This is an old revision of the document!

Install StrongSwan on Ubuntu 24.04

Introduction

  • When installing StrongSwan on a server, the item that takes the most preparation is the setup of the PKI.
  • Although it is easy once you figured it out, because StrongSwan has been around for such a long time there are lots of outdated or over complicated documentation out there.
  • Even when I asked one of the AI engines for instructions it provided me with old outdated instructions.
  • The following instructions should work well on any of the recent versions of StrongSwan

Install StrongSwan

  • As stated on the StrongSwan Primer wiki page, StrongSwan has gone through an aggressive redesign and you should take care when installing it not to install the older legacy version.
  • The natural behavior would be to install the StrongSwan meta package. This should not be done
  • Instead we install charon-systemd and strongswan-swanctl
#Make sure the old StrongSwan versions are not installed or running
sudo systemctl disable strongswan.service
sudo systemctl stop strongswan
sudo apt-get remove strongswan-starter
sudo apt-get remove strongswan-charon
#Install the new style StrongSwan
sudo apt-get install charon-systemd strongswan-swanctl
#Enable its startup
sudo systemctl enable strongswan.service
#This will link the strongswan-swanctl
#Created symlink /etc/systemd/system/strongswan-swanctl.service → /usr/lib/systemd/system/strongswan.service.
#Created symlink /etc/systemd/system/multi-user.target.wants/strongswan.service → /usr/lib/systemd/system/strongswan.service.
 
#Start it up
sudo systemctl start strongswan-swanctl.service
#=== Or for the same result alternatively ===
sudo systemctl start strongswan
sudo service strongswan start
 
#Check Its status
sudo systemctl status strongswan-swanctl.service
#=== Or for the same result alternatively ===
sudo systemctl status strongswan
sudo service strongswan status
  • This is the result of the status command on our server:
● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl
     Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled; preset: enabled)
     Active: active (running) since Sun 2026-01-11 10:17:49 UTC; 11min ago
   Main PID: 1777399 (charon-systemd)
     Status: "charon-systemd running, strongSwan 5.9.13, Linux 6.8.0-90-generic, x86_64"
      Tasks: 17 (limit: 1107)
     Memory: 4.6M (peak: 20.0M)
        CPU: 2.445s
     CGroup: /system.slice/strongswan.service
             └─1777399 /usr/sbin/charon-systemd
  • As you can see it has the charon-systemd program running.

——

  • install_24_4_strongswan.1768127479.txt.gz
  • Last modified: 2026/01/11 12:31
  • by system