Linux

How to Set Up a VPN on Ubuntu with StrongSwan

Photo of Liam Olivia Liam OliviaOctober 15, 2024
0 22 3 minutes read
How to Set Up a VPN on Ubuntu with StrongSwan
How to Set Up a VPN on Ubuntu with StrongSwan

How to Set Up a VPN on Ubuntu with StrongSwan

In today’s digital world, security and privacy have become paramount. A Virtual Private Network (VPN) allows you to create a secure connection over the internet, encrypting your data and hiding your IP address. StrongSwan is a popular open-source software for implementing IPsec-based VPNs. This guide will walk you through the steps to set up a VPN on Ubuntu using StrongSwan, providing a secure environment for your online activities.

Prerequisites
Before we begin, ensure you have the following:

  • A server running Ubuntu 18.04 or later.
  • Root access to the server (or use sudo).
  • A basic understanding of Linux commands.
  • A client device (Linux, macOS, or Windows) to connect to the VPN.

Step 1: Update Your System

Start by updating your system to ensure you have the latest packages and security patches. Open your terminal and execute the following commands:

sudo apt update
sudo apt upgrade -y

Step 2: Install StrongSwan
To install StrongSwan, use the following command:

sudo apt install strongswan strongswan-pki -y

The strongswan-pki package includes utilities for generating and managing public key infrastructure (PKI) components.

Step 3: Configure StrongSwan
3.1 Basic Configuration
The main configuration file for StrongSwan is located at /etc/strongswan/strongswan.conf. You can edit this file using any text editor. Here’s a basic example:

sudo nano /etc/strongswan/strongswan.conf

Add the following lines to the configuration file:

config setup
charonstart = yes
plutostart = no

This configuration starts the charon daemon (which handles the IKE and IPsec) and disables the pluto daemon (which is deprecated).

3.2 IPsec Configuration
Next, edit the IPsec configuration file at /etc/strongswan/ipsec.conf:

sudo nano /etc/strongswan/ipsec.conf

Replace its contents with the following configuration:

config setup
uniqueids=no

conn %default
keyexchange=ikev2
ike=aes128-sha256-modp1024!
esp=aes128-sha256!

conn myvpn
right=%any
rightid=%any
rightsubnet=0.0.0.0/0
left=%defaultroute
leftid=@your-server-domain-or-ip
leftcert=serverCert.pem
leftsendcert=always
auto=add

Make sure to replace @your-server-domain-or-ip with your server’s domain name or IP address.

3.3 Authentication Configuration
Now, configure the authentication method by editing /etc/strongswan/ipsec.secrets:

sudo nano /etc/strongswan/ipsec.secrets

Add the following line to set up your authentication credentials:

@your-server-domain-or-ip : EAP “your-password”

You can replace your-password with a secure password. For better security, consider using a username and password instead.

3.4 Certificate Creation
To use certificates for authentication, you need to create a root CA, server certificate, and key. Use the following commands:

ipsec pki –gen –outform pem > caKey.pem
ipsec pki –self –ca –lifetime 2y –in caKey.pem –dn “CN=Your CA” –outform pem > caCert.pem
ipsec pki –gen –outform pem > serverKey.pem
ipsec pki –pub –in serverKey.pem –outform pem | ipsec pki –issue –lifetime 1y –cacert caCert.pem –cakey caKey.pem –dn “CN=your-server-domain-or-ip” –outform pem > serverCert.pem

Move the generated certificates and keys to the appropriate StrongSwan directories:

sudo cp caCert.pem /etc/ipsec.d/cacerts/
sudo cp serverCert.pem /etc/ipsec.d/certs/
sudo cp serverKey.pem /etc/ipsec.d/private/

Step 4: Enable IP Forwarding
To allow your VPN clients to access the internet, enable IP forwarding by editing the /etc/sysctl.conf file:

sudo nano /etc/sysctl.conf

Uncomment the following line:

net.ipv4.ip_forward=1

Apply the changes with:

sudo sysctl -p

Step 5: Configure UFW Firewall
If you are using UFW as your firewall, allow the necessary ports for VPN traffic:

sudo ufw allow OpenSSH
sudo ufw allow 500,4500/udp
sudo ufw enable

Step 6: Start StrongSwan
Now that you have configured everything, you can start the StrongSwan service:

sudo systemctl restart strongswan

You can also check the status of StrongSwan to ensure it’s running properly:

sudo systemctl status strongswan

Step 7: Connect to the VPN
To connect to your VPN from a client device, you will need to set up a VPN connection using the server’s domain name or IP address and the credentials you configured earlier.

7.1 On Linux
For Linux clients, you can use the NetworkManager or command-line tools like strongswan. If you are using strongswan, you need to edit the /etc/ipsec.conf and /etc/ipsec.secrets files similarly to how you did on the server.

7.2 On Windows
You can use the built-in VPN client in Windows to set up a connection. Navigate to “Settings” > “Network & Internet” > “VPN,” and add a new VPN connection. Fill in the required fields using your server’s details.

7.3 On macOS
For macOS, go to “System Preferences” > “Network,” click the “+” icon to add a new service, and select “VPN” from the interface dropdown.

StrongSwan Documentation

We appreciate your visit to our page! If you’re interested in exploring more articles about Linux systems and StrongSwan, feel free to check out the links below.

How to Use Kibana for Log Analysis and Visualization

 

Post Views: 72
Photo of Liam Olivia Liam OliviaOctober 15, 2024
0 22 3 minutes read
Photo of Liam Olivia

Liam Olivia

Related Articles

How to Install and Use Picard on Linux

How to Install and Use vdirsyncer on Linux

September 23, 2024
How to Install Transmission on Ubuntu 20.04 - 22.04

How to Install dnsmasq on Ubuntu Server

September 26, 2024
How to Install Jellyfin Media Server on Ubuntu 22.04

How to Install and Use radare2 on Linux

September 23, 2024
How to Install and Use SquirrelMail on Linux

How to Install and Use SquirrelMail on Linux

November 6, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button