mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-29 08:06:04 +03:00
Code Issues Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
hwdsl2 2022-07-06 01:11:24 -05:00
parent f4b28c5f2c
commit 19053cb9d7
2 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/ikev2-howto-zh.md
View File

@ -79,9 +79,14 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
```console ```console
# 创建 VPN 连接(将服务器地址换成你自己的值) # 创建 VPN 连接(将服务器地址换成你自己的值)
powershell -command "Add-VpnConnection -ServerAddress '你的 VPN 服务器 IP或者域名' -Name 'My IKEv2 VPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru" powershell -command "Add-VpnConnection -ServerAddress '你的 VPN 服务器 IP或者域名' ^
-Name 'My IKEv2 VPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate ^
-EncryptionLevel Required -PassThru"
# 设置 IPsec 参数 # 设置 IPsec 参数
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'My IKEv2 VPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force" powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'My IKEv2 VPN' ^
-AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 ^
-EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None ^
-DHGroup Group14 -PassThru -Force"
``` ```
**Windows 7** 不支持这些命令,你可以 [手动创建 VPN 连接](https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config)。 **Windows 7** 不支持这些命令,你可以 [手动创建 VPN 连接](https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config)。
@ -426,9 +431,11 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
/ip ipsec mode-config add name=ike2-rw responder=no src-address-list=local /ip ipsec mode-config add name=ike2-rw responder=no src-address-list=local
/ip ipsec policy group add name=ike2-rw /ip ipsec policy group add name=ike2-rw
/ip ipsec profile add name=ike2-rw /ip ipsec profile add name=ike2-rw
/ip ipsec peer add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw /ip ipsec peer add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 \
name=ike2-rw-client profile=ike2-rw
/ip ipsec proposal add name=ike2-rw pfs-group=none /ip ipsec proposal add name=ike2-rw pfs-group=none
/ip ipsec identity add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \ /ip ipsec identity add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE \
generate-policy=port-strict mode-config=ike2-rw \
peer=ike2-rw-client policy-template-group=ike2-rw peer=ike2-rw-client policy-template-group=ike2-rw
/ip ipsec policy add group=ike2-rw proposal=ike2-rw template=yes /ip ipsec policy add group=ike2-rw proposal=ike2-rw template=yes
``` ```

15
docs/ikev2-howto.md
View File

@ -79,9 +79,14 @@ Alternatively, **Windows 7, 8, 10 and 11** users can manually import IKEv2 confi
```console ```console
# Create VPN connection (replace server address with your own value) # Create VPN connection (replace server address with your own value)
powershell -command "Add-VpnConnection -ServerAddress 'Your VPN Server IP (or DNS name)' -Name 'My IKEv2 VPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru" powershell -command "Add-VpnConnection -ServerAddress 'Your VPN Server IP (or DNS name)' ^
-Name 'My IKEv2 VPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate ^
-EncryptionLevel Required -PassThru"
# Set IPsec configuration # Set IPsec configuration
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'My IKEv2 VPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force" powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'My IKEv2 VPN' ^
-AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 ^
-EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None ^
-DHGroup Group14 -PassThru -Force"
``` ```
**Windows 7** does not support these commands, you can [manually create the VPN connection](https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config). **Windows 7** does not support these commands, you can [manually create the VPN connection](https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config).
@ -428,9 +433,11 @@ for the entire network, or use `192.168.0.10` for just one device, and so on.
/ip ipsec mode-config add name=ike2-rw responder=no src-address-list=local /ip ipsec mode-config add name=ike2-rw responder=no src-address-list=local
/ip ipsec policy group add name=ike2-rw /ip ipsec policy group add name=ike2-rw
/ip ipsec profile add name=ike2-rw /ip ipsec profile add name=ike2-rw
/ip ipsec peer add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw /ip ipsec peer add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 \
name=ike2-rw-client profile=ike2-rw
/ip ipsec proposal add name=ike2-rw pfs-group=none /ip ipsec proposal add name=ike2-rw pfs-group=none
/ip ipsec identity add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \ /ip ipsec identity add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE \
generate-policy=port-strict mode-config=ike2-rw \
peer=ike2-rw-client policy-template-group=ike2-rw peer=ike2-rw-client policy-template-group=ike2-rw
/ip ipsec policy add group=ike2-rw proposal=ike2-rw template=yes /ip ipsec policy add group=ike2-rw proposal=ike2-rw template=yes
``` ```