Swiss Sovereign VPN

ETA: Q2.2026

Adlibo ValPN

Swiss sovereign VPN based on strongSwan (HSR Rapperswil). Integrated SASE architecture, 100% Swiss infrastructure, outside CLOUD Act jurisdiction. Reserved for Swiss-incorporated companies.

Overview

Protocol

strongSwan (CH)

FIPS 140-2, CC EAL4+

Infrastructure

100% Swiss

Geneva, Zurich, Bern

Encryption

AES-256-GCM

IPsec IKEv2 (RFC 7296)

Restriction: Adlibo ValPN is exclusively available to companies incorporated in Switzerland. This restriction ensures complete service sovereignty.

SASE Architecture

Roaming Client

Agent SASE / strongSwan
ZTNA Portal (browser)
Native client (IKEv2)

PoP Adlibo (Switzerland)

VPN Gateway (strongSwan)
DataShield DLP
Zero Trust / mTLS

Geneva — Zurich — Bern

Client Infrastructure

Databases
File servers
Internal apps

End-to-end AES-256-GCM encryption — IPsec IKEv2 (RFC 7296) — Mutual X.509 authentication

Protocols

IPsec/IKEv2

Primary protocol

strongSwan (HSR Rapperswil, Switzerland). FIPS 140-2, CC EAL4+ certified. IETF standard, interoperable with Cisco/Fortinet/Palo Alto.

AES-256-GCM + SHA-384 + ECDH P-384
Ports: UDP 500 (IKE), 4500 (NAT-T)
MOBIKE for transparent failover

TLS 1.3 Tunnel

Browser fallback

Clientless ZTNA access via web portal. No installation required. Ideal for temporary access.

AES-256-GCM / ChaCha20-Poly1305
Port: TCP 443
All modern browsers

Deployment Options

Recommended

Podman Connector

Lightweight container deployed via Podman (open-source, daemonless). Outbound connection only. Swiss registry.

strongSwan native

Direct installation on Linux. Zero container dependency. Maximum sovereignty.

ZTNA Portal

Browser access without installation. Ideal for temporary and partner access.

VM Appliance

Preconfigured OVA image. Compatible with VMware, Proxmox, Hyper-V.

Quick Deployment (Podman)

bash

# Pull from Swiss registry
podman pull harbor.adlibo.com/valpn/connector:latest

# Run the connector
podman run -d \
  --name valpn-connector \
  --cap-add NET_ADMIN \
  --device /dev/net/tun \
  -e VALPN_TOKEN="your-enterprise-token" \
  -e VALPN_GATEWAY="gw.valpn.ch" \
  -p 500:500/udp \
  -p 4500:4500/udp \
  harbor.adlibo.com/valpn/connector:latest

# Verify connection
podman exec valpn-connector swanctl --list-sas

strongSwan Configuration

conf

# /etc/swanctl/conf.d/valpn.conf
connections {
    valpn {
        version = 2
        proposals = aes256gcm16-sha384-ecp384
        remote_addrs = gw.valpn.ch

        local {
            auth = eap-tls
            certs = client.pem
            id = "user@company.ch"
        }
        remote {
            auth = pubkey
            id = "gw.valpn.ch"
            cacerts = valpn-ca.pem
        }
        children {
            net {
                remote_ts = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
                start_action = trap
                dpd_action = restart
            }
        }
    }
}

Key Features

strongSwan (HSR Rapperswil)

VPN protocol developed in Switzerland. FIPS 140-2, CC EAL4+ certified.

100% Swiss Infrastructure

Data centers in Geneva, Zurich, Bern. ISO 27001. 100% renewable energy.

Zero US Components

No Docker, no WireGuard (US author), no Tailscale, no Cloudflare. Podman + Swiss registry.

Native nFADP Compliance

nFADP compliant. Encrypted logs, 90-day retention, zero content logging.

DataShield Integration

Native DLP protection built into the VPN tunnel. Sensitive data tokenization before transit.

Kill Switch

Immediate connection cut on VPN tunnel loss. Zero data leakage.

Reachable Services

File ServersSMB, NFS, SFTP, WebDAV

DatabasesPostgreSQL, MySQL, Oracle, SQL Server

Remote AccessSSH, RDP, VNC

Web ApplicationsIntranets, CRM, ERP

DevOps ToolsGitLab, Jenkins, Kubernetes

IoT / OTMQTT, Modbus, OPC UA

Join the Waitlist

Adlibo ValPN will be available Q2 2026. Reserve your spot among the first 100,000 users.