Step 4: Installing then Configuring strongSwan VPN

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US
  1. Enter the following in the Quick Connect Linux VM command line:
    sudo apt-get update -y
sudo apt-get install strongswan-starter libcharon-extra-plugins strongswan-pki
cd /etc/
sudo mv ipsec.conf /etc/ipsec.conf.old
  2. Use the ip a command to find the IP address and network interface name used by your internet connection.
    Note:

    Usually, the IP address assigned to the VM is private (for example, 10.0.0.2) and the interface is enX0, eth0, or ens1. The interface to use will vary based on your environment.

  3. Enter the following command: 
    sudo vim /etc/ipsec.conf
  4. Copy and paste the following template, and modify values as indicated below to match the configuration provided when you requested your IPSec Gateway:
    config setup
  uniqueids=never
  strictcrlpolicy=no
conn wandera-access
  left=%any
  leftid=@wpa.wandera.com
  leftsubnet=192.168.253.0/24
  leftauth=psk
  right=aaa.bbb.ccc.ddd
  rightid=%any
  rightsubnet=0.0.0.0/0
  rightauth=psk
  auto=add
  keyexchange=ikev2
  5. Ensure that you update the values for the following fields:
    FieldDescription
    rightThe IP address identified by using ip a
    rightidThe Customer IKE Domain ID that you provided when requesting the new gateway. For strongSwan, this may be any
    rightsubnetThe subnets provided in the Application Server IPs or Subnets field when requesting the new gateway.
    leftUsed to indicate that connections should be allowed to/from any other IP address from the Jamf Security Cloud infrastructure. Other firewalls may require you to define this as 0.0.0.0/0
    leftidThis must be set to wpa.wandera.com. Many firewalls refer to this value as the "Remote ID". Also, select "Hostname" (or similar) not "IP" as the remote identifier type if asked to specify one.
    leftsubnetThis corresponds to the "Jamf Security Cloud-Side Subnet" defined in your IPSec configuration in Jamf Security Cloud. This is known as the "Remote Subnet" or "Encryption Domain" that defines the networks that are accessible via the IPSec connection. For QuickConnect, this defaults to 192.168.253.0/24
    Important:

    Do not change any other fields or values.

  6. Enter the following command: 
    sudo vim /etc/ipsec.secrets
  7. Copy and paste the following line and replace YOUR_SECRET_KEY between the quotes with the Tunnel Shared Secret you specified when requesting the gateway.

    @wpa.wandera.com : PSK "YOUR_SECRET_KEY"