IPSEC between StrongSwan and SRX

In one of my earlier posts I provided my configuration for an IPSEC VPN setup between an SRX firewall and Linux with racoon. In this post, I will explain how you can set up a route based IPSEC tunnel between StrongSwan (pre-shared key) and SRX firewall. Topology of my setup is below;


Tunnel Peers: debian1 and j41
Tunnel End point addresses: debian1( — j41(
Protected Networks: debian1( — j41(
SRX Junos Release: 12.1X46-D15.3
StrongSwan Release: 4.5.2-1.5+deb7u2


Create your strongswan configuration files as below;



Strongswan config is this much, now SRX config.


As I have several configuration for different peers, you can see IKE proposal,policy and gateway configuration in order.


IPSEC config is also in the same order proposal,policy and vpn.

Let’s verify this setup on two sides;



As you can see tunnel is established properly. I have tested this config two times on these releases. I hope there isn’t any mistake so far. I haven’t passed traffic on this setup as my purpose was to see how the configuration is done but I don’t think there should be a problem. Should you have any feedback, please feel free to comment!

5 thoughts on “IPSEC between StrongSwan and SRX

  1. Arslan

    I am trying to do the same task and succeful in making th tunnel but traffic is not passing through..please do some favor for me

  2. Mikhail

    You made a typo near “lab@J41-Amsterdam# show security ike policy stronswan ” , g missed

    1. rtoodtoo Post author

      Yes you are right, I missed that but it should be an easy one as it is just an interface config and a static route towards the st0.0 interface.


You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.