苹果手机的ipsec

最新推荐文章于 2024-04-15 09:10:33 发布
最新推荐文章于 2024-04-15 09:10:33 发布
阅读量1.5k 收藏 2
点赞数 1
分类专栏: linux服务类 文章标签: 苹果手机设置ipsec ipsec
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zdl244/article/details/107776067
版权

苹果手机的ipsec

首先查看苹果手机上的L2tp配置是需要ipsec的,所以需要配置服务器支持ipsec的l2tp

第一步:安装xl2tpd和strongswan软件

[root@myzdl ~]# yum install epel-release -y
[root@myzdl ~]# yum install strongswan xl2tpd -y

配置xl2tp的主配置文件

[root@myzdl ~]# vim /etc/xl2tpd/xl2tpd.conf 

[lns default]
ip range = 192.168.252.100-192.168.252.200    
local ip = 192.168.252.254              
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd 
length bit = yes

配置安全控制文件

[root@myzdl ~]# vim /etc/ppp/options.xl2tpd 

ipcp-accept-local
ipcp-accept-remote
ms-dns  114.114.114.114
noccp
auth
require-mschap-v2 
idle 1800
mtu 1410
mru 1410
nodefaultroute  
debug
proxyarp
connect-delay 5000

配置账号密码文件

[root@myzdl ~]# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client	server	secret			IP addresses
  user1         *       a123456                 192.168.252.101
  user2         *       a123456                 192.168.252.102
  user3         *       a123456                 *

第二步:配置ipsec

配置ipsec主配置文件

config setup
 
conn IPsec-L2tp-psk
     left=172.16.0.4
     leftprotoport=17/1701
     right=%any
     rightprotoport=17/%any

     type=transport
     authby=secret
     pfs=yes
     keyingtries=3
     keylife=1h
     dpddelay=30
     dpdtimeout=120
     dpdaction=clear
     rekey=no
     ikelifetime=8h
     auto=add

配置psk

[root@myzdl ~]# vim /etc/strongswan/ipsec.secrets

# ipsec.secrets - strongSwan IPsec secrets file
172.16.0.4   %any  :  PSK "a123456"

启动服务

[root@myzdl ~]# systemctl start strongswan xl2tpd

用手机连接后成功的日志

Aug  3 23:46:05 myzdl charon: 07[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)
Aug  3 23:46:05 myzdl charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
Aug  3 23:46:05 myzdl charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received FRAGMENTATION vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] received DPD vendor ID
Aug  3 23:46:05 myzdl charon: 07[IKE] 112.97.212.98 is initiating a Main Mode IKE_SA
Aug  3 23:46:05 myzdl charon: 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug  3 23:46:05 myzdl charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Aug  3 23:46:05 myzdl charon: 07[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)
Aug  3 23:46:05 myzdl charon: 08[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)
Aug  3 23:46:05 myzdl charon: 08[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl charon: 08[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)
Aug  3 23:46:05 myzdl charon: 09[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)
Aug  3 23:46:05 myzdl charon: 09[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl charon: 09[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)
Aug  3 23:46:05 myzdl charon: 10[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)
Aug  3 23:46:05 myzdl charon: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug  3 23:46:05 myzdl charon: 10[IKE] local host is behind NAT, sending keep alives
Aug  3 23:46:05 myzdl charon: 10[IKE] remote host is behind NAT
Aug  3 23:46:05 myzdl charon: 10[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug  3 23:46:05 myzdl charon: 10[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)
Aug  3 23:46:05 myzdl charon: 11[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)
Aug  3 23:46:05 myzdl charon: 11[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl charon: 11[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)
Aug  3 23:46:05 myzdl charon: 12[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)
Aug  3 23:46:05 myzdl charon: 12[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl charon: 12[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)
Aug  3 23:46:05 myzdl charon: 13[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (108 bytes)
Aug  3 23:46:05 myzdl strongswan: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 3.10.0-1127.13.1.el7.x86_64, x86_64)
Aug  3 23:46:05 myzdl strongswan: 00[CFG] PKCS11 module '<name>' lacks library path
Aug  3 23:46:05 myzdl strongswan: 00[LIB] openssl FIPS mode(2) - enabled
Aug  3 23:46:05 myzdl strongswan: 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'
Aug  3 23:46:05 myzdl strongswan: 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'
Aug  3 23:46:05 myzdl strongswan: 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'
Aug  3 23:46:05 myzdl strongswan: 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'
Aug  3 23:46:05 myzdl strongswan: 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'
Aug  3 23:46:05 myzdl strongswan: 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'
Aug  3 23:46:05 myzdl strongswan: 00[CFG]   loaded IKE secret for 172.16.0.4   %any
Aug  3 23:46:05 myzdl strongswan: 00[CFG] opening triplet file /etc/strongswan/ipsec.d/triplets.dat failed: No such file or directory
Aug  3 23:46:05 myzdl strongswan: 00[CFG] loaded 0 RADIUS server configurations
Aug  3 23:46:05 myzdl strongswan: 00[CFG] HA config misses local/remote address
Aug  3 23:46:05 myzdl strongswan: 00[CFG] no script for ext-auth script defined, disabled
Aug  3 23:46:05 myzdl strongswan: 00[LIB] loaded plugins: charon pkcs11 tpm aesni aes des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 chapoly xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp led duplicheck unity counters
Aug  3 23:46:05 myzdl strongswan: 00[JOB] spawning 16 worker threads
Aug  3 23:46:05 myzdl strongswan: 05[CFG] received stroke: add connection 'IPsec-L2tp-psk'
Aug  3 23:46:05 myzdl strongswan: 05[CFG] added configuration 'IPsec-L2tp-psk'
Aug  3 23:46:05 myzdl strongswan: 07[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)
Aug  3 23:46:05 myzdl strongswan: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received NAT-T (RFC 3947) vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Aug  3 23:46:05 myzdl charon: 13[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received FRAGMENTATION vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] received DPD vendor ID
Aug  3 23:46:05 myzdl strongswan: 07[IKE] 112.97.212.98 is initiating a Main Mode IKE_SA
Aug  3 23:46:05 myzdl strongswan: 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug  3 23:46:05 myzdl strongswan: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Aug  3 23:46:05 myzdl strongswan: 07[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)
Aug  3 23:46:05 myzdl strongswan: 08[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)
Aug  3 23:46:05 myzdl strongswan: 08[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl strongswan: 08[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)
Aug  3 23:46:05 myzdl strongswan: 09[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)
Aug  3 23:46:05 myzdl strongswan: 09[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl strongswan: 09[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)
Aug  3 23:46:05 myzdl strongswan: 10[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)
Aug  3 23:46:05 myzdl strongswan: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug  3 23:46:05 myzdl strongswan: 10[IKE] local host is behind NAT, sending keep alives
Aug  3 23:46:05 myzdl strongswan: 10[IKE] remote host is behind NAT
Aug  3 23:46:05 myzdl strongswan: 10[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug  3 23:46:05 myzdl strongswan: 10[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)
Aug  3 23:46:05 myzdl strongswan: 11[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)
Aug  3 23:46:05 myzdl strongswan: 11[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl strongswan: 11[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)
Aug  3 23:46:05 myzdl strongswan: 12[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)
Aug  3 23:46:05 myzdl strongswan: 12[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl strongswan: 12[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)
Aug  3 23:46:05 myzdl strongswan: 13[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (108 bytes)
Aug  3 23:46:05 myzdl charon: 13[CFG] looking for pre-shared key peer configs matching 172.16.0.4...112.97.212.98[10.27.33.86]
Aug  3 23:46:05 myzdl charon: 13[CFG] selected peer config "IPsec-L2tp-psk"
Aug  3 23:46:05 myzdl charon: 13[IKE] IKE_SA IPsec-L2tp-psk[1] established between 172.16.0.4[172.16.0.4]...112.97.212.98[10.27.33.86]
Aug  3 23:46:05 myzdl charon: 13[ENC] generating ID_PROT response 0 [ ID HASH ]
Aug  3 23:46:05 myzdl charon: 13[NET] sending packet: from 172.16.0.4[4500] to 112.97.212.98[49225] (92 bytes)
Aug  3 23:46:05 myzdl charon: 13[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (108 bytes)
Aug  3 23:46:05 myzdl charon: 13[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl charon: 13[NET] sending packet: from 172.16.0.4[4500] to 112.97.212.98[49225] (92 bytes)
Aug  3 23:46:05 myzdl charon: 13[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (108 bytes)
Aug  3 23:46:05 myzdl charon: 13[IKE] received retransmit of request with ID 0, retransmitting response
Aug  3 23:46:05 myzdl charon: 13[NET] sending packet: from 172.16.0.4[4500] to 112.97.212.98[49225] (92 bytes)
Aug  3 23:46:05 myzdl charon: 05[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (332 bytes)
Aug  3 23:46:05 myzdl charon: 05[ENC] parsed QUICK_MODE request 381573843 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug  3 23:46:05 myzdl charon: 05[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug  3 23:46:05 myzdl charon: 05[IKE] received 3600s lifetime, configured 0s
Aug  3 23:46:05 myzdl charon: 05[ENC] generating QUICK_MODE response 381573843 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug  3 23:46:05 myzdl charon: 05[NET] sending packet: from 172.16.0.4[4500] to 112.97.212.98[49225] (204 bytes)
Aug  3 23:46:05 myzdl charon: 06[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (76 bytes)
Aug  3 23:46:05 myzdl charon: 06[ENC] parsed QUICK_MODE request 381573843 [ HASH ]
Aug  3 23:46:05 myzdl charon: 06[IKE] CHILD_SA IPsec-L2tp-psk{1} established with SPIs c0bb394d_i 0d391cbc_o and TS 172.16.0.4/32[udp/l2tp] === 112.97.212.98/32[udp/53505]
Aug  3 23:46:05 myzdl xl2tpd: xl2tpd[12268]: Connection established to 112.97.212.98, 53505.  Local: 38639, Remote: 18 (ref=0/0).  LNS session is 'default'
Aug  3 23:46:05 myzdl xl2tpd: xl2tpd[12268]: Call established with 112.97.212.98, Local: 39793, Remote: 3015, Serial: 1
Aug  3 23:46:05 myzdl pppd[12311]: Plugin pppol2tp.so loaded.
Aug  3 23:46:05 myzdl pppd[12311]: pppd 2.4.5 started by root, uid 0
Aug  3 23:46:05 myzdl pppd[12311]: Using interface ppp0
Aug  3 23:46:05 myzdl pppd[12311]: Connect: ppp0 <-->
Aug  3 23:46:05 myzdl pppd[12311]: Overriding mtu 1500 to 1410
Aug  3 23:46:05 myzdl pppd[12311]: Overriding mru 1500 to mtu value 1410
Aug  3 23:46:05 myzdl NetworkManager[655]: <info>  [1596469565.8663] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/386)
Aug  3 23:46:08 myzdl pppd[12311]: Overriding mtu 1500 to 1410
Aug  3 23:46:09 myzdl pppd[12311]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
Aug  3 23:46:09 myzdl pppd[12311]: Cannot determine ethernet address for proxy ARP
Aug  3 23:46:09 myzdl pppd[12311]: local  IP address 192.168.252.254
Aug  3 23:46:09 myzdl pppd[12311]: remote IP address 192.168.252.101
Aug  3 23:46:09 myzdl NetworkManager[655]: <info>  [1596469569.0362] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Aug  3 23:46:09 myzdl NetworkManager[655]: <info>  [1596469569.0373] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
Aug  3 23:46:09 myzdl charon: 09[KNL] 192.168.252.254 appeared on ppp0
Aug  3 23:46:09 myzdl charon: 11[KNL] 192.168.252.254 disappeared from ppp0
Aug  3 23:46:09 myzdl charon: 13[KNL] 192.168.252.254 appeared on ppp0
Aug  3 23:46:09 myzdl charon: 15[KNL] interface ppp0 activated

安卓苹果通用配置二:

config setup

conn IPsec-L2tp-psk
#     aggressive=yes

     left=172.16.88.12
     leftprotoport=17/1701
     rightid=%any
     right=%any
     rightprotoport=17/%any

     type=transport
     authby=psk
#     authby=secret
#     ikelifetime=3600s

     ike=3des-md5-modp1024!
     
     ikelifetime=8h
     auto=add

# ipsec.secrets - strongSwan IPsec secrets file
172.16.88.12    %any  :  PSK "a123456"
zdl244
关注
  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
解决l2tp + ipsec ***无法上网的问题
weixin_34279061的博客
12-02 9709
L2TP/IPSec一键安装脚本 : https://teddysun.com/448.html 修改/etc/sysctl.conf,开启路由功能vi /etc/sysctl.conf 将下面两项找到:net.ipv4.ip_forward = 0net.ipv4.conf.default.rp_filter = 1 改为:net.ipv4.ip_forward = 1net.ipv4.co...
linux ikev2 端口,ipsec使用的500端口和4500端口可以似乎被封杀了?
weixin_31232021的博客
05-11 1706
从几周前开始突然连不上了,ipsec start --nofork 前台运行打印的日志显示15[NET] received packet: from 116.253.84.217[500] to 162.243.153.127[500] (604 bytes)15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_...
苹果IOS手机端该如何连接PPTP?
xiaozhang888888的博客
09-28 3231
不同的手机打开方式有点不一样,具体以手机为准,这次我们以苹果手机IOS系统为例说明要如何使用
苹果、安卓中的ipsec功能
最新发布
funtasty的专栏
04-15 496
虽然在 macOS 和 iOS 中没有一个单独的 IPsec 工具,但是内置的 VPN 客户端提供了足够的功能来配置和使用 IPsec VPN 连接。用户可以在“系统偏好设置” > “网络”中添加 VPN 配置,并选择使用 IKEv2/IPsec 或者 L2TP/IPsec 协议,并配置相应的服务器地址、用户名、密码等信息。在 VPN 类型中选择“IPsec 协议”,有时也可以选择“IPsec Xauth PSK”或者“IPsec Xauth RSA”等选项,具体根据 VPN 服务器的配置来选择。
修改ha_config配置文件
weixin_30674525的博客
05-27 326
脚本运行环境win7, python3.6, pycharm2017社区版 ha_config配置文件如下: global log 127.0.0.1 local2 daemon maxconn 256 log 127.0.0.1 local2 info defaults log g...
wireshark1.12和IPSec详解
03-13
标题“wireshark1.12和IPSec详解”指出我们要讨论的是网络分析工具Wireshark的1.12版本以及IPSec(Internet Protocol Security)的详细知识。Wireshark是一款开源的网络封包分析软件,广泛用于网络故障排查、网络...
ipsec原理总结
03-15
"IPsec 原理总结" IPsec(Internet Protocol Security)是一种广泛使用的网络安全协议,旨在为 IP 网络提供高安全性特性。IPsec 技术原理包括两个主要部分:Authentication Header(AH)协议和 Encapsulated ...
ipsec.rar_ipsec
09-21
主要用户windows的ipsec,关闭不必要的端口,执行相应脚本,自动建立ipsec。屏蔽不安全的应用端口,防止病毒木马,排除其他占用系统资源!
IPSec.rar_ipsec
09-22
Internet 协议安全 (IPSec)
华为L2TP客户端工具
09-18
华为L2TP客户端工具,不用改注册表了,有需要的下载吧!
IPsec密码学评估
11-09
是一个非常难得的资料,讲述了IPsec的AH的非必要性,传输模式的非必要性,加密算法缺陷等等;这篇文章可以说是把IPsec怒怼了一把
【无标题】PPTP和L2TP服务器iPhone和PC VPN同时接入设置
weixin_38130703的博客
05-21 644
PPTP和L2TP服务器iPhone和PC VPN同时接入设置
Iphone连接Openwrt的IPSEC服务器
胡同老道的博客
09-12 1万+
最近搭建了群晖的Moments服务,把家人的所有照片全部存储到NAS,然后删除了手机中的照片,省出了大量空间,家里的领导再也不抱怨手机空间不够了。 我是经常换手机,用手机自带的备份克隆或者换机助手,动不动就一两个小时才能把几十G照片搬到新手机,用了群晖,这个问题也解决了。 话说物极必反,没用几天,领导就抱怨在外面看到不以前的照片了,发了限期整改的通知,否则把每月零花钱从350降到200。 本着绝对不开历史倒车的技术理念,加上捉襟见肘的预算,排除了把照片...
strongswan 配置ikev2 for iOS
sonflower123的博客
08-11 4612
最新版本的strongswan 目前已支持ikev2 ,对于手机客户端,ios9.0 以上自带的vpn 支持 ikev2(服务器认证方式为:证书,客户端认证方式eap-mschapv2),安卓部分自带的客户端支持ikev2,如下为支持ios9.0以上的ikev2 配置 (手机客户端个人打包) 修改 ipsec.conf配置文件 vi /etc/ipsec.conf conn eap_ios
strongswan 配置ikev2 for iOS and Android
热门推荐
sonflower123的博客
02-02 1万+
strongswan 高版本已支持ikev2,ios9.0以上版本的支持ikev2,Android也是高版本的部分机型支持ikev2,本人搭建的基于ikev2交换协议的strongswan VPN服务器对与iOS 是免证书的(iOS VPN客户端自己写的),Android (VPN客户端是stongswan 官网提供的客户端)服务器认证是证书,客户端认证是eap模式配置文件如下 1.生成服务器证
苹果手机开源×××-StrongSwan【新任帮主】
weixin_33860553的博客
09-27 936
使用StrongSwan 搭建IPSec ×××支持IOS 6.0 & 6.0+1.背景:此次研究StrongSwan搭建IPsec主要是因为IPhone手机升级到10.0版本后,原来公司搭建的PPTP ×××已经不再支持,所以需要立即采取其他的×××接入方式,于是在网上就了解这个StrongSwan,并开始部署和使用了 2.StrongSwan 安装我的底层是centos6.6,安装方式...
linux IPSEC
08-14
IPsec(Internet Protocol Security)是一个网络层的安全协议,用于保护IP数据包的机密性、完整性和认证性。它通过对IP数据包进行加密和认证来提供安全通信。在Linux系统中,我们可以使用StrongSwan来实现IPsec。 在Linux上配置IPsec,首先需要安装StrongSwan软件包。可以通过包管理工具如apt或yum进行安装。 安装完成后,需要进行IPsec的配置。主要的配置文件是/etc/ipsec.conf和/etc/ipsec.secrets。在ipsec.conf文件中,你可以指定IPsec的连接和参数。在ipsec.secrets文件中,你可以指定预共享密钥(PSK)或证书等身份验证信息。 例如,假设你想在两台Linux主机之间建立IPsec连接。你可以在每台主机上编辑ipsec.conf文件,配置相应的连接和参数。然后,在ipsec.secrets文件中指定PSK或证书等身份验证信息。 完成配置后,启动StrongSwan服务,并确保服务在系统启动时自动启动。你可以使用systemctl命令来管理服务。 一旦IPsec连接建立成功,你就可以通过加密和认证来保护你的网络流量。这可以用于保护远程访问、站点到站点连接等场景。 这只是一个简单的概述,实际的配置可能会更复杂。如果你有特定的需求,请提供更多细节,我可以提供更具体的指导。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

zdl244

你的鼓励是我最大的动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值