This repository provides Strongswan add-on for Jelastic Platform.
Strongswan is an OpenSource IPsec-based VPN Solution
Type of nodes this add-on can be applied to:
- Application server (cp).
It will provide a secure connection from your VPN gateway to the 1st application server of your environment. Strongswan can be used to create ikev1 or ikev2 tunnels.
In order to get this solution instantly deployed, click the "Deploy to Jelastic" button
To deploy this package to Jelastic Private Cloud, import this JPS manifest within your dashboard (detailed instruction).
For more information on what Jelastic add-on is and how to apply it, follow the Jelastic Add-ons reference.
-
Peer public IP (right) : The public IP of the VPN peer.
-
Peer subnet (rightsubnet) : Subnet or IP address that will be reachable via the VPN Multiple remote subnets can be entered separated by , (192.168.10.0/24,192.168.20.3/32)
-
PSK : Pre shared key. It needs to be the same on both ends of the VPN
-
keyexchange : ikev2 or ikev1
Ciphers
-
ike : aes128-sha256-modp3072 (default) (ediatable)
-
esp : aes128-sha256 (default) (ediatable)
Once installed you can:
- Change the configuration parameters using Configure button
- Check tunnel status using Status button
- Restart Strongswan
- Rebuild the configuration without changing parameters
sudo systemctl status strongswan
sudo systemctl stop strongswan
sudo systemctl start strongswan
sudo systemctl restart strongswan
ipsec statusall
ipsec down myVPN
ipsec up myVPN
There is a cron task installed that will check the status of strongswan service and will restart it if it's stopped.
StrongSwan uses a tap interface. If you don't have the ipsec0 interface ask your hoster to enable tun/tap.