Environment: Debian 10, KDE, Full desktop
# ipsec --version Linux strongSwan U5.7.2/K4.19.0-6-amd64 # swanctl --version strongSwan swanctl 5.7.2 # systemctl status strongswan ● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor preset: enabled) Active: inactive (dead) since Fri 2019-12-13 09:35:03 -03; 4h 34min ago Process: 6067 ExecStart=/usr/sbin/ipsec start --nofork (code=exited, status=0/SUCCESS) Main PID: 6067 (code=exited, status=0/SUCCESS) # systemctl status strongswan-swanctl ● strongswan-swanctl.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl Loaded: loaded (/lib/systemd/system/strongswan-swanctl.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2019-12-13 09:11:34 -03; 4h 56min ago Main PID: 6373 (charon-systemd) Status: "charon-systemd running, strongSwan 5.7.2, Linux 4.19.0-6-amd64, x86_64" Tasks: 17 (limit: 4915) Memory: 8.5M CGroup: /system.slice/strongswan-swanctl.service └─6373 /usr/sbin/charon-systemd After spending almost two days learning and poking around IPSec and IKEv2 I managed to connect to the company gateway (Lancom LCOS, IKEv2 PSK, User-FQDN identities) using strongswan and swanctl.
After a reboot I have to run the following commands:
sudo /usr/sbin/swanctl --load-all no files found matching '/etc/swanctl/conf.d/*.conf' loaded ike secret 'ike' no authorities found, 0 unloaded no pools found, 0 unloaded loaded connection 'IKEv2PSK' successfully loaded 1 connections, 0 unloaded and then sudo /usr/sbin/swanctl --initiate --child myVpn
[IKE] establishing CHILD_SA myVpn{2} ... lots of log lines ... initiate completed successfully I'd like to have the tunnel started automatically, maybe using a systemd unit something like
sudo systemctl swanctl-myVpn start However I don't find any documentation how to achieve this, which also makes me wonder if this is a bad idea?
