Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-28 16:46:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
9b541c6da3
setup-ipsec-vpn/docs/clients-xauth.md
hwdsl2 9b541c6da3 Update docs 
[ci skip]
2016-07-03 10:01:19 -05:00

8.7 KiB
Raw Blame History

Configure IPsec/XAuth VPN Clients

Read this in other languages: English, 简体中文.

To connect using IPsec/L2TP mode, see: Configure IPsec/L2TP VPN Clients

After setting up your own VPN server, follow these steps to configure your devices. IPsec/XAuth ("Cisco IPsec") is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free Shrew Soft client. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.

IPsec/XAuth mode is also called "Cisco IPsec". Compared to IPsec/L2TP, it is generally faster with less overhead.

Windows

Note: You can also connect using IPsec/L2TP mode. No additional software is required.

  1. Download and install the free Shrew Soft VPN client.
  2. Click Start Menu -> All Programs -> ShrewSoft VPN Client -> VPN Access Manager
  3. Click the Add (+) button on toolbar.
  4. Enter Your VPN Server IP in the Host Name or IP Address field.
  5. Click the Authentication tab. Select Mutual PSK + XAuth from the Authentication Method drop-down menu.
  6. Click the Credentials tab below. Enter Your VPN IPsec PSK in the Pre Shared Key field.
  7. Click the Phase 1 tab. Select main from the Exchange Type drop-down menu.
  8. Click Save to save the VPN connection details.
  9. Select the new VPN connection. Click the Connect button on toolbar.
  10. Enter Your VPN Username in the Username field.
  11. Enter Your VPN Password in the Password field.
  12. Click Connect.

Once connected, you will see tunnel enabled in the VPN Connect status window. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is Your VPN Server IP".

If you encountered an error when connecting, see Troubleshooting.

Note: A one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). Please refer to the linked page, or run the following from an elevated command prompt. You must reboot your computer when done.

  • For Windows Vista, 7, 8 and 10

    REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

  • For Windows XP only

    REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

OS X

  1. Open System Preferences and go to the Network section.
  2. Click the + button in the lower-left corner of the window.
  3. Select VPN from the Interface drop-down menu.
  4. Select Cisco IPSec from the VPN Type drop-down menu.
  5. Enter anything you like for the Service Name.
  6. Click Create.
  7. Enter Your VPN Server IP for the Server Address.
  8. Enter Your VPN Username for the Account Name.
  9. Enter Your VPN Password for the Password.
  10. Click the Authentication Settings button.
  11. In the Machine Authentication section, select the Shared Secret radio button and enter Your VPN IPsec PSK.
  12. Leave the Group Name field blank.
  13. Click OK.
  14. Check the Show VPN status in menu bar checkbox.
  15. Click Apply to save the VPN connection information.

You can connect to the VPN using the VPN icon in the menu bar, or by selecting the VPN in the Network section of System Preferences and choosing Connect. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is Your VPN Server IP".

Android

  1. Launch the Settings application.
  2. Tap More... in the Wireless & Networks section.
  3. Tap VPN.
  4. Tap Add VPN Profile or the + icon at top-right of screen.
  5. Enter anything you like in the Name field.
  6. Select IPSec Xauth PSK in the Type drop-down menu.
  7. Enter Your VPN Server IP in the Server address field.
  8. Leave the IPSec identifier field blank.
  9. Enter Your VPN IPsec PSK in the IPSec pre-shared key field.
  10. Tap Save.
  11. Tap the new VPN connection.
  12. Enter Your VPN Username in the Username field.
  13. Enter Your VPN Password in the Password field.
  14. Check the Save account information checkbox.
  15. Tap Connect.

Note: Android 6 (Marshmallow) users should edit /etc/ipsec.conf on the VPN server and append ,aes256-sha2_256 to both ike= and phase2alg= lines. Then add a new line sha2-truncbug=yes immediately after those. Indent lines with two spaces. When finished, run service ipsec restart. (Reference)

Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is Your VPN Server IP".

iOS

  1. Go to Settings -> General -> VPN.
  2. Tap Add VPN Configuration....
  3. Tap Type. Select IPSec and go back.
  4. Tap Description and enter anything you like.
  5. Tap Server and enter Your VPN Server IP.
  6. Tap Account and enter Your VPN Username.
  7. Tap Password and enter Your VPN Password.
  8. Leave the Group Name field blank.
  9. Tap Secret and enter Your VPN IPsec PSK.
  10. Tap Done.
  11. Slide the VPN switch ON.

Once connected, you will see a VPN icon in the status bar. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is Your VPN Server IP".

Troubleshooting

Windows Error 809

The network connection between your computer and the VPN server could not be established because the remote server is not responding.

To fix this error, follow the steps above to add a registry key and reboot your computer.

Windows Error 628

The connection was terminated by the remote computer before it could be completed.

To fix this error, please follow these steps:

  1. Right-click on the wireless/network icon in system tray, select Open Network and Sharing Center.
  2. On the left, click Change adapter settings. Right-click on the new VPN and choose Properties.
  3. Click the Security tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for Type of VPN.
  4. Click Allow these protocols. Select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox, and deselect all others.
  5. Click OK to save the VPN connection details.

Select only CHAP in VPN connection properties

Other Errors

Please refer to this document for more troubleshooting tips.

Credits

This document was adapted from the Streisand project by Joshua Lund and contributors.

License

Copyright (C) 2016 Lin Song
Based on the work of Joshua Lund (Copyright 2014-2016)

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.