I think we have a much fresher strongman,
maybe someone picks it up to rewrite in python

@TriJetScud How about this feature request? Will it works on vyos 1.3 ?

syncer raised the priority of this task from Wishlist to Normal.Jan 1 2020, 3:12 PM

@TriJetScud Would please make it works on vyos latest version ?

@TriJetScud @syncer We really need this feature to replace pfsense with vyos in our production environment.

@sync Is that possible merge it to vyos mainline ?

@dongjunbo this is a very very basic PR for VyOS 1.4 with the goal to implement this into the main VyOS release.

I still have some issues getting an iOS 14 device to connect using eap-mschapv2, maybe you have some ideas?

Features that will be added later on will be radius auth and relay to a dhcp server