ipsec-vpn-server
buyfakett
ipsec-vpn-server
strongSwanVPN android客户端下载
目录
ipsec.d/
├── buyfakett.mobileconfig
├── buyfakett.p12
├── buyfakett.sswan
├── cert9.db
├── ikev2.conf
├── ikev2setup.log
├── key4.db
├── passwd
├── pkcs11.txt
├── policies
│ ├── block
│ ├── clear
│ ├── clear-or-private
│ ├── portexcludes.conf
│ ├── private
│ └── private-or-clear
├── vpnclient.mobileconfig
├── vpnclient.p12
├── vpnclient.sswan
└── vpn-gen.env
安装
#!/bin/bash
echo "Asia/Shanghai" > /etc/timezone
if [ ! -d ./ipsec.d ];then
docker run \
--name copyconfig \
--restart=always \
-p 500:500/udp \
-p 4500:4500/udp \
-d --privileged \
buyfakett/hwdsl2-ipsec-vpn-server && sleep 10 && docker cp copyconfig:/etc/ipsec.d ./ipsec.d
docker rm -f copyconfig
fi
docker kill ipsec-vpn-server
docker rm ipsec-vpn-server
docker run \
--name ipsec-vpn-server \
--restart=always \
--env-file ./ipsec.d/vpn-gen.env \
-v $(pwd)/ipsec.d:/etc/ipsec.d \
-p 500:500/udp \
-p 4500:4500/udp \
-d --privileged \
buyfakett/hwdsl2-ipsec-vpn-server
# 帮助命令
# docker exec -it ipsec-vpn-server /opt/src/ikev2.sh --help
# 添加用户
# docker exec -it ipsec-vpn-server /opt/src/ikev2.sh --addclient [client name]
# 删除用户
# docker exec -it ipsec-vpn-server /opt/src/ikev2.sh --revokeclient [client name]
# docker exec -it ipsec-vpn-server /opt/src/ikev2.sh --deleteclient [client name]
# 检查 IPsec VPN 服务器状态
# docker exec -it ipsec-vpn-server ipsec status
# 查看当前已建立的 VPN 连接
# docker exec -it ipsec-vpn-server ipsec trafficstatus
客户端导入教程
# win7 导入p12
# certutil -f -importpfx "C:/Users/Administrator/Desktop/chenliming.p12" NoExport
# win8、win10 、win11
powershell -command "Add-VpnConnection -ServerAddress '服务器IP' -Name 'vpn名字' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'vpn名字' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
linux命令行连接
使用networkmanager来控制网络
TIP
由于linux原生不支持默认的加密方式
在ipsec.d/ikev2.conf中增加authby=rsa-sha1配置
yum install epel-release -y
yum --enablerepo=epel install strongswan xl2tpd net-tools -y
openssl pkcs12 -in test.p12 -cacerts -nokeys -out ca.cer
openssl pkcs12 -in test.p12 -clcerts -nokeys -out client.cer
openssl pkcs12 -in test.p12 -nocerts -nodes -out client.key
nmcli c add type vpn ifname -- vpn-type strongswan connection.id VPN-test connection.autoconnect no vpn.data 'address = xx.xx.xx.xx, certificate = /data/ca.cer, encap = no, esp = aes128gcm16, ipcomp = no, method = key, proposal = yes, usercert = /data/client.cer, userkey = /data/client.key, virtual = yes'
nmcli c up VPN-test