Contact UsTry it for free

strongSwan S2S VPN

Updated February 24, 2026

strongSwan S2S VPN is a strongSwan-based firewall that helps establish site-to-site VPN.

Deployment instructions

  1. Create a service account with the admin role.

  2. Create a cloud network.

  3. Get an SSH key pair for connection to a virtual machine.

  4. Make sure your target cloud in Yandex Virtual Private Cloud has not exhausted its Number of route tables per cloud and Number of static routes per cloud quotas. If any quota has been used up, create a quota increase request and wait for it to be granted.

  5. In the management console, select Cloud Apps.

  6. In the left-hand panel, select Marketplace.

  7. Select strongSwan S2S VPN and click Use.

  8. Specify the following:

    • Application name.
    • Application description (optional).
    • Service account you created earlier.
    • Cloud network you previously created.
    • CIDR and the availability zone for the subnet. The subnet will be automatically created in the specified cloud network when installing the application.
    • Remote endpoint IP address.
    • List of the IP addresses of the remote subnets to add to the routing table.
    • Public SSH key to access the VM over SSH.
    • IPsec properties: IKE Proposal, ESP Proposal, and PSK.

  9. Click Install and wait for the installation to complete.

  10. Link the routing table to the subnet you previously created.

  11. Connect to the VM over SSH by using the admin username and the private SSH key you created earlier.

  12. Run the following commands:

    sudo su
cd /root
./update.sh

The system will create the ipsec-*.txt files in the /root folder. You can use these files as an example when configuring a connection on a remote endpoint.

As part of the app deployment, a route table will be created. You will need to delete it manually when deleting the application.

from $27.78 / per month

The usage cost for the product and the minimum required resource configuration
Create an application
Сost details
ProductFree
Public IP address (dynamic or static)
$1.56
Required resources$26.23 / per month
Regular VM computing resources, Intel Ice Lake, 100% vCPU
$13.61
Regular VM computing resources, Intel Ice Lake, RAM
$7.26
Fast network drive (SSD)
$5.36
Billing type
Free
Type
Cloud Apps
Category
Network infrastructure
Security
Publisher
Yandex Cloud
Use cases
  • Connecting network infrastructures through a VPN tunnel.
Links
About the solution
Technical support

Yandex Cloud technical support is available 24/7. The types of requests you can submit and the appropriate response time depend on your pricing plan. You can switch to the paid support plan in the management console. You can learn more about the technical support terms here.

Application resources
Resource typeQuantity
Service account1
Folder members3
VPC Subnet1
VPC IP-adress1
VPC Security group1
Compute Instance1
Terms
By using this product you agree to the Yandex Cloud Marketplace Terms of Service

from $27.78 / per month

The usage cost for the product and the minimum required resource configuration
Create an application
Сost details
ProductFree
Public IP address (dynamic or static)
$1.56
Required resources$26.23 / per month
Regular VM computing resources, Intel Ice Lake, 100% vCPU
$13.61
Regular VM computing resources, Intel Ice Lake, RAM
$7.26
Fast network drive (SSD)
$5.36
Billing type
Free
Type
Cloud Apps
Category
Network infrastructure
Security
Publisher
Yandex Cloud