hi everyone i tried to setup a strongswan client on my ubuntu 16.04 laptop, i have searched google but i didn't find a clear answer, so i need your help i have followed this tutorial :
https://wiki.openwrt.org/doc/howto/vpn.ipsec.roadwarrior and installed a strongswan vpn server on openwrt router (DD r49975) android strongswan client also connected successfully, works fine but i want to setup vpn client for my ubuntu 16.04 laptop how to achieve this goal ? what's the files should i copy to ubuntu laptop? and where should i put them? how to configure /etc/ipsec.conf and /etc/strongswan.conf and /etc/ipsec.secrets ? or any files else should i modify/setup? and what is the command for connecting/disconnecting remote vpn server could anyone give a complete tutorial for setting up vpn client on ubuntu 16.04? (for vpn server that was cofigured totally the same way as this tutorial taught) this tutorial shows how to setup vpn client on BlackBerry/Windows 7/Android/ iPhones/iOS but doesn't contain how to setup vpn client on Linux I tried to use GUI of network-manager to setup vpn client but after opened dialog I cannot find a option that can let me specify the path to clientCert.p12 and username and password as i did on android client here is /etc/strongswan.conf on my openwrt router charon { threads = 16 dns1 = 10.2.2.1 dns2 = 8.8.8.8 port = 2805 port_nat_t = 7777 } pluto { } here is /etc/ipsec.conf on my openwrt router config setup conn %default keyexchange=ikev2 conn roadwarrior left=%any leftauth=pubkey leftcert=serverCert.pem leftid=192.168.0.11 leftsubnet=0.0.0.0/0 leftfirewall=yes right=%any rightsourceip=10.5.3.0/24 rightauth=pubkey rightcert=clientCert.pem rightauth2=eap-mschapv2 auto=add esp=aes-aes256-sha-modp1024,aes256-sha512-modp4096 ike=aes-aes256-sha-modp1024,aes256-sha512-modp4096 here is /etc/ipsec.secrets on my openwrt router # /etc/ipsec.secrets - strongSwan IPsec secrets file : RSA serverKey.pem tony : EAP "tonypassword" mary : EAP "marypassword" here is part of /etc/config/firewall i added for strongswan (i need custom port for fighting with china great firewall so i change 500 to 2805, and 4500 to 7777) config rule option src 'wan' option name 'IPSec ESP' option proto 'esp' option target 'ACCEPT' config rule option src 'wan' option name 'IPSec IKE' option dest_port '2805' option proto 'udp' option target 'ACCEPT' config rule option src 'wan' option name 'IPSec NAT-T' option proto 'udp' option dest_port '7777' option target 'ACCEPT' config rule option src 'wan' option name 'Auth Header' option proto 'ah' option target 'ACCEPT' config forwarding option dest 'lan' option src 'vpn' config forwarding option dest 'wan' option src 'vpn' here is another filewall config /etc/firewall.user iptables -I INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT iptables -I FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT iptables -I FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT iptables -I OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT and this is some detail information about my openwrt router WAN IP: 192.168.0.11 (get dhcp ip from upstream router, later in the future i will change to public IP) LAN IP: 10.2.2.1 LAN subnet : 10.2.2.0/24 the subnet i plan for vpn : 10.5.3.0/24 (i don't know should i offer a 10.2.2.x ip for remote vpn client, so i give them 10.5.3.x) now the strongswan server(on openwrt router) and strongswan client (on android) all works fine without problem , but how could i connect to strongswan server(on openwrt router) if I want to use my ubuntu 16.04 laptop as vpn client ??? should i use ubuntu's built-in network-manager GUI, or connect it with pure text command? how to connect to strongswan server on ubuntu 16.04? openwrt(server) <------------------ ubuntu(client) any suggestion will be appreciated and sorry for my poor english skill
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
