Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Questions migrating Linux Strongswan IKEv2 setup

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 780 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Strykar
      last edited by

      I have Strongswan IKEv2 VPN setup for mobile clients running on a Slackware linux machine.
      The clients are running Android and the latest strongswan ipsec client on their phones.
      We are looking at moving the VPN server to pfsense.

      Here's my current /etc/ipsec.conf:

      # ipsec.conf - strongSwan IPsec configuration file
      
      config setup
      	charondebug="cfg 2, lib 1, dmn 1, ike 3, net 1, knl 1"
      
      conn %default
      	keyexchange=ikev2
      	dpdaction=clear
      	ike=aes128gcm16-aesxcbc-modp2048
      	esp=aes128gcm16
      	dpddelay=300s
      	rekey=no
      	leftsubnet=0.0.0.0/0,2000::/3
       	leftcert=vpnHostCert.pem
      	leftid="C=CH, O=strongSwan, CN=slack14.wrtpoona.in"
      	right=%any
      	rightsourceip=%dhcp,2604:8800:100:8277:ffff:ffff:ffff:fffc/126 #4 IPv6 hosts
      
      	leftfirewall=yes
      	forceencaps=yes
      	compress=yes
      	auto=start
      
      conn IPSec-IKEv2
      	keyexchange=ikev2
      	auto=add
      

      I don't see an option for IKEv2 using certs in the Phase 1 proposal (Authentication method options).
      What type should I select in the drop down menu?

      How can I migrate this setup to pfsense?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        EAP-TLS is IKEv2 with per-user certificates.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.