strongSwan VPN

strongSwan VPN tutorial

by Wojciech Błaszkowski

Our goal is to setup a connection (client) between two networks over L2TP. Generally traffic moves faster over PPTP, but L2TP VPNs are more secure.

We had received the connection detail directives from VPN Admin:
Authentication: PSK (password)
Encryption Method: IKEv1/IKEv2
Encryption Suite: AES-256 / SHA-256
Aggressive Mode: no

We had also IPv4 address of VPN gateway (12.34.56.78) and the internal network (172.25.193.0/23). On our side we have public IPv4 address (87.65.43.21) and our internal network (192.168.34.0/24).

On Debian 10 we need to install strongswan. And the example config file:

config setup
  charondebug="ike 2, knl 2, cfg 2, chd 2, dmn 2, mgr 2, job 2, net 2, enc 2, lib 2"

conn %default
  ikelifetime=60m
  keylife=1440m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev1
  authby=secret
  mobike=no
  ike=aes256-sha2_256-modp2048!
  esp=aes256-sha2_256!

conn vpn1
  aggressive=no
  auto=add
  left=12.34.56.78
  leftsubnet=172.25.193.0/23
  right=87.65.43.21
  rightsubnet=192.168.34.0/24

The file /etc/ipsec.secrets contains the password:

12.34.56.78 87.65.43.21 : PSK "Top_SeCrEt-pAsSwOrD"

Now we can restart strongswan, and try our config:

# ipsec up vpn1

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *

This site uses Akismet to reduce spam. Learn how your comment data is processed.