Scribd
Upload
143 views3 pages

VPN Strongswan

To establish a VPN connection using Strongswan, you need to fulfill network terms, have a valid password, and check your settings. You can install Strongswan via your Linux distribution's package manager or compile it manually. This involves downloading Strongswan, installing dependencies, and configuring/compiling. You then need to edit configuration files strongswan.conf, ipsec.conf, and ipsec.secret with the correct settings before establishing the VPN connection with the ipsec up command and closing it with ipsec down.

Uploaded by

Ananda Dwi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
143 views3 pages

VPN Strongswan

To establish a VPN connection using Strongswan, you need to fulfill network terms, have a valid password, and check your settings. You can install Strongswan via your Linux distribution's package manager or compile it manually. This involves downloading Strongswan, installing dependencies, and configuring/compiling. You then need to edit configuration files strongswan.conf, ipsec.conf, and ipsec.secret with the correct settings before establishing the VPN connection with the ipsec up command and closing it with ipsec down.

Uploaded by

Ananda Dwi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

VPN Strongswan

To establish a VPN connection, you need to fulfill the following:

• Confirm the network terms and conditions


• Your password must not be expired

You can check both at your Settings

Contents
• 1 Installation
♦ 1.1 Packetmanagement with Debian Wheezy and Jessie
♦ 1.2 Compile with Linux Mint (18)
• 2 Configuration
♦ 2.1 Preparation
♦ 2.2 strongswan.conf
♦ 2.3 ipsec.conf
♦ 2.4 ipsec.secret
• 3 Open / Close the VPN connection

Installation
Please perform only one of the following installation instructions and pay attention to the remarks at the end of each instruction!

Packetmanagement with Debian Wheezy and Jessie


Wheezy: Add the following source to get the newest Strongswan version: (/etc/apt/sources.list):
deb http://http.debian.net/debian wheezy-backports main

Execute the following commands after this:


apt-get update
apt-get -t wheezy-backports install ca-certificates strongswan libcharon-extra-plugins libstrongswan-extra-plugins libstrongswan-standard-plug

Jessie:

Execute the following commands after this:


apt-get update
apt-get install ca-certificates strongswan libcharon-extra-plugins libstrongswan-extra-plugins libstrongswan-standard-plugins

Additionally, you need to add the following lines to the init script(/etc/init.d/ipsec):
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs

Create links to the following configuration files:


ln -s /etc/strongswan.conf ~/Downloads/strongswan/
ln -s /etc/ipsec.conf ~/Downloads/strongswan/
ln -s /etc/ipsec.secrets ~/Downloads/strongswan/

Compile with Linux Mint (18)


If you want to compile it manually, you need to use the terminal. Open the start menu at the bottom left side, and search for "Terminal" and start it.
Change to the directory of your choice. Here is an example of creating a new directory in "Downloads" and then switching into it.
mkdir ~/Downloads/strongswan
cd ~/Downloads/strongswan/

After you switched into your strongswan directory, download the newest version of strongswan(here 5.5.1) and unzip the archive. Use the following
commands to perform this:
wget https://download.strongswan.org/strongswan.tar.gz
tar -xzvf strongswan.tar.gz

Your directory should now contain two new elements. Check it with the command "ls". You should see something like this:

Change to the directory of your downloaded version. Switch to "root" to execute the commands with highest authority. Download and install the following
packets:
cd strongswan-5.5.1/
sudo su
apt-get install libc-dev-bin libc6-dev libgmp-dev \
libgmpxx4ldbl libcurl3 libcurl4-openssl-dev \
libssl-dev zlib1g-dev

Set important parameters with ".configure ..." . Those will be needed to ensure a correct installation of Strongswan:
./configure --enable-curl --enable-eap-mschapv2 \
--enable-eap-identity --enable-openssl
Compile and install the program finally with:
make
make install
exit

Create links to the following configuration files:


ln -s /usr/local/etc/strongswan.conf ~/Downloads/strongswan/
ln -s /usr/local/etc/ipsec.conf ~/Downloads/strongswan/
ln -s /usr/local/etc/ipsec.secrets ~/Downloads/strongswan/

Please note:

If you do not require the packets to compile Strongswan any longer, you can remove them with:
sudo apt-get remove libc-dev-bin libc6-dev libgmp-dev zlib1g-dev\
libcurl4-openssl-dev libssl-dev

It is possible to deinstall Strongswan anytime, as long as the directory in which Strongswan was downloaded(here Downloads/Strongswan) is not
deleted. Open the Terminal, chance to your Strongswan directory and execute the following command:
make uninstall

This is also needed if you want to upgrade Strongswan to a newer version.

Configuration
After the installation, the following files need to be edited:
~/Downloads/strongswan/strongswan.conf
~/Downloads/strongswan/ipsec.conf
~/Downloads/strongswan/ipsec.secrets

Preparation
If you installed and compiled Strongswan manually, use the following command to create a link to the certificate of the Deutsche Telekom:
ln -s /etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem /usr/local/etc/ipsec.d/cacerts/

If you installed Strongswa with your packet manager, use this command instead:
ln -s /etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem /etc/ipsec.d/cacerts/

strongswan.conf
Open strongswan.conf with the editor of your choice(nano is used here).
sudo nano ~/Downloads/strongswan/strongswan.conf

This file must only contain the following text:


charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-msc
}

Everything other than this is unnecessary and will sabotage the connection.

ipsec.conf
Open ipsec.conf with the editor of your choice(nano is used here).
sudo nano ~/Downloads/strongswan/ipsec.conf

You must add the following text to the file:


conn hsmw-vpn
keyexchange=ikev2
left=%defaultroute
leftid=%any
leftauth=eap
eap_identity=username@hs-mittweida.de
leftsourceip=%config
leftdns=%config4
leftfirewall=no
right=141.55.128.84
rightid=@vpn4.hs-mittweida.de
rightsubnet=0.0.0.0/0
rightauth=pubkey
auto=add

Everything else in this file is needed and should not be deleted.

ipsec.secret
Open ipsec.secret with the editor of your choice(nano is used here).
sudo nano ~/Downloads/strongswan/ipsec.secret

You can add the following to this file:


username@hs-mittweida.de : EAP "K3nnw0rt"

Open / Close the VPN connection


To establish a vpn tunnel, the following command needs to be executed:
ipsec up hsmw-vpn

You can close the vpn tunnel with this command:


ipsec down hsmw-vpn

Reminder: If you installed and compiled strongswan manually, you need to start your ipsec service manually, too. Execute the following command:
ipsec start

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy