StrongSwan is an open-source VPN (Virtual Private Network) solution that provides secure communication between two or more networked devices/sites. It works based on the IPsec (Internet Protocol Security) protocol, which provides a framework for encrypting and authenticating IP packets between devices/sites.
StrongSwan is compatible with a wide range of platforms and devices, including Linux, Windows, macOS, iOS, and Android, It supports a variety of authentication methods, like certificate-based authentication, EAP (Extensible Authentication Protocol), and PSK (Pre-Shared Key) based authentication.
StrongSwan is known for its strong security features, including encryption and authentication algorithms such as AES (Advanced Encryption Standard), SHA-2 (Secure Hash Algorithm 2), and IKEv2 (Internet Key Exchange version 2). It also provides features such as NAT traversal, automatic rekeying, and support for multiple encryption and authentication algorithms.
it is a powerful and flexible VPN solution that is well-suited for both small and large-scale deployments.
Site 1 Gateway
Public IP: 149.56.13.171
Private IP: 192.168.1.1/24
Private Subnet: 192.168.1.0/24
Site 2 Gateway
Public IP: 149.56.134.94
Private IP: 192.168.0.1/24
Private Subnet: 192.168.0.0/24
both site:-
dnf install epel-release
dnf install strongswan
systemctl start strongswan
systemctl enable strongswan
systemctl status strongswan
vi /etc/sysconfig/network-scripts/route-eth0
#Site 1 Gateway
192.168.1.0/24 via 149.56.13.171
vi /etc/sysconfig/network-scripts/route-eth0
#Site 2 Gateway
192.168.0.0/24 via 149.56.134.94
Configuring Site 1 Connection Profile
# cp /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.orig
# vi /etc/strongswan/ipsec.conf
Copy and paste the following configuration in the file.
config setup
charondebug=”all”
uniqueids=yes
conn ateway1-to-gateway2
type=tunnel
auto=start
keyexchange=ikev2
authby=secret
left=149.56.13.171
leftsubnet=192.168.1.1/24
right=149.56.134.94
rightsubnet=192.168.0.1/24
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
aggressive=no
keyingtries=%forever
ikelifetime=28800s
lifetime=3600s
dpddelay=30s
dpdtimeout=120s
dpdaction=restart
Configuring Site 2 Connection Profile
# cp /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.orig
# vi /etc/strongswan/ipsec.conf
Copy and paste the following configuration in the file:
config setup
charondebug=”all”
uniqueids=yes
conn 2gateway-to-gateway1
type=tunnel
auto=start
keyexchange=ikev2
authby=secret
left=149.56.134.94
leftsubnet=192.168.0.1/24
right=149.56.13.171
rightsubnet=192.168.1.1/24
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
aggressive=no
keyingtries=%forever
ikelifetime=28800s
lifetime=3600s
dpddelay=30s
dpdtimeout=120s
dpdaction=restart
head -c 24 /dev/urandom | base64
vi /etc/strongswan/ipsec.secrets
#Site 1 Gateway
149.56.13.171 149.56.134.94 : PSK “0GE0dIEA0IOSYS2o22wYdicj/lN4WoCL”
vi /etc/strongswan/ipsec.secrets
#Site 2 Gateway
149.56.134.94 149.56.13.171 : PSK “0GE0dIEA0IOSYS2o22wYdicj/lN4WoCL”
systemctl restart strongswan
strongswan status