strongSwan 5: How to create your own private VPN

Update 04/20/2014: Adjusted to take into account the modular configuration layout introduced in strongSwan 5.1.2. Tweaked cipher settings to provide perfect forward secrecy if supported by the client.

This article is a step by step guide on how to prepare strongSwan 5 to run your own private VPN, allowing you to stop snoopers from spying on your online activities, to bypass geo-restrictions, and to circumvent overzealous firewalls.

strongSwan is a modern and complete IPsec implementation with full support for IKEv1 and IKEv2. It’s natively supported by most modern clients, including Linux, Windows 7, Apple iOS, Mac OSX, FreeBSD and BlackBerry OS.

If you wonder why I chose strongSwan over Openswan, check out this post from strongSwan maintainer Prof. Andreas Steffen (yes, it’s biased and dated, but I find it convincing nonetheless).

Throughout this post I assume that you’re using Debian Wheezy. If you don’t – don’t worry. It should be easy to follow the guide even if you favor another Linux distribution.


Debian Wheezy ships with strongSwan 4.5.2. I prefer strongSwan 5, the new mainline branch, which got rid of Pluto in favor of a single daemon, charon, to handle both IKEv1 and IKEv2. Instead of installing from source, let’s get a copy from wheezy-backports, which includes strongSwan 5.1.2 from Debian testing recompiled for Wheezy.

Add wheezy-backports to your APT repository

$ echo "deb wheezy-backports main" \
	> /etc/apt/sources.list.d/wheezy-backports.list
$ apt-get update

Install strongSwan

$ apt-get -t wheezy-backports install strongswan libcharon-extra-plugins

This installs the strongSwan package along with its dependencies (there are only a few). To determine that you’re running the right version, do:

$ ipsec version


Linux strongSwan U5.1.2/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.

Excellent – you’re now running strongSwan 5.1.2 on Linux kernel 3.2.0.

Certificate generation

Create your certification authority (CA)

The first step is to generate the X.509 certificates, including a certificate authority (CA), a server certificate, and at least one client certificate.

Let’s start by creating a self-signed root CA certificate.

$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 4096 \
	--outform pem \
	> private/strongswanKey.pem
$ chmod 600 private/strongswanKey.pem
$ ipsec pki --self --ca --lifetime 3650 \
	--in private/strongswanKey.pem --type rsa \
	--dn "C=CH, O=strongSwan, CN=strongSwan Root CA" \
	--outform pem \
	> cacerts/strongswanCert.pem

The result is a 4096 bit RSA private key strongswanKey.pem (line 4) and a self-signed CA certificate strongswanCert.pem (line 10) with a validity of 10 years (3650 days). The files are stored in PEM encoded format (I prefer working with PEM over binary DER, the strongSwan default).

You can change the Distinguished Name (DN) to more relevant values for country (C), organization (O), and common name (CN), but you don’t have to.

To list the properties of your newly generated certificate, type in the following command:

$ ipsec pki --print --in cacerts/strongswanCert.pem


cert:      X509
subject:  "C=CH, O=strongSwan, CN=strongSwan Root CA"
issuer:   "C=CH, O=strongSwan, CN=strongSwan Root CA"
validity:  not before Nov 22 11:55:41 2013, ok
           not after  Nov 20 11:55:41 2023, ok (expires in 3649 days)
serial:    65:39:93:df:a0:f8:40:03
flags:     CA CRLSign self-signed 
authkeyId: 45:30:11:da:a4:0e:0b:0a:a3:41:a5:81:41:ab:d8:04:7a:40:6c:c0
subjkeyId: 45:30:11:da:a4:0e:0b:0a:a3:41:a5:81:41:ab:d8:04:7a:40:6c:c0
pubkey:    RSA 4096 bits
keyid:     dc:15:91:95:04:07:a5:13:69:5f:77:65:26:d7:02:3f:60:ec:73:c8
subjkey:   45:30:11:da:a4:0e:0b:0a:a3:41:a5:81:41:ab:d8:04:7a:40:6c:c0

Create your VPN host certificate

$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 2048 \
	--outform pem \
	> private/vpnHostKey.pem
$ chmod 600 private/vpnHostKey.pem
$ ipsec pki --pub --in private/vpnHostKey.pem --type rsa | \
	ipsec pki --issue --lifetime 730 \
	--cacert cacerts/strongswanCert.pem \
	--cakey private/strongswanKey.pem \
	--dn "C=CH, O=strongSwan," \
	--san \
	--flag serverAuth --flag ikeIntermediate \
	--outform pem > certs/vpnHostCert.pem

The result is a 2048 bit RSA private key vpnHostKey.pem (line 4). In line 6 we extract its public key and pipe it over to issue vpnHostCert.pem (line 13), a host certificate signed by your CA. The certificate has a validity of two years (730 days). It identifies the VPN host by its Fully Qualified Domain Name (FQDN) (here:

Important: The domain name or IP address of your VPN server, which is later entered in the client’s connection properties, MUST be contained either in the subject Distinguished Name (here in CN, line 10) and/or in a subject Alternative Name (line11). I prefer to include it in both. Make sure both times to replace with your VPN’s hostname – or else the connection between client and server will fail!

Important: If you’re going to use the built-in VPN client of Windows 7, you MUST add the serverAuth extended key usage flag to your host certificate as shown above, or the client will refuse to connect.  In addition, OS X 10.7.3 or older requires the ikeIntermediate flag, which we also added here. Since the addition of these two flags probably won’t hurt anyone (as far as I know), you should make sure you keep them there.

Let’s take a look at the properties of our newly generated certificate.

$ ipsec pki --print --in certs/vpnHostCert.pem


cert:      X509
subject:  "C=CH, O=strongSwan,"
issuer:   "C=CH, O=strongSwan, CN=strongSwan Root CA"
validity:  not before Nov 22 21:16:51 2013, ok
           not after  Nov 22 21:16:51 2015, ok (expires in 729 days)
serial:    0c:05:d7:d5:57:0e:d9:48
flags:     serverAuth iKEIntermediate 
authkeyId: 9b:57:35:fb:cd:9e:2d:20:37:1d:61:4c:e7:c4:5b:5e:dc:64:ad:fc
subjkeyId: 5f:12:c2:06:ee:2b:1e:cc:5f:78:54:ff:f0:f3:7b:a0:2b:c0:b4:d6
pubkey:    RSA 2048 bits
keyid:     6f:a7:99:60:27:27:09:96:02:c1:b9:d9:7d:c1:b0:10:e3:e1:d5:45
subjkey:   5f:12:c2:06:ee:2b:1e:cc:5f:78:54:ff:f0:f3:7b:a0:2b:c0:b4:d6

Create a client certificate

Any client will require a personal certificate in order to use the VPN. The process is analogous to generating a host certificate, except that we identify a client certificate by the client’s e-mail address rather than a hostname.

$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 2048 \
	--outform pem \
	> private/AlexanderKey.pem
$ chmod 600 private/AlexanderKey.pem
$ ipsec pki --pub --in private/AlexanderKey.pem --type rsa | \
	ipsec pki --issue --lifetime 730 \
	--cacert cacerts/strongswanCert.pem \
	--cakey private/strongswanKey.pem \
	--dn "C=CH, O=strongSwan," \
	--san \
	--outform pem > certs/AlexanderCert.pem

The result is a 2048 bit RSA private key AlexanderKey.pem (line 4). In line 6 we extract its public key and pipe it over to issue AlexanderCert.pem (line 12), the first client certificate signed by your CA. The certificate has a validity of two years (730 days) and identifies the client by his e-mail address (here:

Export client certificate as a PKCS#12 file

A VPN client needs a client certificate, its private key, and the signing CA certificate. The most convenient way is to put everything in a single signed PKCS#12 file and export it with a paraphrase.

$ cd /etc/ipsec.d/
$ openssl pkcs12 -export -inkey private/AlexanderKey.pem \
	-in certs/AlexanderCert.pem -name "Alexander's VPN Certificate" \
	-certfile cacerts/strongswanCert.pem \
	-caname "strongSwan Root CA" \
	-out Alexander.p12

Now you can send Alexander.p12 and its export paraphrase to the person who’s going to install it onto the client. In some cases (iOS for example) you have to separately include the CA certificate cacerts/strongswanCert.pem.

Revoke a certificate (if necessary)

If a certificate is lost or stolen, it must be revoked so nobody can use it to connect to your VPN server. Assuming the certificate from the previous step got stolen, we revoke it with:

$ cd /etc/ipsec.d/
$ ipsec pki --signcrl --reason key-compromise \
	--cacert cacerts/strongswanCert.pem \
	--cakey private/strongswanKey.pem \
	--cert certs/AlexanderCert.pem \
	--outform pem > crls/crl.pem

This generates the new certificate revocation list (CRL) crls/crl.pem. When someone tries to authenticate with the stolen certificate, he’ll receive an authentication credentials error message, and your log file will contain something like:

charon: 13[CFG] certificate was revoked 
	on Nov 24 17:34:40 UTC 2013, reason: key compromise

To add another revoked certificate to the same list, we need to copy the existing list into a temporary file:

$ cd /etc/ipsec.d/
$ cp crls/crl.pem crl.pem.tmp
$ ipsec pki --signcrl --reason key-compromise \
	--cacert cacerts/strongswanCert.pem \
	--cakey private/strongswanKey.pem \
	--cert certs/AnotherStolenCert.pem \
	--lastcrl crl.pem.tmp \
	--outform pem > crls/crl.pem
$ rm crl.pem.tmp

Certificates – Recap

So far you’ve created the following files:

/etc/ipsec.d/private/strongswanKey.pem  # CA private key
/etc/ipsec.d/cacerts/strongswanCert.pem # CA certificate
/etc/ipsec.d/private/vpnHostKey.pem     # VPN host private key
/etc/ipsec.d/certs/vpnHostCert.pem      # VPN host certificate
/etc/ipsec.d/private/AlexanderKey.pem   # Client "Alexander" private key
/etc/ipsec.d/certs/AlexanderCert.pem    # Client "Alexander" certificate
/etc/ipsec.d/Alexander.p12              # Client "Alexander" PKCS#12 file

The private key /etc/ipsec.d/private/strongswanKey.pem of the CA should be moved somewhere safe, possibly to a special signing host without access to the Internet.  Theft of this master signing key would completely compromise your public key infrastructure.

Server configuration

Only three files are required for your strongSwan configuration:

  • /etc/strongswan.conf, which may point to a directory containing further configuration snippets
  • /etc/ipsec.conf
  • /etc/ipsec.secrets

Fortunately, the default strongSwan application configuration works just fine for us. For the purpose of this article there is nothing you need to do here. I invite you though to take a look at the strongSwan Wiki for a full list of configuration options of strongswan.conf.

Let’s do the fun stuff. Here is my /etc/ipsec.conf file:

# ipsec.conf - strongSwan IPsec configuration file

config setup
	# uniqueids=never
	charondebug="cfg 2, dmn 2, ike 2, net 2"

conn %default

conn IPSec-IKEv2

conn IPSec-IKEv2-EAP

conn CiscoIPSec
	# forceencaps=yes

This configuration has settings for three types of VPN services: IKEv2 + RSA certificate, IKEv2 + EAP, and IKEv1 + Xauth RSA, thus providing compatibility for a wide range of IPsec clients.

Let’s go briefly over the important items:

  • line 4: (disabled here) by default only one client can connect at the same time with an identical certificate and/or password  combo; the newer connection will always replace the older (in other words, a new connecting client using the same credentials kicks out the older still connected client). If you don’t like this, for instance because you want to use the same client certificates on multiple clients at the same time, enable this option
  • line 5: slightly more verbose logging. Very useful for debugging. Check out this link for a full list of options.
  • line 7: individual conn sections inherit the settings from the conn %default section. Put everything in here that you would otherwise have to repeat in the other conn sections. Helps to keep your setting file more concise.
  • line 21: settings specific to IKEv2 + RSA certificate connections
  • line 25: settings specific to IKEv2 + EAP connections
  • line 31: settings specific to IKEv1 + Xauth RSA connections

Your best resource for learning more about the available options is the strongSwan Wiki.

For now, if you like to enable your VPN server as quickly as possible, use above configuration as a template; only make sure to modify line 16 leftcert=vpnHostCert.pem to name your host VPN certificate instead.

Lastly, here is my /etc/ipsec.secrets file:

# This file holds shared secrets or RSA private keys for authentication.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

: RSA vpnHostKey.pem
user1 : EAP "topsecretpassword"
user2 : XAUTH "evenmoretopsecretpassword"
  • line 8: identifies the private key of the VPN host to allow your host to authenticate itself with its host certificate
  • line 9: defines an EAP credential (username / password) that can be used by clients to connect without client certificate
  • line 10: defines an XAUTH credential (username / password) that is required in addition to a client certificate for IKEv1 + Xauth RSA connections (as used by Apple iOS clients for example)

Whenever you edit /etc/ipsec.secrets while strongSwan is running, you must reload the file:

$ ipsec rereadsecrets

Once again, the strongSwan Wiki has all the details if you are interested.

You’re almost done setting up your server. There are a few things left to make your VPN server properly route the VPN tunnel:

$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
$ echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

Or to make it permanent, add the following to your /etc/sysctl.conf file:

net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

Use the following iptables rules (adjust the interface if yours isn’t eth0, and make sure to enter your VPN host IP where indicated):

$ iptables -t nat -A POSTROUTING -o eth0 ! -p esp \
	-j SNAT --to-source <your VPN host IP>

Speaking of iptables, if you have a restrictive firewall for incoming traffic, don’t forget to allow IPsec communications. Three rules are required:

$ iptables -A INPUT -p udp --dport 500 --j ACCEPT
$ iptables -A INPUT -p udp --dport 4500 --j ACCEPT
$ iptables -A INPUT -p esp -j ACCEPT
  • line 1: for ISAKMP (handling of security associations)
  • line 2: for NAT-T (handling of IPsec between natted devices)
  • line 3: for ESP payload (the encrypted data packets)

That’s it! Restart strongSwan and your VPN server is ready.

$ service ipsec restart

Client configuration

Of course you cannot do anything with until you’ve configured your clients. Instead of boring you with dull screenshots, here are the essential strongSwan Wiki articles describing how to configure IPsec clients for popular systems. Of course you can also Google for other howtos since the client configuration is mostly independent from the server software.

Windows 7 with IKEv2 + RSA certificate

Windows 7 with IKEv2 + EAP

Mac OS X / iOS

Further reading

93 thoughts on “strongSwan 5: How to create your own private VPN

    • Thanks Harri. Line 5 refers to the “charondebug” option, doesn’t it? I thought the link in the article would be appropriate, since it explains in more detail how to tweak debug output.

    • PS: The link “full list of configuration options” should be replaced, not the link pointing to the logger options. Sorry for the confusion.

      • No problem. 😉 The links refers to the documentation of strongswan.conf. I’ll edit the text to better clarify this. Thanks!

  1. Question about the first iptables line: If I got this correctly, then outgoing traffic except for protocol esp is natted to the external IP address. Why is esp ignored here?

    • Good question. From my understanding, we should only create a Source NAT for non-ESP traffic that’s leaving the server. It’s not needed to masquerade IPsec-encapsulated packets which are send between the two ends of the tunnel. For example, on the server, once IPsec packets are deencapsulated, they will go through iptables anyway (and get mangled accordingly).

  2. Thanks for the excellent guide. This works in running an IPsec/IKEv2 vpn connection from a blackberry z10 to my home debian server using the built in blackberry client.

  3. Excellent!But what should I do when my vps has only ipv6 address.
    And I do not understand the cert is which one while I choose the way “IKEV2 + EAP” on windows8.1 . Thank you.

  4. Hi Alexander,

    Thanks for your tutorial, it’s very nice. However is it possible to config and setup a StrongSwan based L2tp VPN without any certificates and to only use username and password, and use, for example, freeradius to manage the users?

    I’ve tried Google the above request however I can’t get some tutorials that I can use. Currently Openswan in Debian is almost like “dead”.

    • Hi Mack, unfortunately I don’t have experience with Radius, nor with setting up L2TP using Strongswan. Any reason you require L2TP over IPsec in Tunnel Mode with IKEv1 or IKEv2? This tutorial already includes the option to connect to authenticate to the VPN with the EAP-MSCHAPv2 protocol (i.e. without certificate).

      • Thank you Alaxander.
        The reason is to provide multi-platform friendly support. My friends and family members they know quite few about VPN so that the easier the better. However a combination usage of Android, iOS, Mac and PC that only built-in vpn client is satisfied enough. Though MSCHAP is ok in Win based OS however in scenario of iOS and Android, not that easy.

        • You’re right regarding MSCHAP. I was going to suggest to try adding an entry for authentication with XAuth alone, but it appears that wouldn’t work well with iOS:

          “Authentication uses XAuth and certificates (authby=xauthrsasig). Authentication without certificates may fail due to an attempt on the iOS side to use aggressive mode.”

          So yes, you may have to use a L2TP. If you try further, make sure to compile strongSwan with the nat-transport flag which is required if either server or any of your clients is behind a NAT (using L2TP).

  5. Hi there, when doing
    “Export client certificate as a PKCS#12 file”
    openssl reports
    “unable to load certificates” but all files exists.

    did i do something wrong or did you implent a small error i have to find?

    • Hi, I am fairly certain that there shouldn’t be a mistake in regard to exporting the client certificates. Did you make sure to run the comment from the right path (cd /etc/ipsec.d/)?

  6. This output is my ipsec status:
    Security Associations (1 up, 0 connecting):
    moon-sun[1]: ESTABLISHED 6 minutes ago,[C=ir, ST=teh, L=teh, O=teh,]…[C=ir, ST=esf, L=esf, O=esf,]
    moon-sun{1}: INSTALLED, TUNNEL, ESP SPIs: c83fe250_i c1b06439_o
    moon-sun{1}: ===
    moon and sun are in same subnet and wirshark shows ESP packets which are transmit over this tunnel between moon and sun, but I have not connection,
    any idea? thanks

    • Hi Ali, it seems you are using a completely different setup than the one posted in this howto? Your traffic selector is; if you want all IP traffic to be tunneled via, you should define leftsubnet=

  7. I don’t know what you mean when you are saying completely different, but if you would like to see my scenario and configurations on both of my servers, I can explain it to you,
    I got confused !!

    moon —— sun

    • Ali, the setup in this howto is meant to work as a “road warrior” configuration (dynamic clients connecting to the server and tunneling all Internet traffic through that server).

      From your output it appears that you have a completely different scenario, namely a server-to-server or server-to-gateway setup. This is not part of this howto.

  8. ok Alexander, I will welcome you if you either guide me or introduce any site which has correct solution, there are many sites but I cannot believe in their solutions :(((

  9. When writing the first iptables command

    “iptables -t nat -A POSTROUTING -o eth1 ! -p esp -j SNAT –to-source ” (eth1 is the correct interface in my case, my IP address is a IPv6 address unfortunately, and i didn’t do the permanent changes to /etc/sysctl.conf yet, but the 3 echo commands instead – i don’t know if any of this makes a difference),
    i get the following error:

    “iptables v1.4.4 need tcp udp sctp or dccp with port specification”

    Could you please tell me if i did something wrong, or what else to try?
    Thanks in advance

  10. Hi, Alex,
    I followed your step by step guide.
    Finally I connected to VPN. But there is one problem. I can access google, youtube.
    But I can’t access twitter, facebook and many other sites.
    Do you have any suggestions?

  11. Hi Luca,

    I don’t have much experience setting up a VPN on a Mac, but I do remember when I did it for a friend once, it took me some time to properly add the certificates. Did you install the client certificate, client keyfile and CA certificate via Utilities->Keychain Access in the System Keychain? Also, I remember I had to mark both imported certificates as trusted for all users (basically “Always trust” in all settings). For the keyfile make sure to allow all applications to access it (or at least add /usr/sbin/racoon to the list of allowed apps). Then, when you create a “Cisco VPN”, you should be able to select the appropriate certificate, and also supply it with the XAUTH password. That was basically the main hurdle I recall.

    • Thanks for the fast reply.
      It was the keyfile. I set the permissions to “Allow all applications to access this item” and it worked!

      Thank you so much for the article and your help!
      Keep on with the good work.


  12. Hi, Alex!

    I tried to install Amazon based VPN using Your How-To but to no avail 🙁
    Honestly saying, it’s a half of true 🙂
    Well, I generated all cerificates with one difference only: I din’t use anything like DynDNS, so I use CN=ServerPublicIP, where ServerPublicIP is Public IP of my Amazon instance, something about
    And I use this ipsec.conf:
    conn Road

    Then I tried Windows machines (without comment of rightsendcert line) – works like a charm for Win7 & Win8.1 both, but when I tried Blackberry 10 device (with rightsendcert commented), it doesn’t work at all and log is:
    charon: 08[IKE] ClientPublicIP is initiating an IKE_SA
    charon: 08[IKE] local host is behind NAT, sending keep alives
    charon: 08[IKE] remote host is behind NAT
    charon: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
    charon: 08[NET] sending packet: from ServerPrivateIP[500] to ClientPublicIP[500] (308 bytes)
    charon: 16[IKE] sending keep alive to ClientPublicIP[500]
    charon: 01[JOB] deleting half open IKE_SA after timeout
    So, as I can understand, Blackberry 10 device totally refuses send certicates to server which one is weird, because all certificates are OK (exactly the same ones working for Windows). At other side, nothing is bad with Blackberry device, because I can establish VPN using PSK auth with the same server. I couldn’t find any info about VPN details for Blackberry, so Your advise is very important for me.
    Thanks in advance

    • Hi Mr Yuri! I’m having same problem with iOS 9:

      14[IKE] authentication with RSA signature successful
      14[ENC] generating IKE_AUTH response 1
      14[NET] sending packet: from …[4500] to …[45]]
      06[NET] sending packet: from …[4500] to …[4500]
      15[JOB] deleting half open IKE_SA after timeout
      15[IKE] IKE_SA IPSec-IKEv2-EAP[1] state change:

      Tried rightsendcert=false (
      Tried fragmentation=yes (

      But it manifests for both Hostname config and IP certificate config.
      So at least that issue probably isn’t related to DNS hostname vs IP.

  13. Hey awesome guide Alex !

    When I restart IPSec I get this

    Starting strongSwan 5.2.0 IPsec [starter]…
    no netkey IPsec stack detected
    no KLIPS IPsec stack detected
    no known IPsec stack detected, ignoring!
    . ok

    is this supposed to be like this ?

    • Hi Omer,

      Not really. 😉 Does it yet work though? By any chance, are you running strongSwan from a OpenVZ VPS or something similar? It seems you are missing access to the necessary IPsec kernel modules. If you are on a OpenVZ VPS, your hoster needs to enable them. See here for more:

    • You can enable IPsec support in OpenVZ, but the routing is broken. This is OpenVZ kernel issue. You would be able to ping internal IPs and interfaces, but if you want to do routing or NAT, you won’t get any packets.

      You can use strongSwan’s userspace IPsec implementation, just compile strongSwan with –enable-kernel-libipsec

  14. Hello.
    I have Strongswan running on a Debian 3.2.0-4.
    Server setup:
    eth0 with a local IP ( and router gateway (different Internet from eth1)
    eth1 is connected directly to the outside (not the .1.1 router) with a static public ip (for example, – different Internet from eth0).

    I have this conn:

    The connection establishes, I can ssh to the right site, but after a few seconds ssh session keeps freezing. Any idea what the problem could be?

  15. I want to thank you for making this guide available. It is very straight forward and gives first time installers confidence required to try new soltutions. I would like to see us creating some sort of “go-to” forum for StrongSwan; I think it would be fun and very helpful. Thank you.

  16. Hi Alexander,

    Looks like a formidable tutorial. And so many people used it succesfuly, but for some reason I am stuck already by the first step,
    “Add wheezy-backports to your APT repository”, does not work.
    Could it be that the repository has been moved to another location?
    Or any idea what i am doing wrong?

    kind regards, Bert

    • Hi Bert,

      What is the exact error? wheezy-backports is still current, so it should work. You could also try adding the repo directly to your /etc/apt/sources.list file. You find more detailed information over here: (under Using the command line).


  17. Hi Alexander,
    Thanks for coming back to my question. I did add the line
    deb wheezy-backports main
    to the sources.list file and did the apt-get update with this result at the end:

    Genegeerd wheezy/rpi Translation-en
    836 B opgehaald in 18s (45 B/s)
    W: GPG-fout: wheezy-backports Release: De volgende ondertekeningen konden niet geverifieerd worden omdat de publieke sleutel niet beschikbaar is: NO_PUBKEY 8B48AD6246925553
    W: Ophalen van is mislukt 404 Not Found

    E: Some index files failed to download. They have been ignored, or old ones used instead.

    And when i dispite the error try to install acording to the next step in the tutorial i receive the following message:
    WAARSCHUWING: De volgende pakketten kunnen niet geauthentificeerd worden:
    strongswan-ike strongswan-starter libstrongswan strongswan-libcharon strongswan-charon
    libcharon-extra-plugins libstrongswan-standard-plugins strongswan
    Wilt u deze pakketten installeren zonder verificatie [j/N]? j

    At the end i receive the next message:
    [….] Restarting strongswan IPsec services: ipsecStopping strongSwan IPsec…
    Illegal instruction

    Btw, it installs strongswan vesion 5.2.1-4 so that is the version from the normal repository.

    root@raspberrypi:~# ipsec version
    Linux strongSwan U5.2.1/K3.12.35+
    Institute for Internet Technologies and Applications
    University of Applied Sciences Rapperswil, Switzerland
    See ‘ipsec –copyright’ for copyright information.

    This is the content of my sources.list:
    deb wheezy main contrib non-free rpi
    # Uncomment line below then ‘apt-get update’ to enable ‘apt-get source’
    #deb-src wheezy main contrib non-free rpi
    deb wheezy-backports main

    Hope you can help me with this.
    Regards, Bert

    • Bert, I am not familiar with the Raspberry Pi, but it seems you’re using an outdated keyring? Try to see:

      # apt-cache policy debian-archive-keyring
      # apt-key list

      and finally do:

      # apt-get install debian-archive-keyring
      # apt-key update

      Then, this error: “ is mislukt 404 Not Found” seems to indicate that you haven’t entered the repo correctly in your sources list file. Make sure in the line

      deb wheezy-backports main

      between wheezy-backports and main there is indeed a space character (nor some other invisible character).

      If there is still a problem, could you post your /etc/apt/sources.list file here and, if there is anything in it, also the contents of the /etc/apt/source.list.d directory?

  18. Hi Alexander,
    I am running an IPSec VPN server on my Synology NAS, but for security reasons i prefer the VPN endpont to be on a different hardware platform as my NAS. That is the reason i like the RPi solution.

  19. Hi Alexander and other readers,
    I found on an other forum, that there is a problem with the latest raspbian images and the StrongSwan package.
    So i tried older versions of debian and the corresponding strongswan package and that worked!

    But i do not like the idea of having a year old version, so t jumped over to softether vpn, which worked immediately and seems also to have a very nice mgt package.

    I would like to thank you for your help so far.
    Kind regards, Bert

  20. Hello both,

    i just faced the same issue on my RPi. After I firstly installed the missing gpg key, I secondly installed strongswan from wheezy-backports without any errors.

    Now I’m “running” ipsec version:
    Linux strongSwan U5.2.1/K3.12.35+

    However, when I want to start the ipsec service, I get the Error “Illegal instruction”.

    Do I need to update other packages? Any advice would be welcome.


    • Hi Conrad, “Illegal instruction” (SIGILL) doesn’t sound good… it’s most likely related to the package, how it was compiled, and how it is compatible (or not) with your R Pi. Looks like Bert was successful with an older version of Strongswan. You could try installing it from another repository (instead of backports).

      Did you try using the official Raspbian repo? It does contain Strongswan 5.2.1, same like Backports at the moment. No idea if it works properly, but you could give it a try. To do that, first remove /etc/apt/sources.list.d/wheezy-backports.list again (unless you know how to do package pinning). Then make sure you have the raspbian repo installed. In /etc/apt/sources.list add:

      deb wheezy main contrib non-free
      deb-src wheezy main contrib non-free

      And make sure you have the public sign key installed as well:

      wget -O – | sudo apt-key add –

      Then follow the instruction in this tutorial, starting with:

      apt-get install strongswan libcharon-extra-plugins

      • Hi Alexander,

        thank you very much for your instant reply. I was able to add the raspbian testing environment and install the packages with:
        apt-get -t testing install strongswan libcharon-extra-plugins
        Now strongswan 5.2.1 works like a charm on my little pi!

        I also wanted to say that I really love this howto.
        With your help, I was able to set up a RPi as a VPN machine that is now supporting all my clients [Windows 8.1, Windows Phone 8 (via EAP-TLS) & IOS 8].

        May I take the liberty to suggest to more tiny things:
        1. I used the option ‘–digest sha256’ in order to sign the certificates not with SHA1
        2. I added ‘–flag clientAuth’ to the client certs (e.g. needed for Windows Phone)

        Thank you for your help and this great tutorial!


  21. Hi Alexander,

    Thanks for the great article, it’s very understandable. At the point where I want to generate a p12 file from my certificates I get the following error:

    root@machine:/etc/ipsec.d# openssl pkcs12 -export -inkey private/jelle-laptop-1.pem -in certs/jelle-laptop-1.pem -name "Test" -certfile cacerts/strongswanCert.pem -caname "Test" -out jelle.p12
    unable to load certificates

    I am running Ubuntu 14.04, but managed to install the required packages from the repository. I also noticed my private pem files are text files, while my /etc/ipsec.d/certs files are binary files. Do you know if this is correct?

    • Hi Jelly,

      It seems like your certificates are in the binary DER form. In the tutorial I assumed that everything is stored in Base64-encoded DER to make the files more portable.

      For example, if you go back to the “Create your VPN host certificate” section, check where it says –outform pem > certs/vpnHostCert.pem. The outform parameter specifies the encoded form of the certificate, and it’s DER by default. So if you forget that part, you will end up with the binaries you’re seeing.

      There is an easy way to convert the certificates into base64-encoded PEMs, with something like:

      openssl x509 -inform der -in certificate.crt -out certificate.pem

  22. Hello and thanks for the tutorial. I was able to setup strongswan and the certs on my Raspberry Pi, but I have a question:

    How can I set my iOS device to use IKEv2 along with VPN On Demand?

  23. hello Alexander. Thanks for this tutorial. I am having one small issue;

    Starting strongSwan 5.2.2 IPsec [starter]...
    /opt/etc/ipsec.conf:34: missing value for setting 'conn'
    invalid config file '/opt/etc/ipsec.conf'
    unable to start strongSwan -- fatal errors in config

    ipsec.conf:34 is directly related to conn %default

    unfortunately, i’m a strongswan noob, so i don’t know how parameter requirements might have changed from version to version and this is my first IPSec server. Thanks in advance for any insight

      • Hey Alex,

        this morning i repasted your configuration and it ipsec start worked, so i’m not sure what happened there. a small tidbit of information that might be helpful; Windows Phone 8.1 won’t recognize client certs without the ‘clientAuth’ flag. so people should know to remember that before exporting to .p12

        Now, I’m currently fighting a WinPhone8.1 error code: 13801 but i’ll post back when i get that resolved, unless somebody (hopefully) beats me to the punch.

        • Adrian, thanks for sharing the info regarding Win Phone 8.1. I’ll update the howto soon.

          Microsoft has some info regarding error code 13801…

          Error 13801 occurs on the client when:

          • The certificate is expired.
          • The trusted root for the certificate is not present on the client.
          • The subject name of the certificate does not match the remote computer.
          • The certificate does not have the required Enhanced Key Usage (EKU) values assigned.

          Did you make sure that the VPN Server Name as given on client certificate matches with the subjectName of the server certificate?

    • Hi,

      If your IKEv1 client spports PFS, it should be enaled with this configuration out of the box. Previously, strongSwan had a “pfs” option; this has been removed and instead IKEv1 and IKEv2 now use the same syntax for enabling PFS, namely listing a Diffie-Hellman group in the ESP proposal (as shown in the example).

  24. Hello and thanks for this awesome tutorial.

    I’ve set up my Raspberry Pi based on your instructions on this page, but with a few differences, being that I’ve enable line 4 of the ipsec.conf file to be able to use one cert on multiple devices. It all works when I connect my iPhone to the strongSwan Service, except that when it does connect, it gives me this:
    tail -f /var/log/auth.log
    Apr 23 02:12:55 retro charon: 08[IKE] cli.ent.ip is initiating a Main Mode IKE_SA
    sudo ipsec status
    Security Associations (1 up, 0 connecting):

    CiscoIPSec[96]: ESTABLISHED 94 seconds ago,[C=CH, O=strongSwan, CN=ser.ver.ip]…cli.ent.ip[C=CH, O=strongSwan, CN=Client Key]

    CiscoIPSec{59}: INSTALLED, TUNNEL, ESP in UDP SPIs: cc162c33_i 05debb64_o

    CiscoIPSec{59}: ===

    I’m a novice when it comes to troubleshooting info like the above, but it seems to me that my iPhone isn’t using IKEv2 (IPSec-IKEv2) and is instead using IKEv1 (CiscoIPSec). Is my assumption correct? How can I get my iPhone to use IPSec-IKEv2 instead?

      • Is there a way to set IKEv2 without Apple Configurator? I don’t have a Mac to work on, only Windows.

        Can I edit the config file with a text editor on windows, and possibly make the changes there to enable IKEv2?

        • Hi,

          Not in iOS 8.x. But from what I’ve seen, iOS 9.0 will have an updated VPN gui with the option to configure IKEv2 directly on the device.


  25. I’ve set up strongSwan along with Plex Media Server on my Raspberry Pi 2 with the intention of accessing it over the VPN when I’m away from home. The VPN works, except that when I try to connect to Plex by using the local IP address, I get a log in screen. If I am home however, I can see my server with it’s contents. Can you help with that?

  26. I’m trying to setup an IKEv2 profile for iOS 8/9 but I’m running into some issues.

    What is a Remote Identifier?
    What is a Local Identifier?

  27. Hello. I’ve followed your tutorial and at this moment, it works well with iOS devices (IKEv1). However, I’m having difficulty setting up IKEv2 via Apple Configurator, and seeing that the support pages on the strongSwan site are difficult for me to grasp, I’m hoping that you can help.

    With Apple Configurator, what would I put for Local Identifier and Remote Identifier? And with regards to other parameters in the Configurator (Dead Peer Detection Rate, IKE/Child SA Params [Encryption Algorithm, Integrity Algorithm, Diffie Hellman Group #, and Lifetime in Minutes], and would be best to use?

  28. Hello. Is it possible that the script you have for generating RSA keys could be re-written for ECDSA keys? And if so, could you post an example?

    Not that I have an issue with RSA keys, but it’s that I’ve read that ECDSA provides the same/possibly greater key strength as RSA keys, with the benefit of a smaller key size, and that strongSwan supports the use of ECDSA.

  29. Tried all your instructions to the T but was always getting error with Windows Phone 8.1 Client.
    Finally figured:
    CA certificate needs a serverAuth flag.
    ipsec pki –self –ca –lifetime 3650 \
    –in private/strongswanKey.pem –type rsa \
    –dn “C=CH, O=strongSwan, CN=strongSwan Root CA” \
    –flag serverAuth –outform pem \
    > cacerts/strongswanCert.pem

    Hope it helps someone.

  30. Hello,

    I am trying to generate certificate using
    ipsec pki –gen –type rsa –size 4096 \
    –outform pem \
    > private/strongswanKey.pem

    once i enter this command process is running forever it is not getting exit.

    when kill it using ctrl + c strongswankey.pem doesn’t have any data.

    Can anyone help me ?

  31. Hi Alex,

    Thank you for well written tutorial. It helped me a lot.
    One thing however – maybe it is something obvious – but anway:
    I had to make sure that my host certificate and private key had the same filename, otherwise I got error about loading private key.

    My bad habit of naming files my.vpn.server-cert.pem and my.vpn.server-key.pem and my lack of attention to tiny line saying it couldn’t load the private key took me few hours to figure out why I was getting IKE error about authentication failed.

    Thanks again for really useful article.


  32. It took me long to to figure out.
    For windows Phone 8.1 as client (possibly all windows Phone). CA Certificate must have –flag serverAuth or it won’t work.
    Just FYI for others who want Windows phone clients to work.

  33. Hello.

    I currently have a stable setup with Strongswan 5.x installed on a Raspbian image on an RPi. I use IKEv1 + Xauth RSA for all my iDevices + Mac and IKEv2 on a Windows 10 machine.

    I read recently that iOS devices and OS X now also support IKEv2 via GUI and was considering moving to IKEv2 based on the fact that IKEv2 should be more secure and faster than IKEv1.

    My question is: as it seems that authentication in iOS and OS X only allows user+password (EAP-MSCHAPv2) or certificate (RSA), when now I have user+password+certificate, how can this still be more secure?

    Does it make sense to go through the hassle of reconfiguring Strongswan and the devices, just to move from IKEv1 to IKEv2, solely based on the above mentioned advantages?

    Thanks in advance for any insights.

    • Hi Nuno,

      I am now set a VPN followed the steps, But I cannot connect to the server with macOS Sierra. Can you refer me some instruction to setup the configuration with strongSwan?


  34. Hi,

    thanks for this guide! I’ve got my server set up pretty much following this. The only thing I changed was adding the –digest sha512 flag when creating my certificates. This works fine on iOS and Android, but not on the Mac (El Capitan). If I use sha1, it works there as well. Does Mac OS only support sha1??

  35. Thanks for the article and some tips for others.

    I see both the author and some other commenters mention iOS clients needing to do both Cert (RSA) based authentication along with Xauth for username/password. This is true as standard but not necessarily compulsory.

    I have previously setup StrongSwan5 as an IKEv1 server for iOS devices and hit an issue with username/password in a VPN on Demand scenario. With a VPN on Demand setup you need to use device certificates for authentication and to also push the settings as a mobileconfig file – typically via a Mobile Device Management system. If you do then as standard such MDM systems only allow including the user name and not a password. This means that each time the iOS device is asked to connect on demand it will keep asking for the password and will _not_ save it. It is undocumented but potentially possible to hand edit a mobileconfig file and add an entry for the users password but this means doing this for each user each time they change their password. Furthermore mobileconfig files might be stored as plain text on the MDM server i.e. an xml file including the users password!

    I resolved this by using the xauth-noauth option in my ipsec.conf file instead. As a result StrongSwan5 does not challenge the client device i.e. the iOS device for a user name and password and just uses the certificates for authentication. See

    PS. As may already be clear from above, in order to do VPN on Demand as asked by another commenter you would need to use a MDM solution to push the client certificate, VPN settings, and VPN on Demand settings all in a mobileconfig file. This can be done using either IKEv1 (aka. Cisco IPSec), IKEv2, Cisco Anyconnect or various SSL VPN clients. It cannot be done using L2TP or PPTP. See

    PPS. I plan to follow this article to ‘upgrade’ my StrongSwan5 IKEv1 setup to IKEv2.

  36. Hi

    Thank you for your howto!

    I created a vpn server on my Raspberry and now do I have a working connection between my Raspberry and my iphone.


  37. Hello Alexander!
    I’ve installed strongswan 5.4.0 and tryind to connect from Android Strongswan client. I used Your configuration guide .
    I got :
    Apr 4 12:10:40 test170 charon: 09[NET] received packet: from[44630] to zz.zz.zz.zz[500] (1012 bytes)
    Apr 4 12:10:40 test170 charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
    Apr 4 12:10:40 test170 charon: 09[IKE] no IKE config found for zz.zz.zz.zz …, sending NO_PROPOSAL_CHOSEN
    Apr 4 12:10:40 test170 charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
    Is it look like IKEv1 is being used?

    Any advices?

  38. Thanks for this howto! I’ve used it twice and it never failed me.
    Today I tried to revoke a certificate (nothing bad happened just an old device that was removed) and was surprised that I could still connect until I called “ipsec rereadcrls”. Maybe you could add that to your text.

  39. Seems like a very dumb problem: I’ve followed your description and I can connect to the PI from my mobile phone, but I cannot access internal IPs or host names – what might be wrong?

    ipsec statusall
    Status of IKE charon daemon (strongSwan 5.2.1, Linux 4.4.9-v7+, armv7l):
    uptime: 7 minutes, since May 26 21:13:51 2016
    malloc: sbrk 1216512, mmap 0, used 252952, free 963560
    worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
    loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp
    dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default farp
    stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc
    xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity
    Listening IP addresses:
    IPSec-IKEv2: %any…%any IKEv2, dpddelay=300s
    IPSec-IKEv2: local: [C=CH, O=strongSwan,] uses public key authentication
    IPSec-IKEv2: cert: “C=CH, O=strongSwan,”
    IPSec-IKEv2: remote: uses public key authentication
    IPSec-IKEv2: child: === dynamic TUNNEL, dpdaction=clear
    IPSec-IKEv2-EAP: %any…%any IKEv2, dpddelay=300s
    IPSec-IKEv2-EAP: local: [C=CH, O=strongSwan,] uses public key authentication
    IPSec-IKEv2-EAP: cert: “C=CH, O=strongSwan,”
    IPSec-IKEv2-EAP: remote: uses EAP_MSCHAPV2 authentication with EAP identity ‘%any’
    IPSec-IKEv2-EAP: child: === dynamic TUNNEL, dpdaction=clear
    CiscoIPSec: %any…%any IKEv1, dpddelay=300s
    CiscoIPSec: local: [C=CH, O=strongSwan,] uses public key authentication
    CiscoIPSec: cert: “C=CH, O=strongSwan,”
    CiscoIPSec: remote: uses public key authentication
    CiscoIPSec: remote: uses XAuth authentication: any
    CiscoIPSec: child: === dynamic TUNNEL, dpdaction=clear
    Security Associations (1 up, 0 connecting):
    IPSec-IKEv2-EAP[1]: ESTABLISHED 6 minutes ago,[C=CH, O=strongSwan,]…[]
    IPSec-IKEv2-EAP[1]: Remote EAP identity: sven
    IPSec-IKEv2-EAP[1]: IKEv2 SPIs: f829fd573f684161_i 914198da1bdf03ac_r*, rekeying disabled
    IPSec-IKEv2-EAP[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024

    iptables -t nat -L
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    SNAT !esp — anywhere anywhere to:

    • This particular setup is kind of a like a gateway for roadwarriors. All traffic is routed through the server and back: `leftsubnet =`. If you want to access a local IP (something like or I presume it is also send to this gateway, hence you are unable to access it. In this configuration virtual IP’s are used: `rightsourceip=`. You can edit your configuration by removing this rule and adding `rightsubnet=` or something similar that is in line with your subnet on the client.

      Have a look at
      There are a lot of configurations. I’m not sure which one the author uses. Something along the lines ikev2 virtual ip nat?

      Anyway, definitely one of the better tutorials on the web. Really useful part on how to create keys and certificates!

  40. I am getting a `Sorry, you entered an invalid password’ error when I am trying to import the .p12 file into Mac Keychain. Am I importing the wrong file? Did anyone get the same error? (I am on macOS Sierra 10.12.1) Any help would be appreciated, thanks in advance.

  41. Although this article is old it helped considerably to simplify the step by step required to install strongSwan. I ran into a couple of snags:
    1) hangs while generating certs – solved by installing “haveged” to provide better random number entropy
    2) tutorial needs more info – for example what IP should be used on line 19 of /etc/ipsec.conf file, or do the names on lines 9 & 10 of /etc/ipsec.secrets (i.e. user1 and user2) need to correspond to the file names for the client “pem” files?
    3) how can you be sure your vpn server is running o listening?

    On the last point I don’t see any processes with “ipsec” or “wan” (for strongSwan) in their name, nor can I see listeners on the standard ports for ipsec vpn.

    I was unable to connect with my Mac (OS Sierra) with either IKEv2 or Cisco IKEv1, although the OS was able to read the client.p12 file OK and showed the correct info for my CA Root Authority.

    • I can reply to some of these ‘snags’:

      1) I didn’t encounter any hangs. You might have a different Linux distributions that doesn’t use `ipsec` as command, but `strongswan`.

      2) On line 19: The author assigns virtual IP’s to clients. This makes this whole configuration more flexible, and saves a long explanation on how to make it work for your subnet.

      .pem files and Xauth keys are unrelated. The author specifies different kind of connections, RSA public keys, PSK with Xauth. You can use the one you like for your client.

      3) You can use ipsec statusall to check all current connections and loaded plugins. You can use something like ‘netstat -pnaut’ to check if strongswan is listening on UDP:500/4500

  42. Thanks for the tutorial, but I am confused on one point. I want to use PSK so that I can connect from any device anywhere without installing certificates or custom clients/apps. On my Android the native client requires BOTH a PSK and a username + password, but your ipsec.secrets file seems to be either/or. How do I configure for the native Android client?


  43. Thanks for this tutorial, i’m new to VPN setup but think i’ve nearly got it sorted. Have installed strongSwan 5.5.2 IPsec on Debian 8, VPS, “ipsec start” reports success. Now testing with KVpnv client from linux system and getting error:

    [ipsec whack status err]
    error: [ipsec whack status err] /usr/sbin/ipsec: unknown command `whack’ (`ipsec –help’ for list)

    Googled for help with [ipsec whack status err] and found no fix or solution, any ideas what is going on and how to resolve?

  44. On Stretch pki seems to be in a separate package, so strongswan-pki is needed to be added to the install list.

Leave a Reply

Your email address will not be published.