檢視 LINUX VPN 設定的原始碼


Linux VPN Client 建置

一.參考網址 https://zh.codepre.com/how-to-6731.html  及 https://kifarunix.com/configure-strongswan-vpn-client-on-ubuntu-18-04-centos-8/

二.對CentOS 8 環境失敗

三.使用Ubuntu Live Server 18.04.5  環境測試OK

四. 設定方式如下

1. Install strongSwan

 apt update

 apt install strongswan libcharon-extra-plugins

2. Install strongSwan VPN Server CA certificate on the Client

 將vpn1.ncu.edu.tw 的chainXX.pem(/etc/letsencrypt/archive/vpn1.ncu.edu.tw 目錄下) ， 更名成chain.pem  ， 放置到/etc/ipsec.d/cacerts/ 目錄下

3. Configure strongSwan VPN client

 (1) vi /etc/ipsec.conf

   conn ipsec-ikev2-vpn-client

     auto=start

     right=vpn1.ncu.edu.tw

     rightid=vpn1.ncu.edu.tw

     rightsubnet=0.0.0.0/0

     rightauth=pubkey

     leftsourceip=%config

     leftid=test

      #根據個人的帳號與密碼設定， 如test 帳號

     leftauth=eap-mschapv2

     eap_identity=%identity

 (2)vi /etc/ipsec.secrets

  # This file holds shared secrets or RSA private keys for authentication.

  # RSA private key for this host, authenticating it to any other host

  # which knows the public part.

  # user id : EAP secret

  test : EAP "123456"

  #根據個人的帳號與密碼設定， 如test 帳號， 密碼:123456

  # this file is managed with debconf and will contain the automatically created private key

  #include /var/lib/strongswan/ipsec.secrets.inc

4. 解決no issuer certificate found 'C=US , O="Let's Encrypt, CN=R3"憑證問題

  cp /etc/ssl/certs/DST_ROOT_X3.pem /etc/ipsec.d/cacerts/

  cp /etc/ssl/certs/ISRG_Root_X1.pem  etc/ipsec.d/cacerts/

5.啟動 strongswan 

  systemctl start strongswan 

  ps:避免strongswan 在系統啟動時運行systemctl disable strongswan

6.查看狀況

  systemctl status strongswan