ΒΆ
strongSwan Security Hardening
Use IKEv2 with strong proposals and PFS.
Prefer certificate-based auth over pre-shared keys.
Rotate certificates/keys and maintain CRL/OCSP checks.
Restrict peer traffic selectors and monitor SA anomalies.