• How to set up an IKEv2/IPsec VPN server on the pcWRT router


    1. Check if your router is behind NAT. If behind NAT, put the router in DMZ or configure port forwarding.
    2. Set up Dynamic DNS.

    Set up server

    1. Log in the pcWRT console. Click Apps then click strongSwan (IPsec).
    2. Click on the Server tab. The strongSwan server needs to be initialized before it can be enabled. Click the “Initialize strongSwan” button.
    3. The strongSwan server is disabled by default. Click the “Enable” button.
    4. If you enabled native Dynamic DNS, the “External Address” field will be filled with the DDNS name. Otherwise, it will be filled with the external IP address as seen by the router. If you have a third party DDNS service, you can put the DDNS name in the “External Address” field.

      The IP Address & Netmask fields will be filled with default values too. The defaults should be fine, but you may make changes if you want.

    5. Click the Add button in the Users section to add an IKEv2 user.
    6. In the popup dialog, enter a name for the user. Then click OK to dismiss the dialog.
    7. Click Save to save the server and user configurations. The strongSwan server will be started.

    Set up IKEv2 client

    1. Click on the download icon to download the .p12 file for the IKEv2 user.
    2. Enter a password to protect the .p12 file.
    3. Save the .p12 file and follow the steps here to set up a Windows 10 client (or Windows 7 here).

Leave a Reply