Documente Academic
Documente Profesional
Documente Cultură
Contents
• 1 Installation
♦ 1.1 Packetmanagement with Debian Wheezy and Jessie
♦ 1.2 Compile with Linux Mint (18)
• 2 Configuration
♦ 2.1 Preparation
♦ 2.2 strongswan.conf
♦ 2.3 ipsec.conf
♦ 2.4 ipsec.secret
• 3 Open / Close the VPN connection
Installation
Please perform only one of the following installation instructions and pay attention to the remarks at the end of each instruction!
Jessie:
Additionally, you need to add the following lines to the init script(/etc/init.d/ipsec):
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs
After you switched into your strongswan directory, download the newest version of strongswan(here 5.5.1) and unzip the archive. Use the following
commands to perform this:
wget https://download.strongswan.org/strongswan.tar.gz
tar -xzvf strongswan.tar.gz
Your directory should now contain two new elements. Check it with the command "ls". You should see something like this:
Change to the directory of your downloaded version. Switch to "root" to execute the commands with highest authority. Download and install the following
packets:
cd strongswan-5.5.1/
sudo su
apt-get install libc-dev-bin libc6-dev libgmp-dev \
libgmpxx4ldbl libcurl3 libcurl4-openssl-dev \
libssl-dev zlib1g-dev
Set important parameters with ".configure ..." . Those will be needed to ensure a correct installation of Strongswan:
./configure --enable-curl --enable-eap-mschapv2 \
--enable-eap-identity --enable-openssl
Compile and install the program finally with:
make
make install
exit
Please note:
If you do not require the packets to compile Strongswan any longer, you can remove them with:
sudo apt-get remove libc-dev-bin libc6-dev libgmp-dev zlib1g-dev\
libcurl4-openssl-dev libssl-dev
It is possible to deinstall Strongswan anytime, as long as the directory in which Strongswan was downloaded(here Downloads/Strongswan) is not
deleted. Open the Terminal, chance to your Strongswan directory and execute the following command:
make uninstall
Configuration
After the installation, the following files need to be edited:
~/Downloads/strongswan/strongswan.conf
~/Downloads/strongswan/ipsec.conf
~/Downloads/strongswan/ipsec.secrets
Preparation
If you installed and compiled Strongswan manually, use the following command to create a link to the certificate of the Deutsche Telekom:
ln -s /etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem /usr/local/etc/ipsec.d/cacerts/
If you installed Strongswa with your packet manager, use this command instead:
ln -s /etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem /etc/ipsec.d/cacerts/
strongswan.conf
Open strongswan.conf with the editor of your choice(nano is used here).
sudo nano ~/Downloads/strongswan/strongswan.conf
Everything other than this is unnecessary and will sabotage the connection.
ipsec.conf
Open ipsec.conf with the editor of your choice(nano is used here).
sudo nano ~/Downloads/strongswan/ipsec.conf
ipsec.secret
Open ipsec.secret with the editor of your choice(nano is used here).
sudo nano ~/Downloads/strongswan/ipsec.secret
Reminder: If you installed and compiled strongswan manually, you need to start your ipsec service manually, too. Execute the following command:
ipsec start