意昂体育4平台
本文以Ubuntu 22.04系統為例🍄,安裝strongswan軟件,配置VPN協議IKEv2。
查看 Ubuntu 系統版本信息可以使用lsb_release 命令:
Shell$ lsb_release --all Distributor ID: Ubuntu Description: Ubuntu 22.04.2 LTS Release: 22.04 Codename: jammy
安裝VPN相關軟件包
使用包管理apt軟件安裝strongswan附屬插件及相關工具:
sudo apt install strongswan strongswan-swanctl sudo apt install libstrongswan-extra-plugins libcharon-extra-plugins sudo apt install libcharon-extauth-plugins libstrongswan-standard-plugins sudo apt install resolvconf curl
引入系統信任證書列表
strongswan軟件默認未配置信任證書🤽🏻🧑🎓,以下步驟將重新導入系統信任證書列表:
sudo rm -f /etc/ipsec.d/cacerts/* sudo ln -s /etc/ssl/certs/* /etc/ipsec.d/cacerts/
創建VPN連接
方式 1: 使用ipsec命令
例子中的用戶jAccount賬號名假定為myname😒,密碼假定為mypassword,請替換🚶🏻♂️➡️:
編輯文件1 /etc/ipsec.conf
conn "sjtu-staff" keyexchange=ikev2 left=%config leftsourceip=%config4,%config6 leftauth=eap-peap ike=aes128-sha1-modp1024, aes256-sha1-modp1024, 3des-sha1-modp1024! esp=aes128-sha1-modp1024, aes128-sha2_256-modp1024, 3des-sha1-modp1024! right=vpn.sjtu.edu.cn rightid=%any rightsendcert=never rightsubnet=0.0.0.0/0,2000::/3 rightauth=pubkey eap_identity="myname" # jAccount ID auto=add aaa_identity="@radius.d46fzc.cn" conn "sjtu-student" keyexchange=ikev2 left=%config leftsourceip=%config4,%config6 leftauth=eap-peap right=stu.vpn.sjtu.edu.cn rightid=@stu.vpn.sjtu.edu.cn rightsendcert=never rightsubnet=0.0.0.0/0,2000::/3 rightauth=pubkey eap_identity="myname" # jAccount ID auto=add aaa_identity="@radius.d46fzc.cn"
編輯文件2. /etc/ipsec.secrets
"myname" : EAP "mypassword"
【註意】
1、其中“myname”是您jAccount賬號名,“mypassword”是您jAccount密碼👩💼。
2、":"冒號左右兩側均為空格👷🏼♂️,不可用TAB鍵。
編輯文件3. /etc/strongswan.d/charon/revocation.conf
load = no
重新啟動VPN🏇🏽,命令如下:
sudo ipsec restart
連接VPN,命令如下:
sudo ipsec up "sjtu-staff" #教職工VPN sudo ipsec up "sjtu-student" #學生VPN
斷開VPN,命令如下:
sudo ipsec down "sjtu-staff" #教職工VPN sudo ipsec down "sjtu-student" #學生VPN
方式 2: 使用swanctl命令
編輯文件1 /etc/swanctl/conf.d/sjtuvpn.conf
swanctl引用的配置目錄/etc/swanctl/conf.d/
示例文件名為 sjtuvpn.conf🛸,內容如下,其中用戶jAccount賬號名假定為myname✋🏻,密碼假定為mypassword👀,請替換:
connections {
vpn-staff {
vips = 0.0.0.0,::
remote_addrs = vpn.sjtu.edu.cn
send_certreq = no
local {
auth = eap-peap
eap_id = myname
aaa_id = @radius.d46fzc.cn
}
remote {
auth = pubkey
id = %any
}
children {
vpn-staff {
remote_ts = 0.0.0.0/0,::/0
esp_proposals = aes128-sha1-modp1024, aes128-sha2_256-modp1024, 3des-sha1-modp1024,default
}
}
version = 2
mobike = no
proposals = aes128-sha1-modp1024, aes256-sha1-modp1024,3des-sha1-modp1024,default
}
vpn-student {
vips = 0.0.0.0,::
remote_addrs = stu.vpn.sjtu.edu.cn
send_certreq = no
local {
auth = eap-peap
eap_id = myname
aaa_id = @radius.d46fzc.cn
}
remote {
auth = pubkey
id = @stu.vpn.sjtu.edu.cn
}
children {
vpn-student {
remote_ts = 0.0.0.0/0,::/0
}
}
version = 2
mobike = no
}
}secrets {
eap-jaccount {
id = myname
secret = "mypassword"
}
}
編輯文件2. /etc/strongswan.d/charon/revocation.conf
load = no
重新讀取VPN配置🎋,命令如下:
sudo ipsec restart sudo swanctl --load-all
連接VPN,命令如下:
sudo swanctl -i --child vpn-staff #教職工VPN sudo swanctl -i --child vpn-student #學生VPN
斷開VPN,命令如下
sudo swanctl -t --ike vpn-staff #教職工VPN sudo swanctl -t --ike vpn-student #學生VPN
檢查VPN是否生效
可通過命令行執行如下命令,查看連接VPN前後,命令反饋的IP地址是否發生變化
curl whatismyip.sjtu.edu.cn curl v6.whatismyip.sjtu.edu.cn
