-
-
Save ms5/773e9c1509c950da08f206828bb3d23d to your computer and use it in GitHub Desktop.
strongSwan IKEv2 for iOS without certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download strongSwan | |
| wget https://download.strongswan.org/strongswan-5.3.3.tar.gz | |
| # Extract and uncompress | |
| tar -vzxf strongswan-5.3.3.tar.gz | |
| cd strongswan-5.3.3 | |
| # Configure | |
| ./configure --prefix=/usr --sysconfdir=/etc --enable-openssl --enable-nat-transport --disable-mysql --disable-ldap --disable-static --enable-shared --enable-md4 --enable-eap-mschapv2 --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-gtc --enable-eap-identity --enable-eap-md5 --enable-eap-peap --enable-eap-radius --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym --enable-eap-simaka-reauth --enable-eap-simaka-sql --enable-eap-tls --enable-eap-tnc --enable-eap-ttls | |
| # Make & install | |
| make && make install | |
| # IPSec start | |
| ipsec start | |
| # IPSec reload configuration | |
| ipsec reload | |
| # IPSec reload secrets | |
| ipsec rereadsecrets | |
| # IPSec stop | |
| ipsec stop |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>IKEv2</key> | |
| <dict> | |
| <key>AuthName</key> | |
| <string>{username}</string> | |
| <key>AuthPassword</key> | |
| <string>{password}</string> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>ChildSecurityAssociationParameters</key> | |
| <dict> | |
| <key>DiffieHellmanGroup</key> | |
| <integer>2</integer> | |
| <key>EncryptionAlgorithm</key> | |
| <string>3DES</string> | |
| <key>IntegrityAlgorithm</key> | |
| <string>SHA1-96</string> | |
| <key>LifeTimeInMinutes</key> | |
| <integer>1440</integer> | |
| </dict> | |
| <key>DeadPeerDetectionRate</key> | |
| <string>Medium</string> | |
| <key>DisableMOBIKE</key> | |
| <integer>0</integer> | |
| <key>DisableRedirect</key> | |
| <integer>0</integer> | |
| <key>EnableCertificateRevocationCheck</key> | |
| <integer>0</integer> | |
| <key>EnablePFS</key> | |
| <integer>0</integer> | |
| <key>ExtendedAuthEnabled</key> | |
| <true/> | |
| <key>IKESecurityAssociationParameters</key> | |
| <dict> | |
| <key>DiffieHellmanGroup</key> | |
| <integer>2</integer> | |
| <key>EncryptionAlgorithm</key> | |
| <string>3DES</string> | |
| <key>IntegrityAlgorithm</key> | |
| <string>SHA1-96</string> | |
| <key>LifeTimeInMinutes</key> | |
| <integer>1440</integer> | |
| </dict> | |
| <key>LocalIdentifier</key> | |
| <string>{rightid}</string> | |
| <key>RemoteAddress</key> | |
| <string>{your_server_address}</string> | |
| <key>RemoteIdentifier</key> | |
| <string>{leftid}</string> | |
| <key>SharedSecret</key> | |
| <string>{your_psk}</string> | |
| <key>UseConfigurationAttributeInternalIPSubnet</key> | |
| <integer>0</integer> | |
| </dict> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadDescription</key> | |
| <string>Configures VPN settings</string> | |
| <key>PayloadDisplayName</key> | |
| <string>VPN</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.vpn.managed.FBFBDEF8-5B16-4863-91C1-7E2A68F848A3</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadUUID</key> | |
| <string>425A1628-E99B-4547-966E-5B967CF1F5EA</string> | |
| <key>PayloadVersion</key> | |
| <real>1</real> | |
| <key>Proxies</key> | |
| <dict> | |
| <key>HTTPEnable</key> | |
| <integer>0</integer> | |
| <key>HTTPSEnable</key> | |
| <integer>0</integer> | |
| </dict> | |
| <key>UserDefinedName</key> | |
| <string>JP</string> | |
| <key>VPNType</key> | |
| <string>IKEv2</string> | |
| <key>VendorConfig</key> | |
| <dict/> | |
| </dict> | |
| </array> | |
| <key>PayloadDisplayName</key> | |
| <string>IKEv2</string> | |
| <key>PayloadIdentifier</key> | |
| <string>C7918ABA-8DE8-40ED-A3AE-994CD40ACE22</string> | |
| <key>PayloadRemovalDisallowed</key> | |
| <false/> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>9697F3C2-FF20-4981-A0C4-AA36BA78EEEA</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Add ip tables | |
| iptables -A INPUT -p udp --dport 500 -j ACCEPT | |
| iptables -A INPUT -p udp --dport 4500 -j ACCEPT | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| iptables -t nat -A POSTROUTING -s 10.99.1.0/24 -o eth0 -j MASQUERADE | |
| iptables -A FORWARD -s 10.99.1.0/24 -j ACCEPT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ipsec.conf - strongSwan IPsec configuration file | |
| # basic configuration | |
| config setup | |
| strictcrlpolicy=no | |
| uniqueids = no | |
| # IKEv2 for iOS | |
| conn iOS-IKEV2 | |
| auto=add | |
| dpdaction=clear | |
| keyexchange=ikev2 | |
| #left | |
| left=%any | |
| leftsubnet=0.0.0.0/0 | |
| leftauth=psk | |
| leftid=im.zorro.ipsec.server | |
| #right | |
| right=%any | |
| rightsourceip=10.99.1.0/24 | |
| rightauth=eap-mschapv2 | |
| rightid=im.zorro.ipsec.client |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| : PSK yourpresharedkey | |
| u1 : EAP "password" | |
| u2 : EAP "password" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # strongswan.conf - strongSwan configuration file | |
| # | |
| # Refer to the strongswan.conf(5) manpage for details | |
| # | |
| # Configuration changes should be made in the included files | |
| charon { | |
| load_modular = yes | |
| dns1 = 8.8.8.8 | |
| dns2 = 8.8.4.4 | |
| plugins { | |
| include strongswan.d/charon/*.conf | |
| } | |
| } | |
| include strongswan.d/*.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment