Modify the strongSwan client’s IPsec configuration file (
and the IPsec password file (
to use recommended settings.
file is usually
found in the
Use the strongSwan
client username as the certificate’s common name.
following items in the
file to these recommended
conn <connection name>
leftcert=<client certificate with the strongSwan client username used as the certificate’s common name>
Modify the following items in the
to these recommended settings.
<private key file> “<passphrase if used>”
Start strongSwan IPsec services and connect to the IPsec
tunnel that you want the strongSwan client to use when authenticating
to the GlobalProtect gateway.
to name the tunnel configuration.
ipsec up <name>
strongswan up <name>
Verify that the tunnel is set up correctly and the VPN
connection is established to both the strongSwan client and the
Verify the detailed status information on
a specific connection (by naming the connection) or verify the status
information for all connections from the strongSwan client:
ipsec statusall [<connection name>]
strongswan statusall [<connection name>]
for the gateway configured for the connection
to the strongSwan client. The strongSwan client should be listed