1
0
mirror of synced 2024-12-01 17:16:02 +03:00

Update IKEv2 docs

- Update macOS and iOS IKEv2 instructions
This commit is contained in:
hwdsl2 2019-11-10 19:32:29 -08:00
parent 0dfe0d3021
commit 4b28ce5de9
2 changed files with 22 additions and 10 deletions

View File

@ -178,7 +178,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
**注:** 如需同时连接多个客户端,则必须为每个客户端生成唯一的证书。 **注:** 如需同时连接多个客户端,则必须为每个客户端生成唯一的证书。
1. (适用于 macOS 和 iOS 客户端) 导出 CA 证书到 `vpnca.cer` 1. (适用于 iOS 客户端) 导出 CA 证书到 `vpnca.cer`
```bash ```bash
certutil -L -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" -a -o vpnca.cer certutil -L -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" -a -o vpnca.cer
@ -217,7 +217,7 @@ VPN 服务器上的 IKEv2 配置到此已完成。按照下面的步骤配置你
* [OS X (macOS)](#os-x-macos) * [OS X (macOS)](#os-x-macos)
* [Android 10 和更新版本](#android-10-和更新版本) * [Android 10 和更新版本](#android-10-和更新版本)
* [Android 4.x to 9.x](#android-4x-to-9x) * [Android 4.x to 9.x](#android-4x-to-9x)
* [iOS (iPhone/iPad)](#ios-iphoneipad) * [iOS (iPhone/iPad)](#ios)
### Windows 7, 8.x 和 10 ### Windows 7, 8.x 和 10
@ -236,7 +236,7 @@ VPN 服务器上的 IKEv2 配置到此已完成。按照下面的步骤配置你
### OS X (macOS) ### OS X (macOS)
首先,将文件 `vpnca.cer` 和 `vpnclient.p12` 安全地传送到你的 Mac然后双击它们并逐个导入到 **钥匙串访问** 中的 **登录** 钥匙串。下一步,双击刚才导入的 `IKEv2 VPN CA` 证书,展开 **信任** 并从 **IP 安全 (IPsec)** 下拉菜单中选择 **始终信任**。在完成之后,检查并确保 `vpnclient``IKEv2 VPN CA` 都显示在 **登录** 钥匙串 的 **证书** 类别中。 首先,将文件 `vpnclient.p12` 安全地传送到你的 Mac然后双击导入到 **钥匙串访问** 中的 **登录** 钥匙串。下一步,双击导入的 `IKEv2 VPN CA` 证书,展开 **信任** 并从 **IP 安全 (IPsec)** 下拉菜单中选择 **始终信任**。在完成之后,检查并确保 `vpnclient``IKEv2 VPN CA` 都显示在 **登录** 钥匙串 的 **证书** 类别中。
1. 打开系统偏好设置并转到网络部分。 1. 打开系统偏好设置并转到网络部分。
1. 在窗口左下角单击 **+** 按钮。 1. 在窗口左下角单击 **+** 按钮。
@ -282,9 +282,15 @@ VPN 服务器上的 IKEv2 配置到此已完成。按照下面的步骤配置你
**注:** 要查找 `.p12` 文件,单击左上角的抽拉式菜单,然后单击你的设备名称。 **注:** 要查找 `.p12` 文件,单击左上角的抽拉式菜单,然后单击你的设备名称。
1. 保存新的 VPN 连接,然后单击它以开始连接。 1. 保存新的 VPN 连接,然后单击它以开始连接。
### iOS (iPhone/iPad) ### iOS
首先,将文件 `vpnca.cer``vpnclient.p12` 安全地传送到你的 iOS 设备,并且逐个导入为 iOS 配置描述文件。你可以使用 AirDrop (隔空投送)来传输文件。或者,你也可以将文件放在一个你的安全的托管网站上,然后在 Mobile Safari 中下载并导入它们。在完成之后,检查并确保 `vpnclient``IKEv2 VPN CA` 都显示在设置 -> 通用 -> 描述文件中。 首先,将文件 `vpnca.cer``vpnclient.p12` 安全地传送到你的 iOS 设备,并且逐个导入为 iOS 配置描述文件。要传送文件,你可以使用:
1. AirDrop (隔空投送),或者
1. 将文件上传到设备,在 "文件" 应用程序中单击它们,然后到 "设置" 中导入,或者
1. 将文件放在一个你的安全的托管网站上,然后在 Mobile Safari 中下载并导入它们。
在完成之后,检查并确保 `vpnclient``IKEv2 VPN CA` 都显示在设置 -> 通用 -> 描述文件中。
1. 进入设置 -> 通用 -> VPN。 1. 进入设置 -> 通用 -> VPN。
1. 单击 **添加VPN配置...** 1. 单击 **添加VPN配置...**

View File

@ -178,7 +178,7 @@ The following example shows how to configure IKEv2 with Libreswan. Commands belo
**Note:** To connect multiple VPN clients simultaneously, you must generate a unique certificate for each. **Note:** To connect multiple VPN clients simultaneously, you must generate a unique certificate for each.
1. (For macOS and iOS clients) Export the CA certificate as `vpnca.cer`: 1. (For iOS clients) Export the CA certificate as `vpnca.cer`:
```bash ```bash
certutil -L -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" -a -o vpnca.cer certutil -L -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" -a -o vpnca.cer
@ -217,7 +217,7 @@ The IKEv2 setup on the VPN server is now complete. Follow instructions below to
* [OS X (macOS)](#os-x-macos) * [OS X (macOS)](#os-x-macos)
* [Android 10 and newer](#android-10-and-newer) * [Android 10 and newer](#android-10-and-newer)
* [Android 4.x to 9.x](#android-4x-to-9x) * [Android 4.x to 9.x](#android-4x-to-9x)
* [iOS (iPhone/iPad)](#ios-iphoneipad) * [iOS (iPhone/iPad)](#ios)
### Windows 7, 8.x and 10 ### Windows 7, 8.x and 10
@ -236,7 +236,7 @@ The IKEv2 setup on the VPN server is now complete. Follow instructions below to
### OS X (macOS) ### OS X (macOS)
First, securely transfer both `vpnca.cer` and `vpnclient.p12` to your Mac, then double-click to import them one by one into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. When finished, check to make sure both `vpnclient` and `IKEv2 VPN CA` are listed under the **Certificates** category of **login** keychain. First, securely transfer `vpnclient.p12` to your Mac, then double-click to import into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. When finished, check to make sure both `vpnclient` and `IKEv2 VPN CA` are listed under the **Certificates** category of **login** keychain.
1. Open System Preferences and go to the Network section. 1. Open System Preferences and go to the Network section.
1. Click the **+** button in the lower-left corner of the window. 1. Click the **+** button in the lower-left corner of the window.
@ -282,9 +282,15 @@ First, securely transfer both `vpnca.cer` and `vpnclient.p12` to your Mac, then
**Note:** To find the `.p12` file, click on the three-line menu button, then click on your device name. **Note:** To find the `.p12` file, click on the three-line menu button, then click on your device name.
1. Save the new VPN connection, then tap to connect. 1. Save the new VPN connection, then tap to connect.
### iOS (iPhone/iPad) ### iOS
First, securely transfer both `vpnca.cer` and `vpnclient.p12` to your iOS device, then import them one by one as iOS profiles. To transfer the files, you may use AirDrop. Alternatively, host the files on a secure website of yours, then download and import them in Mobile Safari. When finished, check to make sure both `vpnclient` and `IKEv2 VPN CA` are listed under Settings -> General -> Profiles. First, securely transfer both `vpnca.cer` and `vpnclient.p12` to your iOS device, then import them one by one as iOS profiles. To transfer the files, you may use:
1. AirDrop, or
1. Upload the files to your device, tap them in the "Files" app, then go to "Settings" and import, or
1. Host the files on a secure website of yours, then download and import them in Mobile Safari.
When finished, check to make sure both `vpnclient` and `IKEv2 VPN CA` are listed under Settings -> General -> Profiles.
1. Go to Settings -> General -> VPN. 1. Go to Settings -> General -> VPN.
1. Tap **Add VPN Configuration...**. 1. Tap **Add VPN Configuration...**.