strongSwan

apt install strongswan strongswan-pki libcharon-extra-plugins libcharon-extauth-plugins strongswan-starter

config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no

conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=@vpn.domain.tld
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-radius
rightsourceip=%radius
rightdns=%radius
rightsendcert=never
eap_identity=%any

eap-radius {
  accounting = yes
  accounting_close_on_timeout = yes
  load = yes
  dae {
    enable = yes
    listen = 0.0.0.0
    port = 3799
    secret = secretpass
  }

  forward {
  }
  servers {
    server-aventus {
      address = XX.XXX.XX.XXX
      auth_port = 1812
      acct_port = 1813
      secret = secretpass
      nas_identifier = vpn-de-01_ipsec
    }
  }

  xauth {
  }
}