Установка (Debian 11)
apt install strongswan strongswan-pki libcharon-extra-plugins libcharon-extauth-plugins strongswan-starter
Настройка
ipsec.conf
config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no conn ikev2-vpn auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes dpdaction=clear dpddelay=300s rekey=no left=%any leftid=@vpn.domain.tld leftcert=cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-radius rightsourceip=%radius rightdns=%radius rightsendcert=never eap_identity=%any
/etc/strongswan.d/charon/eap-radius-IKEv2-server.conf
eap-radius {
accounting = yes
accounting_close_on_timeout = yes
load = yes
dae {
enable = yes
listen = 0.0.0.0
port = 3799
secret = secretpass
}
forward {
}
servers {
server-aventus {
address = XX.XXX.XX.XXX
auth_port = 1812
acct_port = 1813
secret = secretpass
nas_identifier = vpn-de-01_ipsec
}
}
xauth {
}
}