Downloads | inDev. Journal
quick links for sharing
strongSwan root CA
Self-signed certificate for site-to-site strongSwan services. Private use only!
New updates for the Certificate Authority (CA), I’ve re-signed all the server keys with a single CA key.
So, just one copy of root CA cert need to install on your side:
https://cdn.honglin.eu.org/bucket-oc-ashburn/o/public/strongswan_certs/strongSwan.pem
Choose one of the server address below, random server will be chosen for regions that served with multiple servers.
| server address | region(s) | updated |
|---|---|---|
| dXMuaWtldjIuZnJhbmtpbmRldi5jb20= | Ashburn, US | 7 months and 2 weeks ago |
| a3IuaWtldjIuZnJhbmtpbmRldi5jb20= | Seoul, KR | 7 months and 2 weeks ago |
| aWtldjIuZnJhbmtpbmRldi5jb20= | US, KR | 7 months and 2 weeks ago |
👉 See step-by-step configuration instructions here.
👉 macOS, iOS, and Windows 10 have native support for IKEv2.
🥳 Start from Android 12, IKEv2 is natively supported, no 3rd-party application required.
👉 For friends using elder Android versions, please use strongSwan-2.3.3.apk 👏. Note that you need to specify the Server ID to the server address you’ve chosen in Advanced Setting in case of failure of authentication…
📟 Or, check the 3rd-party service via the link. Sadly Android 12 don’t support L2TP anymore…
Encrypt DNS configs
On iOS 14+ or macOS Big Sur devices you can download and install a special .mobileconfig file that adds DNS-over-HTTPS or DNS-over-TLS servers encrypt your DNS requests.
Here’s my configuration file for my hosted DNS-over-HTTPs: doh.mobileconfig, proxied with Fly.io.
On Android, you can set the the Private DNS to cHVibGljLmRvdC5mcmFua2luZGV2LmNvbQ== (base64, double click to reveal the address), with DNS encryption and ad filtering.