Instructions for Android:
1) Download StrongSwan VPN client from Play Store.
2) Send the root certificate (ca.cert.pem) to your device and it is available for download at http://{your ip}:65000/{your id}/strongswan/ (link from the original email).
3) Click on the certificate file and StrongSwan will prompt you to import it, if not, open the application. Click the More icon (. . . .) in the upper right corner and select CA certificates, again click the More icon (. . .) in the upper right corner and select Import Certificate.
4) Navigate to the CA certificate file in the downloads folder and select it to import it into the application.
Now that the certificate has been imported into the StrongSwan app, you can configure the VPN connection by following the steps below:
6) In the app, click the ADD VPN PROFILE button at the top.
7) Fill Server with the domain name or public IP address of your VPN server.
8) Make sure IKEv2 EAP (username/password) is selected as the VPN type.
9) Fill in the Username and Password with the credentials set on the server (these are available at the original link /strongswan/data.txt).
10) Save and connect.
Instructions for IOS:
1) Send yourself the root certificate (ca.cert.pem) on your device, it is available for download at http://{your ip}:65000/{your id}/strongswan/ (link from the original email).
2) In iOS, click on the certificate file, then click Install and enter the password. Once installed, tap Done.
3) Go to Settings, General, VPN and click Add VPN Configuration. The VPN connection configuration window will open.
4) Click on Type and select IKEv2.
5) In the Description field, enter a short name for the VPN connection. This can be any name.
6) In the Server and Remote ID field, enter the IP address of the server. The Local ID field can be left blank.
7) Enter a username and password (these are available at the original /strongswan/data.txt link) in the Authentication section and click Finish.
8) Select the VPN connection you just created, click the switch at the top of the page, and you will be connected.
Instructions for Windows:
1) Press WINDOWS+R and type mmc.exe to launch the Management Console.
2) On the File menu, navigate to Add or Remove Snap-in, select Certificates from the list of available snap-ins, and click the Add button.
3) We want the VPN to work with any user, so select Computer Account and click Next.
4) We are configuring everything on the local computer, so select Local Computer and click Finish.
5) Open Console Root -> Certificates(local computer) -> Trusted Root Certification Authorities -> Certificates:
6) From the Actions menu, select All Tasks and click Import to open the Certificate Import Wizard. Click Next to proceed to the introductory section.
7) In the Certificate Import Wizard window, click Browse, make sure that the file type is changed from "X.509 Certificate (.cer;.crt)" to "All Files (.)", and select the saved file ca-cert.pem.
8) Make sure that Trusted Root Certification Authorities is selected for the Certificate Store option, and click Next.
Then configure the VPN by following the steps below:
9) Click windows and find the VPN settings
10) Add a VPN connection and enter the VPN server details. VPN service provider - Windows, Connection name - any, Server name or address - IP of your server, VPN type - IKEv2, Login data type - user and password, then enter the user name and password (they are available at the original link /strongswan/data.txt)
11) Save and connect
Instructions for macOS:
Follow the steps below to import the certificate:
1) Download the root click the certificate file. A dialog box will appear "Keychain Access is attempting to change the system keychain. Enter a password to allow this."
2) Enter the password and click the Modify Keychain button.
3) Double-click the VPN certificate you just imported. A small properties window will appear where you can specify trust levels. Set the IP Security (IPSec) setting to Always Trust, and you will be prompted to enter the password again. This setting is saved automatically after you enter the password.
Now that the certificate has been imported and is trusted, configure the VPN connection by following these steps:
1) Go to "System Preferences" and select "Network".
2) Click on the small "plus" button in the bottom left corner of the network list.
3) In the window that appears, set the Interface parameter to VPN, the VPN Type parameter to IKEv2, and set the connection name.
4) In the Server and Remote ID field, enter the domain name or IP address of the server. Leave the Local ID field blank.
5) Click the Authentication Settings button, select Username, and enter the username and password configured for the VPN user. Then click the OK button.
Instructions for Ubuntu:
To connect from an Ubuntu machine, you can configure and manage StrongSwan as a service or use a one-time command each time you connect. Instructions are provided for both options.
Managing StrongSwan as a service
To manage StrongSwan as a service, you need to perform the following configuration steps.
First, update the local package cache using the apt commandsudo apt update
Then install StrongSwan and the necessary plugins for authentication:sudo apt install strongswan libcharon-extra-plugins
Now you need to copy the CA certificate to the /etc/ipsec.d/cacerts directory so that the client can authenticate the server. Run the following command to copy the ca-cert.pem file in place:sudo cp /tmp/ca-cert.pem /etc/ipsec.d/cacerts
To ensure that the VPN starts only on demand, use systemctl to disable the automatic startup of StrongSwan:`sudo systemctl disable --now strongswan-starter
Next, configure the username and password that will be used to authenticate to the VPN server. Edit the /etc/ipsec.secrets file using nano or another editor:sudo nano /etc/ipsec.secrets
Add the following line, editing the highlighted username and password values to match the ones you configured on the server:/etc/ipsec.secretsyour_username : EAP "your_password"
Finally, edit the /etc/ipsec.conf file to configure the client to match the server configuration:/etc/ipsec.conf
configuration setting
conn ikev2-rwright=server_domain_or_IP# This must match the `leftid` value in your server configurationrightid=server_domain_or_IPrightsubnet=0.0.0.0.0/0rightauth=pubkeyleftsourceip=%configleftid=usernameleftauth=eap-mschapv2eap_identity=%identityauto=start
To connect to the VPN, type:sudo systemctl start strongswan-starter
To disconnect again, type:sudo systemctl stop strongswan-starter
Using the charon-cmd client for one-time connections
To manage StrongSwan as a service, you need to perform the following configuration steps.
First, update the local package cache with aptsudo apt update
Then install StrongSwan and the necessary plugins for authentication:sudo apt install strongswan libcharon-extra-plugins
Now you need to copy the CA certificate to the /etc/ipsec.d/cacerts directory so that the client can authenticate the server. Run the following command to copy the ca-cert.pem file in place:sudo cp /tmp/ca-cert.pem /etc/ipsec.d/cacerts
You can now connect to the VPN server with charon-cmd using the CA server certificate, the VPN server IP address, and the username you configured.
Run the following command whenever you want to connect to the VPN:sudo charon-cmd --cert ca-cert.pem --host vpn_domain_or_IP --identity your_username
When prompted, enter the VPN user password and you will be connected to the VPN. To disconnect, press CTRL+C in the terminal and wait for the connection to close.