-
-
Save liongkj/47ce0198e5fa78d77b82cf88239dd114 to your computer and use it in GitHub Desktop.
上海交大vpn Linux设置 strongSwan IKEv2 configurations for SJTU VPN
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download strongSwan | |
| wget https://download.strongswan.org/strongswan-5.9.3.tar.gz | |
| # Extract and uncompress | |
| tar -vzxf strongswan-5.9.3.tar.gz | |
| cd strongswan-5.9.3 | |
| sudo apt install build-essential libgmp-dev libssl-dev | |
| # Configure | |
| sudo ./configure --prefix=/usr --sysconfdir=/etc --enable-openssl --enable-nat-transport --disable-mysql --disable-ldap --disable-static --enable-shared --enable-md4 --enable-eap-mschapv2 --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-gtc --enable-eap-identity --enable-eap-md5 --enable-eap-peap --enable-eap-radius --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym --enable-eap-simaka-reauth --enable-eap-simaka-sql --enable-eap-tls --enable-eap-tnc --enable-eap-ttls | |
| # Make & install | |
| sudo make && sudo make install | |
| # copy cacerts | |
| sudo cp -r /etc/ssl/certs/* /etc/ipsec.d/cacerts | |
| # IPSec start | |
| sudo ipsec start | |
| # IPSec reload configuration | |
| sudo ipsec up sjtu |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ipsec.conf - strongSwan IPsec configuration file | |
| # /etc/ipsec.conf | |
| # basic configuration | |
| config setup | |
| strictcrlpolicy=no | |
| uniqueids = no | |
| # IKEv2 for SJTU | |
| conn sjtu | |
| left=%config | |
| leftsourceip=%config | |
| leftauth=eap-gtc | |
| right=stu.vpn.sjtu.edu.cn | |
| rightsubnet=0.0.0.0/0 | |
| rightid=@stu.vpn.sjtu.edu.cn | |
| rightauth=pubkey | |
| eap_identity=jAccount #change to your username | |
| auto=add |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| JACCOUNT: EAP "PASSWORD" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| the properties of the VPN -> Networking tab ->Internet Protocol (TCP/IP) properties, Advanced | |
| -> untick Use default gateway on remote network. | |
| route -p add <lab ip address> mask 255.255.255.255 0.0.0.0 IF <vpn interface no> | |
| #check interface num | |
| netstat -rn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment