You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > PrivadoVPN Setup Guides > Manual Setup > Linux IKEv2 Manual Setup
Linux IKEv2 Manual Setup
print icon

*Manual IKEv2 setup is available to Premium users only.

** Compatible with Debian-based distributions (Ubuntu, Linux Mint, Kali Linux, Elementary OS, and others) 

 

Before proceeding to the actual setup, you will need to obtain a VPN server address as well as your Privado username.

 

1. Log in to your Privado Admin area; copy and save your Privado Username for a manual connection. The Password will be the same as the one you use to log in to the Privado Admin area or the PrivadoVPN application. You will need these details later on to set up your IKEv2 connection. 

 


2. After saving your username, click https://app.privadovpn.com/en/server-list or https://app.privado.live/en/server-list. Find your preferred server location on the left. Next, under "Server", copy and save your server name.

  • Optionally, you can use either the server name (ex. ams-005.vpn.privado.io) or the server IP (ex. 91.148.224.50) from the next column as your server name.  
    "Capacity" means the percentage of free available slots on a particular server; i.e. the higher the number is, the better. 

 

IKEv2 set up on Debian-based distributions

1. Open a terminal window and switch to a root user: 

If you can't find a launcher, or if you just want a faster way to bring up the terminal, most Linux systems use the same default keyboard shortcut to start it: Ctrl + Right Alt + T

 

Execute the following command and enter the root password:

 

sudo su -

 

 

2. Execute the following command to install the strongswan, libcharon-extra-plugins, libstrongswan-extra-plugins, libcharon-extauth-plugins, and resolvconf packages:

apt update && apt install strongswan libcharon-extra-plugins libstrongswan-extra-plugins libcharon-extauth-plugins resolvconf

 

 

3. Replace the PRIVADOVPN_USERNAME and PRIVADOVPN_SERVER_ADDRESS in the command below with the values you saved at Step 1 and execute the command: 

Note: For the PRIVADOVPN_SERVER_ADDRESS value, you can use either the server name (ex. ams-005.vpn.privado.io) or the server IP (ex. 91.148.224.50) from this list).

printf '%b' '\n' 'conn 'privadovpn'\n' '\t#IKEv2 profile: 'PrivadoVPN '\n'  '\tkeyexchange=ike\n' '\tdpdaction=clear\n' '\tdpddelay=300s\n' '\teap_identity='PRIVADOVPN_USERNAME'\n' '\tleftauth=eap-mschapv2\n' '\tleft=%defaultroute\n' '\tleftsourceip=%config\n' '\tright='PRIVADOVPN_SERVER_ADDRESS'\n' '\trightid=vpn.privado.io\n' '\trightauth=pubkey\n' '\trightsubnet=0.0.0.0/0\n' '\trightid= %any\n' '\ttype=tunnel\n' '\tauto=add\n' >> /etc/ipsec.conf 

 

For example

printf '%b' '\n' 'conn 'privadovpn'\n' '\t#IKEv2 profile: 'PrivadoVPN '\n'  '\tkeyexchange=ike\n' '\tdpdaction=clear\n' '\tdpddelay=300s\n' '\teap_identity='pvefvidg2020327'\n' '\tleftauth=eap-mschapv2\n' '\tleft=%defaultroute\n' '\tleftsourceip=%config\n' '\tright='ams-005.vpn.privado.io'\n' '\trightid=vpn.privado.io\n' '\trightauth=pubkey\n' '\trightsubnet=0.0.0.0/0\n' '\trightid= %any\n' '\ttype=tunnel\n' '\tauto=add\n' >> /etc/ipsec.conf 

 

 

4.  Run the following command to disable the constraints plugin: 

sed -i 's/load = yes/load = no/g' /etc/strongswan.d/charon/constraints.conf

 

 

5. Replace the PRIVADOVPN_USERNAME and PRIVADOVPN_PASSWORD in the command below with the values you saved at Step 1 and execute the command: 

printf '%s' 'PRIVADO_USERNAME' ' : EAP ' 'PRIVADO_PASSWORD' >> /etc/ipsec.secrets && mv /etc/ipsec.d/cacerts /etc/ipsec.d/cacerts_old && ln -s /etc/ssl/certs /etc/ipsec.d/cacerts

 

For example

print '%s' 'pvefvidg2020327' ': EAP' 'Y0uRoWnPaS$wOrd' >> /etc/ipsec.secrets && mv /etc/ipsec.d/cacerts /etc/ipsec.d/cacerts_old && ln -s /etc/ssl/certs /etc/ipsec.d/cacerts

 

 

6. Restart StrongSwan to refresh the new settings:

ipsec restart

 

7. Now you can switch back to your system account: 

su - system_username

For example:

su - privadouser

 

8. Run the following command to activate the connection:

sudo ipsec up privadovpn

 

 

9. All done; you have successfully connected to PrivadoVPN:

 

 

10. Run the following command to deactivate the connection:

sudo ipsec down privadovpn

 

If you have any further questions or concerns, feel free to reach out to us via our Support Form at https://support.privado.live/new.

 

 

 

 

 

 

Feedback
7 out of 10 found this helpful

scroll to top icon