Update IKEv2 docs
- Update macOS and iOS IKEv2 instructions
This commit is contained in:
parent
0dfe0d3021
commit
4b28ce5de9
@ -178,7 +178,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
|
|||||||
|
|
||||||
**注:** 如需同时连接多个客户端,则必须为每个客户端生成唯一的证书。
|
**注:** 如需同时连接多个客户端,则必须为每个客户端生成唯一的证书。
|
||||||
|
|
||||||
1. (适用于 macOS 和 iOS 客户端) 导出 CA 证书到 `vpnca.cer`:
|
1. (适用于 iOS 客户端) 导出 CA 证书到 `vpnca.cer`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
certutil -L -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" -a -o vpnca.cer
|
certutil -L -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" -a -o vpnca.cer
|
||||||
@ -217,7 +217,7 @@ VPN 服务器上的 IKEv2 配置到此已完成。按照下面的步骤配置你
|
|||||||
* [OS X (macOS)](#os-x-macos)
|
* [OS X (macOS)](#os-x-macos)
|
||||||
* [Android 10 和更新版本](#android-10-和更新版本)
|
* [Android 10 和更新版本](#android-10-和更新版本)
|
||||||
* [Android 4.x to 9.x](#android-4x-to-9x)
|
* [Android 4.x to 9.x](#android-4x-to-9x)
|
||||||
* [iOS (iPhone/iPad)](#ios-iphoneipad)
|
* [iOS (iPhone/iPad)](#ios)
|
||||||
|
|
||||||
### Windows 7, 8.x 和 10
|
### Windows 7, 8.x 和 10
|
||||||
|
|
||||||
@ -236,7 +236,7 @@ VPN 服务器上的 IKEv2 配置到此已完成。按照下面的步骤配置你
|
|||||||
|
|
||||||
### OS X (macOS)
|
### OS X (macOS)
|
||||||
|
|
||||||
首先,将文件 `vpnca.cer` 和 `vpnclient.p12` 安全地传送到你的 Mac,然后双击它们并逐个导入到 **钥匙串访问** 中的 **登录** 钥匙串。下一步,双击刚才导入的 `IKEv2 VPN CA` 证书,展开 **信任** 并从 **IP 安全 (IPsec)** 下拉菜单中选择 **始终信任**。在完成之后,检查并确保 `vpnclient` 和 `IKEv2 VPN CA` 都显示在 **登录** 钥匙串 的 **证书** 类别中。
|
首先,将文件 `vpnclient.p12` 安全地传送到你的 Mac,然后双击以导入到 **钥匙串访问** 中的 **登录** 钥匙串。下一步,双击导入的 `IKEv2 VPN CA` 证书,展开 **信任** 并从 **IP 安全 (IPsec)** 下拉菜单中选择 **始终信任**。在完成之后,检查并确保 `vpnclient` 和 `IKEv2 VPN CA` 都显示在 **登录** 钥匙串 的 **证书** 类别中。
|
||||||
|
|
||||||
1. 打开系统偏好设置并转到网络部分。
|
1. 打开系统偏好设置并转到网络部分。
|
||||||
1. 在窗口左下角单击 **+** 按钮。
|
1. 在窗口左下角单击 **+** 按钮。
|
||||||
@ -282,9 +282,15 @@ VPN 服务器上的 IKEv2 配置到此已完成。按照下面的步骤配置你
|
|||||||
**注:** 要查找 `.p12` 文件,单击左上角的抽拉式菜单,然后单击你的设备名称。
|
**注:** 要查找 `.p12` 文件,单击左上角的抽拉式菜单,然后单击你的设备名称。
|
||||||
1. 保存新的 VPN 连接,然后单击它以开始连接。
|
1. 保存新的 VPN 连接,然后单击它以开始连接。
|
||||||
|
|
||||||
### iOS (iPhone/iPad)
|
### iOS
|
||||||
|
|
||||||
首先,将文件 `vpnca.cer` 和 `vpnclient.p12` 安全地传送到你的 iOS 设备,并且逐个导入为 iOS 配置描述文件。你可以使用 AirDrop (隔空投送)来传输文件。或者,你也可以将文件放在一个你的安全的托管网站上,然后在 Mobile Safari 中下载并导入它们。在完成之后,检查并确保 `vpnclient` 和 `IKEv2 VPN CA` 都显示在设置 -> 通用 -> 描述文件中。
|
首先,将文件 `vpnca.cer` 和 `vpnclient.p12` 安全地传送到你的 iOS 设备,并且逐个导入为 iOS 配置描述文件。要传送文件,你可以使用:
|
||||||
|
|
||||||
|
1. AirDrop (隔空投送),或者
|
||||||
|
1. 将文件上传到设备,在 "文件" 应用程序中单击它们,然后到 "设置" 中导入,或者
|
||||||
|
1. 将文件放在一个你的安全的托管网站上,然后在 Mobile Safari 中下载并导入它们。
|
||||||
|
|
||||||
|
在完成之后,检查并确保 `vpnclient` 和 `IKEv2 VPN CA` 都显示在设置 -> 通用 -> 描述文件中。
|
||||||
|
|
||||||
1. 进入设置 -> 通用 -> VPN。
|
1. 进入设置 -> 通用 -> VPN。
|
||||||
1. 单击 **添加VPN配置...**。
|
1. 单击 **添加VPN配置...**。
|
||||||
|
@ -178,7 +178,7 @@ The following example shows how to configure IKEv2 with Libreswan. Commands belo
|
|||||||
|
|
||||||
**Note:** To connect multiple VPN clients simultaneously, you must generate a unique certificate for each.
|
**Note:** To connect multiple VPN clients simultaneously, you must generate a unique certificate for each.
|
||||||
|
|
||||||
1. (For macOS and iOS clients) Export the CA certificate as `vpnca.cer`:
|
1. (For iOS clients) Export the CA certificate as `vpnca.cer`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
certutil -L -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" -a -o vpnca.cer
|
certutil -L -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" -a -o vpnca.cer
|
||||||
@ -217,7 +217,7 @@ The IKEv2 setup on the VPN server is now complete. Follow instructions below to
|
|||||||
* [OS X (macOS)](#os-x-macos)
|
* [OS X (macOS)](#os-x-macos)
|
||||||
* [Android 10 and newer](#android-10-and-newer)
|
* [Android 10 and newer](#android-10-and-newer)
|
||||||
* [Android 4.x to 9.x](#android-4x-to-9x)
|
* [Android 4.x to 9.x](#android-4x-to-9x)
|
||||||
* [iOS (iPhone/iPad)](#ios-iphoneipad)
|
* [iOS (iPhone/iPad)](#ios)
|
||||||
|
|
||||||
### Windows 7, 8.x and 10
|
### Windows 7, 8.x and 10
|
||||||
|
|
||||||
@ -236,7 +236,7 @@ The IKEv2 setup on the VPN server is now complete. Follow instructions below to
|
|||||||
|
|
||||||
### OS X (macOS)
|
### OS X (macOS)
|
||||||
|
|
||||||
First, securely transfer both `vpnca.cer` and `vpnclient.p12` to your Mac, then double-click to import them one by one into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. When finished, check to make sure both `vpnclient` and `IKEv2 VPN CA` are listed under the **Certificates** category of **login** keychain.
|
First, securely transfer `vpnclient.p12` to your Mac, then double-click to import into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. When finished, check to make sure both `vpnclient` and `IKEv2 VPN CA` are listed under the **Certificates** category of **login** keychain.
|
||||||
|
|
||||||
1. Open System Preferences and go to the Network section.
|
1. Open System Preferences and go to the Network section.
|
||||||
1. Click the **+** button in the lower-left corner of the window.
|
1. Click the **+** button in the lower-left corner of the window.
|
||||||
@ -282,9 +282,15 @@ First, securely transfer both `vpnca.cer` and `vpnclient.p12` to your Mac, then
|
|||||||
**Note:** To find the `.p12` file, click on the three-line menu button, then click on your device name.
|
**Note:** To find the `.p12` file, click on the three-line menu button, then click on your device name.
|
||||||
1. Save the new VPN connection, then tap to connect.
|
1. Save the new VPN connection, then tap to connect.
|
||||||
|
|
||||||
### iOS (iPhone/iPad)
|
### iOS
|
||||||
|
|
||||||
First, securely transfer both `vpnca.cer` and `vpnclient.p12` to your iOS device, then import them one by one as iOS profiles. To transfer the files, you may use AirDrop. Alternatively, host the files on a secure website of yours, then download and import them in Mobile Safari. When finished, check to make sure both `vpnclient` and `IKEv2 VPN CA` are listed under Settings -> General -> Profiles.
|
First, securely transfer both `vpnca.cer` and `vpnclient.p12` to your iOS device, then import them one by one as iOS profiles. To transfer the files, you may use:
|
||||||
|
|
||||||
|
1. AirDrop, or
|
||||||
|
1. Upload the files to your device, tap them in the "Files" app, then go to "Settings" and import, or
|
||||||
|
1. Host the files on a secure website of yours, then download and import them in Mobile Safari.
|
||||||
|
|
||||||
|
When finished, check to make sure both `vpnclient` and `IKEv2 VPN CA` are listed under Settings -> General -> Profiles.
|
||||||
|
|
||||||
1. Go to Settings -> General -> VPN.
|
1. Go to Settings -> General -> VPN.
|
||||||
1. Tap **Add VPN Configuration...**.
|
1. Tap **Add VPN Configuration...**.
|
||||||
|
Loading…
Reference in New Issue
Block a user