quick links for sharing

StrongSwan root CAs

Self-signed certs for site-to-site StrongSwan services. Private use only! 👻

server region certificate download updates
aWtldjJhc2hidXJuLmZyYW5raW5kZXYuY29t Ashburn, US ashburn.pem 3 months ago
aWtldjJhc2hidXJub25lLmZyYW5raW5kZXYuY29t Ashburn, US ashburnone.pem 3 months and 1 day ago
aWtldjJzZW91bC5mcmFua2luZGV2LmNvbQ== Seoul, KR seoul.pem 2 months and 4 weeks ago
aWtldjJzZW91bG9uZS5mcmFua2luZGV2LmNvbQ== Seoul, KR seoulone.pem 3 months ago
aWtldjJzaGFuZ2hhaS5mcmFua2luZGV2LmNvbQ== Shanghai, CN shanghai.pem 2 months and 1 week ago

👉 See step-by-step configuration instructions here.

👉 macOS, iOS, and Windows 10 have native support for IKEv2.

👉 For Android friends, please use strongSwan-2.3.2.apk 👏.

👉 Or, check the free academic-use only service here, run by third-party.

Encrypt DNS configs

On iOS 14 or macOS Big Sur devices you can download special ‘.mobileconfig’ file that adds DNS-over-HTTPS or DNS-over-TLS servers to the DNS settings.

Here’s my configuration file for my private DNS-over-HTTPs service:, proxied by Cloudflare.