Skip to content

dotmitsu/ansible-strongswan-vpn-easy-install

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
README_src
README_src
 
 
inventories
inventories
 
 
roles
roles
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
ansible.cfg
ansible.cfg
 
 
strongswan.yml
strongswan.yml
 
 

Repository files navigation

Server setup

This role tested on Ubuntu 20.04.

  1. Install ufw ansible module ansible-galaxy collection install community.general
  2. Change inventories (hosts, group_vars, host_vars) values to your own
  3. Start playbook

ansible-playbook -i ./inventories/hosts ./strongswan.yml


Recommendations

1) If you need to recreate all certs, run ansible-playbook with variable generate_certs=true

ansible-playbook -i ./inventories/hosts ./strongswan.yml -e "generate_certs=true"

OR

Delete /etc/ipsec.d/private/ca-key.pem on remote host and ansible role automaticaly will regenerate all necessary keys at the next start of role.

2) UFW doesn't delete added rules. For example: If you used ssh port 22, and after that you changed it to another (for example 20022), the rule with 22 port will remain. You need to remove it manually. This is done in order not to delete other rules on the server.

Clients setup

1. Ubuntu or other Linux

Ubuntu or other Linux

Copy /etc/ipsec.d/cacerts/ca-cert.pem from remote host to local host /etc/ipsec.d/cacerts/ca-cert.pem

It is necessary that the key is located in this path /etc/ipsec.d/cacerts/ca-cert.pem on local mashine. Otherwise, the vpn client may not accept it.
Use any vpn client you want.

Auth method EAP
Use ca-cert.pem and login/password for vpn client.

2. Windows

Windows

Open Manage Computer Certificates.
Add ca-cert.pem to Trusted Root Certification Authorities.

By steps:

Windows_1

Windows_2

Windows_3

Choose All Files(*.*) and select ca-cert.pem

Windows_4

Windows_5

Windows_6

Windows_7

After that you can create VPN connection in Windows Settings. VPN Type: IKEv2, Authenticate by Login/Password. (Tested on Windows 10, 11)

3. iOS

iOS

  1. Download ca-cert.pem using Safari (it is important use Safari browser). Then go to Settings and open "Profile Downloaded" and choose "Install".
iOS_01

iOS_01_1

iOS_01_2

  1. After that go to Settings General -> VPN & Device Management -> VPN -> Add VPN Configuration
iOS_02

iOS_03

iOS_04

iOS_05

  1. Fill in the fields.
iOS_06
Type: IKEv2
Server: your server address
Remote ID: your server address
User Authentication: Username
Username: your login
Password: your password
4. Android

Android

You have 2 ways:

  1. Use official application from Play Market strongSwan VPN Client
  2. Use Android settings and create VPN Connection.

The 1 way:

  1. Install the application strongSwan VPN Client
Android_1

Android_2

Android_3

Android_4

  1. Tap to Import certificate and choose ca-cert.pem file.
Android_5

  1. Go back to main screen and choose "ADD VPN PROFILE". Fill in the fields, uncheck Select CA certificate and choose imported certificate.
Android_6

  1. Sometimes the imported certificate is not displayed. In this case, go back and open this menu again.
Android_7

  1. You can add VPN shortcut to Android top menu.
Android_8

The 2 way:

  1. Go to Android Settings, then
    Security -> Encription & Credentials -> Install a certificate -> CA certificate
    and install ca-cert.pem
  2. Go to Network -> VPN and create VPN conecction profile.
    Type: IKEv2/IPSec MSCHAPv2
    Server address: your server address
    IPSec CA certificate - choose your imported certificate
    IPSec identifier: your login
    Username: your login
    Password: your password

About

Fast and easy installation and setup strongSwan IPSec/IKEv2 VPN

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published