In this post, I will discuss one VPN that is quite widely used, namely IPsec VPN. Quoted from Wikipedia “In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs)” . So, with this IPsec VPN later we will create a tunnel where we can secure the connection from our network via the internet with a fairly flexible security method. IPsec VPN will encrypt your network traffic. So, no one other than the user and the VPN server can see it. Alright, let’s just start how to install IPsec VPN server on linux :
How to Install IPsec VPN Server on CentOS
Before starting the installation, we recommend that you update your system on CentOS with the command yum update -y then reboot the system. We will use an auto-setup script created by Lin Song and other contributors for the IPsec VPN server installation.
First, download the script first
wget https://git.io/vpnsetup-centos -O vpn.sh
Second, edit vpn.sh file with your editor
vim vpn.sh
then fill in the values in 3 variables (YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD) with values that we define ourselves, for example:
# Define your own values for these variables # - IPsec pre-shared key, VPN username and password # - All values MUST be placed inside 'single quotes' # - DO NOT use these special characters within values: \ " ' YOUR_IPSEC_PSK='XjInmf5CcIkL1SCFy47DUQ==' YOUR_USERNAME='vpnuser' YOUR_PASSWORD='BIOf+pLvQO2rOA=='
I recommend creating strong password and ipsec_psk. you can use openssl to generate password.
#use this for generate password openssl rand -base64 10 #use this for generate ipsec_psk openssl rand -base64 16
Third, after finishing editing the 3 variables, run the script
sudo sh vpn.sh
Fourth, After the installation is successful, it is recommended to set up IKEv2.
sudo bash /opt/src/ikev2.sh --auto
IKE or Internet Key Exchange is a protocol used to manage security associations in the IPsec protocol suite. So, before the tunnel is formed, peering will be done with security negotiations between the ones on the server or client side.
After running the IKEv2 auto setup, the details of IKEv2 will be displayed as follows :
Save the password for the configuration file on the client side, we will use that password later.
How to Install IPsec VPN Server on Ubuntu
Just like on CentOS, before starting the installation, you are also advised to update the system on Ubuntu with the command apt-get update && apt-get dist-upgrade then reboot the system.
Then for the installation everything is more or less the same as the installation on CentOS, the only difference is in the first step in the automatic setup script download file for the installation. For Ubuntu it can be downloaded with
wget https://git.io/vpnsetup -O vpn.sh
Once downloaded, the next steps are the same as the steps I described in the installation on CentOS. You can move on to the second step.
IPsec VPN Client Configuration
Installing IPsec VPN server is complete, now is the time to connect it with the client. There are 2 methods a client can use to connect to it. The first one uses the IKEv2 VPN Client, then the second uses the IPsec / L2TP Client. The client here can be anything, be it PC or Smartphone, from Windows OS, Mac, Linux, Android, OSX can be a client. I’m not going to explain everything because it’s too long. I will explain only to clients running Linux. For the most complete documentation, from ipsec vpn server installation to client connections on various devices, please read the Github Lin Song documentation on IPsec VPN Server Auto Setup Scripts .
Configuring IKEv2 VPN Client on Ubuntu Desktop
Before we start the configuration on the client side (ubuntu desktop), you need to make a few changes to the ipsec vpn server that you installed earlier. Open the /etc/ipsec.d/ikev2.conf file with your editor, then add authby=rsa-sha1 to the end of the line from the conn ikev2-cp, giving 2 spaces at the start. Save and restart the vpn service with the command service ipsec restart.
Next, we return to the client side. Install StrongSwan for NetworManager To configure your Linux machine to connect to IKEv2 as a VPN client.
# Ubuntu and Debian sudo apt-get update sudo apt-get install network-manager-strongswan
Then download to your Ubuntu Desktop the *.p12 file from the VPN Server that was generated after running the IKEv2 automatic setup (in the fourth stage of installation). After that, extract the CA certificate, client certificate, and private key. in this example replace vpnclients.p12 with the *.p12 you have.
#CA Certificate openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ikev2vpnca.cer #Client Certificate openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out vpnclient.cer #PrivateKey openssl pkcs12 -in vpnclient.p12 -nocerts -nodes -out vpnclient.key rm vpnclient.p12 sudo chown root.root ikev2vpnca.cer vpnclient.cer vpnclient.key sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
If so, you can immediately set the configuration, here are the steps:
- Open Settings > Network > VPN, then click + button,
- Select IPsec/IKEv2 (strongswan),
- Fill in Name section with vpn name you want,
- In Gateway section, enter the IP Server IPsec VPN in the address field,
- Select the ikev2vpnca.cer file for the Certificate in the Gateway section,
- In Client section , select Certificate/private key in Authentication drop-down menu,
- Select vpnclient.cer file for Certificate ,
- Select vpnclient.key file for Private Key ,
- In Options section , check Request an inner IP address box,
- In Cipher proposal section, check Enable custom proposals box,
- Leave the IKE section blank,
- Enter aes128gcm16 in the ESP section,
- Click Add for save the vpn conneciton,
- Turn on VPN Client .
You can see the visualization in the animated GIF below :
If it has been activated, you just need to test it using this
wget -qO- http://ipv4.icanhazip.com; echo
If the IP that appears is the IP of the vpn server, that means you have successfully connected it.
Okay, that’s enough for now, I’ll add more later if I have time. That’s information about how to install ipsec vpn server on linux that I can share. Hopefully this information can be useful. Thank you: D
0 Comments