IPSEC between StrongSwan and SRX

In one of my earlier posts I provided my configuration for an IPSEC VPN setup between an SRX firewall and Linux with racoon. In this post, I will explain how you can set up a route based IPSEC tunnel between StrongSwan (pre-shared key) and SRX firewall. Topology of my setup is below;

strong_swan

Tunnel Peers: debian1 and j41
Tunnel End point addresses: debian1(192.168.3.11) — j41(212.45.64.2)
Protected Networks: debian1(10.33.1.0/24) — j41(10.34.1.0/24)
SRX Junos Release: 12.1X46-D15.3
StrongSwan Release: 4.5.2-1.5+deb7u2

LINUX

Create your strongswan configuration files as below;

/etc/ipsec.conf

/etc/ipsec.secrets

Strongswan config is this much, now SRX config.

IKE

As I have several configuration for different peers, you can see IKE proposal,policy and gateway configuration in order.

IPSEC

IPSEC config is also in the same order proposal,policy and vpn.

Let’s verify this setup on two sides;

SRX

Strongswan

As you can see tunnel is established properly. I have tested this config two times on these releases. I hope there isn’t any mistake so far. I haven’t passed traffic on this setup as my purpose was to see how the configuration is done but I don’t think there should be a problem. Should you have any feedback, please feel free to comment!

5 thoughts on “IPSEC between StrongSwan and SRX

  1. Arslan

    I am trying to do the same task and succeful in making th tunnel but traffic is not passing through..please do some favor for me

    Reply
  2. Mikhail

    You made a typo near “lab@J41-Amsterdam# show security ike policy stronswan ” , g missed

    Reply
    1. rtoodtoo Post author

      Yes you are right, I missed that but it should be an easy one as it is just an interface config and a static route towards the st0.0 interface.

      Reply

You have a feedback?