Search Results for ipsec

IPSec VPN Working for OS X Mavericks

In iOS IPSec VPN Server on Ubuntu, I host a VPN on Ubuntu 13.10 based on StrongSwan 4.x, working for iOS, but not for OSX. Then I upgraded to Ubuntu 14.04, which has StrongSwan upgraded to 5.x, error like:

Apr 24 14:56:46 sskaje charon: 15[CFG] no XAuth method found

1	Apr 24 14:56:46 sskaje charon: 15[CFG] no XAuth method found

To fix this, install all strongswan’s plugins by:

apt-get install strongswan-*

1	apt-get install strongswan-*

And make some changes to configurations: … Continue reading “IPSec VPN Working for OS X Mavericks”

iOS IPSec VPN Server on Ubuntu

I Google-ed a lot configuring IPSec VPN for iOS with OpenSwan, nothing useful but Iphone/Ipad/Mac OSX IPSEC VPN with Strongswan 5 on Centos/RHEL 6 which is on RHEL/CentOS and with strongswan found. I tried to configure openswan like strong swan, failed. StrongSwan‘s official wiki helps a lot: http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)/23 iOS 4 and newer supports native IPsec … Continue reading “iOS IPSec VPN Server on Ubuntu”

Azure Site-to-Site VPN with Dynamic Client IP

以前自己用 strongswan 等软件配 IPSec site-to-site 的时候，可以直接指定客户端的 IP 是 0.0.0.0，Azure 的 site-to-site IPSec VPN 必须要指定客户端 IP。 PowerShell 爱好者可以参考 https://www.hayesjupe.com/using-azure-rm-site-to-site-vpn-with-a-dynamic-ip/ 这篇文章。我还是习惯用 Linux，于是使用 Azure CLI 来解决这个问题。在 VPN 的 Virtual Network 里放置一台 Linux 虚拟机。按照上述连接里的说明安装软件。接下来开始操作。 1 登录 SSH 登录虚拟机后，执行命令，并按照输出，用浏览器登录 Azure 账号，完成认证。

$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXX to authenticate.

1 2	$ az login To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXX to authenticate.

如果是中国区 Azure，先需要设置服务器

$ az cloud set -n AzureChinaCloud
Switched active cloud to 'AzureChinaCloud'.
Use 'az login' to log in to this cloud.
Use 'az account set' to set the active subscription.

$ az cloud set -n AzureChinaCloud

Switched active cloud to 'AzureChinaCloud'.

Use 'az login' to log in to this cloud.

Use 'az account set' to set the active subscription.

如果需要切换回海外版本

$ az cloud set -n AzureCloud

1	$ az cloud set -n AzureCloud

2 添加更新服务参考 DDNS 的玩法，让客户端定期更新IP。服务端可以简单地将数据记录到数据库、文件、或者任何地方，配置一个 cron 来执行更新检测和 Gateway IP 更新。 3 … Continue reading “Azure Site-to-Site VPN with Dynamic Client IP”

L2TP Remote Access Server on UBNT EdgeRouter

EdgeRouter Lite with Firmware 1.9.0 L2TP PSK Mode. WAN interface: eth1 LAN IP: 192.168.3.1 VPN Subnets: 192.168.47.1-192.168.47.99 Run commands below in ‘configure mode’. 1 Configure IPSec

set vpn ipsec auto-firewall-nat-exclude disable
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal enable

set vpn ipsec auto-firewall-nat-exclude disable

set vpn ipsec ipsec-interfaces interface eth1

set vpn ipsec nat-networks allowed-network 0.0.0.0/0

set vpn ipsec nat-traversal enable

2 Configure L2TP

set vpn l2tp remote-access authentication local-users username USERNAME password PASSWORD
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access client-ip-pool start 192.168.47.1
set vpn l2tp remote-access client-ip-pool stop 192.168.47.99
set vpn l2tp remote-access dns-servers server-1 192.168.3.1
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret PreShar3dSecRe7
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access outside-address 0.0.0.0

set vpn l2tp remote-access authentication local-users username USERNAME password PASSWORD

set vpn l2tp remote-access authentication mode local

set vpn l2tp remote-access client-ip-pool start 192.168.47.1

set vpn l2tp remote-access client-ip-pool stop 192.168.47.99

set vpn l2tp remote-access dns-servers server-1 192.168.3.1

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret PreShar3dSecRe7

set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

set vpn l2tp remote-access outside-address 0.0.0.0

3 Configure DNS Make sure you have following lines, otherwise you can get DNS resolved.

set service dns forwarding options bind-interfaces
set service dns forwarding options except-interface=eth1

1 2	set service dns forwarding options bind-interfaces set service dns forwarding options except-interface=eth1

Incoming search terms:edgerouter lite l2tpLink to this post!

EdgeOS PPTP VPN客户端配置

背景及目标买了个Ubnt EdgeRouter Lite，应同事的需求，研究配置自动翻墙。考虑过之前配置的各种VPN：PPTP、L2TP、IPSec、AnyConnect/OpenConnect。目前搞定的只有PPTP。本次配置使用远程PPTP Server，只考虑Google、Twitter和Facebook的自动翻墙，其他可以参照思路自己加路由和NAT。环境假设网络已经配置好，eth0为内网口，eth1为外网口。 Incoming search terms:edgemax pptp firewalledgeos ipsecedgerouter pptplinux墙翻自动ubnt 翻墙翻墙自动翻墙Link to this post!