quick links for sharing

StrongSwan root CAs

Self-signed certs for site-to-site StrongSwan services. Private use only!

server region certificate download updates
aWtldjJ1cy5mcmFua2luZGV2LmNvbQ== Ashburn, US ikev2us.pem 2 weeks and 3 days ago
aWtldjJzaGFuZ2hhaS5mcmFua2luZGV2LmNvbQ== Shanghai, CN shanghai.pem 6 months and 3 weeks ago

👉 See step-by-step configuration instructions here.

👉 macOS, iOS, and Windows 10 have native support for IKEv2.

👉 For Android friends, please use strongSwan-2.3.3.apk 👏.

Encrypt DNS configs

On iOS 14 or macOS Big Sur devices you can download special .mobileconfig file that adds DNS-over-HTTPS or DNS-over-TLS servers to the DNS settings.

Here’s my configuration file for my private DNS-over-HTTPs service: doh.mobileconfig, proxied by Cloudflare.