ipsec-vpn-server

链接

教程

ip检测

strongSwanVPN android客户端下载

目录示例

ipsec.d

buyfakett.mobileconfig

buyfakett.p12

buyfakett.sswan

cert9.db

ikev2.conf

ikev2setup.log

key4.db

passwd

pkcs11.txt

policies

block

clear

clear-or-private

portexcludes.conf

private

private-or-clear

vpnclient.mobileconfig

vpnclient.p12

vpnclient.sswan

vpn-gen.env

安装

setup.sh

#!/bin/bash

echo "Asia/Shanghai" > /etc/timezone

if [ ! -d ./ipsec.d ];then
        docker run \
        --name copyconfig \
        --restart=always \
        -p 500:500/udp \
        -p 4500:4500/udp \
        -d --privileged \
        buyfakett/hwdsl2-ipsec-vpn-server && sleep 10 && docker cp copyconfig:/etc/ipsec.d ./ipsec.d
docker rm -f copyconfig
fi

docker kill ipsec-vpn-server
docker rm ipsec-vpn-server
docker run \
    --name ipsec-vpn-server \
    --restart=always \
    --env-file ./ipsec.d/vpn-gen.env \
    -v $(pwd)/ipsec.d:/etc/ipsec.d \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -d --privileged \
    buyfakett/hwdsl2-ipsec-vpn-server

# 帮助命令
# docker exec -it ipsec-vpn-server /opt/src/ikev2.sh --help
# 添加用户
# docker exec -it ipsec-vpn-server /opt/src/ikev2.sh --addclient [client name]
# 删除用户
# docker exec -it ipsec-vpn-server /opt/src/ikev2.sh --revokeclient [client name]
# docker exec -it ipsec-vpn-server /opt/src/ikev2.sh --deleteclient [client name]
# 检查 IPsec VPN 服务器状态
# docker exec -it ipsec-vpn-server ipsec status
# 查看当前已建立的 VPN 连接
# docker exec -it ipsec-vpn-server ipsec trafficstatus

客户端导入教程

# win7 导入p12
# certutil -f -importpfx "C:/Users/Administrator/Desktop/chenliming.p12" NoExport

# win8、win10 、win11
powershell -command "Add-VpnConnection -ServerAddress '服务器IP' -Name 'vpn名字' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"

powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'vpn名字' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"

linux命令行连接

使用networkmanager来控制网络

Tip

由于linux原生不支持默认的加密方式

在ipsec.d/ikev2.conf中增加authby=rsa-sha1配置

yum install epel-release -y
yum --enablerepo=epel install strongswan xl2tpd net-tools -y

openssl pkcs12 -in test.p12 -cacerts -nokeys -out ca.cer
openssl pkcs12 -in test.p12 -clcerts -nokeys -out client.cer
openssl pkcs12 -in test.p12 -nocerts -nodes  -out client.key

nmcli c add type vpn ifname -- vpn-type strongswan connection.id VPN-test connection.autoconnect no vpn.data 'address = xx.xx.xx.xx, certificate = /data/ca.cer, encap = no, esp = aes128gcm16, ipcomp = no, method = key, proposal = yes, usercert = /data/client.cer, userkey = /data/client.key, virtual = yes'

nmcli c up VPN-test

#ipsec-vpn-server

#链接

#目录示例

#安装

#客户端导入教程

#linux命令行连接

ipsec-vpn-server

链接

目录示例

安装

客户端导入教程

linux命令行连接