GNU/Linux >> Belajar Linux >  >> Panels >> OpenVPN

Konfigurasikan Klien VPN strongSwan di Ubuntu 18.04/CentOS 8

Ikuti tutorial ini untuk mempelajari cara mengkonfigurasi klien VPN strongSwan di Ubuntu 18.04/CentOS 8. Tutorial kami sebelumnya memberikan panduan langkah demi langkah tentang cara menyiapkan server VPN strongSwan di Debian 10 Buster.

Ikuti tautan di bawah ini untuk mempelajari cara menginstal dan menyiapkan server StrongSwan VPN di Debian 10 Buster.

Siapkan VPN IPSEC menggunakan StrongSwan di Debian 10

Setelah Anda memiliki pengaturan server VPN StrongSwan, Anda sekarang dapat melanjutkan untuk menguji penetapan IP dan koneksi lokal melalui server VPN.

Dalam demo ini, kami menggunakan Ubuntu 18.04 dan CentOS 8 sebagai klien VPN strongSwan pengujian kami.

Konfigurasikan Klien VPN strongSwan di Ubuntu 18.04/CentOS 8

Instal strongSwan di Ubuntu 18.04

strongSwan dan plugin tambahan dapat diinstal di Ubuntu 18.04 dengan menjalankan perintah di bawah ini;

apt update
apt install strongswan libcharon-extra-plugins

Instal strongSwan di CentOS 8

paket strongSwan disediakan oleh repo EPEL pada CentOS 8 dan turunan serupa. Oleh karena itu, mulailah dengan menginstal repo EPEL;

dnf install epel-release
dnf update
dnf install strongswan strongswan-charon-nm

Instal sertifikat CA Server VPN strongSwan pada Klien

Salin sertifikat CA strongSwan yang dibuat di atas , /etc/ipsec.d/cacerts/vpn_ca_cert.pem ke server klien dan;

  • letakkan di /etc/ipsec.d/cacerts/ direktori di Ubuntu 18.04
  • letakkan di /etc/strongswan/ipsec.d/cacerts direktori di CentOS 8.

Konfigurasikan klien VPN strongSwan di Ubuntu 18.04/CentOS 8

Di Ubuntu 18.04;

Perbarui /etc/ipsec.conf file konfigurasi untuk menentukan bagaimana terhubung ke server StrongSwan VPN. Lihat file konfigurasi di bawah ini;

vim /etc/ipsec.conf
conn ipsec-ikev2-vpn-client
    auto=start
    right=vpnsvr.kifarunix-demo.com
    rightid=vpnsvr.kifarunix-demo.com
    rightsubnet=0.0.0.0/0
    rightauth=pubkey
    leftsourceip=%config
    leftid=vpnsecure
    leftauth=eap-mschapv2
    eap_identity=%identity

Siapkan rahasia autentikasi

vim /etc/ipsec.secrets
...
# user id : EAP secret
vpnsecure : EAP "[email protected]"

# this file is managed with debconf and will contain the automatically created private key
include /var/lib/strongswan/ipsec.secrets.inc

Simpan file konfigurasi dan mulai ulang strongswan.

systemctl restart strongswan

Nonaktifkan strongSwan agar tidak berjalan pada boot sistem;

systemctl disable strongswan

Periksa statusnya;

ipsec statusall
Security Associations (1 up, 0 connecting):
ipsec-ikev2-vpn-client[1]: ESTABLISHED 1 minutes ago, 10.0.2.15[vpnsecure]...192.168.56.174[vpnsvr.kifarunix-demo.com]
ipsec-ikev2-vpn-client{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: cc36db97_i cb5ceb5b_o
ipsec-ikev2-vpn-client{1}:   172.16.7.1/32 === 0.0.0.0/0

Pada CentOS 8;

Perbarui /etc/strongswan/ipsec.conf file konfigurasi untuk menentukan cara terhubung ke server VPN strongSwan.

vim /etc/strongswan/ipsec.conf
conn ipsec-ikev2-vpn-client
    auto=start
    right=vpnsvr.kifarunix-demo.com
    rightid=vpnsvr.kifarunix-demo.com
    rightsubnet=0.0.0.0/0
    rightauth=pubkey
    leftsourceip=%config
    leftid=koromicha
    leftauth=eap-mschapv2
    eap_identity=%identity

Selanjutnya, buka /etc/strongswan/ipsec.secrets file konfigurasi dan atur detail autentikasi EAP seperti yang ditentukan di server.

vim /etc/strongswan/ipsec.secrets
# user id : EAP secret
koromicha : EAP "mypassword"

Mulai ulang strongswan.

systemctl restart strongswan

Nonaktifkan strongSwan agar tidak berjalan pada boot sistem;

systemctl disable strongswan

Periksa status koneksi VPN

strongswan statusall
Security Associations (1 up, 0 connecting):
ipsec-ikev2-vpn-client[1]: ESTABLISHED 2 minutes ago, 10.0.2.15[vpnsecure]...192.168.56.174[vpnsvr.kifarunix-demo.com]
ipsec-ikev2-vpn-client{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c573b6a1_i cd8306eb_o
ipsec-ikev2-vpn-client{1}:   172.16.7.2/32 === 0.0.0.0/0

Di Server VPN StrongSwan , periksa statusnya;

Dalam demo ini, server VPN StrongSwan kami berjalan di Debian 10 Buster. Oleh karena itu, Anda dapat memeriksa status seperti yang ditunjukkan di bawah ini;

ipsec status
Security Associations (2 up, 0 connecting):
 ipsec-ikev2-vpn[4]: ESTABLISHED 18 seconds ago, 192.168.56.174[vpnsvr.kifarunix-demo.com]…192.168.56.1[koromicha]
 ipsec-ikev2-vpn{4}:  INSTALLED, TUNNEL, reqid 4, ESP in UDP SPIs: c4e5f1c2_i c8e1a02f_o
 ipsec-ikev2-vpn{4}:   0.0.0.0/0 === 172.16.7.2/32
 ipsec-ikev2-vpn[3]: ESTABLISHED 21 seconds ago, 192.168.56.174[vpnsvr.kifarunix-demo.com]…192.168.56.1[vpnsecure]
 ipsec-ikev2-vpn{3}:  INSTALLED, TUNNEL, reqid 3, ESP in UDP SPIs: c7a4ee1d_i c558073b_o
 ipsec-ikev2-vpn{3}:   0.0.0.0/0 === 172.16.7.1/32

Uji Koneksi Klien VPN

Sekarang kami memiliki dua klien yang menetapkan alamat masing-masing;

  • Ubuntu 18.04:172.16.7.1
  • CentOS 8:172.16.7.2

Untuk menguji koneksi, Anda cukup menjalankan tes ping.

Dari Ubuntu 18.04, ping CentOS 8;

ping 172.16.7.2
PING 172.16.7.2 (172.16.7.2) 56(84) bytes of data.
64 bytes from 172.16.7.2: icmp_seq=1 ttl=64 time=3.18 ms
64 bytes from 172.16.7.2: icmp_seq=2 ttl=64 time=4.15 ms
64 bytes from 172.16.7.2: icmp_seq=3 ttl=64 time=3.47 ms
64 bytes from 172.16.7.2: icmp_seq=4 ttl=64 time=3.61 ms

--- 172.16.7.2 ping statistics --- 
4 packets transmitted, 4 received, 0% packet loss, time 10ms
rtt min/avg/max/mdev = 3.176/3.602/4.154/0.360 ms

Dari CentOS 8, ping Ubuntu 18.04.

ping 172.16.7.1
PING 172.16.7.1 (172.16.7.1) 56(84) bytes of data.
64 bytes from 172.16.7.1: icmp_seq=1 ttl=64 time=3.24 ms
64 bytes from 172.16.7.1: icmp_seq=2 ttl=64 time=4.37 ms
64 bytes from 172.16.7.1: icmp_seq=3 ttl=64 time=4.08 ms
64 bytes from 172.16.7.1: icmp_seq=4 ttl=64 time=3.43 ms

--- 172.16.7.1 ping statistics --- 
4 packets transmitted, 4 received, 0% packet loss, time 9ms
rtt min/avg/max/mdev = 3.237/3.780/4.371/0.462 ms

Coba SSH kedua sisi;

ssh [email protected]
The authenticity of host '172.16.7.2 (172.16.7.2)' can't be established.
ECDSA key fingerprint is SHA256:wKoh/MWvCicV6cEe6jY19AkcBgk1lyjZorQt3aqflJM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.7.2' (ECDSA) to the list of known hosts.
[email protected]'s password: 
[[email protected] ~]$
ssh [email protected]
The authenticity of host '172.16.7.1 (172.16.7.1)' can't be established.
ECDSA key fingerprint is SHA256:v20whQz4a4zpTJQfny/CGG56fRnP3Dpx8g5CkeCtFpo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.7.1' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Linux debian 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Feb 26 00:54:04 2020 from 172.16.7.2
[email protected]:~$

Itu menandai akhir dari panduan kami tentang cara mengkonfigurasi Klien VPN strongSwan di Ubuntu 18.04/CentOS 8.

Tutorial Terkait

Hubungkan ke Cisco VPN Menggunakan file PCF di Ubuntu

Konfigurasikan IPSEC VPN menggunakan StrongSwan di Ubuntu 18.04

Instal dan Siapkan Server OpenVPN di Fedora 29/CentOS 7

Instal Klien Cisco AnyConnect di CentOS 8

OpenVPN

  1. Cara Menginstal dan Mengkonfigurasi Server VPN Algo di Ubuntu 20.04

  2. Konfigurasikan LDAP Client di Ubuntu 20.04 - Panduan langkah demi langkah?

  3. Instal klien VPN Pritunl di Debian/Ubuntu

  1. Hubungkan ke VPN Secara Otomatis di Ubuntu 20.04/18.04

  2. Instal dan Konfigurasikan Klien OpenVPN di CentOS 8/Ubuntu 18.04

  3. Cara Menginstal dan Mengonfigurasi StrongSwan VPN di Ubuntu 18.04

  1. Cara Mengkonfigurasi server DHCP di CentOS 7 / Ubuntu 18.04 / 16.04 / Debian 9

  2. Cara mengkonfigurasi iSCSI Initiator (klien) di CentOS / RHEL 6

  3. Cara mengkonfigurasi klien DHCP Ubuntu