Configuring IPsec IKEv2 Remote Access VPN Clients on Ubuntu

This document demonstrates how to configure an IKEv2 EAP-MSCHAPv2 or EAP-RADIUS connection on Ubuntu. This procedure was performed on Linux Mint 20.2 but the procedure is identical on most recent similar distributions.

Before starting, install network-manager-strongswan and strongswan-plugin-eap-mschapv2 using apt-get or a similar mechanism.

Setup the VPN Connection

  • Copy the CA Certificate for the VPN from the firewall to the workstation

  • Click the Network Manager icon in the notification tray by the clock

    Note

    The icon varies depending on the type of network in use.

  • Click Network Connections

  • Click Add

  • Select IPsec/IKEv2 (strongswan) under VPN as shown in Adding an IKEv2 VPN on Ubuntu

    ../_images/ipsec-mobile-ikev2-ubuntu-01-addvpn.png

    Adding an IKEv2 VPN on Ubuntu

    Note

    If the option is not present, double check that network-manager-strongswan is installed.

  • Click Create

  • Select the VPN Tab

  • Set the fields as follows:

    Connection Name:

    A name for this connection, ExampleCo Mobile VPN.

    Address:

    The Address of the firewall, vpn.example.com.

    Certificate:

    Click the field and browse to find the downloaded CA Certificate file.

    Authentication:

    EAP

    Username:

    The username to be used for this connection, alice.

    Password:

    Click the icon in the Password field and select the desired action. The default behavior is to ask for the password on every connection.

    To store the password, pick one of the options which allow storing the value then set it in this field.

    Request an inner IP address:

    Checked

  • Compare the settings to those shown in figure Ubuntu VPN Client Settings

  • Click Save

  • Click Close

../_images/ipsec-mobile-ikev2-ubuntu-02-vpnsettings.png

Ubuntu VPN Client Settings

Connecting and Disconnecting

To Connect:

  • Click the Network Manager icon

  • Click the VPN Name or click VPN Connections to move the slider to the On (1) position

Note

If a password prompt does not appear, the network manager service may need restarted or a reboot of the workstation may be necessary.

To Disconnect:

  • Click the Network Manager icon

  • Click VPN Connections to move the slider to the Off (0) position