LINUX VPN 設定

紅字的部分是須根據個人的帳號與密碼設定， 如test 帳號， 密碼:123456

Linux VPN Client 建置

一.參考網址 https://zh.codepre.com/how-to-6731.html 及 https://kifarunix.com/configure-strongswan-vpn-client-on-ubuntu-18-04-centos-8/

二.對CentOS 8 環境失敗

三.使用Ubuntu Live Server 18.04.5 環境測試OK

四. 設定方式如下

1. Install strongSwan

apt update

apt install strongswan libcharon-extra-plugins

2. Install strongSwan VPN Server CA certificate on the Client 將vpn1.ncu.edu.tw 的chainXX.pem(/etc/letsencrypt/archive/vpn1.ncu.edu.tw 目錄下) ， 更名成chain.pem ， 放置到/etc/ipsec.d/cacerts/ 目錄下

3. Configure strongSwan VPN client (1) vi /etc/ipsec.conf

  conn ipsec-ikev2-vpn-client

    auto=start

    right=vpn1.ncu.edu.tw

    rightid=vpn1.ncu.edu.tw

    rightsubnet=0.0.0.0/0

    rightauth=pubkey

    leftsourceip=%config

    leftid=test

    leftauth=eap-mschapv2

    eap_identity=%identity

(2)vi /etc/ipsec.secrets

  # This file holds shared secrets or RSA private keys for authentication.

1. RSA private key for this host, authenticating it to any other host

1. which knows the public part.

1. user id : EAP secret

test : EAP "123456"

1. this file is managed with debconf and will contain the automatically created private key

1. include /var/lib/strongswan/ipsec.secrets.inc

4. 解決no issuer certificate found 'C=US , O="Let's Encrypt, CN=R3"憑證問題

cp /etc/ssl/certs/DST_ROOT_X3.pem /etc/ipsec.d/cacerts/

cp /etc/ssl/certs/ISRG_Root_X1.pem etc/ipsec.d/cacerts/

5.啟動 strongswan

systemctl start strongswan

ps:避免strongswan 在系統啟動時運行systemctl disable strongswan

6.查看狀況

systemctl status strongswan