服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Strongswan IKEv2适用于iOS设备
Intereting Posts
如何确保一个进程始终在特定工作站上的任何交互式login下运行? 强制代理设置(Solaris \ Linux) 想要build立什么MySQL数据库是“旧” 使用代理获取所有HTTPstream量 authentication电子邮件以获得更可靠的交付 X86 Solaris引导失败 Ubuntu的Apache https连接需要很长时间 完整的组织authentication,没有域名 – 可能吗? 通过无线进行成像是否可行和/或可行? 通过无线PXE启动? nginx文件夹redirect 考虑到每个networking都有自己的子网和DHCP服务器,我应该如何桥接两个networking? 免费的硬盘诊断工具 在具有多个IP的Ubuntu服务器上设置默认传出IP 消除networking服务器的单点故障? 如何看到命令的标准

Strongswan IKEv2适用于iOS设备

我想在iOS设备上连接Strongswan IKEv2 VPN。 它使用FreeRADIUS服务器为用户的AAA。

它已经在Android和Windows设备上完美运行。 但是当我尝试使用iOS设备进行连接时,会显示下面的日志。 我手动制作VPNconfiguration文件并手动安装.p12证书以进行服务器身份validation 

server hostname: nas.example.com server ip: 89.89.89.89 client ip: 99.99.99.99

ipsec.conf文件 

 config setup charondebug="all" uniqueids=no conn ikev2-vpn auto=add compress=yes type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes ike=aes256-sha1-modp1024,3des-sha1-modp1024! esp=aes256-sha1,3des-sha1! dpdaction=clear dpddelay=3600s dpdtimeout=5s rekey=no left=%any leftid=89.89.89.89 leftcert=vpn-server-cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-radius #rightauth=eap-mschapv2 rightdns=8.8.8.8,8.8.4.4 rightsourceip=10.10.10.0/24 rightsendcert=never eap_identity=%identity

服务器端日志 

 Oct 06 02:14:43 nas.example.com charon[3607]: 13[NET] sending packet: from 89.89.89.89[4500] to 99.99.99.99[4500] (792 bytes) Oct 06 02:15:00 nas.example.com charon[3607]: 14[NET] received packet: from 99.99.99.99[500] to 89.89.89.89[500] (604 bytes) Oct 06 02:15:00 nas.example.com charon[3607]: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] Oct 06 02:15:00 nas.example.com charon[3607]: 14[IKE] 99.99.99.99 is initiating an IKE_SA Oct 06 02:15:00 nas.example.com charon[3607]: 14[IKE] 99.99.99.99 is initiating an IKE_SA Oct 06 02:15:00 nas.example.com charon[3607]: 14[IKE] remote host is behind NAT Oct 06 02:15:00 nas.example.com charon[3607]: 14[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024 Oct 06 02:15:00 nas.example.com charon[3607]: 14[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] Oct 06 02:15:00 nas.example.com charon[3607]: 14[NET] sending packet: from 89.89.89.89[500] to 99.99.99.99[500] (38 bytes) Oct 06 02:15:01 nas.example.com charon[3607]: 15[NET] received packet: from 99.99.99.99[500] to 89.89.89.89[500] (476 bytes) Oct 06 02:15:01 nas.example.com charon[3607]: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] Oct 06 02:15:01 nas.example.com charon[3607]: 15[IKE] 99.99.99.99 is initiating an IKE_SA Oct 06 02:15:01 nas.example.com charon[3607]: 15[IKE] 99.99.99.99 is initiating an IKE_SA Oct 06 02:15:01 nas.example.com charon[3607]: 15[IKE] remote host is behind NAT Oct 06 02:15:01 nas.example.com charon[3607]: 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] Oct 06 02:15:01 nas.example.com charon[3607]: 15[NET] sending packet: from 89.89.89.89[500] to 99.99.99.99[500] (316 bytes) Oct 06 02:15:01 nas.example.com charon[3607]: 03[NET] received packet: from 99.99.99.99[4500] to 89.89.89.89[4500] (484 bytes) Oct 06 02:15:01 nas.example.com charon[3607]: 03[ENC] unknown attribute type (25) Oct 06 02:15:01 nas.example.com charon[3607]: 03[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] Oct 06 02:15:01 nas.example.com charon[3607]: 03[CFG] looking for peer configs matching 89.89.89.89[89.89.89.89]...99.99.99.99[varun] Oct 06 02:15:01 nas.example.com charon[3607]: 03[CFG] selected peer config 'ikev2-vpn' Oct 06 02:15:01 nas.example.com charon[3607]: 03[IKE] initiating EAP_IDENTITY method (id 0x00) Oct 06 02:15:01 nas.example.com charon[3607]: 03[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Oct 06 02:15:01 nas.example.com charon[3607]: 03[IKE] peer supports MOBIKE Oct 06 02:15:01 nas.example.com charon[3607]: 03[IKE] authentication of '89.89.89.89' (myself) with RSA signature successful Oct 06 02:15:01 nas.example.com charon[3607]: 03[IKE] sending end entity cert "C=US, O=nas.example.com, CN=89.89.89.89" Oct 06 02:15:01 nas.example.com charon[3607]: 03[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] Oct 06 02:15:01 nas.example.com charon[3607]: 03[ENC] splitting IKE message with length of 1980 bytes into 2 fragments Oct 06 02:15:01 nas.example.com charon[3607]: 03[ENC] generating IKE_AUTH response 1 [ EF(1/2) ] Oct 06 02:15:01 nas.example.com charon[3607]: 03[ENC] generating IKE_AUTH response 1 [ EF(2/2) ] Oct 06 02:15:01 nas.example.com charon[3607]: 03[NET] sending packet: from 89.89.89.89[4500] to 99.99.99.99[4500] (1248 bytes) Oct 06 02:15:01 nas.example.com charon[3607]: 03[NET] sending packet: from 89.89.89.89[4500] to 99.99.99.99[4500] (792 bytes) Oct 06 02:15:12 nas.example.com charon[3607]: 16[JOB] deleting half open IKE_SA with 99.99.99.99 after timeout

任何帮助将不胜感激。 谢谢