Linux IPSec with IKEv2 Setup

As part of a security upgrade, we are in the process of removing support for IPSec with EAP-MSCHAPv2 authentication.

The following Strogswan configuration is known to work:

Create a config file in your strongswan ipsec.d directory e.g. ivpn.conf with the following

conn ivpn
    keyexchange=ikev2
    right=gb.gw.ivpn.net
    rightid=gb.gw.ivpn.net
    rightsubnet=0.0.0.0/0
    rightauth=pubkey
    leftsourceip=%config
    leftauth=eap-mschapv2
    eap_identity=ivpnUserName
    auto=start
    dpdaction=restart

Change the right= and rightid= as appropriate for the server you want to connect to.

Create a .secrets file e.g. ivpn.secrets in the strongswan ipsec.d directory e.g. ivpn.secrets with the following
```
ivpnUserName : EAP "ivpn"
```
Note that there is a space either side of the colon :.
You may need to download this CA certificate and store it in a file located in your strongswan ipsec.d/cacerts directory.
Tell strongswan to restart or reload it's config.

Was this answer helpful?

Still have questions?

Get in touch and we'll get back to you in a few hours.

Contact Support

Interested in privacy?

Read our latest privacy news and keep up-to-date on IVPN services.

Visit the IVPN Blog

Linux IPSec with IKEv2 Setup

Can you please tell us how we can improve this article?

Related Setup Guides

Still have questions?

Interested in privacy?