IPSec VPN Working for OS X Mavericks

In iOS IPSec VPN Server on Ubuntu, I host a VPN on Ubuntu 13.10 based on StrongSwan 4.x, working for iOS, but not for OSX. Then I upgraded to Ubuntu 14.04, which has StrongSwan upgraded to 5.x, error like:

To fix this, install all strongswan’s plugins by:

And make some changes to configurations: … Continue reading “IPSec VPN Working for OS X Mavericks”

iOS IPSec VPN Server on Ubuntu

I Google-ed a lot configuring IPSec VPN for iOS with OpenSwan, nothing useful but Iphone/Ipad/Mac OSX IPSEC VPN with Strongswan 5 on Centos/RHEL 6 which is on RHEL/CentOS and with strongswan found. I tried to configure openswan like strong swan, failed. StrongSwan‘s official wiki helps a lot: http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)/23 iOS 4 and newer supports native IPsec … Continue reading “iOS IPSec VPN Server on Ubuntu”

Azure Site-to-Site VPN with Dynamic Client IP

以前自己用 strongswan 等软件配 IPSec site-to-site 的时候,可以直接指定客户端的 IP 是,Azure 的 site-to-site IPSec VPN 必须要指定客户端 IP。 PowerShell 爱好者可以参考 https://www.hayesjupe.com/using-azure-rm-site-to-site-vpn-with-a-dynamic-ip/ 这篇文章。 我还是习惯用 Linux,于是使用 Azure CLI 来解决这个问题。 在 VPN 的 Virtual Network 里放置一台 Linux 虚拟机。按照上述连接里的说明安装软件。接下来开始操作。 1 登录 SSH 登录虚拟机后,执行命令,并按照输出,用浏览器登录 Azure 账号,完成认证。

如果是中国区 Azure,先需要设置服务器


2 添加更新服务 参考 DDNS 的玩法,让客户端定期更新IP。服务端可以简单地将数据记录到数据库、文件、或者任何地方,配置一个 cron 来执行更新检测和 Gateway IP 更新。 3 … Continue reading “Azure Site-to-Site VPN with Dynamic Client IP”

L2TP Remote Access Server on UBNT EdgeRouter

EdgeRouter Lite with Firmware 1.9.0 L2TP PSK Mode. WAN interface: eth1 LAN IP: VPN Subnets: Run commands below in ‘configure mode’. 1 Configure IPSec

2 Configure L2TP

3 Configure DNS Make sure you have following lines, otherwise you can get DNS resolved.

Incoming search terms:edgerouter l2tp windows server 2016Link to … Continue reading “L2TP Remote Access Server on UBNT EdgeRouter”

EdgeOS PPTP VPN客户端配置

背景及目标 买了个Ubnt EdgeRouter Lite,应同事的需求,研究配置自动翻墙。 考虑过之前配置的各种VPN:PPTP、L2TP、IPSec、AnyConnect/OpenConnect。目前搞定的只有PPTP。 本次配置使用远程PPTP Server,只考虑Google、Twitter和Facebook的自动翻墙,其他可以参照思路自己加路由和NAT。 环境 假设网络已经配置好,eth0为内网口,eth1为外网口。 Incoming search terms:latervcwidey52recallgmePPTP 客户端配置文件中各参数含义positivesdjoutsideqzanot5bcnegativevhymineralskv6minerals8ybman1i2anyonewtuinilfhasek9handsomeb1reightd8zedgeos l2tp vpndrewc1qdiscoverqaacastjbiLink to this post!