IKEv2 configuration guide for Linux

This guide will walk you through two methods of the IKEv2 setup on Linux computers. Just choose the way that suits you best and follow a few simple steps.

Method #1.

1. Install StrongSwan and related packages.

sudo -s
apt-get update
apt-get -y install strongswan
apt-get -y install strongswan-plugin-eap-mschapv2
apt-get -y install libcharon-extra-plugins
apt-get -y install libstrongswan-extra-plugins

Please note that you might get E: Unable to locate package… when installing some packages. There is nothing to worry about, as not all Debian based distributions keep the eap-mschapv2 in the same package.

2. Set the desired settings. As an example, we have generated configurations for Sydney, Australia. Just replace the highlighted data with yours.

printf '%s\n\t' 'conn kps-au-syd' 'keyexchange=ike''dpdaction=clear' 'dpddelay=300s''eap_identity=[email protected]' 'leftauth=eap-mschapv2''left=%defaultroute' 'leftsourceip=%config''right=au-syd.vpnunlimitedapp.com' 'rightauth=pubkey''rightsubnet=' 'rightid=ironnodes.com' 'type=tunnel''auto=add' > /etc/ipsec.conf

3. Write your credentials into /etc/ipsec.secrets. Execute the following command using the username and password created in the User Office:

"printf '%s' '[email protected]' ' : EAP ' 'OgXVVlLvH3Yr' >> /etc/ipsec.secrets"

4. Link the system's OpenSSL certificate store, so that the KeepSolid VPN Unlimited certificate can be verified.

rmdir /etc/ipsec.d/cacerts
ln -s /etc/ssl/certs /etc/ipsec.d/cacerts

5. Restart strongswan daemon so it can read new settings.

ipsec restart

6. Start the connection:

sudo ipsec up kps-au-syd

To disconnect, type:

sudo ipsec down kps-au-syd

To check the status of your connection, type:

sudo ipsec kps-au-syd

Method #2.

1. Create IKEv2 configuration files for Windows. This is a critical step as you will need the certificate provided there.

2. Execute the following command in the Terminal to install the strongSwan NetworkManager plugin:

sudo apt-get install network-manager-strongswan

3. Go to Network Connections and click Add to create a new connection.

4. Select IPSec/IKEv2 (strongswan).

5. Press Create.

6. Input the following data:

  • Connection name: Enter any name of your choice, for instance, KeepSolid VPN Unlimited (IKEv2)
  • Address: Enter the IP address of the desired server provided by KeepSolid VPN Unlimited
  • Certificate: Indicate the path to the downloaded certificate
  • Authentication: Select EAP
  • Username: Enter the login from the Device Config section
  • Set the checkbox for Request an inner IP address.

When you finish, click Save.

7. Now open the Network Manager menu and select the newly created connection. Enter the password from the Device Config section and the VPN connection will be established in few seconds.

That's about it. Now you have a running VPN connection through the IKEv2 protocol.

Important! Please note that you will need to configure your device using the generated settings by yourself at your own risk.