1
0
mirror of synced 2024-11-25 06:16:07 +03:00

Update docs

- Update IKEv2 instructions for Linux clients.
  Ref: #1282
This commit is contained in:
hwdsl2 2022-11-26 10:51:01 -06:00
parent 651c404bf6
commit 8817e6f924
2 changed files with 4 additions and 0 deletions

View File

@ -419,6 +419,8 @@ sudo yum --enablerepo=epel install NetworkManager-strongswan-gnome
# 示例:提取 CA 证书,客户端证书和私钥。在完成后可以删除 .p12 文件。 # 示例:提取 CA 证书,客户端证书和私钥。在完成后可以删除 .p12 文件。
# 注:你可能需要输入 import password它可以在 IKEv2 辅助脚本的输出中找到。 # 注:你可能需要输入 import password它可以在 IKEv2 辅助脚本的输出中找到。
# 如果在脚本的输出中没有 import password请按回车键继续。 # 如果在脚本的输出中没有 import password请按回车键继续。
# 注:如果使用 OpenSSL 3.x (运行 "openssl version" 进行检查)
# 请将 "-legacy" 附加到下面的 3 个命令。
openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ca.cer openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ca.cer
openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out client.cer openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out client.cer
openssl pkcs12 -in vpnclient.p12 -nocerts -nodes -out client.key openssl pkcs12 -in vpnclient.p12 -nocerts -nodes -out client.key

View File

@ -421,6 +421,8 @@ Next, securely transfer the generated `.p12` file from the VPN server to your Li
# Note: You may need to enter the import password, which can be found # Note: You may need to enter the import password, which can be found
# in the output of the IKEv2 helper script. If the output does not # in the output of the IKEv2 helper script. If the output does not
# contain an import password, press Enter to continue. # contain an import password, press Enter to continue.
# Note: If using OpenSSL 3.x (run "openssl version" to check),
# append "-legacy" to the 3 commands below.
openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ca.cer openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ca.cer
openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out client.cer openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out client.cer
openssl pkcs12 -in vpnclient.p12 -nocerts -nodes -out client.key openssl pkcs12 -in vpnclient.p12 -nocerts -nodes -out client.key