0

I am very new to VPN and IPsec tunneling. I have two VMs between them I need to establish IPsec tunnel by using pre-defined PSK key or provided certificate .pem. I have installed strongswan-5.9.6-1.el8.x86_64 on both VMs. When I check the strongswan documentation it says about swanctl and ipsec command line interface. My confusion is which command line tool I can use with strongswan-5.9.6-1.el8.x86_64?

Can you please give me an example how to configure *.conf (ipsec.conf or swanctl.conf) for establishing tunnel between two VM

What is strongswan.conf used for. Do I need to make the changes in this file also? what changes? for IPsec tunneling.

Improve this question
1
  • You may want to visit the site of the maintainer: strongswan.org . There you can find a bunch of examples on how to set up StrongSwan (for both ipsec and swanctl) that you can modify to suit your needs. You should also feel free to experiment with them.
    – Robidu
    Commented Sep 28, 2022 at 23:39

1 Answer 1

Reset to default
0

The point is, you make the decision which type of interface (ipsec or strongswan) you are going to use when installing it (Debian, for example, offers both), then adjust /etc/ipsec.conf or /etc/swanctl/swanctl.conf depending on the controller that you have chosen (strongswan-starter or strongswan-swanctl).

As far as /etc/strongswan.conf is concerned, that is used for general settings (logging, authentication methods, etc.) concerning StrongSwan, but connection and authentication specifics are made in the appropriate config files (/etc/ipsec.conf for strongswan-starter or /etc/swanctl/swanctl.conf for strongswan-swanctl).

Also note that you cannot mix both control methods - if you have chosen one particular method on a particular host, stick to it. If you want to switch methods, you need to transform your settings from one format to the other and also install the appropriate package.

Improve this answer
2
  • Thank you for your response. If I go with strongswan-swanctl controller which package I need to install. How can I start the strongswan (what is the command)?
    – ppb
    Commented Sep 29, 2022 at 1:38
  • @ppb You need to install both strongswan and strongswan-swanctl (don't be surprised that strongswan-starter is automatically installed along with strongswan). If you want to control StrongSwan manually, it's swanctl, and if you want to bring it up during boot, you need to issue systemctl enable strongswan-swanctl.service, and if you want to bring it up as a service, you'd use systemctl start strongswan-swanctl.service.
    – Robidu
    Commented Sep 29, 2022 at 1:49

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .