strongswan IKEv2 configuration notes

• PSK
• strongswan
• For accessing VLAB hosts ONLY! (just the 5 IP addresses)

ipsec.conf

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

        charondebug = enc 1, cfg 2, ike 1, knl 1

# Add connections here.

conn %default
        ikelifetime = 60m
        keylife = 20m
        rekeymargin = 3m
        keyingtries = 1
        keyexchange = ikev2

conn vlab_ikev2-apple
        auto = add
        type = tunnel
        fragmentation = yes
        dpdaction = clear
        dpddelay = 300s
        rekey = yes

        ike = aes128-aes256-sha256-modp1024-modp2048!

        left = 129.94.242.253
        leftid = vlab
        leftauth = psk
        leftsubnet = 129.94.242.114, 129.94.242.115, 129.94.242.116, 129.94.242.117, 129.94.242.118

        right = %any
        rightauth = psk
        rightsourceip = 172.19.192.0/21

ipsec.secrets

%any vlab : PSK "myvlab"

VPN configuration on iOS