I have setup an IKEV2 VPN server by following this documentation. https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-20-04
After setup i can successfully connected with the vpn server through different mobile devices. The problem is, all the devices are getting the same private ip address (ex:10.10.10.1). And when one device is newly connected the previous connected device can’t browse the internet.
my /etc/ipsec.conf file
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=@server_domain_or_IP
leftcert=server-cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.10.10.0/24
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=%identity
ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!
I have followed the whole documentation for setup IKEV2 VPN server. Can anyone help me out to get the proper solutions!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
It looks like the setup is mostly correct, but getting the same IP for every client usually means StrongSwan is not actually handing out addresses from the whole 10.10.10.0/24 pool. When that happens, all clients end up sharing one lease, and the second connection breaks the first one exactly like you’re seeing.
Even though you set uniqueids=no, StrongSwan may still treat multiple connections from the same identity as the same client. If all your test devices connect with the same username, they can end up sharing a single IP. Using separate usernames often fixes this.
Also, the subnet is fine, but StrongSwan needs the memory plugin enabled or a separate pool definition if you want it to manage multiple leases. On most Ubuntu setups this works by default, but if the memory plugin isn’t active, only the first address gets used.
Besides the above, some devices will reconnect with the same IKE identity even if the username is different. If that happens, StrongSwan treats them as one client and assigns them the same address.
So the config itself looks reasonable, but the issue usually comes down to identities. Try connecting with different usernames for each device and see if each one gets a separate IP. If that works, then you know it’s an identity handling issue rather than the address pool.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.