IPSec VPN Site-to-Site with Strongswan (Pre shared key)

Modified on Thu, 23 Dec, 2021 at 11:05 AM

Settings mentioned below will follow the example above. Please change the settings for your network.

  1. Install a Strongswan server and use the config below:
    /etc/ipsec.conf
    config setup    # General configuration parameters
      strictcrlpolicy=no
      uniqueids = yes
      charondebug = "all"
    
    conn vpn-to-peplink    # Defines a connection
      authby=secret
      left=0.0.0.0       # Public IP of local server. 0.0.0.0 is any
      leftid=40.40.40.40     # ID of local server
      leftsubnet=192.168.3.0/24  # Subnet of local server
      right=0.0.0.0      # Public IP of remote server. 0.0.0.0 is any
      rightid=50.50.50.50     # ID of remote server
      rightsubnet=192.168.1.0/24  # Subnet of remote server
      ike=aes256-sha1-modp1536  # IKE encryption algorithms
      esp=aes256-sha1    # ESP encryption algorithms
      keyingtries=%forever
      leftauth=psk
      rightauth=psk
      keyexchange=ikev2    # IKEv1 or IKEv2
      ikelifetime=1h      # Ike lifetime
      lifetime=8h      # Phase-2 lifetime
      dpddelay=30
      dpdtimeout=120
      dpdaction=restart
      auto=start


    /etc/ipsec.secrets

    : PSK "Peplink2020"    # Pre shared key

  2. Create a IPSec profile on the Peplink router under Network/Advanced > IPsec VPN and click on New Profile. And use the config below:

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article