billchenchina · October 30, 2022 14:32
diff --git a/ipsec.conf b/ipsec.conf
 conn myikev2psk
 	auto = add
 	authby = psk
 	#compress = yes
 	keyexchange = ikev2
 	type = tunnel
 	dpdaction = clear
 	dpddelay = 30s
 	#rekey = no
 	# a good convention is to use left for the local side,
 	# and right for the remote side
 	# default left = %any
 	left = ${SERVERIP}
 	#leftauth = 
 	leftid = ${SERVERIP}
 	#leftikeport = 
 	leftsubnet = 0.0.0.0/0,::/0
 	right = %any
 	rightid = android
 	rightdns = 8.8.8.8,8.8.4.4
 	rightsourceip = <a pool cidr, like 10.134.76.0/24>
diff --git a/ipsec.secrets b/ipsec.secrets
 # This file holds shared secrets or RSA private keys for authentication.

 # RSA private key for this host, authenticating it to any other host
 # which knows the public part.

 : PSK "YOURPSK"
diff --git a/strongswan.sh b/strongswan.sh
 #!/bin/sh

 # This configuration is tested on Android client

 apt install strongswan
 <!-- libcharon-extauth-plugins libstrongswan libstrongswan-standard-plugins strongswan-charon strongswan-libcharon strongswan-starter -->
 apt install strongswan-pki
 <!-- strongswan-pki -->

 # And you need to configure the iptables
 iptables -t nat -A POSTROUTING -s <source cidr like 10.134.76.0/24> -o <interface like eth0> -j MASQUERADE
	conn myikev2psk
	auto = add
	authby = psk
	#compress = yes
	keyexchange = ikev2
	type = tunnel
	dpdaction = clear
	dpddelay = 30s
	#rekey = no
	# a good convention is to use left for the local side,
	# and right for the remote side
	# default left = %any
	left = ${SERVERIP}
	#leftauth =
	leftid = ${SERVERIP}
	#leftikeport =
	leftsubnet = 0.0.0.0/0,::/0
	right = %any
	rightid = android
	rightdns = 8.8.8.8,8.8.4.4
	rightsourceip = <a pool cidr, like 10.134.76.0/24>
	# This file holds shared secrets or RSA private keys for authentication.

	# RSA private key for this host, authenticating it to any other host
	# which knows the public part.

	: PSK "YOURPSK"
	#!/bin/sh

	# This configuration is tested on Android client

	apt install strongswan
	<!-- libcharon-extauth-plugins libstrongswan libstrongswan-standard-plugins strongswan-charon strongswan-libcharon strongswan-starter -->
	apt install strongswan-pki
	<!-- strongswan-pki -->

	# And you need to configure the iptables
	iptables -t nat -A POSTROUTING -s <source cidr like 10.134.76.0/24> -o <interface like eth0> -j MASQUERADE