Add strongSwan configuration example for IKEv2 certificate authentication#128091
Add strongSwan configuration example for IKEv2 certificate authentication#128091hisriram1996 wants to merge 1 commit intoMicrosoftDocs:mainfrom
Conversation
Added example configuration for strongSwan in Linux (Ubuntu) for IKEv2 certificate authentication, including installation steps, configuration files, and verification commands.
|
@microsoft-github-policy-service agree company="Microsoft" |
|
@hisriram1996 : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit 06a437a: ✅ Validation status: passed
For more details, please refer to the build report. |
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive documentation for configuring strongSwan on Ubuntu Linux as a VPN device for IKEv2 certificate authentication with Azure VPN Gateway. The addition provides practical implementation guidance for users deploying site-to-site VPN connections.
Changes:
- Added installation instructions for strongSwan and required dependencies
- Documented certificate and key file placement in standard IPsec directories
- Provided complete IPsec configuration examples with IKEv2 settings
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| > The private key data of the Inbound-certificate can be exported by following these steps [Outbound certificate - export private key data](/site-to-site-certificate-authentication-gateway-portal.md#outbound-certificate---export-private-key-data) | ||
|
|
||
| 3. Edit the `/etc/ipsec.conf` file with following contents for IPsec donfiguration with IKEv2 certificate authentication. |
There was a problem hiding this comment.
Corrected spelling of 'donfiguration' to 'configuration'.
| 3. Edit the `/etc/ipsec.conf` file with following contents for IPsec donfiguration with IKEv2 certificate authentication. | |
| 3. Edit the `/etc/ipsec.conf` file with following contents for IPsec configuration with IKEv2 certificate authentication. |
| lifebytes=102400000 | ||
| ``` | ||
|
|
||
| 4. Edit the `/etc/ipsec.secrets` with following contents for configuring the private key of the Inboound-certificate certificate. |
There was a problem hiding this comment.
Corrected spelling of 'Inboound-certificate' to 'Inbound-certificate'.
| 4. Edit the `/etc/ipsec.secrets` with following contents for configuring the private key of the Inboound-certificate certificate. | |
| 4. Edit the `/etc/ipsec.secrets` with following contents for configuring the private key of the Inbound-certificate certificate. |
| rightsendcert=always | ||
| keyexchange=ikev2 | ||
| keyingtries=%forever | ||
| authby=psk |
There was a problem hiding this comment.
The authentication method is set to 'psk' (pre-shared key), but this configuration example is for certificate authentication. This should be changed to 'authby=rsasig' or 'authby=pubkey' to use certificate-based authentication.
| authby=psk | |
| authby=rsasig |
| authby=psk | ||
| ike=aes256-sha256-modp1024! | ||
| esp=aes256-sha256! | ||
| keyingtries=%forever |
There was a problem hiding this comment.
The 'keyingtries=%forever' parameter is duplicated on line 304 and line 308. Remove the duplicate entry on line 308.
| keyingtries=%forever |
|
Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
prmerger-automator
bot
added
the
aq-pr-triaged
3 participants
Added example configuration for strongSwan in Linux (Ubuntu) for IKEv2 certificate authentication, including installation steps, configuration files, and verification commands.