Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Install IPsec RA VPN packages (Debian/Ubuntu client)

Get and install strongSwan and related packages to set up the IPsec RA VPN client.

Note: strongSwan is a widely-used IPsec-based implementation that runs on most Linux distributions. It is open-source, cross-platform and full-featured. In essence, it is a keying daemon that supports the Internet Key Exchange protocols (IKEv1 and IKEv2) to establish security associations (SA) between two peers.
  1. Search for the strongSwan package.
    user@system:~$ apt-cache search strongswan
    kvpnc - frontend to VPN clients
    network-manager-strongswan - network management framework (strongSwan plugin)
    charon-cmd - standalone IPsec client
    charon-systemd - strongSwan IPsec client, systemd support
    libcharon-extra-plugins - strongSwan charon library (extra plugins)
    libstrongswan - strongSwan utility and crypto library
    libstrongswan-extra-plugins - strongSwan utility and crypto library (extra plugins)
    libstrongswan-standard-plugins - strongSwan utility and crypto library (standard plugins)
    strongswan - IPsec VPN solution metapackage                 
    strongswan-charon - strongSwan Internet Key Exchange daemon
    strongswan-libcharon - strongSwan charon library
    strongswan-nm - strongSwan plugin to interact with NetworkManager
    strongswan-pki - strongSwan IPsec client, pki command
    strongswan-scepclient - strongSwan IPsec client, SCEP client
    strongswan-starter - strongSwan daemon starter and configuration file parser
    strongswan-swanctl - strongSwan IPsec client, swanctl command
  2. Ensure that you have a currently supported version of the strongSwan package.
    user@system:~$ apt info strongswan
    Package: strongswan
    Version: 5.7.2-1
    Priority: optional
    Section: net
    Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>  
    Installed-Size: 169 kB
    Depends: strongswan-charon, strongswan-starter
    Homepage: http://www.strongswan.org
    Tag: network::vpn, role::metapackage, role::program, security::cryptography
    Download-Size: 92.9 kB
    APT-Sources: http://deb.debian.org/debian buster/main amd64 Packages
    Description: IPsec VPN solution metapackage
    The strongSwan VPN suite uses the native IPsec stack in the standard Linux
    kernel. It supports both the IKEv1 and IKEv2 protocols.
    .
    This metapackage installs the packages required to maintain IKEv1 and IKEv2
    connections via ipsec.conf or ipsec.secrets.
  3. Use the package to install strongSwan.
    user@system:~$ apt-get install strongswan
  4. Install further plugins that we need to configure strongSwan and to set up a VPN client.
    user@system:~$ apt-get install strongswan-swanctl libstrongswan-standard-plugins