Strongswan is a IPsec provider for Linux. It can be used to provide a responder endpoint for connection to phone systems using OXO Connect.
Below are the key settings that have been tested to work with a OXO Connect PSK-PSK profile, using Debian Linux:
/etc/ipsec.conf:
conn ike2psk-clientA auto=add keyexchange=ikev2 ike=aes256-sha2_256-modp2048! # modify to match esp=aes256-sha2_256-modp2048! # modify to match authby=secret left=192.168.1.10 # this hosts internal IP leftid=@123.45.67.89 # this networks public IP leftsubnet=123.45.67.89 # this networks public IP right=<public IP of client> rightid=%any # modify this to match the ID rightsourceip=10.215.0.1 # IP assigned to remote rightsubnet=10.215.0.1/32 # Specific IP to route
/etc/ipsec.secrets:
: PSK "SomePresharedKeyBlahBlahBlah"
The critical piece is to use the “@” on the leftid – OXO expects the responder to provide it’s public IP address as text.
To improve security you should modify the ID presented in the OXO profile and change some elements of the phase 1/2, IKE/ESP, negotiations.
This example shows preshared keys for simplicity. EAP and certificates can be added with more work.