From 0199df03698997fe6a797c3e57ef0fc7f9257c57 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Thu, 21 Jan 2021 01:39:05 -0600 Subject: [PATCH] Update IKEv2 docs --- docs/ikev2-howto-zh.md | 21 +++++++++++++++++++++ docs/ikev2-howto.md | 21 +++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 078c53c..7b3d32f 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -59,6 +59,8 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto 详细的操作步骤: https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs + **注:** Ubuntu 18.04 用户在尝试将生成的 `.p12` 文件导入到 Windows 时可能会遇到错误 "输入的密码不正确"。参见 [已知问题](#已知问题)。 + 1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接: https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config @@ -497,6 +499,25 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto 1. Windows 自带的 VPN 客户端可能不支持 IKEv2 fragmentation(该功能需要 Windows 10 v1803 或更新版本)。在有些网络上,这可能会导致连接错误或其它连接问题。你可以尝试换用 IPsec/L2TPIPsec/XAuth 模式。 1. Ubuntu 18.04 用户在尝试将生成的 `.p12` 文件导入到 Windows 时可能会遇到错误 "输入的密码不正确"。这是由 `NSS` 中的一个问题导致的。更多信息请看 这里。 +
+ + Ubuntu 18.04 上的 NSS 问题的解决方法 + + + 首先安装更新版本的 `libnss3` 相关的软件包: + + ``` + wget http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3_3.49.1-1ubuntu1.5_amd64.deb + wget http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb + wget http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb + apt-get -y update + apt-get -y install "./libnss3_3.49.1-1ubuntu1.5_amd64.deb" \ + "./libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb" \ + "./libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb" + ``` + + 然后重新 [导出 IKEv2 客户端的配置](#导出一个已有的客户端的配置)。 +
1. 如果你使用 strongSwan Android VPN 客户端,则必须将服务器上的 Libreswan 升级到版本 3.26 或以上。 ## 移除 IKEv2 diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 5ef16f3..6d8963e 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -59,6 +59,8 @@ The script must be run usi Detailed instructions: https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs + **Note:** Ubuntu 18.04 users may encounter the error "The password you entered is incorrect" when trying to import the generated `.p12` file into Windows. See [Known issues](#known-issues). + 1. On the Windows computer, add a new IKEv2 VPN connection: https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config @@ -497,6 +499,25 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th 1. The built-in VPN client in Windows may not support IKEv2 fragmentation (this feature requires Windows 10 v1803 or newer). On some networks, this can cause the connection to fail or have other issues. You may instead try the IPsec/L2TP or IPsec/XAuth mode. 1. Ubuntu 18.04 users may encounter the error "The password you entered is incorrect" when trying to import the generated `.p12` file into Windows. This is due to a bug in `NSS`. Read more here. +
+ + Workaround for the NSS bug on Ubuntu 18.04 + + + First, install newer versions of `libnss3` related packages: + + ``` + wget http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3_3.49.1-1ubuntu1.5_amd64.deb + wget http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb + wget http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb + apt-get -y update + apt-get -y install "./libnss3_3.49.1-1ubuntu1.5_amd64.deb" \ + "./libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb" \ + "./libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb" + ``` + + After that, [export configuration for the IKEv2 client](#export-configuration-for-an-existing-client) again. +
1. If using the strongSwan Android VPN client, you must upgrade Libreswan on your server to version 3.26 or above. ## Remove IKEv2