Thursday, August 28, 2025
HomeGuest BlogsHow To Install Libreswan on Ubuntu 22.04|20.04|18.04|16.04

How To Install Libreswan on Ubuntu 22.04|20.04|18.04|16.04

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

Welcome to today’s guide on how to Install Libreswan on Ubuntu 22.04/20.04/18.04/16.04 server. Libreswan is an Internet Key Exchange (IKE) implementation for Linux systems. It has support for IKEv1 and IKEv2 and other extensions (RFC + IETF drafts) related to IPsec, including IKEv2, X.509 Digital Certificates, NAT Traversal, and many others.

Libreswan was forked from Openswan 2.6.38 and it uses the native Linux IPsec stack (NETKEY/XFRM) per default. We will install Libreswan on Ubuntu 22.04/20.04/18.04/16.04 from source.

Step 1: Update system

Ensure you’re using an up-to-date installation of Ubuntu.

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}
sudo apt -y update && sudo apt -y upgrade
[ -f /var/run/reboot-required ] && sudo reboot -f

Once the system is up, proceed to step two.

Step 2: Install build dependencies

There are a few packages required for Libreswan to compile from source. Install them on your Ubuntu system by running the following commands.

sudo apt install curl libnss3-dev libnspr4-dev pkg-config libpam-dev \
 libcap-ng-dev libcap-ng-utils libselinux-dev \
 libcurl3-nss-dev flex bison gcc make libldns-dev \
 libunbound-dev libnss3-tools libevent-dev xmlto \
 libsystemd-dev git devscripts build-essential fakeroot libsystemd-dev

Step 3: Download Libreswan source code

Since we will build Libreswan from source to ensure we’re using the latest release. Clone the project from Github.

SWAN_VER=4.11
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
  exit 1
fi

Once the file is downloaded, extract it.

tar xzf "$swan_file" && /bin/rm -f "$swan_file"

Step 4: Build and Install Libreswan on Ubuntu

We can now build and install Libreswan on Ubuntu. First change to libreswan directory.

cd "libreswan-$SWAN_VER" || exit 1

Create build options file.

cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS =
USE_DNSSEC = false
USE_DH31 = false
USE_NSS_AVA_COPY = true
USE_NSS_IPSEC_PROFILE = false
USE_GLIBC_KERN_FLIP_HEADERS = true
EOF

Finally build Libreswan.

NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1
make "-j$((NPROCS+1))" -s base && sudo make -s install-base

Successful build should output.

.......................................................
running: systemctl --system daemon-reload
running: systemd-tmpfiles --create /usr/lib/tmpfiles.d/libreswan.conf
DESTDIR=''
************************** WARNING ***********************************
The ipsec service is currently disabled. To enable this service issue:
 systemctl enable ipsec.service
**********************************************************************
../../OBJ.linux.x86_64/testing/enumcheck/enumcheck -> /usr/local/libexec/ipsec/enumcheck
../../OBJ.linux.x86_64/testing/ipcheck/ipcheck -> /usr/local/libexec/ipsec/ipcheck
../../OBJ.linux.x86_64/testing/fmtcheck/fmtcheck -> /usr/local/libexec/ipsec/fmtcheck
../../OBJ.linux.x86_64/testing/timecheck/timecheck -> /usr/local/libexec/ipsec/timecheck

If installation was successful. you should be able to check version.

$ /usr/local/sbin/ipsec --version
Libreswan 4.11

Step 5: Start and enable Libreswan ipsec service

The ipsec service is currently disabled. To enable this service issue:

sudo systemctl enable --now ipsec.service

Verify service status.

$ systemctl status ipsec.service
ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
     Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-06-06 02:07:16 UTC; 4s ago
       Docs: man:ipsec(8)
             man:pluto(8)
             man:ipsec.conf(5)
    Process: 10783 ExecStartPre=/usr/local/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS)
    Process: 10784 ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS)
    Process: 11124 ExecStartPre=/usr/local/sbin/ipsec --checknss (code=exited, status=0/SUCCESS)
    Process: 11127 ExecStartPre=/usr/local/sbin/ipsec --checknflog (code=exited, status=0/SUCCESS)
   Main PID: 11141 (pluto)
     Status: "Startup completed."
      Tasks: 3 (limit: 4537)
     Memory: 7.1M
        CPU: 778ms
     CGroup: /system.slice/ipsec.service
             └─11141 /usr/local/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork

Jun 06 02:07:16 jammy pluto[11141]: adding UDP interface eth0 49.12.192.27:500
Jun 06 02:07:16 jammy pluto[11141]: adding UDP interface eth0 49.12.192.27:4500
Jun 06 02:07:16 jammy pluto[11141]: adding UDP interface lo 127.0.0.1:500
Jun 06 02:07:16 jammy pluto[11141]: adding UDP interface lo 127.0.0.1:4500
Jun 06 02:07:16 jammy pluto[11141]: adding UDP interface lo [::1]:500
Jun 06 02:07:16 jammy pluto[11141]: adding UDP interface lo [::1]:4500
Jun 06 02:07:16 jammy pluto[11141]: adding UDP interface eth0 [2a01:4f8:c0c:f12e::1]:500
Jun 06 02:07:16 jammy pluto[11141]: adding UDP interface eth0 [2a01:4f8:c0c:f12e::1]:4500
Jun 06 02:07:16 jammy pluto[11141]: loading secrets from "/etc/ipsec.secrets"
Jun 06 02:07:16 jammy pluto[11141]: no secrets filename matched "/etc/ipsec.d/*.secrets"

Step 6: Configure IPSec VPN with LibreSwan

In our next guide, we will cover how to configure IPSEC VPN using Libreswan. In the meantime, check other VPN related guides.

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}
RELATED ARTICLES

Most Popular

Dominic
32236 POSTS0 COMMENTS
Milvus
80 POSTS0 COMMENTS
Nango Kala
6609 POSTS0 COMMENTS
Nicole Veronica
11779 POSTS0 COMMENTS
Nokonwaba Nkukhwana
11828 POSTS0 COMMENTS
Shaida Kate Naidoo
6719 POSTS0 COMMENTS
Ted Musemwa
7002 POSTS0 COMMENTS
Thapelo Manthata
6678 POSTS0 COMMENTS
Umr Jansen
6690 POSTS0 COMMENTS