VPN: IKE V2 Support
IKE V2 is the newest innovation to IPSec and makes using of mobile clients a lot easier. I wish to integrate IKE V2 as soon as possible.
See: http://tools.ietf.org/html/rfc4306 (RFC 4306)
@StrongSWAN.. nothing you wrote seems it would be a problem. But what do you mean by "UTM"? If you are referring to UTM being an instance of Sophos, and then you want to have a Pi with StrongSWAN "between" the device and the UTM.. then the question goes to what your network looks like. However... the StrongSWAN IPSec router can also exist BEHIND a UTM. You can NAT IPSec traffic through a UTM or other FW and terminate the IPSec tunnel behind it somewhere. That is exactly what we did. And we actually had moved several IPSec tunnels from a UTM to another Linux VM behind it without even affecting the clients. Can email me directly for more help: email@example.com
coewar, We need to point-to site connect all sorts of non-Windows devices in various locations to Azure, eg a couple of VoIP phone in one location, a particular scanner that accesses a Azure drive in another location, a Linux machine in a third location etc. I think it would be cool to have your StrongSWAN solution on a Raspberry Pi that could then simply be put between the device and the UTM. Is this viable?
UTM 9.4 "elevated" ...still no IKEv2 support! It's needed for Microsoft Azure!!!
Many customers will switch to a product which supports IKEv2.
J B, same problem with my client. IKEv2 needed for Azure. To which product has your client decided to switch?
J B commented
AZURE requires IKEv2. I have clients at the end of their cycle and are ready to switch over. Unable to push them the XG line of firewalls. Going to cost Sophos a lot of money.
Mahdi Hedhli commented
They are working on this for the XG (Copernicus) line but unlikely it will gain support on UTM. Sure hope so!
Company and Contact Information
Company: Garnes Data AS
Sophos Product: SOphos UTM
Feature Request Summary: Need to have support for VPN: IKE V2 to set up Azure site 2 site vpn
How will this new feature address your business requirements?: Well without this feature we simply stop to sell Sophos, since we cannot use it with our datacenter and public azure.
How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have: 1
That's actually my request. But none-the-less... we abandoned this product and company and use straight up StrongSWAN and it works awesome.
Again, if you need help with this: firstname.lastname@example.org
Adrien Belcourt commented
IKE v2 is required for Azure.
IKE v2 is needed by credit card clearing house VPN.
IKE v2 is supported by Fortinet, Checkpoint, Dell (SonicWall), Cisco, Juniper, Watchgaurd who are all of the UTM Competitors in the top 3 of 4 Gartner Quadrants.
IKE v2 is supported by Windows.
IKE v2 is supported by the current StrongSwan code used in Sophos UTM.
All new feature delivery is through Copernicus but not available in V9. V9 currently has EAL4 certification, so is clearly not going away. Why no development in such a key EAL4 certified product? Copernicus is not even going to have parity to V9 till Summer 2016 (earliest). IKE V2 is a critical area that needs to be addressed to protect sales until Copernicus has moved past the early-adopter stage of product development.
This should be linked with Balfason’s request to “Upgrade to modern version of StrongSWAN which uses charon instead of pluto”. The combined votes would make it the number 4 feature request here.
I don't think they care. They are just milking UTM as much as possible until they eventually kill it off.
Sebastian Meyer commented
More and more customers need that feature for MS Azure!!!
we need it badly, please...
Fortigate vs. Barracuda commented
@sadness: What is your experience with the Fortigate 200Ds? Has anybody tried Barracuda?
That should have been applied long ago, please..
need also ikev2!
I lost a customer over this, so this has 3 of my votes, but until IKEv2 is supported, I have a workaround, here: www.mck.net/sophosazure.asp
Bob Alfson commented
This should be merged with the request for Charon to replace Pluto: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/3985799-upgrade-to-modern-version-of-strongswan-which-uses
We're forced to use IKE v2 because of Azure. If it takes any longer for the implementation of IKE V2 we are forced to replace our (and our client's) UTM's for more advanced VPN routers (unfortunately). Come on, IKE V2 has been available since 2005!
Richard Hulst commented
We need it to connect to Azure !!!!!!!
We just bought fortinet 200Ds to replace all of our UTMs to complete our cloud projects. Thanks Sophos, keep on losing one customer at a time!