Strongswan is a IPsec provider for Linux. It can be used to provide a responder endpoint for connection to phone systems using OXO Connect.

Below are the key settings that have been tested to work with a OXO Connect PSK-PSK profile, using Debian Linux:

/etc/ipsec.conf:

conn ike2psk-clientA
 auto=add
 keyexchange=ikev2
 ike=aes256-sha2_256-modp2048!  # modify to match
 esp=aes256-sha2_256-modp2048!  # modify to match
 authby=secret
 left=192.168.1.10  # this hosts internal IP
 leftid=@123.45.67.89 # this networks public IP
 leftsubnet=123.45.67.89 # this networks public IP
 right=<public IP of client>
 rightid=%any # modify this to match the ID
 rightsourceip=10.215.0.1 # IP assigned to remote
 rightsubnet=10.215.0.1/32 # Specific IP to route
 

/etc/ipsec.secrets:

 : PSK "SomePresharedKeyBlahBlahBlah"

The critical piece is to use the “@” on the leftid – OXO expects the responder to provide it’s public IP address as text.

To improve security you should modify the ID presented in the OXO profile and change some elements of the phase 1/2, IKE/ESP, negotiations.

This example shows preshared keys for simplicity. EAP and certificates can be added with more work.