LINUX VPN 設定

出自 NCUCCWiki
於 2021年6月3日 (四) 03:23 由 Center2 (對話 | 貢獻) 所做的修訂
前往: 導覽搜尋

紅字的部分是須根據個人的帳號與密碼設定, 如test 帳號, 密碼:123456

Linux VPN Client 建置

一.參考網址 https://zh.codepre.com/how-to-6731.htmlhttps://kifarunix.com/configure-strongswan-vpn-client-on-ubuntu-18-04-centos-8/

二.對CentOS 8 環境失敗

三.使用Ubuntu Live Server 18.04.5 環境測試OK

四. 設定方式如下

1. Install strongSwan

apt update

apt install strongswan libcharon-extra-plugins

2. Install strongSwan VPN Server CA certificate on the Client 將vpn1.ncu.edu.tw 的chainXX.pem(/etc/letsencrypt/archive/vpn1.ncu.edu.tw 目錄下) , 更名成chain.pem , 放置到/etc/ipsec.d/cacerts/ 目錄下

3. Configure strongSwan VPN client (1) vi /etc/ipsec.conf

  conn ipsec-ikev2-vpn-client
    auto=start
    right=vpn1.ncu.edu.tw
    rightid=vpn1.ncu.edu.tw
    rightsubnet=0.0.0.0/0
    rightauth=pubkey
    leftsourceip=%config
    leftid=test
    leftauth=eap-mschapv2
    eap_identity=%identity


(2)vi /etc/ipsec.secrets

  # This file holds shared secrets or RSA private keys for authentication.


  1. RSA private key for this host, authenticating it to any other host
  1. which knows the public part.


  1. user id : EAP secret

test : EAP "123456"

  1. this file is managed with debconf and will contain the automatically created private key
  1. include /var/lib/strongswan/ipsec.secrets.inc


4. 解決no issuer certificate found 'C=US , O="Let's Encrypt, CN=R3"憑證問題

cp /etc/ssl/certs/DST_ROOT_X3.pem /etc/ipsec.d/cacerts/

cp /etc/ssl/certs/ISRG_Root_X1.pem etc/ipsec.d/cacerts/

5.啟動 strongswan

systemctl start strongswan

ps:避免strongswan 在系統啟動時運行systemctl disable strongswan

6.查看狀況

systemctl status strongswan