Coder Social home page Coder Social logo

Comments (16)

caasiu avatar caasiu commented on June 19, 2024 4

根据strongswan官方文档 IKEv2 on iOS 9 and iOS 10,这个问题会在strongswan5.5.1中修复。
现在的解决办法是 禁用 MOBIKE 或者 DPD

mobike=no 
dpdaction=none

请作者@quericy尽快将strongswan升级到最新版本。

from one-key-ikev2-vpn.

quericy avatar quericy commented on June 19, 2024 2

@caasiu 非常感谢提供最新信息,脚本已更新,并做了其他修正。

from one-key-ikev2-vpn.

fghj0810 avatar fghj0810 commented on June 19, 2024 2

是ipsec.conf中的ike和esp配置的不正确。
可以将日志打全一点,然后就能看到client都有哪些加解密方式服务器没有配置了。在8分钟断开的时候会有日志。

打开日志的方式

config setup
        charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"

执行 sudo ipsec start --nofork 就能在终端里 看到日志了

IKEv2 Cipher Suites照着这上边填好配置就行

Apple Clients这个网页上写的太少了,只配置这三个是不够的

from one-key-ikev2-vpn.

quericy avatar quericy commented on June 19, 2024

由于iOS9的配置是参考文末那两篇文章的,我手头没有iOS设备所以也没法完善测试,抱歉.
之前IKE的配置有点问题,现已将ike=aes256-sha1-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!修改为ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!
Github上脚本已经更新.
如果不重装的话,直接修改ipsec.conf文件并重启ipsec服务后检查是否能在iOS上正常工作.
rekey=no这个设置项是为了兼容windows,否则windows设备会断开链接.

如果上述修改仍然无效的话,你可以尝试下将 dpdaction=clear 去掉看看能否改善这个问题.

from one-key-ikev2-vpn.

bindiry avatar bindiry commented on June 19, 2024

试了一下改成 ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024! 测试还是会在8分钟时断开

然后又试了一下将 dpdaction=clear 去掉,也还是会断开

另外在官方wiki上看到,似乎之前的ike配置就是对的。

from one-key-ikev2-vpn.

quericy avatar quericy commented on June 19, 2024

这个问题确实很奇怪,暂时也没看到有什么好的解决方法...
试试用rekey把lifetime设置得大一些,比如24h

from one-key-ikev2-vpn.

5lx avatar 5lx commented on June 19, 2024

相同的问题
Server system: Ubuntu 14.04.4 x64 (KVM)
Client system: OSX 10.11.4
修改 ios_ikev2 里的 rekey & lifetime 无效,还是 8 min 自动断线
我是否应该在 ipsec.conf 里再建立一个 OSX 的 section?

from one-key-ikev2-vpn.

asmc avatar asmc commented on June 19, 2024

配置里改为
ike=aes256-sha256-modp2048,3des-sha1-modp2048,aes256-sha1-modp2048!
就可以了

from one-key-ikev2-vpn.

quericy avatar quericy commented on June 19, 2024

@asmc 感谢回复,请问您是测试过可以解决iOS和OSX的自动断线问题吗?能否提供相关资料或链接以供参考?非常感谢~

from one-key-ikev2-vpn.

5lx avatar 5lx commented on June 19, 2024

@asmc @quericy 我试了下,的确可以了, 现在不是8分钟固定掉线了。是不是每隔8min交换一次密钥导致的?然后发现密钥格式不对,所以第8min强制掉线?

PS: 貌似IKEv2或者我的网络不是很稳定,现在变成了随机掉线。。。

from one-key-ikev2-vpn.

asmc avatar asmc commented on June 19, 2024

杂七杂八搜的,也找不到了,据说苹果还是继续支持dh2的,https://support.apple.com/zh-cn/HT206154,目前猜测应该改成rekey=yes,尝试一下,看是否会在dh14失败的时候,尝试dh2

from one-key-ikev2-vpn.

asmc avatar asmc commented on June 19, 2024

苹果公司和美国fbi之间的战斗,始于各种加密解密,所以建议dh14,最好还是用的好

from one-key-ikev2-vpn.

asmc avatar asmc commented on June 19, 2024

找到几个参考链接
https://forum.pfsense.org/index.php?topic=110790.0
https://wiki.strongswan.org/issues/737

from one-key-ikev2-vpn.

quericy avatar quericy commented on June 19, 2024

@siriulx @asmc
如果设置rekey=yes,windows/wp 客户端会用不了
更新到dev分支了.是否稳定还希望各位有iOS/OSX设备的童鞋们能帮忙测试下~

from one-key-ikev2-vpn.

avatar commented on June 19, 2024

非常感谢 @caasiu ,有用!

from one-key-ikev2-vpn.

quericy avatar quericy commented on June 19, 2024

此Bug应该已在Strongswan5.5.1中解决,如果没有后续反馈,将关闭此Issue.

from one-key-ikev2-vpn.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.