IPSec IKEv2



1

Install packages

You will need to install some additional packages on your ubuntu/debian operation system to connect VPN over Ipsec-IKEv2. Please issue followings to begin setup.

sudo apt-get -y install strongswan libcharon-extra-plugins libstrongswan-extra-plugins libstrongswan-standard-plugins strongswan-starter

Create a link for certificates

rmdir /etc/ipsec.d/cacerts

ln -s /etc/ssl/certs /etc/ipsec.d/cacerts

2

Edit configuration

Replace MYUSERNAME with your username and "right= " server address (veripn_server_ip). You can change "auto=add" to "auto=start", if you to start VPN when system started.

printf '%s\n\t' 'conn VeriPN_London' 'keyexchange=ikev2' 'fragmentation=yes' 'dpdaction=clear' 'dpddelay=300s' 'leftid=MYUSERNAME' 'leftauth=eap-mschapv2' 'left=%defaultroute' 'leftsourceip=%config' 'right=veripn_server_ip' 'rightsubnet=0.0.0.0/0' 'rightid=%any' 'auto=add' > /etc/ipsec.conf

This linux script will write down the mandatory configuration settings into ipsec.conf file.

3

End up with config

You will end up with a config file that looks like this:

conn VeriPN_London
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
fragmentation=yes
leftid=MYUSERNAME
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=VeriPNserverIP>
rightsubnet=0.0.0.0/0
rightid=%any
auto=add

You will also need to disable the "constraints" plugin

sudo sed -i 's/load = yes/load = no/g' /etc/strongswan.d/charon/constraints.conf

Now you need to write your credentials into /etc/ipsec.secrets. Replace your username and password on the following command.

sudo printf '%s' 'MYUSERNAME' ' : EAP ' '"password"' >> /etc/ipsec.secrets
4

Connect

Then restart ipsec and you can now connect to VPN.

ipsec restart

ipsec up VeriPN_London