I recently has upgraded the FreeBSD version to 13 and found that the IPSec site to site between FreeBSD 13 to Juniper SRX is not working anymore. Strongswan is ditching the ipsec.conf and move to swanctl.conf. If we are moving to the vici, this requires some effort to translate the config.
I have attached the quick and dirty sample to build a Policy based site to site IPSec vpn with Strongswan. Enhancement is required for production.
The sample is suitable for the following:
– policy based VPN
– using PSK.
– source vpn termination point is NATTed and behind a internet gateway.
– dynamic public IP address for source vpn termination point.
– dynamic destination IP address for the remote IPSec VPN termination point. (required the DNS lookup for the source vpn termination point.)
– multiple VPN termination points from the same source public IP address are allowed.