Configuração VPN para Ubuntu : Protocolo IKEv2
StrongSwan, um daemon IKEv1 e IKEv2 para Linux, é o backend para ferramentas GUI como network-manager-strongswan ou similares. Normalmente, as ferramentas GUI têm problemas com a configuração inadequada do StrongSwan e o resultado final é: ele não funciona.
1. Install strongswan
sudo apt-get install strongswan libcharon-extra-plugins
2. Edit /etc/ipsec.secrets file and add your credentials.
YOUR_USERNAME : EAP "YOUR_PASSWORD"
3. Open the /etc/ipsec.conf file with your favorite text editor. Erase everything from it and paste the following lines. Replace USERNAME with your username and SERVER with one of our VPN server.
conn vpn
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
eap_identity="USERNAME"
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=SERVER
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid=%any
type=tunnel
auto=add
4. Edit the file /etc/strongswan.d/charon/constraints.conf and change "load = yes" to "load = no".
5. Our VPN servers identify themselves using certificates. StrongSwan needs to verify server certificate and in order to do so it searches its certificates store. Fortunately, StrongSwan's certificate store can easily be linked to the system ( OpenSSL ) certificate store. To link the StrongSwan's certificate store to the system ( OpenSSL ) certificate store execute the following two commands:
sudo rmdir /etc/ipsec.d/cacerts
sudo ln -s /etc/ssl/certs /etc/ipsec.d/cacerts
6. Restart the strongswan daemon to adopt the new configuration.
sudo ipsec up vpn
7. To disconnect use:
sudo ipsec down vpn
8. To check status of connection:
sudo ipsec status vpn