Did you follow the guide how to install strongSwan 5 on Debian Wheezy? You may have noticed that strongSwan doesn’t automatically start when you reboot the server (tested with 5.1.0-3~bpo70+1). The fix requires a small modification to /etc/init.d/ipsec.
Month: November 2013
Finding the optimal NAT Keepalive interval
udpnat is a useful tool to figure out the optimal interval for sending out UDP keepalive packets in a specific environment. From the description:
MTU woes in IPsec tunnels and how you can fix it
Today I ran into a problem with IPsec Xauth PSK and the built-in Android VPN client (Android 4.1.2), resulting in some sites (such as www.yahoo.com) not loading through the VPN tunnel. Turns out I was dealing with MTU issues. When the Android VPN is started, it sets the MTU to 1500 on the tun0 interface:
strongSwan 5: How to create your own private VPN
Update 04/20/2014: Adjusted to take into account the modular configuration layout introduced in strongSwan 5.1.2. Tweaked cipher settings to provide perfect forward secrecy if supported by the client.
This article is a step by step guide on how to prepare strongSwan 5 to run your own private VPN, allowing you to stop snoopers from spying on your online activities, to bypass geo-restrictions, and to circumvent overzealous firewalls.