The setup environment is Ubuntu 18.04
The private network building is
sudo apt install strongswan
Cautious: Wildcard certificate is not supported. That’s designed for security reasons, so don’t bother trying.
This certificate is used to verify the server’s identity, so it must be trusted by the client.
If you are using your custom CA, make sure it is installed on all client properly.
sudo mv ./ca.crt /etc/ipsec.d/cacert/
If you are using certificates located in a custom directory, you may encounter permission error, as the following log indicates.
charon (9144) started after 40 ms
This may be caused by apparmor. Check the apparmor status
stroke is in enforce mode, you need to whitelist them.
apparmor module is loaded.
White list the process
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.charon
Symlink the certificate files to the
/etc/ipsec.d/ could have solved the problem as well, but some users have reported this method not not effective.
sudo nano /etc/sysctl.conf
Cautious: Start from strongSwan v5.6.1, some deprecated cipher were removed, which may cause
[IKE] no proposal found. Therefore to increase the compatibility of the VPN server, these ciphers need to be enabled manually using
conn. Although this is not recommended.
# ipsec.conf - strongSwan IPsec configuration file
# This file holds shared secrets or RSA private keys for authentication.
sudo systemctl restart strongswan
Apply the configuration and try to connect the server with the clients.