# ipsec ike-vpn :500/udp

## IPSEC type of Internet Security Association Key Management Protocol (ISAKMP)

Framework for authentication and key exchange. Phases in setting up security association (SA) between endpoints:

1. Establish secure channel using PreSharedKey (PSK) or certificates. It can use main mode (3 pairs of messages) or aggressive mode.
2. (optional) Extended AUTH Phase - authenticates the user trying to connect.
3. Negotiates the parameter for data security using ESP or AH. Can use different algorithm than phase

## Connect

```bash
sudo ipsec statusall

# auto=start
sudo ipsec [start --nofork]

# auto=add
sudo ipsec [start | stop]
sudo ipsec [up | down] CONFIG-NAME
```

## Config files

### /etc/ipsec.secrets

This file hold shared secrets or RSA private keys for authentication

```bash
# add line
TARGET-IP %any : PSK "PASSWORD"
```

### /etc/ipsec.conf

```bash
# setup to enable verbose debugging
# conn profile to connect
config setup
    charondebug="all"

conn CONFIG-NAME
    # basic config
    auto=start [ | add]
    authby=secret [ | psk]

    # tunnel when have subnets
    type=transport [ | tunnel]

    # left side config
    left=KALI-IP
    leftsubnet=KALI-IP[PROTOCOL] | leftprotoport=PROTOCOL

    # right side config
    right=TARGET-IP
    leftsubnet=TARGET-IP[PROTOCOL] | leftprotoport=PROTOCOL

    # IKE config
    keyexchange=ikev1 [|ikev2]
    # example: 3des-sha1-modp!
    ike=ALGORITHM-HASH-GROUP!
    esp=ALGORITHM-HASH!
```

## Install Strongswan

```bash
sudo apt install strongswan
```

## Error fix (while connecting)

```bash
sudo apt install libstrongswan-standard-plugins libstrongswan-extra-plugins
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kashz.gitbook.io/kashz-jewels/protocols/ipsec-ike-vpn-500-udp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.