strongswan is an IPsec VPN client. It is available in most linux distributions.

Install strongswan. If you are using debian, run:

$ sudo apt-get install strongswan

Download the certificate for the CA from the server (the ca.crt file)

Edit /etc/ipsec.conf:

ca example.org
  cacert=ca.crt
  auto=add
conn server1
  keyexchange=ikev2
  right=server1.example.org
  rightid=%25server1.example.org
  rightsubnet=0.0.0.0/0
  rightauth=pubkey
  leftsourceip=%25config
  leftauth=eap
  leftcert=client.example.org.crt
  auto=route
  eap_identity=username
  auto=add