diff --git a/defaults/main.yml b/defaults/main.yml
index d6691ee1..650d9e3d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -455,6 +455,14 @@ neutron_nova_metadata_insecure: "{{ nova_metadata_insecure | default(False) }}"
 neutron_driver_vpnaas: "{{ _neutron_driver_vpnaas }}"
 neutron_vpnaas_service_provider: "{{ _neutron_vpnaas_service_provider }}"
 
+#Set this variable to use custom config file for strongswan/openswan
+# neutron_vpnaas_custom_config:
+#   - src: "/etc/openstack_deploy/strongswan/strongswan.conf.template"
+#     dest: "{{ neutron_conf_dir }}/strongswan.conf.template"
+#     condition: "{{ ansible_facts['os_family'] | lower == 'debian' }}"
+
+neutron_vpnaas_custom_config: []
+
 # Calico Felix agent upstream settings
 calico_felix_url: "https://github.com/projectcalico/felix/releases/download/{{ calico_felix_version }}/calico-felix-amd64"
 calico_felix_version: v3.21.2
diff --git a/doc/source/configure-network-services.rst b/doc/source/configure-network-services.rst
index 3e241ca8..2d9c83dd 100644
--- a/doc/source/configure-network-services.rst
+++ b/doc/source/configure-network-services.rst
@@ -117,8 +117,8 @@ Follow the steps below to deploy FWaaS v2:
        # openstack-ansible os-neutron-install.yml
 
 
-Virtual private network service (optional)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Virtual private network service - VPNaaS (optional)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 The following procedure describes how to modify the
 ``/etc/openstack_deploy/user_variables.yml`` file to enable VPNaaS.
@@ -180,6 +180,37 @@ dict.
 
 .. _conf override: https://docs.openstack.org/openstack-ansible/latest/admin/openstack-operations.html
 
+You can also define customized configuration files for VPN service with the variable
+``neutron_vpnaas_custom_config``:
+
+.. code-block:: yaml
+
+   neutron_vpnaas_custom_config:
+      - src: "/etc/openstack_deploy/strongswan/strongswan.conf.template"
+        dest: "{{ neutron_conf_dir }}/strongswan.conf.template"
+        condition: "{{ ansible_facts['os_family'] | lower == 'debian' }}"
+      - src: "/etc/openstack_deploy/strongswan/strongswan.d"
+        dest: "/etc/strongswan.d"
+        condition: "{{ ansible_facts['os_family'] | lower == 'debian' }}"
+      - src: "/etc/openstack_deploy/{{ neutron_vpnaas_distro_packages }}/ipsec.conf.template"
+        dest: "{{ neutron_conf_dir }}/ipsec.conf.template"
+      - src: "/etc/openstack_deploy/{{ neutron_vpnaas_distro_packages }}/ipsec.secret.template"
+        dest: "{{ neutron_conf_dir }}/ipsec.secret.template"
+
+With that ``neutron_l3_agent_ini_overrides`` should be also defined in 'user_variables.yml'
+to tell ``l3_agent`` use the new config file:
+
+.. code-block:: yaml
+
+   neutron_l3_agent_ini_overrides:
+         ipsec:
+            enable_detailed_logging: True
+         strongswan:
+            strongswan_config_template : "{{ neutron_conf_dir }}/strongswan.conf.template"
+         openswan:
+            ipsec_config_template:  "{{ neutron_conf_dir }}/ipsec.conf.template"
+
+
 BGP Dynamic Routing service (optional)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/releasenotes/notes/neutron-vpnaas-custom-config-ad991bb02b9ed655.yaml b/releasenotes/notes/neutron-vpnaas-custom-config-ad991bb02b9ed655.yaml
new file mode 100644
index 00000000..c8ea98c4
--- /dev/null
+++ b/releasenotes/notes/neutron-vpnaas-custom-config-ad991bb02b9ed655.yaml
@@ -0,0 +1,33 @@
+---
+features:
+  - |
+    Neutron VPN as a Service (VPNaaS) with customized configuration files
+    can now be defined with the variable ``neutron_vpnaas_custom_config``.
+    deployers should define ``neutron_vpnaas_custom_config`` in 'user_variables.yml'.
+    Example:
+
+    .. code-block:: yaml
+
+      neutron_vpnaas_custom_config:
+        - src: "/etc/openstack_deploy/strongswan/strongswan.conf.template"
+          dest: "{{ neutron_conf_dir }}/strongswan.conf.template"
+        - src: "/etc/openstack_deploy/strongswan/strongswan.d"
+          dest: "/etc/strongswan.d"
+        - src: "/etc/openstack_deploy/{{ neutron_vpnaas_distro_packages }}/ipsec.conf.template"
+          dest: "{{ neutron_conf_dir }}/ipsec.conf.template"
+        - src: "/etc/openstack_deploy/{{ neutron_vpnaas_distro_packages }}/ipsec.secret.template"
+          dest: "{{ neutron_conf_dir }}/ipsec.secret.template"
+
+    We should be also define ``neutron_l3_agent_ini_overrides`` in 'user_variables.yml'
+    to tell ``l3_agent`` use the new config file.
+    Example:
+
+    .. code-block:: yaml
+
+      neutron_l3_agent_ini_overrides:
+        ipsec:
+          enable_detailed_logging: True
+        strongswan:
+          strongswan_config_template : "{{ neutron_conf_dir }}/strongswan.conf.template"
+        openswan:
+          ipsec_config_template:  "{{ neutron_conf_dir }}/ipsec.conf.template"
diff --git a/tasks/neutron_post_install.yml b/tasks/neutron_post_install.yml
index bd7eb455..2da8f64b 100644
--- a/tasks/neutron_post_install.yml
+++ b/tasks/neutron_post_install.yml
@@ -195,6 +195,19 @@
   when:
     - "'bgpvpn' in neutron_plugin_base"
 
+- name: Copy vpnaas custom config files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "root"
+    group: "{{ neutron_system_group_name }}"
+    mode: "0640"
+  loop: "{{ neutron_vpnaas_custom_config }}"
+  when:
+    - neutron_vpnaas_custom_config | length > 0
+    - neutron_services['neutron-l3-agent']['group'] in group_name
+    - item.condition | default(True)
+
 - name: Stop haproxy service on debian derivatives with standalone network nodes
   service:
     name: haproxy