BestHub
Sign in
Cloud Computing 6 min read

How to Set Up StrongSwan IPSec VPN for Hybrid Cloud Connectivity on UCloud

This guide walks you through installing StrongSwan on a CentOS client, configuring IPSec tunnels, and creating a UCloud IPSec VPN gateway to achieve secure hybrid‑cloud network connectivity using VPN.

UCloud Tech
UCloud Tech
UCloud Tech
How to Set Up StrongSwan IPSec VPN for Hybrid Cloud Connectivity on UCloud

In a hybrid‑cloud environment, network connectivity is achieved by establishing a VPN or dedicated line to UConnect; this article explains how to use a VPN for hybrid‑cloud architecture connectivity.

VPN connectivity diagram
VPN connectivity diagram

The VPN connection between the public cloud and the user data center consists of two parts: installing VPN software on the user side and creating an IPSec VPN gateway on the UCloud side.

User Side Install VPN Software

Common VPN clients include racoon and strongSwan; the following steps use strongSwan on CentOS 7.2.

Installation

1. Download the strongSwan source code from the official website.

wget https://strongswan.org/download/strongswan-x.x.x.tar.bz2

2. Install dependencies. sudo yum install bzip2 gmp-devel 3. Extract the source.

tar xjvf strongswan-x.x.x.tar.bz2
cd strongswan-x.x.x

4. Configure the build. ./configure --prefix=/usr --sysconfdir=/etc If configuration fails, install any missing libraries indicated by the error messages and retry.

5. Compile and install.

make
sudo make install

Configuration

StrongSwan supports IKEv1, IKEv2 and various authentication methods; this example uses IKEv1 with a pre‑shared key.

Key configuration files:

/etc/ipsec.conf – tunnel negotiation policies

/etc/ipsec.secrets – pre‑shared key definitions

Example /etc/ipsec.conf:

# ipsec.conf – strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
conn sample-self-signed
    left=192.168.0.1
    leftsubnet=10.1.0.0/16
    right=192.168.1.1
    rightsubnet=10.2.0.0/16
    keyexchange=ikev1
    ike=aes128-sha1-modp3072
    esp=aes128-sha1
    authby=psk
    auto=start

Explanation of fields:

Left – local IP address.

Leftsubnet – IDC subnet reachable via the IPSec gateway.

Right – VPC IPSec gateway IP.

Rightsubnet – VPC subnet reachable via the tunnel.

IKE – encryption‑hash‑DH group.

ESP – ESP algorithm (PFS optional).

Auto – tunnel start mode (e.g., start).

Example /etc/ipsec.secrets:

# ipsec.secrets – strongSwan secrets file
192.168.1.1 : PSK "1234abc"

Running

StrongSwan provides command‑line tools to control the service:

Start: ipsec start Stop: ipsec stop Check status: ipsec update Refer to the man pages ( man ipsec) for additional commands.

Adding Routes

Configure routing so that traffic from the IDC subnet to the VPC subnet passes through the local gateway.

UCloud Side Create IPSec VPN Gateway

Subsequent steps on UCloud include creating a VPN gateway instance, a customer gateway, a tunnel, defining IKE and IPSec rules, managing the gateway, and monitoring.

LinuxHybrid CloudVPNUCloudIPSecStrongSwan
UCloud Tech
Written by

UCloud Tech

UCloud is a leading neutral cloud provider in China, developing its own IaaS, PaaS, AI service platform, and big data exchange platform, and delivering comprehensive industry solutions for public, private, hybrid, and dedicated clouds.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment