Last active
June 25, 2024 08:14
-
-
Save zqqf16/b207a17637de103e05c6 to your computer and use it in GitHub Desktop.
strongSwan IKEv2 configurations for iOS without certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Download strongSwan | |
wget https://download.strongswan.org/strongswan-5.3.3.tar.gz | |
# Extract and uncompress | |
tar -vzxf strongswan-5.3.3.tar.gz | |
cd strongswan-5.3.3 | |
# Configure | |
./configure --prefix=/usr --sysconfdir=/etc --enable-openssl --enable-nat-transport --disable-mysql --disable-ldap --disable-static --enable-shared --enable-md4 --enable-eap-mschapv2 --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-gtc --enable-eap-identity --enable-eap-md5 --enable-eap-peap --enable-eap-radius --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym --enable-eap-simaka-reauth --enable-eap-simaka-sql --enable-eap-tls --enable-eap-tnc --enable-eap-ttls | |
# Make & install | |
make && make install | |
# IPSec start | |
ipsec start | |
# IPSec reload configuration | |
ipsec reload | |
# IPSec reload secrets | |
ipsec rereadsecrets | |
# IPSec stop | |
ipsec stop |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>PayloadContent</key> | |
<array> | |
<dict> | |
<key>IKEv2</key> | |
<dict> | |
<key>AuthName</key> | |
<string>{username}</string> | |
<key>AuthPassword</key> | |
<string>{password}</string> | |
<key>AuthenticationMethod</key> | |
<string>SharedSecret</string> | |
<key>ChildSecurityAssociationParameters</key> | |
<dict> | |
<key>DiffieHellmanGroup</key> | |
<integer>2</integer> | |
<key>EncryptionAlgorithm</key> | |
<string>3DES</string> | |
<key>IntegrityAlgorithm</key> | |
<string>SHA1-96</string> | |
<key>LifeTimeInMinutes</key> | |
<integer>1440</integer> | |
</dict> | |
<key>DeadPeerDetectionRate</key> | |
<string>Medium</string> | |
<key>DisableMOBIKE</key> | |
<integer>0</integer> | |
<key>DisableRedirect</key> | |
<integer>0</integer> | |
<key>EnableCertificateRevocationCheck</key> | |
<integer>0</integer> | |
<key>EnablePFS</key> | |
<integer>0</integer> | |
<key>ExtendedAuthEnabled</key> | |
<true/> | |
<key>IKESecurityAssociationParameters</key> | |
<dict> | |
<key>DiffieHellmanGroup</key> | |
<integer>2</integer> | |
<key>EncryptionAlgorithm</key> | |
<string>3DES</string> | |
<key>IntegrityAlgorithm</key> | |
<string>SHA1-96</string> | |
<key>LifeTimeInMinutes</key> | |
<integer>1440</integer> | |
</dict> | |
<key>LocalIdentifier</key> | |
<string>{rightid}</string> | |
<key>RemoteAddress</key> | |
<string>{your_server_address}</string> | |
<key>RemoteIdentifier</key> | |
<string>{leftid}</string> | |
<key>SharedSecret</key> | |
<string>{your_psk}</string> | |
<key>UseConfigurationAttributeInternalIPSubnet</key> | |
<integer>0</integer> | |
</dict> | |
<key>IPv4</key> | |
<dict> | |
<key>OverridePrimary</key> | |
<integer>1</integer> | |
</dict> | |
<key>PayloadDescription</key> | |
<string>Configures VPN settings</string> | |
<key>PayloadDisplayName</key> | |
<string>VPN</string> | |
<key>PayloadIdentifier</key> | |
<string>com.apple.vpn.managed.FBFBDEF8-5B16-4863-91C1-7E2A68F848A3</string> | |
<key>PayloadType</key> | |
<string>com.apple.vpn.managed</string> | |
<key>PayloadUUID</key> | |
<string>425A1628-E99B-4547-966E-5B967CF1F5EA</string> | |
<key>PayloadVersion</key> | |
<real>1</real> | |
<key>Proxies</key> | |
<dict> | |
<key>HTTPEnable</key> | |
<integer>0</integer> | |
<key>HTTPSEnable</key> | |
<integer>0</integer> | |
</dict> | |
<key>UserDefinedName</key> | |
<string>JP</string> | |
<key>VPNType</key> | |
<string>IKEv2</string> | |
<key>VendorConfig</key> | |
<dict/> | |
</dict> | |
</array> | |
<key>PayloadDisplayName</key> | |
<string>IKEv2</string> | |
<key>PayloadIdentifier</key> | |
<string>C7918ABA-8DE8-40ED-A3AE-994CD40ACE22</string> | |
<key>PayloadRemovalDisallowed</key> | |
<false/> | |
<key>PayloadType</key> | |
<string>Configuration</string> | |
<key>PayloadUUID</key> | |
<string>9697F3C2-FF20-4981-A0C4-AA36BA78EEEA</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</plist> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Add ip tables | |
iptables -A INPUT -p udp --dport 500 -j ACCEPT | |
iptables -A INPUT -p udp --dport 4500 -j ACCEPT | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
iptables -t nat -A POSTROUTING -s 10.99.1.0/24 -o eth0 -j MASQUERADE | |
iptables -A FORWARD -s 10.99.1.0/24 -j ACCEPT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ipsec.conf - strongSwan IPsec configuration file | |
# basic configuration | |
config setup | |
strictcrlpolicy=no | |
uniqueids = no | |
# IKEv2 for iOS | |
conn iOS-IKEV2 | |
auto=add | |
dpdaction=clear | |
keyexchange=ikev2 | |
#left | |
left=%any | |
leftsubnet=0.0.0.0/0 | |
leftauth=psk | |
leftid=im.zorro.ipsec.server | |
#right | |
right=%any | |
rightsourceip=10.99.1.0/24 | |
rightauth=eap-mschapv2 | |
rightid=im.zorro.ipsec.client |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
: PSK yourpresharedkey | |
u1 : EAP "password" | |
u2 : EAP "password" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# strongswan.conf - strongSwan configuration file | |
# | |
# Refer to the strongswan.conf(5) manpage for details | |
# | |
# Configuration changes should be made in the included files | |
charon { | |
load_modular = yes | |
dns1 = 8.8.8.8 | |
dns2 = 8.8.4.4 | |
plugins { | |
include strongswan.d/charon/*.conf | |
} | |
} | |
include strongswan.d/*.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@cuitao3000 IP table 配对了?