Downloads | inDev. Journal
quick links for sharing
strongSwan root CA
Self-signed certificate for site-to-site strongSwan services. Private use only!
New updates for the Certificate Authority (CA), I’ve re-signed all the server keys with a single CA key.
So, just one copy of root CA cert need to install on your side:
https://cdn.frankindev.com/bucket-oc-ashburn/o/public/strongswan_certs/strongSwan.pem
Choose one of the server address below, random server will be chosen for regions that served with multiple servers.
| server address | region(s) | updated |
|---|---|---|
| dXMuaWtldjIuZnJhbmtpbmRldi5jb20= | Ashburn, US | 3 months and 4 weeks ago |
| a3IuaWtldjIuZnJhbmtpbmRldi5jb20= | Seoul, KR | 3 months and 4 weeks ago |
| aWtldjIuZnJhbmtpbmRldi5jb20= | US, KR | 3 months and 4 weeks ago |
👉 See step-by-step configuration instructions here.
👉 macOS, iOS, and Windows 10 have native support for IKEv2.
🥳 Start from Android 12, IKEv2 is natively supported, no 3rd-party application required.
👉 For friends using elder Android versions, please use strongSwan-2.3.3.apk 👏. Note that you need to specify the Server ID to the server address you’ve chosen in Advanced Setting in case of failure of authentication…
📟 Or, check the 3rd-party service via the link. Sadly Android 12 don’t support L2TP anymore…
Encrypt DNS configs
On iOS 14 or macOS Big Sur devices you can download special .mobileconfig file that adds DNS-over-HTTPS or DNS-over-TLS servers to the DNS settings.
Here’s my configuration file for my private DNS-over-HTTPs service: doh.mobileconfig, proxied by Fly.io.
On Android, you can set the the Private DNS to cHVibGljLmRucy5mcmFua2luZGV2LmNvbQ== (base64, double click to reveal the address), with DNS encryption and ad filtering.