• View
• Edit
• History
• Print

Linuxstrongswan

strongswan is an IPsec VPN client. It is available in most linux distributions.

1. Install strongswan. If you are using debian, run:

$ sudo apt-get install strongswan

1. Download the certificate for the CA from the server (the ca.crt file)
2. Edit /etc/ipsec.conf:

ca example.org
  cacert=ca.crt
  auto=add

conn server1
  keyexchange=ikev2
  right=server1.example.org
  rightid=%server1.example.org
  rightsubnet=0.0.0.0/0
  rightauth=pubkey
  leftsourceip=%config
  leftauth=eap
  leftcert=client.example.org.crt
  auto=route
  eap_identity=username
  auto=add