我现在正在配置 strongswan 服务器,想使用 strongswan android 客户端进行测试。我按如下方式配置了 ipsec.conf、strongswan.conf 和 ipsec.secrets,但无法从 android 客户端登录。
有人可以给我一些建议或建议我做错了什么吗?
[ipsec.conf]
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
charonstart=yes
plutostart=no
charondebug = "ike 4, knl 3, cfg 0"
#
# Jason Choi - 32 Network
#
conn jchoi32
left=192.16.1.40
leftfirewall=yes
leftsubnet=0.0.0.0/0
[email protected]
rightsourceip=10.20.16.234
keyexchange=ikev2
ike=modp768-modp1024-modp1536-modp2048-modp3072-modp4096-modp6144-modp8192-md5-sha1-aesxcbc-des-3des-aes128-aes256-blowfish
esp=md5-sha1-aesxcbc-des-3des-aes128-aes256
rightsendcert=never
rightauth=eap-radius
eap_identity=%any
auto=add
# dpdaction=clear
[strongswan.conf]
# strongswan.conf - strongSwan configuration file
charon {
filelog {
/var/log/charon.log {
time_format = %b %e %T
append = no
default = 1
flush_line = yes
}
stderr {
ike = 2
knl = 3
ike_name = yes
}
}
syslog {
identifier = charon-custom
daemon {
}
auth {
default = -1
ike = 0
}
}
# number of worker threads in charon
threads = 16
# send strongswan vendor ID?
# send_vendor_id = yes
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
eap-radius {
#class_group = yes
eap_start = no
servers {
TEST-Radius {
address = 10.20.16.135
secret = test123
#nas_identifier = ipsec-gateway
#sockets = 20
#port = 1812
}
}
}
}
dns1 = 10.20.16.51
dns2 = 4.2.2.1
# inactivity_close_ike = yes
retransmit_tries = 3
#
# NAT Keep Alive interval
#
keep_alive = 30s
# ...
}
pluto {
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
}
[ipsec.secrets]
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created private key
[email protected] : EAP "ABCD.1234.EFGH"
192.16.1.40 55.105.28.74 : PSK SecretKeyWithPadding
%any : PSK SecretKeyWithPadding
====================
提前致谢!
杰森