Android Strongswan 客户端的 Strongswan 配置

Android Strongswan 客户端的 Strongswan 配置

我现在正在配置 strongswan 服务器,想使用 strongswan android 客户端进行测试。我按如下方式配置了 ipsec.conf、strongswan.conf 和 ipsec.secrets,但无法从 android 客户端登录。

有人可以给我一些建议或建议我做错了什么吗?

[ipsec.conf]
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
    # plutodebug=all
    # crlcheckinterval=600
    # strictcrlpolicy=yes
    # cachecrls=yes
    nat_traversal=yes
    charonstart=yes
    plutostart=no
    charondebug = "ike 4, knl 3, cfg 0"

#
# Jason Choi - 32 Network
#
conn jchoi32
    left=192.16.1.40
    leftfirewall=yes
    leftsubnet=0.0.0.0/0
    [email protected]
    rightsourceip=10.20.16.234
    keyexchange=ikev2
    ike=modp768-modp1024-modp1536-modp2048-modp3072-modp4096-modp6144-modp8192-md5-sha1-aesxcbc-des-3des-aes128-aes256-blowfish
    esp=md5-sha1-aesxcbc-des-3des-aes128-aes256
    rightsendcert=never
    rightauth=eap-radius
    eap_identity=%any
    auto=add
    # dpdaction=clear

[strongswan.conf]
# strongswan.conf - strongSwan configuration file
charon {
   filelog {

     /var/log/charon.log {
     time_format = %b %e %T
     append = no
     default = 1
     flush_line = yes
  }
  stderr {
     ike = 2
     knl = 3
     ike_name = yes
  }
}
syslog {
   identifier = charon-custom
   daemon {
   }
   auth {
      default = -1
      ike = 0
   }
}

# number of worker threads in charon
threads = 16
# send strongswan vendor ID?
# send_vendor_id = yes
plugins {
   sql {
      # loglevel to log into sql database
      loglevel = -1
      # URI to the database
      # database = sqlite:///path/to/file.db
      # database = mysql://user:password@localhost/database
   } 
   eap-radius {
      #class_group = yes
      eap_start = no
      servers {
         TEST-Radius {
            address = 10.20.16.135
            secret = test123
            #nas_identifier = ipsec-gateway
            #sockets = 20
            #port = 1812
         }
      }
   }
}
dns1 = 10.20.16.51
dns2 = 4.2.2.1
# inactivity_close_ike = yes
retransmit_tries = 3
#
# NAT Keep Alive interval
#
keep_alive = 30s
# ...

}
pluto {
}
libstrongswan {
   #  set to no, the DH exponent size is optimized
   #  dh_exponent_ansi_x9_42 = no
}
[ipsec.secrets]
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created private key
[email protected] : EAP "ABCD.1234.EFGH"
192.16.1.40 55.105.28.74 : PSK SecretKeyWithPadding
%any : PSK SecretKeyWithPadding

====================

提前致谢!

杰森

相关内容