Установка (Debian 11)
apt install strongswan strongswan-pki libcharon-extra-plugins libcharon-extauth-plugins strongswan-starter
Настройка
ipsec.conf
config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no conn ikev2-vpn auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes dpdaction=clear dpddelay=300s rekey=no left=%any leftid=@vpn.domain.tld leftcert=cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-radius rightsourceip=%radius rightdns=%radius rightsendcert=never eap_identity=%any
/etc/strongswan.d/charon/eap-radius-IKEv2-server.conf
eap-radius { accounting = yes accounting_close_on_timeout = yes load = yes dae { enable = yes listen = 0.0.0.0 port = 3799 secret = secretpass } forward { } servers { server-aventus { address = XX.XXX.XX.XXX auth_port = 1812 acct_port = 1813 secret = secretpass nas_identifier = vpn-de-01_ipsec } } xauth { } }