Comments on StrongSwan based IPsec VPN using certificates and pre shared key on Ubuntu 16.04

Thanks ,

It would be nice to describe how would you do routing over this tunnel if you need to.I know this is not possible with site-to-site ipsec , but you could setup a gre point-to-point tunnel inside the IPSec tunnel , and this way each side of the sites would have an IP address where you could route if need.

I'm courios if it can be done without the gre tunnel.

Ahmad,

This is amazing .. How do you figure all this stuff out?

Hi,

This article is very good, clear and helpful for newbies like me.

Thanks,

Zaid

What ports to open on the frewall?

Hey

It has been a very good effort that you have put up to facilitate others. I have a query regarding this setup. Whenever i pursue the same steps without X.509 certificate based tunnel and using pre shared key, my tunnel establishes and when i add certificates following exactly same steps and configurations, tunnel does not get established . Can anyone point me where i am lacking ?

Any word in this regard will be of worth.

Regards

Best article. It worked perfectly. I would like to know how to implement the same on Client-to-Server VPN. Client being the Windows machine and Server(Ubuntu)

I have the same problem as rehab. Did someone noticed something more to make it works with certificates ?

Thanks.

I find the solution for my problem with certificates :

strongswanKey.pem and strongswanCert.pem should be the same one both for A and B !

My mistake was genereting them both on A and B : your "root" certificate should be the same on the 2 clients.

Concretly, just generate this 2 elements on A (for example) then put them in the same folder as A on your client B.

It worked fine for me after this.

Regards.

He didn't explain it at all, even though I suspected it when I did. I didn't follow my instincts, and indeed it didn't work.