![](/style/images/good.png)
![](/style/images/bad.png)
How To Install Libreswan on Ubuntu 20.04|18.04|16.04
source link: https://computingforgeeks.com/how-to-install-libreswan-on-ubuntu/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Welcome to today’s guide on how to Install Libreswan on Ubuntu 20.04/18.04/16.04 server. Libreswan is an Internet Key Exchange (IKE) implementation for Linux systems. It has support for IKEv1 and IKEv2 and other extensions (RFC + IETF drafts) related to IPsec, including IKEv2, X.509 Digital Certificates, NAT Traversal, and many others.
Libreswan was forked from Openswan 2.6.38 and it uses the native Linux IPsec stack (NETKEY/XFRM) per default. We will install Libreswan on Ubuntu 20.04/18.04/16.04 from source.
Step 1: Update system
Ensure you’re using an up-to-date installation of Ubuntu.
sudo apt -y update && sudo apt -y upgrade
sudo reboot
Once the system is up, proceed to step two.
Step 2: Install build dependencies
There are a few packages required for Libreswan to compile from source. Install them on your Ubuntu system by running the following commands.
sudo apt install libnss3-dev libnspr4-dev pkg-config libpam-dev \
libcap-ng-dev libcap-ng-utils libselinux-dev \
libcurl3-nss-dev flex bison gcc make libldns-dev \
libunbound-dev libnss3-tools libevent-dev xmlto \
libsystemd-dev git devscripts build-essential fakeroot libsystemd-dev
Step 3: Download Libreswan source code
Since we will build Libreswan from source to ensure we’re using the latest release. Clone the project from Github.
SWAN_VER=3.32
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
exit 1
fi
Once the file is downloaded, extract it.
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
Step 4: Build and Install Libreswan on Ubuntu
We can now build and install Libreswan on Ubuntu. First change to libreswan directory.
cd "libreswan-$SWAN_VER" || exit 1
Create build options file.
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS =
USE_DNSSEC = false
USE_DH31 = false
USE_NSS_AVA_COPY = true
USE_NSS_IPSEC_PROFILE = false
USE_GLIBC_KERN_FLIP_HEADERS = true
EOF
Finally build Libreswan.
NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1
make "-j$((NPROCS+1))" -s base && sudo make -s install-base
Successful build should output.
.......................................................
running: systemctl --system daemon-reload
running: systemd-tmpfiles --create /usr/lib/tmpfiles.d/libreswan.conf
DESTDIR=''
************************** WARNING ***********************************
The ipsec service is currently disabled. To enable this service issue:
systemctl enable ipsec.service
**********************************************************************
../../OBJ.linux.x86_64/testing/enumcheck/enumcheck -> /usr/local/libexec/ipsec/enumcheck
../../OBJ.linux.x86_64/testing/ipcheck/ipcheck -> /usr/local/libexec/ipsec/ipcheck
../../OBJ.linux.x86_64/testing/fmtcheck/fmtcheck -> /usr/local/libexec/ipsec/fmtcheck
../../OBJ.linux.x86_64/testing/timecheck/timecheck -> /usr/local/libexec/ipsec/timecheck
If installation was successful. you should be able to check version.
$ /usr/local/sbin/ipsec --version
Linux Libreswan 3.32 (netkey) on 5.4.0-26-generic
Step 5: Start and enable Libreswan ipsec service
The ipsec service is currently disabled. To enable this service issue:
sudo systemctl enable --now ipsec.service
Verify service status.
$ systemctl status ipsec.service ● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2019-06-29 09:17:26 CEST; 37s ago Docs: man:ipsec(8) man:pluto(8) man:ipsec.conf(5) Main PID: 13782 (pluto) Status: "Startup completed." Tasks: 2 (limit: 2299) CGroup: /system.slice/ipsec.service └─13782 /usr/local/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork Jun 29 09:17:26 ubuntu16 pluto[13782]: adding interface eth0/eth0 116.203.48.203:4500 Jun 29 09:17:26 ubuntu16 pluto[13782]: Kernel supports NIC esp-hw-offload Jun 29 09:17:26 ubuntu16 pluto[13782]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500 Jun 29 09:17:26 ubuntu16 pluto[13782]: adding interface lo/lo 127.0.0.1:4500 Jun 29 09:17:26 ubuntu16 pluto[13782]: Kernel supports NIC esp-hw-offload Jun 29 09:17:26 ubuntu16 pluto[13782]: adding interface lo/lo (esp-hw-offload=no) ::1:500 Jun 29 09:17:26 ubuntu16 pluto[13782]: Kernel supports NIC esp-hw-offload Jun 29 09:17:26 ubuntu16 pluto[13782]: adding interface eth0/eth0 (esp-hw-offload=no) 2a01:4f8:c2c:83a2::1:500 Jun 29 09:17:26 ubuntu16 pluto[13782]: loading secrets from "/etc/ipsec.secrets" Jun 29 09:17:26 ubuntu16 pluto[13782]: no secrets filename matched "/etc/ipsec.d/*.secrets"
Step 6: Configure IPSec VPN with LibreSwan
In our next guide, we will cover how to configure IPSEC VPN using Libreswan. In the meantime, check other VPN related guides.
How to Setup IPSec VPN server with L2TP and Cisco IPsec on Linux
Install Cisco AnyConnect on Ubuntu / Debian / Fedora
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK