Update 04/20/2014: Adjusted to take into account the modular configuration layout introduced in strongSwan 5.1.2. Tweaked cipher settings to provide perfect forward secrecy if supported by the client.
This article is a step by step guide on how to prepare strongSwan 5 to run your own private VPN, allowing you to stop snoopers from spying on your online activities, to bypass geo-restrictions, and to circumvent overzealous firewalls.
strongSwan is a modern and complete IPsec implementation with full support for IKEv1 and IKEv2. It’s natively supported by most modern clients, including Linux, Windows 7, Apple iOS, Mac OSX, FreeBSD and BlackBerry OS.
If you wonder why I chose strongSwan over Openswan, check out this post from strongSwan maintainer Prof. Andreas Steffen (yes, it’s biased and dated, but I find it convincing nonetheless).
Throughout this post I assume that you’re using Debian Wheezy. If you don’t – don’t worry. It should be easy to follow the guide even if you favor another Linux distribution.
Installation
Debian Wheezy ships with strongSwan 4.5.2. I prefer strongSwan 5, the new mainline branch, which got rid of Pluto in favor of a single daemon, charon, to handle both IKEv1 and IKEv2. Instead of installing from source, let’s get a copy from wheezy-backports, which includes strongSwan 5.1.2 from Debian testing recompiled for Wheezy.
Add wheezy-backports to your APT repository
$ echo "deb http://ftp.debian.org/debian wheezy-backports main" \
> /etc/apt/sources.list.d/wheezy-backports.list
$ apt-get update
Install strongSwan
$ apt-get -t wheezy-backports install strongswan libcharon-extra-plugins
This installs the strongSwan package along with its dependencies (there are only a few). To determine that you’re running the right version, do:
$ ipsec version
Output:
Linux strongSwan U5.1.2/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
Excellent – you’re now running strongSwan 5.1.2 on Linux kernel 3.2.0.
Certificate generation
Create your certification authority (CA)
The first step is to generate the X.509 certificates, including a certificate authority (CA), a server certificate, and at least one client certificate.
Let’s start by creating a self-signed root CA certificate.
$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 4096 \
--outform pem \
> private/strongswanKey.pem
$ chmod 600 private/strongswanKey.pem
$ ipsec pki --self --ca --lifetime 3650 \
--in private/strongswanKey.pem --type rsa \
--dn "C=CH, O=strongSwan, CN=strongSwan Root CA" \
--outform pem \
> cacerts/strongswanCert.pem
The result is a 4096 bit RSA private key strongswanKey.pem
(line 4) and a self-signed CA certificate strongswanCert.pem
(line 10) with a validity of 10 years (3650 days). The files are stored in PEM encoded format (I prefer working with PEM over binary DER, the strongSwan default).
You can change the Distinguished Name (DN) to more relevant values for country (C), organization (O), and common name (CN), but you don’t have to.
To list the properties of your newly generated certificate, type in the following command:
$ ipsec pki --print --in cacerts/strongswanCert.pem
Output:
cert: X509
subject: "C=CH, O=strongSwan, CN=strongSwan Root CA"
issuer: "C=CH, O=strongSwan, CN=strongSwan Root CA"
validity: not before Nov 22 11:55:41 2013, ok
not after Nov 20 11:55:41 2023, ok (expires in 3649 days)
serial: 65:39:93:df:a0:f8:40:03
flags: CA CRLSign self-signed
authkeyId: 45:30:11:da:a4:0e:0b:0a:a3:41:a5:81:41:ab:d8:04:7a:40:6c:c0
subjkeyId: 45:30:11:da:a4:0e:0b:0a:a3:41:a5:81:41:ab:d8:04:7a:40:6c:c0
pubkey: RSA 4096 bits
keyid: dc:15:91:95:04:07:a5:13:69:5f:77:65:26:d7:02:3f:60:ec:73:c8
subjkey: 45:30:11:da:a4:0e:0b:0a:a3:41:a5:81:41:ab:d8:04:7a:40:6c:c0
Create your VPN host certificate
$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 2048 \
--outform pem \
> private/vpnHostKey.pem
$ chmod 600 private/vpnHostKey.pem
$ ipsec pki --pub --in private/vpnHostKey.pem --type rsa | \
ipsec pki --issue --lifetime 730 \
--cacert cacerts/strongswanCert.pem \
--cakey private/strongswanKey.pem \
--dn "C=CH, O=strongSwan, CN=vpn.zeitgeist.se" \
--san vpn.zeitgeist.se \
--flag serverAuth --flag ikeIntermediate \
--outform pem > certs/vpnHostCert.pem
The result is a 2048 bit RSA private key vpnHostKey.pem
(line 4). In line 6 we extract its public key and pipe it over to issue vpnHostCert.pem
(line 13), a host certificate signed by your CA. The certificate has a validity of two years (730 days). It identifies the VPN host by its Fully Qualified Domain Name (FQDN) (here: vpn.zeitgeist.se).
Important: The domain name or IP address of your VPN server, which is later entered in the client’s connection properties, MUST be contained either in the subject Distinguished Name (here in CN, line 10) and/or in a subject Alternative Name (line11). I prefer to include it in both. Make sure both times to replace vpn.zeitgeist.se with your VPN’s hostname – or else the connection between client and server will fail!
Important: If you’re going to use the built-in VPN client of Windows 7, you MUST add the serverAuth extended key usage flag to your host certificate as shown above, or the client will refuse to connect. In addition, OS X 10.7.3 or older requires the ikeIntermediate flag, which we also added here. Since the addition of these two flags probably won’t hurt anyone (as far as I know), you should make sure you keep them there.
Let’s take a look at the properties of our newly generated certificate.
$ ipsec pki --print --in certs/vpnHostCert.pem
Output:
cert: X509
subject: "C=CH, O=strongSwan, CN=vpn.zeitgeist.se"
issuer: "C=CH, O=strongSwan, CN=strongSwan Root CA"
validity: not before Nov 22 21:16:51 2013, ok
not after Nov 22 21:16:51 2015, ok (expires in 729 days)
serial: 0c:05:d7:d5:57:0e:d9:48
altNames: vpn.zeitgeist.se
flags: serverAuth iKEIntermediate
authkeyId: 9b:57:35:fb:cd:9e:2d:20:37:1d:61:4c:e7:c4:5b:5e:dc:64:ad:fc
subjkeyId: 5f:12:c2:06:ee:2b:1e:cc:5f:78:54:ff:f0:f3:7b:a0:2b:c0:b4:d6
pubkey: RSA 2048 bits
keyid: 6f:a7:99:60:27:27:09:96:02:c1:b9:d9:7d:c1:b0:10:e3:e1:d5:45
subjkey: 5f:12:c2:06:ee:2b:1e:cc:5f:78:54:ff:f0:f3:7b:a0:2b:c0:b4:d6
Create a client certificate
Any client will require a personal certificate in order to use the VPN. The process is analogous to generating a host certificate, except that we identify a client certificate by the client’s e-mail address rather than a hostname.
$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 2048 \
--outform pem \
> private/AlexanderKey.pem
$ chmod 600 private/AlexanderKey.pem
$ ipsec pki --pub --in private/AlexanderKey.pem --type rsa | \
ipsec pki --issue --lifetime 730 \
--cacert cacerts/strongswanCert.pem \
--cakey private/strongswanKey.pem \
--dn "C=CH, O=strongSwan, CN=alexander@zeitgeist.se" \
--san alexander@zeitgeist.se \
--outform pem > certs/AlexanderCert.pem
The result is a 2048 bit RSA private key AlexanderKey.pem
(line 4). In line 6 we extract its public key and pipe it over to issue AlexanderCert.pem
(line 12), the first client certificate signed by your CA. The certificate has a validity of two years (730 days) and identifies the client by his e-mail address (here: alexander@zeitgeist.se).
Export client certificate as a PKCS#12 file
A VPN client needs a client certificate, its private key, and the signing CA certificate. The most convenient way is to put everything in a single signed PKCS#12 file and export it with a paraphrase.
$ cd /etc/ipsec.d/
$ openssl pkcs12 -export -inkey private/AlexanderKey.pem \
-in certs/AlexanderCert.pem -name "Alexander's VPN Certificate" \
-certfile cacerts/strongswanCert.pem \
-caname "strongSwan Root CA" \
-out Alexander.p12
Now you can send Alexander.p12 and its export paraphrase to the person who’s going to install it onto the client. In some cases (iOS for example) you have to separately include the CA certificate cacerts/strongswanCert.pem
.
Revoke a certificate (if necessary)
If a certificate is lost or stolen, it must be revoked so nobody can use it to connect to your VPN server. Assuming the certificate from the previous step got stolen, we revoke it with:
$ cd /etc/ipsec.d/
$ ipsec pki --signcrl --reason key-compromise \
--cacert cacerts/strongswanCert.pem \
--cakey private/strongswanKey.pem \
--cert certs/AlexanderCert.pem \
--outform pem > crls/crl.pem
This generates the new certificate revocation list (CRL) crls/crl.pem. When someone tries to authenticate with the stolen certificate, he’ll receive an authentication credentials error message, and your log file will contain something like:
charon: 13[CFG] certificate was revoked
on Nov 24 17:34:40 UTC 2013, reason: key compromise
To add another revoked certificate to the same list, we need to copy the existing list into a temporary file:
$ cd /etc/ipsec.d/
$ cp crls/crl.pem crl.pem.tmp
$ ipsec pki --signcrl --reason key-compromise \
--cacert cacerts/strongswanCert.pem \
--cakey private/strongswanKey.pem \
--cert certs/AnotherStolenCert.pem \
--lastcrl crl.pem.tmp \
--outform pem > crls/crl.pem
$ rm crl.pem.tmp
Certificates – Recap
So far you’ve created the following files:
/etc/ipsec.d/private/strongswanKey.pem # CA private key
/etc/ipsec.d/cacerts/strongswanCert.pem # CA certificate
/etc/ipsec.d/private/vpnHostKey.pem # VPN host private key
/etc/ipsec.d/certs/vpnHostCert.pem # VPN host certificate
/etc/ipsec.d/private/AlexanderKey.pem # Client "Alexander" private key
/etc/ipsec.d/certs/AlexanderCert.pem # Client "Alexander" certificate
/etc/ipsec.d/Alexander.p12 # Client "Alexander" PKCS#12 file
The private key /etc/ipsec.d/private/strongswanKey.pem
of the CA should be moved somewhere safe, possibly to a special signing host without access to the Internet. Theft of this master signing key would completely compromise your public key infrastructure.
Server configuration
Only three files are required for your strongSwan configuration:
/etc/strongswan.conf
, which may point to a directory containing further configuration snippets/etc/ipsec.conf
/etc/ipsec.secrets
Fortunately, the default strongSwan application configuration works just fine for us. For the purpose of this article there is nothing you need to do here. I invite you though to take a look at the strongSwan Wiki for a full list of configuration options of strongswan.conf.
Let’s do the fun stuff. Here is my /etc/ipsec.conf
file:
# ipsec.conf - strongSwan IPsec configuration file
config setup
# uniqueids=never
charondebug="cfg 2, dmn 2, ike 2, net 2"
conn %default
keyexchange=ikev2
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=vpnHostCert.pem
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=172.16.16.0/24
conn IPSec-IKEv2
keyexchange=ikev2
auto=add
conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
conn CiscoIPSec
keyexchange=ikev1
# forceencaps=yes
rightauth=pubkey
rightauth2=xauth
auto=add
This configuration has settings for three types of VPN services: IKEv2 + RSA certificate, IKEv2 + EAP, and IKEv1 + Xauth RSA, thus providing compatibility for a wide range of IPsec clients.
Let’s go briefly over the important items:
- line 4: (disabled here) by default only one client can connect at the same time with an identical certificate and/or password combo; the newer connection will always replace the older (in other words, a new connecting client using the same credentials kicks out the older still connected client). If you don’t like this, for instance because you want to use the same client certificates on multiple clients at the same time, enable this option
- line 5: slightly more verbose logging. Very useful for debugging. Check out this link for a full list of options.
- line 7: individual conn sections inherit the settings from the conn %default section. Put everything in here that you would otherwise have to repeat in the other conn sections. Helps to keep your setting file more concise.
- line 21: settings specific to IKEv2 + RSA certificate connections
- line 25: settings specific to IKEv2 + EAP connections
- line 31: settings specific to IKEv1 + Xauth RSA connections
Your best resource for learning more about the available options is the strongSwan Wiki.
For now, if you like to enable your VPN server as quickly as possible, use above configuration as a template; only make sure to modify line 16 leftcert=vpnHostCert.pem to name your host VPN certificate instead.
Lastly, here is my /etc/ipsec.secrets
file:
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
: RSA vpnHostKey.pem
user1 : EAP "topsecretpassword"
user2 : XAUTH "evenmoretopsecretpassword"
- line 8: identifies the private key of the VPN host to allow your host to authenticate itself with its host certificate
- line 9: defines an EAP credential (username / password) that can be used by clients to connect without client certificate
- line 10: defines an XAUTH credential (username / password) that is required in addition to a client certificate for IKEv1 + Xauth RSA connections (as used by Apple iOS clients for example)
Whenever you edit /etc/ipsec.secrets
while strongSwan is running, you must reload the file:
$ ipsec rereadsecrets
Once again, the strongSwan Wiki has all the details if you are interested.
You’re almost done setting up your server. There are a few things left to make your VPN server properly route the VPN tunnel:
$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
$ echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
Or to make it permanent, add the following to your /etc/sysctl.conf
file:
# VPN
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
Use the following iptables rules (adjust the interface if yours isn’t eth0, and make sure to enter your VPN host IP where indicated):
$ iptables -t nat -A POSTROUTING -o eth0 ! -p esp \
-j SNAT --to-source <your VPN host IP>
Speaking of iptables, if you have a restrictive firewall for incoming traffic, don’t forget to allow IPsec communications. Three rules are required:
$ iptables -A INPUT -p udp --dport 500 --j ACCEPT
$ iptables -A INPUT -p udp --dport 4500 --j ACCEPT
$ iptables -A INPUT -p esp -j ACCEPT
- line 1: for ISAKMP (handling of security associations)
- line 2: for NAT-T (handling of IPsec between natted devices)
- line 3: for ESP payload (the encrypted data packets)
That’s it! Restart strongSwan and your VPN server is ready.
$ service ipsec restart
Client configuration
Of course you cannot do anything with until you’ve configured your clients. Instead of boring you with dull screenshots, here are the essential strongSwan Wiki articles describing how to configure IPsec clients for popular systems. Of course you can also Google for other howtos since the client configuration is mostly independent from the server software.
Windows 7 with IKEv2 + RSA certificate
- Installing the certificate (client + CA)
- Configuring the built-in client
- Starting the VPN connection
Great documentation
About line 5 ipsec.conf: The link doesn’t seem right. Probably this is better: http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
Thanks Harri. Line 5 refers to the “charondebug” option, doesn’t it? I thought the link in the article would be appropriate, since it explains in more detail how to tweak debug output.
PS: The link “full list of configuration options” should be replaced, not the link pointing to the logger options. Sorry for the confusion.
No problem. 😉 The links refers to the documentation of strongswan.conf. I’ll edit the text to better clarify this. Thanks!
Question about the first iptables line: If I got this correctly, then outgoing traffic except for protocol esp is natted to the external IP address. Why is esp ignored here?
Good question. From my understanding, we should only create a Source NAT for non-ESP traffic that’s leaving the server. It’s not needed to masquerade IPsec-encapsulated packets which are send between the two ends of the tunnel. For example, on the server, once IPsec packets are deencapsulated, they will go through iptables anyway (and get mangled accordingly).
Anybody succeeded to setup a client on Linux (using the Network Manager GUI)?
Hi Harry, I am not so much a GUI person, but I tried once using Strongswan with the Ubuntu Network Manager and it worked OK. I remember I had to do some tweaking to the configuration, but as a starting point (if you are using Ubuntu or Debian), you could try it with:
apt-get install network-manager-strongswan
More information over at the strongswan Wiki:
http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
Thanks for the excellent guide. This works in running an IPsec/IKEv2 vpn connection from a blackberry z10 to my home debian server using the built in blackberry client.
Excellent!But what should I do when my vps has only ipv6 address.
And I do not understand the cert is which one while I choose the way “IKEV2 + EAP” on windows8.1 . Thank you.
Hi Shandy, I haven’t tested it with IPv6 yet, but for IKEv2, you could check out the following example provided by the strongSwan folks: http://www.strongswan.org/uml/testresults/ipv6/rw-ikev2/
Specifically, check out the server configuration (http://www.strongswan.org/uml/testresults/ipv6/rw-ikev2/moon.ipsec.conf) and the setting for leftsubnet.
Hi Alexander,
Thanks for your tutorial, it’s very nice. However is it possible to config and setup a StrongSwan based L2tp VPN without any certificates and to only use username and password, and use, for example, freeradius to manage the users?
I’ve tried Google the above request however I can’t get some tutorials that I can use. Currently Openswan in Debian is almost like “dead”.
Hi Mack, unfortunately I don’t have experience with Radius, nor with setting up L2TP using Strongswan. Any reason you require L2TP over IPsec in Tunnel Mode with IKEv1 or IKEv2? This tutorial already includes the option to connect to authenticate to the VPN with the EAP-MSCHAPv2 protocol (i.e. without certificate).
Thank you Alaxander.
The reason is to provide multi-platform friendly support. My friends and family members they know quite few about VPN so that the easier the better. However a combination usage of Android, iOS, Mac and PC that only built-in vpn client is satisfied enough. Though MSCHAP is ok in Win based OS however in scenario of iOS and Android, not that easy.
You’re right regarding MSCHAP. I was going to suggest to try adding an entry for authentication with XAuth alone, but it appears that wouldn’t work well with iOS:
https://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
“Authentication uses XAuth and certificates (authby=xauthrsasig). Authentication without certificates may fail due to an attempt on the iOS side to use aggressive mode.”
So yes, you may have to use a L2TP. If you try further, make sure to compile strongSwan with the nat-transport flag which is required if either server or any of your clients is behind a NAT (using L2TP).
Hi there, when doing
“Export client certificate as a PKCS#12 file”
openssl reports
“unable to load certificates” but all files exists.
did i do something wrong or did you implent a small error i have to find?
Hi, I am fairly certain that there shouldn’t be a mistake in regard to exporting the client certificates. Did you make sure to run the comment from the right path (cd /etc/ipsec.d/)?
This output is my ipsec status:
___________________________
Security Associations (1 up, 0 connecting):
moon-sun[1]: ESTABLISHED 6 minutes ago, 10.2.11.177[C=ir, ST=teh, L=teh, O=teh, CN=moon.test.com]…10.2.11.186[C=ir, ST=esf, L=esf, O=esf, CN=sun.test.com]
moon-sun{1}: INSTALLED, TUNNEL, ESP SPIs: c83fe250_i c1b06439_o
moon-sun{1}: 10.2.11.177/32 === 10.2.11.186/32
___________________________
moon and sun are in same subnet and wirshark shows ESP packets which are transmit over this tunnel between moon and sun, but I have not connection,
any idea? thanks
Hi Ali, it seems you are using a completely different setup than the one posted in this howto? Your traffic selector is 10.2.11.177/32; if you want all IP traffic to be tunneled via 10.2.11.177, you should define leftsubnet=0.0.0.0/0.
I don’t know what you mean when you are saying completely different, but if you would like to see my scenario and configurations on both of my servers, I can explain it to you,
I got confused !!
moon —— sun
10.2.11.77
Ali, the setup in this howto is meant to work as a “road warrior” configuration (dynamic clients connecting to the server and tunneling all Internet traffic through that server).
From your output it appears that you have a completely different scenario, namely a server-to-server or server-to-gateway setup. This is not part of this howto.
moon —— sun
10.2.11.77 10.2.11.186
both of server have certificate form another server,(they are rhel 6.4)
ok Alexander, I will welcome you if you either guide me or introduce any site which has correct solution, there are many sites but I cannot believe in their solutions :(((
When writing the first iptables command
“iptables -t nat -A POSTROUTING -o eth1 ! -p esp -j SNAT –to-source ” (eth1 is the correct interface in my case, my IP address is a IPv6 address unfortunately, and i didn’t do the permanent changes to /etc/sysctl.conf yet, but the 3 echo commands instead – i don’t know if any of this makes a difference),
i get the following error:
“iptables v1.4.4 need tcp udp sctp or dccp with port specification”
Could you please tell me if i did something wrong, or what else to try?
Thanks in advance
Thanks a lot for this splendid article!
I’ve forked OpenVPN’s easy-rsa (v3) and added IPsec support into it
https://github.com/ValdikSS/easy-rsa-ipsec
It’s a lot easier to maintain PKI now.
Hi, Alex,
I followed your step by step guide.
Finally I connected to VPN. But there is one problem. I can access google, youtube.
But I can’t access twitter, facebook and many other sites.
Do you have any suggestions?
Hi Crandall,
My guess is it’s related to IP fragmentation. Check out this post and tell me if it (the iptables rule stated there) solves the issues for you:
https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/
Cheers,
Alex
Hi, Alex,
Yes, It’s the IP fragmentation you pointed out.
Thank you for your help.
There is no problem now.
Your site is very useful, I bookmarked for future reference..
Thank you !
Best Regards
Cindi
Hi Cindy,
Great to hear!
Best,
Alex
Hi Alex,
thank you very much for this article. Good tutorials on this topic are rare.
Thanks to you the VPN is working fine now on my iOS devices (except some disconnection issues) but I can’t get it to work with OS X at all.
Can you tell me what’s wrong?
Cheers,
Luca
I meant to add these links.
http://imgur.com/NsTOFWS
http://imgur.com/9hAvYWs
Hi Luca,
I don’t have much experience setting up a VPN on a Mac, but I do remember when I did it for a friend once, it took me some time to properly add the certificates. Did you install the client certificate, client keyfile and CA certificate via Utilities->Keychain Access in the System Keychain? Also, I remember I had to mark both imported certificates as trusted for all users (basically “Always trust” in all settings). For the keyfile make sure to allow all applications to access it (or at least add /usr/sbin/racoon to the list of allowed apps). Then, when you create a “Cisco VPN”, you should be able to select the appropriate certificate, and also supply it with the XAUTH password. That was basically the main hurdle I recall.
Thanks for the fast reply.
It was the keyfile. I set the permissions to “Allow all applications to access this item” and it worked!
Thank you so much for the article and your help!
Keep on with the good work.
Cheers,
Luca
Glad to hear that I could help.
Best,
Alex
Hi, Alex!
I tried to install Amazon based VPN using Your How-To but to no avail
Honestly saying, it’s a half of true
Well, I generated all cerificates with one difference only: I din’t use anything like DynDNS, so I use CN=ServerPublicIP, where ServerPublicIP is Public IP of my Amazon instance, something about 54.xxx.xxx.xxx
And I use this ipsec.conf:
conn Road
left=%any
leftauth=pubkey
leftcert=serverCert.pem
leftid=”C=US,O=Acme,CN=ServerPublicIP”
leftsubnet=0.0.0.0/0
right=%any
rightsourceip=192.168.2.100/28
rightauth=pubkey
rightcert=My_BB.pem
#rightsendcert=never
rekey=no
auto=add
Then I tried Windows machines (without comment of rightsendcert line) – works like a charm for Win7 & Win8.1 both, but when I tried Blackberry 10 device (with rightsendcert commented), it doesn’t work at all and log is:
charon: 08[IKE] ClientPublicIP is initiating an IKE_SA
charon: 08[IKE] local host is behind NAT, sending keep alives
charon: 08[IKE] remote host is behind NAT
charon: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
charon: 08[NET] sending packet: from ServerPrivateIP[500] to ClientPublicIP[500] (308 bytes)
charon: 16[IKE] sending keep alive to ClientPublicIP[500]
charon: 01[JOB] deleting half open IKE_SA after timeout
So, as I can understand, Blackberry 10 device totally refuses send certicates to server which one is weird, because all certificates are OK (exactly the same ones working for Windows). At other side, nothing is bad with Blackberry device, because I can establish VPN using PSK auth with the same server. I couldn’t find any info about VPN details for Blackberry, so Your advise is very important for me.
Thanks in advance
Hi Mr Yuri! I’m having same problem with iOS 9:
14[IKE] authentication with RSA signature successful
14[ENC] generating IKE_AUTH response 1
14[NET] sending packet: from …[4500] to …[45]]
06[NET] sending packet: from …[4500] to …[4500]
15[JOB] deleting half open IKE_SA after timeout
15[IKE] IKE_SA IPSec-IKEv2-EAP[1] state change:
CONNECTING => DESTROYING
Tried rightsendcert=false (http://serverfault.com/a/576156)
Tried fragmentation=yes (https://wiki.strongswan.org/issues/775)
But it manifests for both Hostname config and IP certificate config.
So at least that issue probably isn’t related to DNS hostname vs IP.
Hey awesome guide Alex !
When I restart IPSec I get this
Starting strongSwan 5.2.0 IPsec [starter]…
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
. ok
is this supposed to be like this ?
Hi Omer,
Not really. 😉 Does it yet work though? By any chance, are you running strongSwan from a OpenVZ VPS or something similar? It seems you are missing access to the necessary IPsec kernel modules. If you are on a OpenVZ VPS, your hoster needs to enable them. See here for more: http://openvz.org/IPsec
You can enable IPsec support in OpenVZ, but the routing is broken. This is OpenVZ kernel issue. You would be able to ping internal IPs and interfaces, but if you want to do routing or NAT, you won’t get any packets.
You can use strongSwan’s userspace IPsec implementation, just compile strongSwan with –enable-kernel-libipsec
Hello.
I have Strongswan running on a Debian 3.2.0-4.
Server setup:
eth0 with a local IP (192.168.1.12) and router gateway 192.168.1.1 (different Internet from eth1)
eth1 is connected directly to the outside (not the .1.1 router) with a static public ip (for example, 63.12.1.34 – different Internet from eth0).
I have this conn:
auto=start
type=tunnel
left=63.12.1.34
leftsubnet=192.168.1.12/32
leftnexthop=%defaultroute
right=4.8.12.13
rightsubnet=172.2.2.0/27
rightnexthop=%defaultroute
The connection establishes, I can ssh to the right site, but after a few seconds ssh session keeps freezing. Any idea what the problem could be?
I want to thank you for making this guide available. It is very straight forward and gives first time installers confidence required to try new soltutions. I would like to see us creating some sort of “go-to” forum for StrongSwan; I think it would be fun and very helpful. Thank you.
Hi Alexander,
Looks like a formidable tutorial. And so many people used it succesfuly, but for some reason I am stuck already by the first step,
“Add wheezy-backports to your APT repository”, does not work.
Could it be that the repository has been moved to another location?
Or any idea what i am doing wrong?
kind regards, Bert
Hi Bert,
What is the exact error? wheezy-backports is still current, so it should work. You could also try adding the repo directly to your /etc/apt/sources.list file. You find more detailed information over here: https://wiki.debian.org/Backports (under Using the command line).
Best,
Alex
Hi Alexander,
Thanks for coming back to my question. I did add the line
deb http://ftp.debian.org/debian wheezy-backports main
to the sources.list file and did the apt-get update with this result at the end:
Genegeerd http://mirrordirector.raspbian.org wheezy/rpi Translation-en
836 B opgehaald in 18s (45 B/s)
W: GPG-fout: http://ftp.debian.org wheezy-backports Release: De volgende ondertekeningen konden niet geverifieerd worden omdat de publieke sleutel niet beschikbaar is: NO_PUBKEY 8B48AD6246925553
W: Ophalen van http://ftp.debian.org/debian/dists/wheezy-backports/./binary-armhf/Packages is mislukt 404 Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.
root@raspberrypi:~#
And when i dispite the error try to install acording to the next step in the tutorial i receive the following message:
WAARSCHUWING: De volgende pakketten kunnen niet geauthentificeerd worden:
strongswan-ike strongswan-starter libstrongswan strongswan-libcharon strongswan-charon
libcharon-extra-plugins libstrongswan-standard-plugins strongswan
Wilt u deze pakketten installeren zonder verificatie [j/N]? j
At the end i receive the next message:
[….] Restarting strongswan IPsec services: ipsecStopping strongSwan IPsec…
Illegal instruction
failed!
Btw, it installs strongswan vesion 5.2.1-4 so that is the version from the normal repository.
root@raspberrypi:~# ipsec version
Linux strongSwan U5.2.1/K3.12.35+
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See ‘ipsec –copyright’ for copyright information.
root@raspberrypi:~#
This is the content of my sources.list:
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
# Uncomment line below then ‘apt-get update’ to enable ‘apt-get source’
#deb-src http://mirror.ox.ac.uk/sites/archive.raspbian.org/archive/raspbian/ wheezy main contrib non-free rpi
deb http://ftp.debian.org/debian wheezy-backports main
Hope you can help me with this.
Regards, Bert
Bert, I am not familiar with the Raspberry Pi, but it seems you’re using an outdated keyring? Try to see:
# apt-cache policy debian-archive-keyring
# apt-key list
and finally do:
# apt-get install debian-archive-keyring
# apt-key update
Then, this error: “http://ftp.debian.org/debian/dists/wheezy-backports/./binary-armhf/Packages is mislukt 404 Not Found” seems to indicate that you haven’t entered the repo correctly in your sources list file. Make sure in the line
deb http://ftp.debian.org/debian wheezy-backports main
between wheezy-backports and main there is indeed a space character (nor some other invisible character).
If there is still a problem, could you post your /etc/apt/sources.list file here and, if there is anything in it, also the contents of the /etc/apt/source.list.d directory?
Hi Alexander,
I am running an IPSec VPN server on my Synology NAS, but for security reasons i prefer the VPN endpont to be on a different hardware platform as my NAS. That is the reason i like the RPi solution.
Bert
Hi Alexander and other readers,
I found on an other forum, that there is a problem with the latest raspbian images and the StrongSwan package.
So i tried older versions of debian and the corresponding strongswan package and that worked!
But i do not like the idea of having a year old version, so t jumped over to softether vpn, which worked immediately and seems also to have a very nice mgt package.
I would like to thank you for your help so far.
Kind regards, Bert
Hello both,
i just faced the same issue on my RPi. After I firstly installed the missing gpg key, I secondly installed strongswan from wheezy-backports without any errors.
Now I’m “running” ipsec version:
Linux strongSwan U5.2.1/K3.12.35+
However, when I want to start the ipsec service, I get the Error “Illegal instruction”.
Do I need to update other packages? Any advice would be welcome.
BR
Conrad
Hi Conrad, “Illegal instruction” (SIGILL) doesn’t sound good… it’s most likely related to the package, how it was compiled, and how it is compatible (or not) with your R Pi. Looks like Bert was successful with an older version of Strongswan. You could try installing it from another repository (instead of backports).
Did you try using the official Raspbian repo? It does contain Strongswan 5.2.1, same like Backports at the moment. No idea if it works properly, but you could give it a try. To do that, first remove /etc/apt/sources.list.d/wheezy-backports.list again (unless you know how to do package pinning). Then make sure you have the raspbian repo installed. In /etc/apt/sources.list add:
deb http://archive.raspbian.org/raspbian wheezy main contrib non-free
deb-src http://archive.raspbian.org/raspbian wheezy main contrib non-free
And make sure you have the public sign key installed as well:
wget http://archive.raspbian.org/raspbian.public.key -O – | sudo apt-key add –
Then follow the instruction in this tutorial, starting with:
apt-get install strongswan libcharon-extra-plugins
Hi Alexander,
thank you very much for your instant reply. I was able to add the raspbian testing environment and install the packages with:
apt-get -t testing install strongswan libcharon-extra-plugins
Now strongswan 5.2.1 works like a charm on my little pi!
I also wanted to say that I really love this howto.
With your help, I was able to set up a RPi as a VPN machine that is now supporting all my clients [Windows 8.1, Windows Phone 8 (via EAP-TLS) & IOS 8].
May I take the liberty to suggest to more tiny things:
1. I used the option ‘–digest sha256’ in order to sign the certificates not with SHA1
2. I added ‘–flag clientAuth’ to the client certs (e.g. needed for Windows Phone)
Thank you for your help and this great tutorial!
BR
Conrad
Thanks for your post, this is the most great guide style tutorial to help the new strongswan incomer!
Hi Alexander,
Thanks for the great article, it’s very understandable. At the point where I want to generate a p12 file from my certificates I get the following error:
root@machine:/etc/ipsec.d# openssl pkcs12 -export -inkey private/jelle-laptop-1.pem -in certs/jelle-laptop-1.pem -name "Test" -certfile cacerts/strongswanCert.pem -caname "Test" -out jelle.p12
unable to load certificates
I am running Ubuntu 14.04, but managed to install the required packages from the repository. I also noticed my private pem files are text files, while my /etc/ipsec.d/certs files are binary files. Do you know if this is correct?
Hi Jelly,
It seems like your certificates are in the binary DER form. In the tutorial I assumed that everything is stored in Base64-encoded DER to make the files more portable.
For example, if you go back to the “Create your VPN host certificate” section, check where it says –outform pem > certs/vpnHostCert.pem. The outform parameter specifies the encoded form of the certificate, and it’s DER by default. So if you forget that part, you will end up with the binaries you’re seeing.
There is an easy way to convert the certificates into base64-encoded PEMs, with something like:
openssl x509 -inform der -in certificate.crt -out certificate.pem
Hello and thanks for the tutorial. I was able to setup strongswan and the certs on my Raspberry Pi, but I have a question:
How can I set my iOS device to use IKEv2 along with VPN On Demand?
hello Alexander. Thanks for this tutorial. I am having one small issue;
Starting strongSwan 5.2.2 IPsec [starter]...
/opt/etc/ipsec.conf:34: missing value for setting 'conn'
invalid config file '/opt/etc/ipsec.conf'
unable to start strongSwan -- fatal errors in config
ipsec.conf:34 is directly related to conn %default
unfortunately, i’m a strongswan noob, so i don’t know how parameter requirements might have changed from version to version and this is my first IPSec server. Thanks in advance for any insight
Hello Adrian, could you post your ipsec.conf here or at least the relevant section?
Hey Alex,
this morning i repasted your configuration and it ipsec start worked, so i’m not sure what happened there. a small tidbit of information that might be helpful; Windows Phone 8.1 won’t recognize client certs without the ‘clientAuth’ flag. so people should know to remember that before exporting to .p12
Now, I’m currently fighting a WinPhone8.1 error code: 13801 but i’ll post back when i get that resolved, unless somebody (hopefully) beats me to the punch.
Adrian, thanks for sharing the info regarding Win Phone 8.1. I’ll update the howto soon.
Microsoft has some info regarding error code 13801…
Error 13801 occurs on the client when:
Did you make sure that the VPN Server Name as given on client certificate matches with the subjectName of the server certificate?
Hello. I wanted to know if it’s possible to set up PFS for IKEv1?
Hi,
If your IKEv1 client spports PFS, it should be enaled with this configuration out of the box. Previously, strongSwan had a “pfs” option; this has been removed and instead IKEv1 and IKEv2 now use the same syntax for enabling PFS, namely listing a Diffie-Hellman group in the ESP proposal (as shown in the example).
Hello and thanks for this awesome tutorial.
I’ve set up my Raspberry Pi based on your instructions on this page, but with a few differences, being that I’ve enable line 4 of the ipsec.conf file to be able to use one cert on multiple devices. It all works when I connect my iPhone to the strongSwan Service, except that when it does connect, it gives me this:
——————-
tail -f /var/log/auth.log
Apr 23 02:12:55 retro charon: 08[IKE] cli.ent.ip is initiating a Main Mode IKE_SA
——————-
sudo ipsec status
Security Associations (1 up, 0 connecting):
CiscoIPSec[96]: ESTABLISHED 94 seconds ago, rasp.be.rry.ip[C=CH, O=strongSwan, CN=ser.ver.ip]…cli.ent.ip[C=CH, O=strongSwan, CN=Client Key]
CiscoIPSec{59}: INSTALLED, TUNNEL, ESP in UDP SPIs: cc162c33_i 05debb64_o
CiscoIPSec{59}: 0.0.0.0/0 === 10.0.0.1/32
——————-
I’m a novice when it comes to troubleshooting info like the above, but it seems to me that my iPhone isn’t using IKEv2 (IPSec-IKEv2) and is instead using IKEv1 (CiscoIPSec). Is my assumption correct? How can I get my iPhone to use IPSec-IKEv2 instead?
That is correct. Although IKEv2 support was added in iOS 8, the iOS VPN GUI has not yet been updated to allow for IKEv2 connections. If you require IKEv2, you’d need to create a custom configuration profile (using the Apple Configurator, for example). You find more info here:
https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile
Is there a way to set IKEv2 without Apple Configurator? I don’t have a Mac to work on, only Windows.
Can I edit the config file with a text editor on windows, and possibly make the changes there to enable IKEv2?
Hi,
Not in iOS 8.x. But from what I’ve seen, iOS 9.0 will have an updated VPN gui with the option to configure IKEv2 directly on the device.
Alex
I’ve set up strongSwan along with Plex Media Server on my Raspberry Pi 2 with the intention of accessing it over the VPN when I’m away from home. The VPN works, except that when I try to connect to Plex by using the local IP address, I get a log in screen. If I am home however, I can see my server with it’s contents. Can you help with that?
Hello and thanks for the responses to my other questions. I’ve got another question for you. I’ve installed Pi-Hole for ad-blocking purposes (http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) and wanted to know if it’s possible to set the RPi’s IP address within the strongSwan setup as a DNS address, so that I can get the VPN to block ads while it’s in use? I would be very grateful for your help in this.
Hello. Can you tell me which Diffie Hellman Group number corresponds with the PFS setup in /etc/ipsec.conf?
I’m trying to setup an IKEv2 profile for iOS 8/9 but I’m running into some issues.
What is a Remote Identifier?
What is a Local Identifier?
Hello. I’ve followed your tutorial and at this moment, it works well with iOS devices (IKEv1). However, I’m having difficulty setting up IKEv2 via Apple Configurator, and seeing that the support pages on the strongSwan site are difficult for me to grasp, I’m hoping that you can help.
With Apple Configurator, what would I put for Local Identifier and Remote Identifier? And with regards to other parameters in the Configurator (Dead Peer Detection Rate, IKE/Child SA Params [Encryption Algorithm, Integrity Algorithm, Diffie Hellman Group #, and Lifetime in Minutes], and would be best to use?
Hello. Is it possible that the script you have for generating RSA keys could be re-written for ECDSA keys? And if so, could you post an example?
Not that I have an issue with RSA keys, but it’s that I’ve read that ECDSA provides the same/possibly greater key strength as RSA keys, with the benefit of a smaller key size, and that strongSwan supports the use of ECDSA.
Tried all your instructions to the T but was always getting error with Windows Phone 8.1 Client.
Finally figured:
CA certificate needs a serverAuth flag.
ipsec pki –self –ca –lifetime 3650 \
–in private/strongswanKey.pem –type rsa \
–dn “C=CH, O=strongSwan, CN=strongSwan Root CA” \
–flag serverAuth –outform pem \
> cacerts/strongswanCert.pem
Hope it helps someone.
Hello,
I am trying to generate certificate using
ipsec pki –gen –type rsa –size 4096 \
–outform pem \
> private/strongswanKey.pem
once i enter this command process is running forever it is not getting exit.
when kill it using ctrl + c strongswankey.pem doesn’t have any data.
Can anyone help me ?
Hi Alex,
Thank you for well written tutorial. It helped me a lot.
One thing however – maybe it is something obvious – but anway:
I had to make sure that my host certificate and private key had the same filename, otherwise I got error about loading private key.
My bad habit of naming files my.vpn.server-cert.pem and my.vpn.server-key.pem and my lack of attention to tiny line saying it couldn’t load the private key took me few hours to figure out why I was getting IKE error about authentication failed.
Thanks again for really useful article.
Marian
It took me long to to figure out.
For windows Phone 8.1 as client (possibly all windows Phone). CA Certificate must have –flag serverAuth or it won’t work.
Just FYI for others who want Windows phone clients to work.
Hi,
Thank you for this tutorial
I used below tutorial and every things was fine
https://www.vultr.com/docs/using-strongswan-for-ipsec-vpn-on-centos-7
But i need run it on Ubuntu, but with your tutorial i always getting EAP authentication error
Is there any way to debug it? to see exactly what’s going on?
Thank you,
John