IKEv2 VPN Client Setup on Debian Squeeze

Recently my company was set up a Windows 2008 VPN server. It is configured to accept only SSTP and IKEv2 protocols.

I did not find any working clients for Linux that uses SSTP protocol, but for IKEv2 strongSwan provides a quite easily configurable and working solution.

To set up the VPN client I did the following:

1. Installed the strongswan-ikev2 package.
# apt-get install strongswan-ikev2

2. Configured the /etc/ipsec.conf file (changed the bold values):

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
charonstart=yes
plutostart=yes

# Add connections here.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2

conn companyvpn
leftfirewall=yes
leftauth=eap
eap_identity=username
right=serverip
rightauth=pubkey
rightid="C=XX, ST=State, L=Location, O=Organization, OU=OrgUnit, CN=CommonName, E=email"
rightsubnet=192.168.1.0/24
auto=add
leftsourceip=%config

include /var/lib/strongswan/ipsec.conf.inc


3. Set up the password for the user name in the /etc/ipsec.secrets file:
username : EAP "password"

4. Put the certificate of the Certificate Authory into the /etc/ipsec.d/cacerts/ directory to trust the certificates which was created by this CA:
# mv CA.cer /etc/ipsec.d/cacerts/

5. Restart ipsec:
# /etc/init.d/ipsec restart

6. To run the VPN connection type:
# ipsec up companyvpn

7. Use the VPN connection.
8. To stop the VPN connection type:
# ipsec down companyvpn