精华内容
下载资源
问答
  • strongswan

    2018-03-31 11:56:00
    strongswan StrongSwan is an open source IPsec-based VPN Solution. It supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec sta...

    StrongSwan is an open source IPsec-based VPN Solution. It supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. This tutorial will show you how to use strongSwan to set up an IPSec VPN server on CentOS 7.

    Install strongSwan

    The strongSwan packages are available in the Extra Packages for Enterprise Linux (EPEL) repository. We should enable EPEL first, then install strongSwan.

    yum install http://ftp.nluug.nl/pub/os/Linux/distr/fedora-epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
    yum install strongswan openssl
    

    Generate certificates

    Both the VPN client and server need a certificate to identify and authenticate themselves. I have prepared two shell scripts to generate and sign the certificates. First, we download these two scripts into the folder /etc/strongswan/ipsec.d.

    cd /etc/strongswan/ipsec.d
    wget https://raw.githubusercontent.com/michael-loo/strongswan_config/for_vultr/server_key.sh
    chmod a+x server_key.sh
    wget https://raw.githubusercontent.com/michael-loo/strongswan_config/for_vultr/client_key.sh
    chmod a+x client_key.sh
    

    In these two .sh files, I have set the organization name as VULTR-VPS-CENTOS. If you want to change it, open the .sh files and replace O=VULTR-VPS-CENTOS with O=YOUR_ORGANIZATION_NAME.

    Next, use server_key.sh with the IP address of your server to generate the certificate authority (CA) key and certificate for server. Replace SERVER_IP with the IP address of your Vultr VPS.

    ./server_key.sh SERVER_IP
    

    Generate the client key, certificate, and P12 file. Here, I will create the certificate and P12 file for the VPN user "john".

    ./client_key.sh john john@gmail.com
    

    Replace "john" and his email with yours before running the script.

    After the certificates for client and server are generated, copy /etc/strongswan/ipsec.d/john.p12 and /etc/strongswan/ipsec.d/cacerts/strongswanCert.pem to your local computer.

    Configure strongSwan

    Open the strongSwan IPSec configuration file.

    vi /etc/strongswan/ipsec.conf
    

    Replace its content with the following text.

    config setup
        uniqueids=never
        charondebug="cfg 2, dmn 2, ike 2, net 0"
    
    conn %default
        left=%defaultroute
        leftsubnet=0.0.0.0/0
        leftcert=vpnHostCert.pem
        right=%any
        rightsourceip=172.16.1.100/16
    
    conn CiscoIPSec
        keyexchange=ikev1
        fragmentation=yes
        rightauth=pubkey
        rightauth2=xauth
        leftsendcert=always
        rekey=no
        auto=add
    
    conn XauthPsk
        keyexchange=ikev1
        leftauth=psk
        rightauth=psk
        rightauth2=xauth
        auto=add
    
    conn IpsecIKEv2
        keyexchange=ikev2
        leftauth=pubkey
        rightauth=pubkey
        leftsendcert=always
        auto=add
    
    conn IpsecIKEv2-EAP
        keyexchange=ikev2
        ike=aes256-sha1-modp1024!
        rekey=no
        leftauth=pubkey
        leftsendcert=always
        rightauth=eap-mschapv2
        eap_identity=%any
        auto=add
    

    Edit the strongSwan configuration file, strongswan.conf.

    vi /etc/strongswan/strongswan.conf
    

    Delete everything and replace it with the following.

    charon {
        load_modular = yes
        duplicheck.enable = no
        compress = yes
        plugins {
                include strongswan.d/charon/*.conf
        }
        dns1 = 8.8.8.8
        dns2 = 8.8.4.4
        nbns1 = 8.8.8.8
        nbns2 = 8.8.4.4
    }
    
    include strongswan.d/*.conf
    

    Edit the IPsec secret file to add a user and password.

    vi /etc/strongswan/ipsec.secrets
    

    Add a user account "john" into it.

    : RSA vpnHostKey.pem
    : PSK "PSK_KEY"
    john %any : EAP "John's Password"
    john %any : XAUTH "John's Password"
    

    Please note that both sides of the colon ':' need a white-space.

    Allow IPv4 forwarding

    Edit /etc/sysctl.conf to allow forwarding in the Linux kernel.

    vi /etc/sysctl.conf
    

    Add the following line into the file.

    net.ipv4.ip_forward=1
    

    Save the file, then apply the change.

    sysctl -p
    

    Configure the firewall

    Open the firewall for your VPN on the server.

    firewall-cmd --permanent --add-service="ipsec"
    firewall-cmd --permanent --add-port=4500/udp
    firewall-cmd --permanent --add-masquerade
    firewall-cmd --reload
    

    Start VPN

    systemctl start strongswan
    systemctl enable strongswan
    

    StrongSwan is now is running on your server. Install the strongswanCert.pem and .p12 certificate files into your client. You will now be able to join your private network.

    posted on 2018-03-31 11:56 秦瑞It行程实录 阅读(...) 评论(...) 编辑 收藏

    转载于:https://www.cnblogs.com/ruiy/p/8681612.html

    展开全文
  • strongswan5.6.3

    2018-07-03 16:46:54
    基于IPSec协议的源代码的实现,如果想好好学习了解IPsec的原理,strongswan是个很好的选择
  • strongswan.sh

    2020-01-07 13:59:29
    strongswan 插件详情
  • strongswan源代码

    2019-02-02 16:52:05
    strongswan源代码
  • strongSwan missing starter

    2020-12-06 02:08:55
    Package strongswan-utils (5.5.0-1) is installed on root and has the following files: /opt/lib/ipsec/scepclient /opt/bin/pki /opt/sbin/ipsec $ opkg files strongswan Package strongswan (5.5.0-1) is...
  • strongswan-master.zip

    2021-03-03 17:27:50
    ipsec strongswan源代码
  • <div><p>Starting from version 5.7.0, strongSwan no more supports to specify a configuration paramter with the path delimited by dots in a configuration file. This change breaks ovs-ipsec-monitor which...
  • strongswan官方文档

    2019-09-23 04:12:27
    strongswan官方文档 www.strongswan.org 官方文档:https://wiki.strongswan.org/projects/strongswan/wiki ...

    www.strongswan.org 官方文档: https://wiki.strongswan.org/projects/strongswan/wiki

    posted on 2019-08-16 13:08 懒懒的小猪 阅读(...) 评论(...) 编辑 收藏

    转载于:https://www.cnblogs.com/lldxz/p/11363262.html

    展开全文
  • <div><p>strongSwan logging configuration is reported as invalid in some OSes (e.g Ubuntu 16.04) when starting the strongSwan services. It is probably due to the strongSwan version change after the ...
  • Use packaged StrongSwan

    2020-12-02 08:19:27
    <div><p>This drops the Rancher-provided build of StrongSwan in favour of the Charon package included in Ubuntu 18.04. It also reduces the number of steps in the Docker build, and cleans the packaging ...
  • StrongSwan 一键安装脚本
  • CentOS搭建Strongswan

    千次阅读 2018-10-18 16:17:29
    假设你的服务器公网ip是99.99.99.99 , ...1、安装strongswan yum install strongswan 2、创建证书 strongswan pki --gen --outform pem &amp;gt; ca.key.pem strongswan pki --self --in ca.key.pem --d...

    假设你的服务器公网ip是99.99.99.99 , 下文中出现的指令中的“你的服务器公网ip”替换成99.99.99.99

    1、安装strongswan

    yum install strongswan
    

    2、创建证书

    strongswan pki --gen --outform pem > ca.key.pem
    strongswan pki --self --in ca.key.pem --dn "C=CN, O=Org, CN=Org Me CA" --ca --lifetime 3650 --outform pem > ca.cert.pem
    
    strongswan pki --gen --outform pem > server.key.pem
    strongswan pki --pub --in server.key.pem --outform pem > server.pub.pem
    strongswan pki --pub --in server.key.pem | strongswan pki --issue --lifetime 3601 --cacert ca.cert.pem --cakey ca.key.pem --dn "C=CN, O=Org, CN=Org Me CA" --san="99.99.99.99" --san="99.99.99.99" --flag serverAuth --flag ikeIntermediate --outform pem > server.cert.pem
    

    注意:

    1. 这里C=CN, O=Org, CN=Org Me CA Org指机构名字 Me是自己名字 随便填。
    2. --san="99.99.99.99" --san="99.99.99.99" 如果已经有域名 可以把一个改成域名

    3、安装证书

    cp -r ca.key.pem /etc/strongswan/ipsec.d/private/
    cp -r ca.cert.pem /etc/strongswan/ipsec.d/cacerts/
    cp -r server.cert.pem /etc/strongswan/ipsec.d/certs/
    cp -r server.pub.pem /etc/strongswan/ipsec.d/certs/
    cp -r server.key.pem /etc/strongswan/ipsec.d/private/
    

    4、配置VPN

    vi /etc/strongswan/ipsec.conf
    
    config setup  
        uniqueids=never #允许多个客户端使用同一个证书
    
    conn %default  #定义连接项, 命名为 %default 所有连接都会继承它
         compress = yes #是否启用压缩, yes 表示如果支持压缩会启用.
         dpdaction = hold #当意外断开后尝试的操作, hold, 保持并重连直到超时.
         dpddelay = 30s #意外断开后尝试重连时长
         dpdtimeout = 60s #意外断开后超时时长, 只对 IKEv1 起作用
         inactivity = 300s #闲置时长,超过后断开连接.
         leftdns = 8.8.8.8,8.8.4.4 #指定服务端与客户端的dns, 多个用","分隔
         rightdns = 8.8.8.8,8.8.4.4
    
    conn IKEv2-BASE
         leftca = "C=CN, O=Org, CN=Org Me CA" #服务器端根证书DN名称,与 --dn 内容一致 
         leftsendcert = always #是否发送服务器证书到客户端
         rightsendcert = never #客户端不发送证书
    
    conn IKEv2-EAP  
         keyexchange=ikev2       #默认的密钥交换算法, ike 为自动, 优先使用 IKEv2
         left=%any       #服务器端标识,%any表示任意  
         leftid= 你的服务器公网ip     #服务器端ID标识,你的服务器公网ip(99.99.99.99)  
         leftsubnet=0.0.0.0/0        #服务器端虚拟ip, 0.0.0.0/0表示通配.  
         leftcert = server.cert.pem     #服务器端证书  
         leftauth=pubkey     #服务器校验方式,使用证书  
         right=%any      #客户端标识,%any表示任意  
         rightsourceip = 10.1.0.0/16    #客户端IP地址分配范围  
         rightauth=eap-mschapv2  #eap-md5#客户端校验方式#KEv2 EAP(Username/Password)   
         also=IKEv2-BASE
         eap_identity = %any #指定客户端eap id
         rekey = no #不自动重置密钥
         fragmentation = yes #开启IKE 消息分片
         auto = add  #当服务启动时, 应该如何处理这个连接项. add 添加到连接表中.
    

    5、修改 dns 配置

    vi /etc/strongswan/strongswan.d/charon.conf
    
    charon {
       duplicheck.enable = no #同时连接多个设备,把冗余检查关闭.
    
        # windows 公用 dns
        dns1 = 8.8.8.8
        dns2 = 8.8.4.4
    
        #以下是日志输出, 生产环境请关闭.
        filelog {
            /var/log/charon.log {
                # add a timestamp prefix
                time_format = %b %e %T
                # prepend connection name, simplifies grepping
                ike_name = yes
                # overwrite existing files
                append = no
                # increase default loglevel for all daemon subsystems
                default = 1
                # flush each line to disk
                flush_line = yes
            }
        }
    
    }
    
    vi /etc/strongswan/strongswan.conf
    
    charon {
            load_modular = yes
            duplicheck.enable = no
            compress = yes
            plugins {
                    include strongswan.d/charon/*.conf
            }
            dns1 = 8.8.8.8
            nbns1 =8.8.4.4
    }
    include strongswan.d/*.conf
    

    6、配置用户和密码

    vi /etc/strongswan/ipsec.secrets
    
    #ipsec.secrets - strongSwan IPsec secrets file
    
    #使用证书验证时的服务器端私钥
    #格式 : RSA <private key file> [ <passphrase> | %prompt ]
    : RSA server.key.pem
    
    #使用预设加密密钥, 越长越好
    #格式 [ <id selectors> ] : PSK <secret>
    admin : PSK "123456"
    
    #EAP 方式, 格式同 psk 相同 (用户名/密码 例:oneAA/oneTT)
    admin : EAP "123456"
    
    #XAUTH 方式, 只适用于 IKEv1
    #格式 [ <servername> ] <username> : XAUTH "<password>"
    admin : XAUTH "123456"
    

    注意:账号密码分别是 admin 123456 这个自己定义

    7、开启内核转发

    vi /etc/sysctl.conf
    

    配置里添加如下:

    net.ipv4.ip_forward = 1
    net.ipv6.conf.all.forwarding=1
    

    8、配置防火

    vi /etc/firewalld/zones/public.xml
    
    <?xml version="1.0" encoding="utf-8"?>
    <zone>
      <short>Public</short>
      <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
      <interface name="eth0"/>
      <service name="ssh"/>
      <service name="dhcpv6-client"/>
      <service name="ipsec"/>
      <port protocol="tcp" port="1723"/>
      <port protocol="tcp" port="47"/>
        <port protocol="tcp" port="1701"/>
        <port protocol="tcp" port="22"/>
        <masquerade/>
        <rule family="ipv4">
         <source address="10.1.0.0/16"/>
          <masquerade/>                                                                                                                                                                                    
        </rule>
        <rule family="ipv4">
          <source address="10.1.0.0/16"/>
          <forward-port to-port="4500" protocol="udp" port="4500"/>
        </rule>
        <rule family="ipv4">
          <source address="10.1.0.0/16"/>
         <forward-port to-port="500" protocol="udp" port="500"/>
       </rule>
      <masquerade/>
    </zone>
    

    9、开启 防火墙/strongswan 以及 自动启动

    systemctl enable firewalld
    systemctl start firewalld
    systemctl enable strongswan
    systemctl start strongswan
    

    10、阿里云开放端口

    登录阿里云管理控制台- -> 云服务器ECS- ->网络和安全- ->安全组- ->添加安全组规则:
    授权策略:允许
    协议类型:自定义UDP
    端口范围:500/4500
    授权类型:地址段访问
    授权对象:0.0.0.0/0
    优先级:100
    描述:随便填

    注意!添加完成后必须 重启 服务器

    11、证书安装及连接

    用ftp工具(例:FileZilla)下载 ca.key.pem 证书到本地。

    Windows10:

    见另一篇文章https://blog.csdn.net/liyaxin2010/article/details/83148442

    ios证书安装:

    将 ca.cert.pem 用 ftp 导出 , 写邮件以附件的方式发到邮箱, 在ios Safari浏览器登录邮箱, 下载附件, 安装证书。

    设置–>VPN- ->添加VPN配置

    例:类型:IKEv2
    ​ 描述:随便填
    ​ 服务器:你的服务器公网ip
    ​ 远程ID:你的服务器公网ip
    ​ 本地ID:不用填,空着
    ​ 选择- ->用户名,填写-用户名-密码 - ->点击–完成

    回到VPN 界面- ->勾选你在描述里填写的内容显示- ->点击–连接

    mac证书安装:

    双击 ca.cert.pem -->选中你的证书–>显示简介–>信任–>始终信任(然后会弹框填写mac登录密码)。
    步骤:系统编好设置- ->网络- ->点击+号- ->接口:VPN - ->VPN类型:IKEv2 - ->服务名称:随便- ->点击 创建。
    接下来填写账户密码地址

    例:服务器地址:你的服务器公网ip
    远程ID:你的服务器公网ip
    本地ID:不用填,空着

    点击- -鉴定设置- ->选择- ->用户名,填写-用户名-密码 - ->点击–连接

    android:

    去strongswan官网下载安装

    例:https://download.strongswan.org/Android/strongSwan-1.9.6.apk
    或:https://download.csdn.net/download/qq_29364417/10482582
    或者编译源码:https://github.com/strongswan/strongswan/tree/master/src/frontends/android
    步骤:右上角选项–>CA证书–>再选择右上角选项–>导入证书–>找到ca.cert.pem点击即可。
    ​ 回到主界面–>添加VPN配置–>例:服务器地址:你的服务器公网ip
    ​ VPN类型:IKEv2 EAP(用户名/密码),填写用户名和密码
    ​ CA证书:选择刚才导入的ca.cert.pem证书
    ​ 点击右上角–保存

    或者提前双击安装证书,这里选择自动。

    在这里插入图片描述

    参考:

    https://blog.csdn.net/sqzhao/article/details/76093994

    https://blog.csdn.net/wengzilai/article/details/78707134

    https://blog.csdn.net/sqzhao/article/details/71307510

    展开全文
  • 由于系统设置默认必须用积分,这个大家可以去strongswan官网下载。官网地址:https://download.strongswan.org/Android/
  • 索引环境安装链接Ubuntu 安装 Strongswan配置 Strongswang配置 Freeradius配置Strongswan VPN APPDebug应用 环境 @Linux uname -a Linux szqsm 4.15.0-73-generic #82-Ubuntu SMP Tue Dec 3 00:04:14 UTC 2019 x86_...

    环境

    @Linux
    
    uname -a
    Linux szqsm 4.15.0-73-generic #82-Ubuntu SMP Tue Dec 3 00:04:14 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
    
    @Strongswan
    
    ipsec --version
    Linux strongSwan U5.6.2/K4.15.0-73-generic
    Institute for Internet Technologies and Applications
    University of Applied Sciences Rapperswil, Switzerland
    See 'ipsec --copyright' for copyright information.
    
    @Freeradius
    
    freeradius -v
    radiusd: FreeRADIUS Version 3.0.16, for host x86_64-pc-linux-gnu, built on Apr 17 2019 at 12:59:55
    FreeRADIUS Version 3.0.16
    Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE
    You may redistribute copies of FreeRADIUS under the terms of the
    GNU General Public License
    For more information about these matters, see the file named COPYRIGHT
    
    Mobile Phone: 魅族16Plus/android8.1.0
    Strongswan App:android4
    

    安装

    链接

    @Strongswan官网
    @Strongswan App 安卓客户端下载
    @Freeradius官网

    Ubuntu 安装 Strongswan

    @阿里云源(下载安装更快)
    vim /etc/apt/sources.list.d/aliyun.list
    deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
    deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
    deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
    deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
    deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
    
    @apt更新
    apt upgrade	更新已安装的软件包
    
    apt list --upgradable查看可升级的软件信息
    apt list --upgradable -a查看可升级的软件的全部版本信息
    
    注意事项:不能随意使用sudo apt upgrade -y命令
    
    @安装Strongswan
    apt-get install strongswan strongswan-*
    * strongswan 的许多模块如radius模块都是以单独的包,直接写strongswan-*把模块全部安装了,避免后面出现未安装模块而导致的错误(当然实际使用时最好根据需求去添加安装)
    

    配置 Strongswang

    @官方EAP-Framed-IP-Radius 文档 *供参考

    生成私钥
    pki --gen --outform pem > caKey.pem
    pki --self --in caKey.pem --dn "C=CN, O=SZQSM, CN=SZQSM Root CA" --san root --ca --lifetime 3650 --outform pem > caCert.pem	#根证书
    C--Country 国家		O--Organization 组织	CN--通用名保持默认
    !!!Never store the private key caKey.der of the Certification Authority (CA) on a host with constant direct access to the Internet
    私钥不要放到公网上
    
    pki --gen --outform pem > serverKey.pem
    pki --issue --in serverKey.pem --type priv --cacert caCert.pem --cakey caKey.pem	--dn "C=CN, O=SZQSM, CN=server" --san server --san 10.207.238.11 --flag Server --outform pem > serverCert.pem
    
    
    pki --gen --outform pem > androidKey.pem
    pki --issue --in androidKey.pem --type priv --cacert caCert.pem --cakey caKey.pem	--dn "C=CN, O=SZQSM, CN=android" --san android --san 10.207.238.11 --outform pem > androidCert.pem
    
    mv caCert.pem /etc/ipsec.d/cacerts/
    
    mv serverKey.pem /etc/ipsec.d/private/
    mv clientKey.pem /etc/ipsec.d/private/
    
    mv serverCert.pem /etc/ipsec.d/certs/
    mv clientCert.pem /etc/ipsec.d/certs/ 
    
    /etc/ipsec.conf
    config setup
            charondebug="ike 2, knl 3, cfg 0"
            
    conn %default
            fragmentation=yes
            ikelifetime=60m
            keylife=20m
            rekeymargin=3m
            keyingtries=2
            reauth=yes
            rekey=yes
            keyexchange=ikev2
           
    
    conn mobile
            left=10.207.238.11
            leftid=10.207.238.11
            leftsubnet=192.168.1.0/24
            leftsendcert=always
            leftauth=pubkey
            leftcert=serverCert.pem
            leftfirewall=yes
            rightsendcert=never
            rightauth=eap-radius
            rightsourceip=%radius
            eap_identity=%any
            auto=add
    
    /etc/ipsec.secrets
    : RSA serverKey.pem
    
    /etc/strongswan.conf
    charon {
        load_modular = yes
        plugins {
            eap-radius {
                class_group = yes
                secret = android_pass_123456
                server = 10.207.238.11
            }
            include strongswan.d/charon/*.conf
        }
        dns1 = 114.114.114.114
        dns2 = 8.8.8.8
        nbns1 = 114.114.114.114
        nbns1 = 8.8.8.8
    }
    
    在这里插入代码片
    

    配置 Freeradius

    /etc/freeradius/3.0/clients.conf
    client android{
            showrtname      = android
            ipaddr          = 10.207.238.11/32
            secret          = android_pass_123456
            require_message_authenticator = yes
            nas-type        = other
    }
    
    @radcheck表
    android Cleartext-Password := 123456
    
    @radreply表
    android	Framed-IP-Address = 192.168.200.101
    android Framed-IP-Netmask = 255.255.255.0
    android Reply-Message = EAP Auth Success!
    
    /etc/freeradius/3.0/sites-enabled/default
            eap {
                    ok = return
            }
    
    /etc/freeradius/3.0/mods-available/eap
    	default_eap_type = md5
    

    配置Strongswan APP

    在这里插入图片描述

    Debug

    开启Strongswan debug
    ipsec start --nofork
    +++++++++++++++++++++++Start+++++++++++++++++++++++++++++++++++
    00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
    00[LIB] dropped capabilities, running as uid 0, gid 0
    00[JOB] spawning 16 worker threads
    charon (16424) started after 120 ms
    
    ++++++++++++++++++++++Process+++++++++++++++++++++++++++
    charon (16424) started after 120 ms
    09[NET] received packet: from 10.207.238.201[63202] to 10.207.238.11[500] (716 bytes)
    09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    09[IKE] 10.207.238.201 is initiating an IKE_SA
    09[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
    09[IKE] remote host is behind NAT
    09[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
    09[NET] sending packet: from 10.207.238.11[500] to 10.207.238.201[63202] (272 bytes)
    10[NET] received packet: from 10.207.238.201[63203] to 10.207.238.11[4500] (464 bytes)
    10[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
    10[IKE] received cert request for "C=CN, O=SZQSM, CN=SZQSM Root CA"
    10[IKE] initiating EAP_IDENTITY method (id 0x00)
    10[IKE] processing INTERNAL_IP4_ADDRESS attribute
    10[IKE] processing INTERNAL_IP6_ADDRESS attribute
    10[IKE] processing INTERNAL_IP4_DNS attribute
    10[IKE] processing INTERNAL_IP6_DNS attribute
    10[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
    10[IKE] peer supports MOBIKE
    10[IKE] authentication of '10.207.238.11' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
    10[IKE] sending end entity cert "C=CN, O=SZQSM, CN=server"
    10[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
    10[NET] sending packet: from 10.207.238.11[4500] to 10.207.238.201[63203] (1184 bytes)
    11[NET] received packet: from 10.207.238.201[63203] to 10.207.238.11[4500] (96 bytes)
    11[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
    11[IKE] received EAP identity 'android'
    11[IKE] initiating EAP_MD5 method (id 0x01)
    11[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MD5 ]
    11[NET] sending packet: from 10.207.238.11[4500] to 10.207.238.201[63203] (96 bytes)
    12[NET] received packet: from 10.207.238.201[63203] to 10.207.238.11[4500] (96 bytes)
    12[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MD5 ]
    12[IKE] RADIUS authentication of 'android' successful
    12[IKE] EAP method EAP_MD5 succeeded, no MSK established
    12[ENC] generating IKE_AUTH response 3 [ EAP/SUCC ]
    12[NET] sending packet: from 10.207.238.11[4500] to 10.207.238.201[63203] (80 bytes)
    13[NET] received packet: from 10.207.238.201[63203] to 10.207.238.11[4500] (112 bytes)
    13[ENC] parsed IKE_AUTH request 4 [ AUTH ]
    13[IKE] authentication of 'android' with EAP successful
    13[IKE] authentication of '10.207.238.11' (myself) with EAP
    13[IKE] IKE_SA mobile[1] established between 10.207.238.11[10.207.238.11]...10.207.238.201[android]
    13[IKE] IKE_SA mobile[1] state change: CONNECTING => ESTABLISHED
    13[IKE] scheduling reauthentication in 3283s
    13[IKE] maximum IKE_SA lifetime 3463s
    13[IKE] peer requested virtual IP %any
    13[IKE] assigning virtual IP 192.168.200.101 to peer 'android'
    13[IKE] peer requested virtual IP %any6
    13[IKE] no virtual IP found for %any6 requested by 'android'
    13[IKE] building INTERNAL_IP4_DNS attribute
    13[IKE] building INTERNAL_IP4_NBNS attribute
    13[IKE] building INTERNAL_IP4_DNS attribute
    13[IKE] building INTERNAL_IP4_NETMASK attribute
    13[KNL] sending XFRM_MSG_ALLOCSPI 203: => 248 bytes @ 0x7f23f748f5d0
    .......
    .......
    13[IKE] CHILD_SA mobile{1} established with SPIs cb2fb18c_i 775f3792_o and TS 192.168.1.0/24 === 192.168.200.101/32
    13[KNL] 10.207.238.11 is on interface enp2s0
    13[ENC] generating IKE_AUTH response 4 [ AUTH CPRP(ADDR DNS NBNS DNS MASK) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
    13[NET] sending packet: from 10.207.238.11[4500] to 10.207.238.201[63203] (320 bytes)
    
    
    开启Freeradius debug
    freeradius -X
    +++++++++++++++++++++++Start+++++++++++++++++++++++++++++++++
    Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
    Listening on auth address * port 1812 bound to server default
    Listening on acct address * port 1813 bound to server default
    Listening on auth address :: port 1812 bound to server default
    Listening on acct address :: port 1813 bound to server default
    Listening on proxy address * port 57499
    Listening on proxy address :: port 52425
    Ready to process requests
    
    ++++++++++++++++++++++Process+++++++++++++++++++++++++++++
    (0) Received Access-Request Id 94 from 10.207.238.11:47767 to 10.207.238.11:1812 length 149
    (0)   User-Name = "android"
    (0)   NAS-Port-Type = Virtual
    (0)   Service-Type = Framed-User
    (0)   NAS-Port = 1
    (0)   NAS-Port-Id = "mobile"
    (0)   NAS-IP-Address = 10.207.238.11
    (0)   Called-Station-Id = "10.207.238.11[4500]"
    (0)   Calling-Station-Id = "10.207.238.201[63203]"
    (0)   EAP-Message = 0x0200000c01616e64726f6964
    (0)   NAS-Identifier = "strongSwan"
    (0)   Message-Authenticator = 0x16ea5c3a4208507e542deacc691df6ed
    (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
    (0)   authorize {
    (0)     policy filter_username {
    (0)       if (&User-Name) {
    (0)       if (&User-Name)  -> TRUE
    (0)       if (&User-Name)  {
    (0)         if (&User-Name =~ / /) {
    (0)         if (&User-Name =~ / /)  -> FALSE
    (0)         if (&User-Name =~ /@[^@]*@/ ) {
    (0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
    (0)         if (&User-Name =~ /\.\./ ) {
    (0)         if (&User-Name =~ /\.\./ )  -> FALSE
    (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
    (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
    (0)         if (&User-Name =~ /\.$/)  {
    (0)         if (&User-Name =~ /\.$/)   -> FALSE
    (0)         if (&User-Name =~ /@\./)  {
    (0)         if (&User-Name =~ /@\./)   -> FALSE
    (0)       } # if (&User-Name)  = notfound
    (0)     } # policy filter_username = notfound
    (0)     [preprocess] = ok
    (0)     [chap] = noop
    (0)     [mschap] = noop
    (0)     [digest] = noop
    (0) suffix: Checking for suffix after "@"
    (0) suffix: No '@' in User-Name = "android", looking up realm NULL
    (0) suffix: No such realm "NULL"
    (0)     [suffix] = noop
    (0) eap: Peer sent EAP Response (code 2) ID 0 length 12
    (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
    (0)     [eap] = ok
    (0)   } # authorize = ok
    (0) Found Auth-Type = eap
    (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
    (0)   authenticate {
    (0) eap: Peer sent packet with method EAP Identity (1)
    (0) eap: Calling submodule eap_md5 to process data
    (0) eap_md5: Issuing MD5 Challenge
    (0) eap: Sending EAP Request (code 1) ID 1 length 22
    (0) eap: EAP session adding &reply:State = 0x1fc569941fc46da6
    (0)     [eap] = handled
    (0)   } # authenticate = handled
    (0) Using Post-Auth-Type Challenge
    (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
    (0)   Challenge { ... } # empty sub-section is ignored
    (0) Sent Access-Challenge Id 94 from 10.207.238.11:1812 to 10.207.238.11:47767 length 0
    (0)   EAP-Message = 0x010100160410e3e83db1dd437ba5c61425137e977b20
    (0)   Message-Authenticator = 0x00000000000000000000000000000000
    (0)   State = 0x1fc569941fc46da6a69b0463c29ac3e6
    (0) Finished request
    Waking up in 4.9 seconds.
    (1) Received Access-Request Id 95 from 10.207.238.11:47767 to 10.207.238.11:1812 length 177
    (1)   User-Name = "android"
    (1)   NAS-Port-Type = Virtual
    (1)   Service-Type = Framed-User
    (1)   NAS-Port = 1
    (1)   NAS-Port-Id = "mobile"
    (1)   NAS-IP-Address = 10.207.238.11
    (1)   Called-Station-Id = "10.207.238.11[4500]"
    (1)   Calling-Station-Id = "10.207.238.201[63203]"
    (1)   EAP-Message = 0x02010016041098cee51cb989481a34b1f531ced38d73
    (1)   NAS-Identifier = "strongSwan"
    (1)   State = 0x1fc569941fc46da6a69b0463c29ac3e6
    (1)   Message-Authenticator = 0x16ddeeb511aac43b98caab280fb1c4b9
    (1) session-state: No cached attributes
    (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
    (1)   authorize {
    (1)     policy filter_username {
    (1)       if (&User-Name) {
    (1)       if (&User-Name)  -> TRUE
    (1)       if (&User-Name)  {
    (1)         if (&User-Name =~ / /) {
    (1)         if (&User-Name =~ / /)  -> FALSE
    (1)         if (&User-Name =~ /@[^@]*@/ ) {
    (1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
    (1)         if (&User-Name =~ /\.\./ ) {
    (1)         if (&User-Name =~ /\.\./ )  -> FALSE
    (1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
    (1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
    (1)         if (&User-Name =~ /\.$/)  {
    (1)         if (&User-Name =~ /\.$/)   -> FALSE
    (1)         if (&User-Name =~ /@\./)  {
    (1)         if (&User-Name =~ /@\./)   -> FALSE
    (1)       } # if (&User-Name)  = notfound
    (1)     } # policy filter_username = notfound
    (1)     [preprocess] = ok
    (1)     [chap] = noop
    (1)     [mschap] = noop
    (1)     [digest] = noop
    (1) suffix: Checking for suffix after "@"
    (1) suffix: No '@' in User-Name = "android", looking up realm NULL
    (1) suffix: No such realm "NULL"
    (1)     [suffix] = noop
    (1) eap: Peer sent EAP Response (code 2) ID 1 length 22
    (1) eap: No EAP Start, assuming it's an on-going EAP conversation
    (1)     [eap] = updated
    (1)     [files] = noop
    (1) sql: EXPAND %{User-Name}
    (1) sql:    --> android
    (1) sql: SQL-User-Name set to 'android'
    rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 102 seconds
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 102 seconds
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 102 seconds
    rlm_sql (sql): You probably need to lower "min"
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 102 seconds
    rlm_sql (sql): You probably need to lower "min"
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 102 seconds
    rlm_sql (sql): You probably need to lower "min"
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"
    rlm_sql (sql): Opening additional connection (5), 1 of 32 pending slots used
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.43-MariaDB-0ubuntu0.18.04.1, protocol version 10
    rlm_sql (sql): Reserved connection (5)
    (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
    (1) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'android' ORDER BY id
    (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'android' ORDER BY id
    (1) sql: User found in radcheck table
    (1) sql: Conditional check items matched, merging assignment check items
    (1) sql:   Cleartext-Password := "123456"
    (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
    (1) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'android' ORDER BY id
    (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'android' ORDER BY id
    (1) sql: User found in radreply table, merging reply items
    (1) sql:   Framed-IP-Address = 192.168.200.101
    (1) sql:   Framed-IP-Netmask = 255.255.255.0
    (1) sql:   Reply-Message = "EAP Auth Success!"
    (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
    (1) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'android' ORDER BY priority
    (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'android' ORDER BY priority
    (1) sql: User not found in any groups
    rlm_sql (sql): Released connection (5)
    Need 2 more connections to reach min connections (3)
    rlm_sql (sql): Opening additional connection (6), 1 of 31 pending slots used
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.43-MariaDB-0ubuntu0.18.04.1, protocol version 10
    (1)     [sql] = ok
    (1)     [expiration] = noop
    (1)     [logintime] = noop
    (1) pap: WARNING: Auth-Type already set.  Not setting to PAP
    (1)     [pap] = noop
    (1)   } # authorize = updated
    (1) Found Auth-Type = eap
    (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
    (1)   authenticate {
    (1) eap: Expiring EAP session with state 0x1fc569941fc46da6
    (1) eap: Finished EAP session with state 0x1fc569941fc46da6
    (1) eap: Previous EAP request found for state 0x1fc569941fc46da6, released from the list
    (1) eap: Peer sent packet with method EAP MD5 (4)
    (1) eap: Calling submodule eap_md5 to process data
    (1) eap: Sending EAP Success (code 3) ID 1 length 4
    (1) eap: Freeing handler
    (1)     [eap] = ok
    (1)   } # authenticate = ok
    (1) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
    (1)   post-auth {
    (1)     if (!&reply:State) {
    (1)     if (!&reply:State)  -> TRUE
    (1)     if (!&reply:State)  {
    (1)       update reply {
    (1)         EXPAND 0x%{randstr:16h}
    (1)            --> 0x31ae4da58a01ce5a0a138ec6b632dcd40f
    (1)         State := 0x31ae4da58a01ce5a0a138ec6b632dcd40f
    (1)       } # update reply = noop
    (1)     } # if (!&reply:State)  = noop
    (1)     update {
    (1)       No attributes updated
    (1)     } # update = noop
    (1) sql: EXPAND .query
    (1) sql:    --> .query
    (1) sql: Using query template 'query'
    rlm_sql (sql): Reserved connection (5)
    (1) sql: EXPAND %{User-Name}
    (1) sql:    --> android
    (1) sql: SQL-User-Name set to 'android'
    (1) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
    (1) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'android', '', 'Access-Accept', '2020-06-09 08:30:47')
    (1) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'android', '', 'Access-Accept', '2020-06-09 08:30:47')
    (1) sql: SQL query returned: success
    (1) sql: 1 record(s) updated
    rlm_sql (sql): Released connection (5)
    (1)     [sql] = ok
    (1)     [exec] = noop
    (1)     policy remove_reply_message_if_eap {
    (1)       if (&reply:EAP-Message && &reply:Reply-Message) {
    (1)       if (&reply:EAP-Message && &reply:Reply-Message)  -> TRUE
    (1)       if (&reply:EAP-Message && &reply:Reply-Message)  {
    (1)         update reply {
    (1)           &Reply-Message !* ANY
    (1)         } # update reply = noop
    (1)       } # if (&reply:EAP-Message && &reply:Reply-Message)  = noop
    (1)       ... skipping else: Preceding "if" was taken
    (1)     } # policy remove_reply_message_if_eap = noop
    (1)   } # post-auth = ok
    (1) Sent Access-Accept Id 95 from 10.207.238.11:1812 to 10.207.238.11:47767 length 0
    (1)   Framed-IP-Address = 192.168.200.101
    (1)   Framed-IP-Netmask = 255.255.255.0
    (1)   EAP-Message = 0x03010004
    (1)   Message-Authenticator = 0x00000000000000000000000000000000
    (1)   User-Name = "android"
    (1)   State := 0x31ae4da58a01ce5a0a138ec6b632dcd40f
    (1) Finished request
    

    Strongswan App 日志

    应用

     ping 192.168.200.101 
    PING 192.168.200.101 (192.168.200.101) 56(84) bytes of data.
    64 bytes from 192.168.200.101: icmp_seq=1 ttl=64 time=141 ms
    64 bytes from 192.168.200.101: icmp_seq=2 ttl=64 time=66.9 ms
    64 bytes from 192.168.200.101: icmp_seq=3 ttl=64 time=85.6 ms
    64 bytes from 192.168.200.101: icmp_seq=4 ttl=64 time=109 ms
    64 bytes from 192.168.200.101: icmp_seq=5 ttl=64 time=6.63 ms
    64 bytes from 192.168.200.101: icmp_seq=6 ttl=64 time=55.5 ms
    64 bytes from 192.168.200.101: icmp_seq=7 ttl=64 time=74.7 ms
    64 bytes from 192.168.200.101: icmp_seq=8 ttl=64 time=99.3 ms
    64 bytes from 192.168.200.101: icmp_seq=9 ttl=64 time=119 ms
    64 bytes from 192.168.200.101: icmp_seq=10 ttl=64 time=40.7 ms
    ^C
    --- 192.168.200.101 ping statistics ---
    10 packets transmitted, 10 received, 0% packet loss, time 9012ms
    rtt min/avg/max/mdev = 6.636/79.941/141.551/37.800 ms
    
    traceroute 192.168.200.101
    traceroute to 192.168.200.101 (192.168.200.101), 30 hops max, 60 byte packets
     1  192.168.200.101 (192.168.200.101)  169.430 ms  171.172 ms  171.248 ms
    
    展开全文
  • 目录1、说明2、下载strongSwan的5.9.0版本(目前最新)3、解压缩,进入到目录4、使用一些可用选项来配置strongSwan5、编译和安装6、通过ipsec验证安装是否成功 1、说明 参考官网 ...
  • 配置文件strongswan.conf是通过STRONGSWAN_CONF读取并加载的。    通过source insight加载了strongswan整个工程文件(只包括.c和.h文件),发现没有地方给STRONGSWAN_CONF赋值。    而在charon进程加载时,...
  • strongswan.conf为strongswan的所有组件提供配置,灵活且扩展性好。  下面简要分析下strongswan.conf的读取和处理在代码中的实现。  以charon进程的启动为例,整个library初始化的时候,会将strongswan.conf的...
  • <div><p>Strongswan seems to have .opt files in the source tree with the dotted option syntax. It seems that up until version 5.6, the syntax was also accepted by Strongswan. <p>However, the .opt files...
  • linux下strongswan workflow

    2021-03-03 15:23:09
    Strongswan starter is the excutable program, located at /usr/libexec/ipsec/starter.(strongswan/src/starter/starter.c) Usage: starter [--nofork] [--auto-update <sec>] [--debug|--debug-more|--...
  • 使用StrongSwan配置IPSec

    万次阅读 2017-03-22 13:55:38
    使用StrongSwan对IPSec进行研究,是一种很好的理解IPSec的实践。然而StrongSwan在使用的过程中实在是有太多的坑,网上的教程也多有不完整的地方,几乎没有能彻彻底底说明白每一步的,导致我在使用StrongSwan的过程中...
  • strongswan android编译过程

    千次阅读 2018-04-18 18:06:59
    一 过程过程参考:https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClientBuild1 准备工作:安装所需要的软件包:参考:...
  • StrongSwan测试环境概述

    千次阅读 2019-10-24 21:23:46
    有关StrongSwan测试环境的搭建可参见...由于已经搭建好了测试环境,将配置文件(strongswan-5.8.1/testing/testing.conf)中以下四项关闭,不用每次执行make-testing的时候,都进行创建,节省时间。 # Enable partic...
  • strongswan-5.8.4.tar.bz2

    2020-09-24 11:33:58
    最新的strongswan-5.8.4源码,主要可以在各种linux上进行移植使用,目前看兼容效果非常好,已经和华三、锐捷设备进行过对接,
  • strongswan与vpp实现ipsec

    千次阅读 2020-04-09 18:31:40
    文章目录@[toc]1、strongswan+vpp简介strongswan与vpp如何结合已有的开源项目简介作者matfabia作者mestery作者rayshi-102、基于rayshi-10的代码和strongswan最新release5.8.3进行修改下载源码替换文件注意dnssec_...
  • 1、官网下载strongswan strongswan-5.8.4.tar.gz 2020/03/29, size 7'282'749 bytes,pgp-signature,md5:d97e8eeb4fc0223f0d6fb331c4d2bcce 链接:https://www.strongswan.org/download.html 2、编译和安装 tar...
  • strongswan配置使用(一)

    2020-11-11 14:59:30
    安装strongswan https://github.com/matfabia/strongswan strongswan 的配置文件如下所示 ipsec.conf //配置ipsec隧道信息 ipsec.secerts //psk密钥 配置设备私钥证书 配置eap用户名和密码 strongswan.conf //为...
  • ubuntu 配置strongswan client

    千次阅读 2018-06-14 16:34:23
    ubuntu 配置strongswan client google找到的链接 strongswan official wiki 这是一个图形化工具? 希望这几个页面能解决我的问题,回家试试。
  • 安装strongswan启动报错

    2017-08-10 03:52:35
    最近安装strongswan,但是启动的时候报错,error writing to socket: Invalid argument,网上查了一下可能是socket的太大,但是不确定是这种原因,socket的参数优化也做了,但是还是不行,网上遇到这个问题的不太多,...
  • ve recently upgraded to Strongswan 5.6.0 via Entware (opkg), however still the forecast-plugin is missing. On the openwrt Gitbuh they told me following: <p>This is an Entware problem, they seem to be ...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 514
精华内容 205
关键字:

strongswan