I was wondering if anyone had a basic example for configuring road warrior with Linux CLI.
I managed to get the Strongswan android client connected but having a bit less luck with Linux.
Thought the output could be useful for the wiki.
I agree, however I cannot help unfortunately. I managed to get IPSec working on MacOS but I do not have a linux box.
If you manage to succeed, would you post here your configuration?
I managed to get charon-cmd working using the following command example:
sudo charon-cmd --host hostname --identity remoteid --cert cacert.pem --p12 example.p12
where the identity is specified in the ipfire connection configuration…e.g REMOTE ID: @remoteid.
Additionally, both cacert.pem and example.p12 are stored in the directory this command is run from.
Also, the below ipsec.conf works for running as system process. As above, local / remote ids are specified and cacert / p12 files are stored in the following locations:
/etc/ipsec.d/cacerts/cacert.pem
/etc/ipsec.d/private/example.p12
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
conn ikev2
auto=start
keyexchange=ikev2
left=%defaultroute
leftsourceip=%config
leftcert=cacert.pem
leftid=remoteid #e.g. REMOTE ID: @remoteid
leftfirewall=no
right=hostname # server hostname
rightsubnet=0.0.0.0/0
rightid=localid #e.g. LOCAL ID: @localid
rightauth=pubkey
#auto=add
1 Like