苹果手机的ipsec
首先查看苹果手机上的L2tp配置是需要ipsec的,所以需要配置服务器支持ipsec的l2tp
第一步:安装xl2tpd和strongswan软件
[root@myzdl ~]# yum install epel-release -y [root@myzdl ~]# yum install strongswan xl2tpd -y
配置xl2tp的主配置文件
[root@myzdl ~]# vim /etc/xl2tpd/xl2tpd.conf [lns default] ip range = 192.168.252.100-192.168.252.200 local ip = 192.168.252.254 name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
配置安全控制文件
[root@myzdl ~]# vim /etc/ppp/options.xl2tpd ipcp-accept-local ipcp-accept-remote ms-dns 114.114.114.114 noccp auth require-mschap-v2 idle 1800 mtu 1410 mru 1410 nodefaultroute debug proxyarp connect-delay 5000
配置账号密码文件
[root@myzdl ~]# cat /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses user1 * a123456 192.168.252.101 user2 * a123456 192.168.252.102 user3 * a123456 *
第二步:配置ipsec
配置ipsec主配置文件
config setup conn IPsec-L2tp-psk left=172.16.0.4 leftprotoport=17/1701 right=%any rightprotoport=17/%any type=transport authby=secret pfs=yes keyingtries=3 keylife=1h dpddelay=30 dpdtimeout=120 dpdaction=clear rekey=no ikelifetime=8h auto=add
配置psk
[root@myzdl ~]# vim /etc/strongswan/ipsec.secrets # ipsec.secrets - strongSwan IPsec secrets file 172.16.0.4 %any : PSK "a123456"
启动服务
[root@myzdl ~]# systemctl start strongswan xl2tpd
用手机连接后成功的日志
Aug 3 23:46:05 myzdl charon: 07[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)Aug 3 23:46:05 myzdl charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]Aug 3 23:46:05 myzdl charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received FRAGMENTATION vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] received DPD vendor ID
Aug 3 23:46:05 myzdl charon: 07[IKE] 112.97.212.98 is initiating a Main Mode IKE_SA
Aug 3 23:46:05 myzdl charon: 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 3 23:46:05 myzdl charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]Aug 3 23:46:05 myzdl charon: 07[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)Aug 3 23:46:05 myzdl charon: 08[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)Aug 3 23:46:05 myzdl charon: 08[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl charon: 08[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)Aug 3 23:46:05 myzdl charon: 09[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)Aug 3 23:46:05 myzdl charon: 09[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl charon: 09[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)Aug 3 23:46:05 myzdl charon: 10[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)Aug 3 23:46:05 myzdl charon: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]Aug 3 23:46:05 myzdl charon: 10[IKE] local host is behind NAT, sending keep alives
Aug 3 23:46:05 myzdl charon: 10[IKE] remote host is behind NAT
Aug 3 23:46:05 myzdl charon: 10[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]Aug 3 23:46:05 myzdl charon: 10[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)Aug 3 23:46:05 myzdl charon: 11[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)Aug 3 23:46:05 myzdl charon: 11[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl charon: 11[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)Aug 3 23:46:05 myzdl charon: 12[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)Aug 3 23:46:05 myzdl charon: 12[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl charon: 12[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)Aug 3 23:46:05 myzdl charon: 13[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (108 bytes)Aug 3 23:46:05 myzdl strongswan: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 3.10.0-1127.13.1.el7.x86_64, x86_64)Aug 3 23:46:05 myzdl strongswan: 00[CFG] PKCS11 module '<name>' lacks library path
Aug 3 23:46:05 myzdl strongswan: 00[LIB] openssl FIPS mode(2) - enabled
Aug 3 23:46:05 myzdl strongswan: 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'Aug 3 23:46:05 myzdl strongswan: 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'Aug 3 23:46:05 myzdl strongswan: 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'Aug 3 23:46:05 myzdl strongswan: 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'Aug 3 23:46:05 myzdl strongswan: 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'Aug 3 23:46:05 myzdl strongswan: 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'Aug 3 23:46:05 myzdl strongswan: 00[CFG] loaded IKE secret for 172.16.0.4 %any
Aug 3 23:46:05 myzdl strongswan: 00[CFG] opening triplet file /etc/strongswan/ipsec.d/triplets.dat failed: No such file or directory
Aug 3 23:46:05 myzdl strongswan: 00[CFG] loaded 0 RADIUS server configurations
Aug 3 23:46:05 myzdl strongswan: 00[CFG] HA config misses local/remote address
Aug 3 23:46:05 myzdl strongswan: 00[CFG] no script for ext-auth script defined, disabled
Aug 3 23:46:05 myzdl strongswan: 00[LIB] loaded plugins: charon pkcs11 tpm aesni aes des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 chapoly xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp led duplicheck unity counters
Aug 3 23:46:05 myzdl strongswan: 00[JOB] spawning 16 worker threads
Aug 3 23:46:05 myzdl strongswan: 05[CFG] received stroke: add connection 'IPsec-L2tp-psk'Aug 3 23:46:05 myzdl strongswan: 05[CFG] added configuration 'IPsec-L2tp-psk'Aug 3 23:46:05 myzdl strongswan: 07[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)Aug 3 23:46:05 myzdl strongswan: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]Aug 3 23:46:05 myzdl strongswan: 07[IKE] received NAT-T (RFC 3947) vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Aug 3 23:46:05 myzdl charon: 13[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received FRAGMENTATION vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] received DPD vendor ID
Aug 3 23:46:05 myzdl strongswan: 07[IKE] 112.97.212.98 is initiating a Main Mode IKE_SA
Aug 3 23:46:05 myzdl strongswan: 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 3 23:46:05 myzdl strongswan: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]Aug 3 23:46:05 myzdl strongswan: 07[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)Aug 3 23:46:05 myzdl strongswan: 08[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)Aug 3 23:46:05 myzdl strongswan: 08[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl strongswan: 08[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)Aug 3 23:46:05 myzdl strongswan: 09[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (788 bytes)Aug 3 23:46:05 myzdl strongswan: 09[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl strongswan: 09[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (160 bytes)Aug 3 23:46:05 myzdl strongswan: 10[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)Aug 3 23:46:05 myzdl strongswan: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]Aug 3 23:46:05 myzdl strongswan: 10[IKE] local host is behind NAT, sending keep alives
Aug 3 23:46:05 myzdl strongswan: 10[IKE] remote host is behind NAT
Aug 3 23:46:05 myzdl strongswan: 10[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]Aug 3 23:46:05 myzdl strongswan: 10[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)Aug 3 23:46:05 myzdl strongswan: 11[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)Aug 3 23:46:05 myzdl strongswan: 11[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl strongswan: 11[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)Aug 3 23:46:05 myzdl strongswan: 12[NET] received packet: from 112.97.212.98[55174] to 172.16.0.4[500] (380 bytes)Aug 3 23:46:05 myzdl strongswan: 12[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl strongswan: 12[NET] sending packet: from 172.16.0.4[500] to 112.97.212.98[55174] (396 bytes)Aug 3 23:46:05 myzdl strongswan: 13[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (108 bytes)Aug 3 23:46:05 myzdl charon: 13[CFG] looking for pre-shared key peer configs matching 172.16.0.4...112.97.212.98[10.27.33.86]Aug 3 23:46:05 myzdl charon: 13[CFG] selected peer config "IPsec-L2tp-psk"Aug 3 23:46:05 myzdl charon: 13[IKE] IKE_SA IPsec-L2tp-psk[1] established between 172.16.0.4[172.16.0.4]...112.97.212.98[10.27.33.86]Aug 3 23:46:05 myzdl charon: 13[ENC] generating ID_PROT response 0 [ ID HASH ]Aug 3 23:46:05 myzdl charon: 13[NET] sending packet: from 172.16.0.4[4500] to 112.97.212.98[49225] (92 bytes)Aug 3 23:46:05 myzdl charon: 13[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (108 bytes)Aug 3 23:46:05 myzdl charon: 13[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl charon: 13[NET] sending packet: from 172.16.0.4[4500] to 112.97.212.98[49225] (92 bytes)Aug 3 23:46:05 myzdl charon: 13[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (108 bytes)Aug 3 23:46:05 myzdl charon: 13[IKE] received retransmit of request with ID 0, retransmitting response
Aug 3 23:46:05 myzdl charon: 13[NET] sending packet: from 172.16.0.4[4500] to 112.97.212.98[49225] (92 bytes)Aug 3 23:46:05 myzdl charon: 05[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (332 bytes)Aug 3 23:46:05 myzdl charon: 05[ENC] parsed QUICK_MODE request 381573843 [ HASH SA No ID ID NAT-OA NAT-OA ]Aug 3 23:46:05 myzdl charon: 05[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 3 23:46:05 myzdl charon: 05[IKE] received 3600s lifetime, configured 0s
Aug 3 23:46:05 myzdl charon: 05[ENC] generating QUICK_MODE response 381573843 [ HASH SA No ID ID NAT-OA NAT-OA ]Aug 3 23:46:05 myzdl charon: 05[NET] sending packet: from 172.16.0.4[4500] to 112.97.212.98[49225] (204 bytes)Aug 3 23:46:05 myzdl charon: 06[NET] received packet: from 112.97.212.98[49225] to 172.16.0.4[4500] (76 bytes)Aug 3 23:46:05 myzdl charon: 06[ENC] parsed QUICK_MODE request 381573843 [ HASH ]Aug 3 23:46:05 myzdl charon: 06[IKE] CHILD_SA IPsec-L2tp-psk{1} established with SPIs c0bb394d_i 0d391cbc_o and TS 172.16.0.4/32[udp/l2tp] === 112.97.212.98/32[udp/53505]Aug 3 23:46:05 myzdl xl2tpd: xl2tpd[12268]: Connection established to 112.97.212.98, 53505. Local: 38639, Remote: 18 (ref=0/0). LNS session is 'default'Aug 3 23:46:05 myzdl xl2tpd: xl2tpd[12268]: Call established with 112.97.212.98, Local: 39793, Remote: 3015, Serial: 1Aug 3 23:46:05 myzdl pppd[12311]: Plugin pppol2tp.so loaded.
Aug 3 23:46:05 myzdl pppd[12311]: pppd 2.4.5 started by root, uid 0Aug 3 23:46:05 myzdl pppd[12311]: Using interface ppp0
Aug 3 23:46:05 myzdl pppd[12311]: Connect: ppp0 <-->Aug 3 23:46:05 myzdl pppd[12311]: Overriding mtu 1500 to 1410Aug 3 23:46:05 myzdl pppd[12311]: Overriding mru 1500 to mtu value 1410Aug 3 23:46:05 myzdl NetworkManager[655]: <info> [1596469565.8663] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/386)Aug 3 23:46:08 myzdl pppd[12311]: Overriding mtu 1500 to 1410Aug 3 23:46:09 myzdl pppd[12311]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
Aug 3 23:46:09 myzdl pppd[12311]: Cannot determine ethernet address for proxy ARP
Aug 3 23:46:09 myzdl pppd[12311]: local IP address 192.168.252.254
Aug 3 23:46:09 myzdl pppd[12311]: remote IP address 192.168.252.101
Aug 3 23:46:09 myzdl NetworkManager[655]: <info> [1596469569.0362] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')Aug 3 23:46:09 myzdl NetworkManager[655]: <info> [1596469569.0373] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')Aug 3 23:46:09 myzdl charon: 09[KNL] 192.168.252.254 appeared on ppp0
Aug 3 23:46:09 myzdl charon: 11[KNL] 192.168.252.254 disappeared from ppp0
Aug 3 23:46:09 myzdl charon: 13[KNL] 192.168.252.254 appeared on ppp0
Aug 3 23:46:09 myzdl charon: 15[KNL] interface ppp0 activated安卓苹果通用配置二:
config setup conn IPsec-L2tp-psk # aggressive=yes left=172.16.88.12 leftprotoport=17/1701 rightid=%any right=%any rightprotoport=17/%any type=transport authby=psk # authby=secret # ikelifetime=3600s ike=3des-md5-modp1024! ikelifetime=8h auto=add
# ipsec.secrets - strongSwan IPsec secrets file 172.16.88.12 %any : PSK "a123456"
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/8956.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
打赏
微信支付宝扫一扫,打赏作者吧~
微信支付宝扫一扫,打赏作者吧~休息一下~~
官码2024000195号
萌ICP备20248119号
