Categories
iOS IPv6 Network OS X VPN 笔记

Ocserv IPv6

By @sskaje
Link: https://sskaje.me/2015/01/ocserv-ipv6/

I’m using AnyConnect both on iOS and OS X, you can read previously posted article on my blog: anyconnect, openconnect, ocserv.

You can find ipv6-network and ipv6-prefix in ocserv’s sample.config:

which means ocserv should be compatible with IPv6.
And, in AnyConnect for iOS, ipv6 can be found somewhere, seems ipv6 is also compatible here.

My VPN is hosted on Linode VPS. Linode provides free IPv6 address pool. Open a ticket and ask for an address pool, you’ll get your own pool routed to your VPS’s ipv6 address.
After that, set the ipv6-network and ipv6-prefix.

Ocserv 0.8.9 does not send correct headers to AnyConnect for iOS, but 0.9.0-dev does.
I can now get a correct ipv6 address on my iPhone but with no connectivity. As it’s said, X-CSTP-Split-Include/Exclude is not well handled by AnyConnect for IPv6 addresses.
After that, I tried the latest AnyConnect for OSX, you can download it here: http://dl.sskaje.me/anyconnect/4.0/4.0.00051/

IPv6 is also assigned to my MBP, also with route, but still not working.

Ocserv IPv6 by @sskaje: https://sskaje.me/2015/01/ocserv-ipv6/

Incoming search terms:

Categories
Linux Network UBNT VPN 操作系统相关 笔记 路由、设备

EdgeOS PPTP VPN客户端配置

By @sskaje
Link: https://sskaje.me/2014/12/edgeos-pptp-vpn%e5%ae%a2%e6%88%b7%e7%ab%af%e9%85%8d%e7%bd%ae/

背景及目标

买了个Ubnt EdgeRouter Lite,应同事的需求,研究配置自动翻墙。
考虑过之前配置的各种VPN:PPTPL2TPIPSecAnyConnect/OpenConnect。目前搞定的只有PPTP。

本次配置使用远程PPTP Server,只考虑Google、Twitter和Facebook的自动翻墙,其他可以参照思路自己加路由和NAT。

环境

假设网络已经配置好,eth0为内网口,eth1为外网口。

EdgeOS PPTP VPN客户端配置 by @sskaje: https://sskaje.me/2014/12/edgeos-pptp-vpn%e5%ae%a2%e6%88%b7%e7%ab%af%e9%85%8d%e7%bd%ae/
Categories
OS X VPN

OCServ with AnyConnect on OSX

By @sskaje
Link: https://sskaje.me/2014/10/ocserv-anyconnect-osx/

I tried a lot to make Cisco Anyconnect Secure Mobility Client work with OCServ, on OSX, on Windows, all failed.
But the AnyConnect for iOS works fine.
You can download the latest clients from: Cisco AnyConnect Clients 3.1.05170 download, 3.1.05182 is also provided.

AnyConnect for OSX always says:

In /var/log/system.log:

I read the chapter ‘False Captive Portal Detection‘ from Cisco’s official documentation, nothing useful.

I saw someone said that AnyConnect 3.1 added extra certificate verification than 3.0, which makes 3.1 not compatible with ocserv.
The latest version of AnyConnect for iOS is 3.0.12119, but for PC/Mac 3.1.05182.
I tried to find clients of AnyConnect 3.0.11042/3.0.11046, only two can be found, and MD5 checksum are same no matter where I downloaded.

You can find files here: http://dl.sskaje.me/anyconnect/3.0/3.0.11042/

I tested the OSX one, the PKG file requires me change security level of application installing, it really works, the bad news is, there’s nowhere to choose client certificate but clicking allow/decline of private key usage.

QQ20141013-1

QQ20141013-2

BTW, DO NOT INSTALL WEB SECURITY MODULE!!!

OCServ with AnyConnect on OSX by @sskaje: https://sskaje.me/2014/10/ocserv-anyconnect-osx/

Incoming search terms:

Categories
VPN

OpenConnect DNS Only + Google Only

By @sskaje
Link: https://sskaje.me/2014/06/openconnect-dns-google/

I’m using 4G by China Mobile, but the DNS it provides really sucks. Changing DNS from Cellular Data on a not-jailbroken iPhone is impossible so far as I know (I tried mobileconfig but can find any working options).

The first idea is pushing DNS from a PPTP server, which I wrote: Notes: PPTP/L2TP Server on Ubuntu.
I can create two connections on my iOS, one set default route, one not. All users share a same setting from PPTPd, it’s almost impossible if I want to use a different DNS in these two connections, changing default pptp port from 1723 to others is not as easy as it is on windows.
Don’t forget that PPTP is what GF*W likes.

OpenConnect DNS Only + Google Only by @sskaje: https://sskaje.me/2014/06/openconnect-dns-google/

Incoming search terms:

Categories
Linux OS X VPN Windows 操作系统相关

Cisco AnyConnect Clients 3.1.05170 download

By @sskaje
Link: https://sskaje.me/2014/06/cisco-anyconnect-clients-3-1-05170-download/

Available for OS X, Windows, Linux, but unfortunately I didn’t figure out how to use it with OpenConnect when using public key authentication.
OpenConnect Public Key Authentication
Open Connect Server Configuration (Working for iOS)
OpenConnect on Ubuntu

OCServ with AnyConnect on OSX

Download: http://dl.sskaje.me/anyconnect/

Cisco AnyConnect Clients 3.1.05170 download by @sskaje: https://sskaje.me/2014/06/cisco-anyconnect-clients-3-1-05170-download/

Incoming search terms: