StrongSwan

From ThinkServer
Revision as of 01:19, 11 July 2018 by Sam (talk | contribs) (Started article)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

strongSwan is a VPN server that allows a connection over the insecure internet to a secure private network. The connection is encrypted and authenticated for confidentiality and to prevent tampering of the data. It allows the following:

  • Secure internet browsing over an insecure, open Wi-Fi connection.
  • Allows full access to your internal network securely over the insecure internet.

We will be setting up the connection to allow a connection from this server to a Windows 10 1803 (Spring Creators Update) client. Windows 10 1803 supports the Internet Key Exchange v2 (IKEv2), which is a modern VPN protocol and has some provisions for working over the internet, such as MOBIKE. This helps in situations where the internet connection maybe poor and has to reconnect. Windows 10 1803 supports the use of the following modern ciphers:

  • Certificate authentication.
  • ECDSA certificates (256 and 384-bit keys).
  • ESP supports AES-GCM 128 & 256-bit for both encryption and authentication.

We will be configuring our connection to use ECDSA 384-bit certificates and AES256-GCM encryption/authentication, currently the strongest supported settings.

Note that Windows initially uses VERY weak encryption and authentication schemes by default so it is important to set up the connection correctly.

Retrieved from ‘https://thinkserver.freddythechick.net/index.php?title=StrongSwan&oldid=645