Hi,
here my Strongswan road-warrior config using Archlinux
/etc/swanctl/conf.d/somename.conf
connections {
somename {
local_addrs = %any
remote_addrs = gw.domain.tld
vips = %any
version = 2
proposals = aes256-sha256-modp2048
dpd_timeout=120s
rekey_time=1d
local {
auth = pubkey
certs = cert_export_work_crt.pem
id = "work@gw.domain.tld"
}
remote {
auth = pubkey
id = "CN=gw.domain.tld"
}
children {
somename {
#start_action = start
remote_ts = 192.168.223.0/24
esp_proposals = aes256-sha256-modp2048
dpd_action=start
life_time=8h
}
}
}
}
secrets {
rsa-somename {
file = cert_export_work_private.pem
}
}Save your private key to
/etc/swanctl/private/cert_export_work_private.pemSave your certificate to
/etc/swanctl/x509/cert_export_work_crt.pemSave your ca-certificate to
/etc/swanctl/x509ca/cert_export_ca.pemStart and stop your vpn connection via
systemctl restart strongswan
swanctl --initiate --child somename
swanctl --terminate --child somenameHave fun!