How to IKEv2 VPN with Linux Mint using Pre-Shared Key

PeterUK
PeterUK Posts: 3,459  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary
edited May 26 in Security

Based off

https://support.zyxel.eu/hc/en-us/articles/4406386526994-VPN-Configure-IKEv1-VPN-with-Linux-StrongSwan

Linux Mint 21.3

Setup VPN Gateway on USG

IKEv2

Pre-Shared Key 4342v952hf24c43tvb65n554b3fg < make your own

In advance Local ID type DNS

dnsip11.ddns.net < use your own

Phase 1

Encryption AES256

Authentication SHA256

key group DH2

Setup VPN connection on USG

Remote Access (Server Role)

VPN gateway you made

Local policy 0.0.0.0

Enable Configuration Payload

IP address pool 192.168.140.0/24

Phase 2

Encryption AES256

Authentication SHA256

PFS DH2

Note I was never able to have the VPN use a given DNS IP and so when VPN is up any DNS on other interfaces are uses down the VPN tunnel.

In Linux Mint

open a terminal

run su

apt-get install strongswan -y

In Linux Mint

open as root

file system > etc >

open ipsec.secrets

add

: PSK 4342v952hf24c43tvb65n554b3fg  < use your own

vpnclient : XAUTH "1qaz2wsx"

save

open ipsec.conf

add

conn vpn1
    rightsubnet=0.0.0.0/0
    leftid=vpnclient
    leftauth=psk
    leftauth2=xauth
    leftsourceip=%config
    leftfirewall=yes
    right=dnsip11.ddns.net < use your own
    rightauth=psk
    auto=add
    ike=aes256-sha2_256-modp1024!
    esp=aes256-sha2_256!

save

In Linux Mint

open a terminal

run su

ipsec restart

ipsec up vpn1

All Replies

  • MJStar
    MJStar Posts: 37  Freshman Member
    First Answer First Comment Friend Collector Third Anniversary

    It looks awesome😎. Thanks for sharing.

Security Highlight