How to Install strongSwan on Debian Latest

In this tutorial, we will go through the process of installing strongSwan on the latest version of Debian. strongSwan is an open-source IPsec-based VPN solution that is available on various operating systems including Linux, macOS, Android, and iOS.

Prerequisites

Before we begin the installation of strongSwan, we need to ensure that the following prerequisites are met:

  • A server running the latest version of Debian.
  • Root access or a user with sudo privileges on the server.
  • A reliable internet connection.

Installation

Step 1: Update the system

The first step in installing strongSwan is to ensure that your system is up to date. This can be done by running the following command:

sudo apt update && sudo apt upgrade -y

Step 2: Install StrongSwan

To install strongSwan on Debian, we can use the apt package manager. To do this, run the following command:

apt-get install strongswan -y

This will install strongSwan and all its dependencies.

Step 3: Configure strongSwan

The configuration files for strongSwan will be stored in the /etc/ipsec.d/ directory. Navigate to this directory and create a configuration file named ipsec.conf.

cd /etc/ipsec.d/
touch ipsec.conf

Step 4: Configure IPsec

Once the configuration file ipsec.conf is created, it needs to be configured. Open the file using your favorite text editor and add the following configuration.

conn my_vpn
    left = %any
    leftsubnet = 0.0.0.0/0
    right = %any
    rightsubnet = 0.0.0.0/0
    authby = secret
    keyexchange = ikev2
    auto = add

This configuration creates a VPN connection named my_vpn. The left and right parameters specify the server and client IP addresses respectively. The leftsubnet and rightsubnet parameters denote the subnet masks for each host. In this case, it’s set to allow all traffic.

Step 5: Configure the shared secret

Next, we need to create a shared secret key that the VPN clients and server will use to authenticate each other. To do this, open the ipsec.secrets file located in the /etc/ipsec.d/ directory and add your shared secret:

: PSK "my_pre_shared_key"

Replace my_pre_shared_key with your desired passphrase.

Step 6: Start strongSwan

Now that we’ve configured strongSwan, we can start the service using the following command:

systemctl start strongswan

Step 7: Enable strongSwan to start automatically

To ensure that strongSwan starts automatically at system boot, run the following command:

systemctl enable strongswan

Step 8: Verify strongSwan is running

To check if strongSwan is running, use the command below:

systemctl status strongswan

This should output a message indicating that strongSwan is active and running.

Conclusion

This concludes our tutorial on how to install and configure strongSwan on Debian. strongSwan is now configured and ready to use. Use your VPN client to connect to the server and start using it.