Comments on: How to Set Up IPsec-based VPN with Strongswan on Debian and Ubuntu

By: Kusala Tech

Kusala Tech — Thu, 10 Apr 2025 17:13:55 +0000

+1 – It looks like this may be a gap in the documentation from iterations over the past few years if I had to guess. We had to install charon-systemd as well :)

By: Nir Dothan

Nir Dothan — Sun, 25 Jun 2023 11:04:13 +0000

In reply to Gunjan.

I think it’s because of ufw firewall.

By: Gunjan

Gunjan — Mon, 19 Jun 2023 11:01:49 +0000

My tunnel seems to work both ways but after some time, I’m not able to SSH any of the two machines. looks like it is due to the NAT setting we have added!!

Can anyone else faced the same issue where they are not able to SSH the machines.

By: Mal

Mal — Sun, 11 Jun 2023 05:51:16 +0000

For those trying to make this work in AWS and ipsec status is stuck on “connecting“, the above guide will not work. After a full day of tearing my hair out and going down all kinds of rabbit holes.

I discovered a post on serverfault by a user named Michael, about EIPs not being bound to system stack in EC2 instances. The EC2 doesn’t know about its own public EIP, so the config fails. You’ll need to add additional parameters, according to the below. Left is the system you’re working on, and right is the remote system.

left=10.10.10.10         # instance private IP of local system
leftsourceip=10.10.10.10 # instance private IP of local system
leftid=203.x.x.x         # elastic IP of local system
leftsubnet=10.x.x.x/xx

rightsubnet=10.x.x.x/xx
right=198.x.x.x          # elastic IP of remote system

https://serverfault.com/questions/699741/strongswan-vpn-tunnel-between-two-aws-instances-wont-connect

Also, strongswan service is now strongswan-starter.

By: ip-fresh

ip-fresh — Wed, 05 Oct 2022 12:02:41 +0000

Hi,

Thank you for this tutorial.

I just noticed a typo here:

rightsubnet – states the private subnet behind the left participant. <– I think you mean the "right participant"