Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-30 17:45:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
8c0940f63b
setup-ipsec-vpn/docs/manage-users.md
hwdsl2 8c0940f63b Update docs 
- Improve IKEv2 docs. The strongSwan Android VPN client requires
  an "IP address" in the VPN server certificate's subjectAltName field
  in addition to "DNS name", when connecting using the server's IP.
  The certutil commands have been updated to add this field.
- Other improvements to docs
2017-02-05 14:48:11 -06:00

1.2 KiB
Raw Blame History

Manage VPN Users

Read this in other languages: English, 简体中文.

By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document.

First, the IPsec PSK (pre-shared key) is stored in /etc/ipsec.secrets. To change to a new PSK, just edit this file.

<VPN Server IP>  %any  : PSK "<VPN IPsec PSK>"

For IPsec/L2TP, VPN users are specified in /etc/ppp/chap-secrets. The format of this file is:

"<VPN User 1>"  l2tpd  "<VPN Password 1>"  *
"<VPN User 2>"  l2tpd  "<VPN Password 2>"  *
... ...

You can add more users, use one line for each user. DO NOT use these characters within values: \ " '

For IPsec/XAuth ("Cisco IPsec"), VPN users are specified in /etc/ipsec.d/passwd. The format of this file is:

<VPN User 1>:<VPN Password 1 (hashed)>:xauth-psk
<VPN User 2>:<VPN Password 2 (hashed)>:xauth-psk
... ...

Passwords in this file are salted and hashed. This step can be done using e.g. the openssl utility:

# The output will be <VPN Password 1 (hashed)>
openssl passwd -1 "<VPN Password 1>"

When finished, restart services:

service ipsec restart
service xl2tpd restart