Search Results for ipsec

IPSec VPN Working for OS X Mavericks

In iOS IPSec VPN Server on Ubuntu, I host a VPN on Ubuntu 13.10 based on StrongSwan 4.x, working for iOS, but not for OSX. Then I upgraded to Ubuntu 14.04, which has StrongSwan upgraded to 5.x, error like:

Apr 24 14:56:46 sskaje charon: 15[CFG] no XAuth method found

1	Apr 24 14:56:46 sskaje charon: 15[CFG] no XAuth method found

To fix this, install all strongswan’s plugins by:

apt-get install strongswan-*

1	apt-get install strongswan-*

And make some changes to configurations: … Continue reading “IPSec VPN Working for OS X Mavericks”

iOS IPSec VPN Server on Ubuntu

I Google-ed a lot configuring IPSec VPN for iOS with OpenSwan, nothing useful but Iphone/Ipad/Mac OSX IPSEC VPN with Strongswan 5 on Centos/RHEL 6 which is on RHEL/CentOS and with strongswan found. I tried to configure openswan like strong swan, failed. StrongSwan‘s official wiki helps a lot: http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)/23 iOS 4 and newer supports native IPsec … Continue reading “iOS IPSec VPN Server on Ubuntu”

L2TP Remote Access Server on UBNT EdgeRouter

EdgeRouter Lite with Firmware 1.9.0 L2TP PSK Mode. WAN interface: eth1 LAN IP: 192.168.3.1 VPN Subnets: 192.168.47.1-192.168.47.99 Run commands below in ‘configure mode’. 1 Configure IPSec

set vpn ipsec auto-firewall-nat-exclude disable
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal enable

set vpn ipsec auto-firewall-nat-exclude disable

set vpn ipsec ipsec-interfaces interface eth1

set vpn ipsec nat-networks allowed-network 0.0.0.0/0

set vpn ipsec nat-traversal enable

2 Configure L2TP

set vpn l2tp remote-access authentication local-users username USERNAME password PASSWORD
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access client-ip-pool start 192.168.47.1
set vpn l2tp remote-access client-ip-pool stop 192.168.47.99
set vpn l2tp remote-access dns-servers server-1 192.168.3.1
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret PreShar3dSecRe7
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access outside-address 0.0.0.0

set vpn l2tp remote-access authentication local-users username USERNAME password PASSWORD

set vpn l2tp remote-access authentication mode local

set vpn l2tp remote-access client-ip-pool start 192.168.47.1

set vpn l2tp remote-access client-ip-pool stop 192.168.47.99

set vpn l2tp remote-access dns-servers server-1 192.168.3.1

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret PreShar3dSecRe7

set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

set vpn l2tp remote-access outside-address 0.0.0.0

3 Configure DNS Make sure you have following lines, otherwise you can get DNS resolved.

set service dns forwarding options bind-interfaces
set service dns forwarding options except-interface=eth1

1 2	set service dns forwarding options bind-interfaces set service dns forwarding options except-interface=eth1

Incoming search terms:edgerouter lite l2tpLink to this post!

EdgeOS PPTP VPN客户端配置

背景及目标买了个Ubnt EdgeRouter Lite，应同事的需求，研究配置自动翻墙。考虑过之前配置的各种VPN：PPTP、L2TP、IPSec、AnyConnect/OpenConnect。目前搞定的只有PPTP。本次配置使用远程PPTP Server，只考虑Google、Twitter和Facebook的自动翻墙，其他可以参照思路自己加路由和NAT。环境假设网络已经配置好，eth0为内网口，eth1为外网口。 Incoming search terms:edgemax pptp firewalledgeos ipsecedgerouter pptplinux墙翻自动ubnt 翻墙翻墙自动翻墙Link to this post!

OpenConnect Public Key Authentication

Here are old articles about OpenConnect, the open source AnyConnect server: OpenConnect on Ubuntu Open Connect Server Configuration (Working for iOS) Cisco AnyConnect Client for OS X/Windows/Linux (Version 3.1.05160) This time, OCServ 0.80 on Ubuntu 14.04. And still doesn’t work for OS X. I was using password based authentication, but clients on iOS can not … Continue reading “OpenConnect Public Key Authentication”