Skip to content

Instantly share code, notes, and snippets.

@mshafiee

mshafiee/ipsec.server.to.site

Last active August 3, 2023 16:39
Show Gist options
  • Save mshafiee/c9626dca17aa4788fdf878511c224cba to your computer and use it in GitHub Desktop.
Save mshafiee/c9626dca17aa4788fdf878511c224cba to your computer and use it in GitHub Desktop.
Download ZIP
Setup a Server to Site IPSec VPN with strongSwan on Ubuntu
Raw
ipsec.server.to.site
sudo apt update && sudo apt upgrade -y
sudo apt install strongswan -y
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
sudo sysctl -p /etc/sysctl.conf
openssl rand -base64 64
sudo vi /etc/ipsec.secrets
AA.AA.AA.AA BB.BB.BB.BB : PSK “a8mL4sNfbv6bEyZrAVED9FXU6o3JxnVmhNPlskmQM44IAkCasp5Kpq3vG+Zh+Is4”
sudo vi /etc/ipsec.conf
config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
conn monitoring-to-subnet1
authby=secret
left=%defaultroute
leftid=AA.AA.AA.AA
right=BB.BB.BB.BB
rightsubnet=172.16.10.0/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
sudo ufw allow 500,4500/udp
sudo ipsec restart
sudo ipsec status
sudo vi /etc/ufw/before.rules
# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-F
# Forward traffic from 77.238.120.45
-A POSTROUTING -s AA.AA.AA.AA/32 -d 172.16.10.0/24 -j MASQUERADE
COMMIT
sudo ufw disable && sudo ufw enable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment