Here are some nice features listing in its Github project page:
Fully automated IPsec VPN server setup, no user input needed
Supports IKEv2 with strong and fast ciphers (e.g. AES-GCM)
Generates VPN profiles to auto-configure iOS, macOS and Android devices
Supports Windows, macOS, iOS, Android, Chrome OS and Linux as VPN clients
Includes helper scripts to manage VPN users and certificates
Libreswan is a free software implementation of the most widely supported and standardized VPN protocol using “IPsec” and the Internet Key Exchange (“IKE”). These standards are produced and maintained by the Internet Engineering Task Force (“IETF”).
One Line Command
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh
root@ub20-1-test:~# wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh –2023-08-07 02:12:44– https://get.vpnsetup.net/ Resolving get.vpnsetup.net (get.vpnsetup.net)… 126.96.36.199, 2606:4700:130:436c:6f75:6466:6c61:7265 Connecting to get.vpnsetup.net (get.vpnsetup.net)|188.8.131.52|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 9781 (9.6K) [text/plain] Saving to: ‘vpn.sh’ vpn.sh 100%[======================================================================================================================>] 9.55K –.-KB/s in 0s 2023-08-07 02:12:44 (52.8 MB/s) – ‘vpn.sh’ saved [9781/9781] + wget -t 3 -T 30 -q -O /tmp/vpn.iMFul/vpn.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/vpnsetup_ubuntu.sh ## VPN credentials not set by user. Generating random PSK and password… ## VPN setup in progress… Please be patient. ## Installing packages required for setup… + apt-get -yqq update + apt-get -yqq install wget dnsutils openssl iptables iproute2 gawk grep sed net-tools ## Trying to auto discover IP of this server… ## Installing packages required for the VPN… + apt-get -yqq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libselinux1-dev libcurl4-nss-dev flex bison gcc make libnss3-tools libevent-dev libsystemd-dev uuid-runtime ppp xl2tpd Extracting templates from packages: 100% ## Installing Fail2Ban to protect SSH… + apt-get -yqq install fail2ban ## Downloading helper scripts… + ikev2.sh addvpnuser.sh delvpnuser.sh ## Downloading Libreswan… + wget -t 3 -T 30 -q -O libreswan-4.11.tar.gz https://github.com/libreswan/libreswan/archive/v4.11.tar.gz ## Compiling and installing Libreswan, please wait… + make -j3 -s base + make -s install-base ## Creating VPN configuration… ## Updating sysctl settings… ## Updating IPTables rules… ## Enabling services on boot… ## Starting services… ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: 184.108.40.206 IPsec PSK: H2r5V65p4b4uHia2sJb Username: vpnuser Password: GeWtsqPDC5tfPKY Write these down. You’ll need them to connect! VPN client setup: https://vpnsetup.net/clients ================================================ ================================================ IKEv2 setup successful. Details for IKEv2 mode: VPN server address: 220.127.116.11 VPN client name: vpnclient Client configuration is available at: /root/vpnclient.p12 (for Windows & Linux) /root/vpnclient.sswan (for Android) /root/vpnclient.mobileconfig (for iOS & macOS) Next steps: Configure IKEv2 clients. See: https://vpnsetup.net/clients ================================================ root@ub20-1-test:~#
You may optionally install WireGuard and/or OpenVPN on the same server. If your server runs CentOS Stream, Rocky Linux or AlmaLinux, first install OpenVPN/WireGuard, then install the IPsec VPN.
Open UDP ports 500 and 4500 for the VPN
Get your computer or device to use the VPN. Please refer to:
If you are using Windows as client and using IPsec/L2TP as protocol, here are some common steps for creating a tunnel with Windows built-in VPN configuration
Right-click on the wireless/network icon in your system tray.
Select Network and Internet settings, then on the page that opens, click VPN.
Click the Add VPN button.
Select Windows (built-in) in the VPN provider drop-down menu.
Enter anything you like in the Connection name field.
Enter Your VPN Server IP in the Server name or address field.
Select L2TP/IPsec with pre-shared key in the VPN type drop-down menu.
Enter Your VPN IPsec PSK in the Pre-shared key field.
Enter Your VPN Username in the User name field.
Enter Your VPN Password in the Password field.
Check the Remember my sign-in info checkbox.
Click Save to save the VPN connection details.
Notes: If you are using IPsec/L2TP Windows client, also there is nat device in the middle of traffic, you have to make one registry change. Reboot is required for taking this change into effect.
Error message: Windows error 809
Error 809: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
Note: The registry change below is only required if you use IPsec/L2TP mode to connect to the VPN. It is NOT required for the IKEv2 and IPsec/XAuth modes.
To fix this error, a one-time registry change is required because the VPN server and/or client is behind NAT (e.g. home router). Download and import the .reg file below, or run the following from an elevated command prompt. You must reboot your PC when finished.
Right-click on the saved script, select Properties. Click on Unblock at the bottom, then click on OK.
Right-click on the saved script, select Run as administrator and follow the prompts.
To connect to the VPN: Click on the wireless/network icon in your system tray, select the new VPN entry, and click Connect. Once connected, you can verify that your traffic is being routed properly by looking up your IP address on Google. It should say “Your public IP address is Your VPN Server IP“.