IKEv2配置

https://serverfault.com/questions/536092/strongswan-ikev2-windows-7-agile-vpn-what-is-causing-error-13801

https://letsencrypt.org/zh-cn/certificates/

实现ACME客户端协议 https://acme.sh的纯Unix shell脚本 https://github.com/Neilpang/acme.sh

使用letsecnrypt SSL免费证书和Strongswan设置IKEv2 VPN的简单指南 https://github.com/wuruxu/letsencrypt_strongswan_guide

https://www.howtoforge.com/tutorial/how-to-setup-ikev2-vpn-using-strongswan-and-letsencrypt-on-centos-7/

ipsec win7下的证书问题，letsecnrypt SSL符合 https://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq

CentOS 7 配置 IPSec-IKEv2 VPN, 适用于 ios, mac os, windows, linux. https://blog.itnmg.net/2015/04/03/centos7-ipsec-vpn/

在OpenWrt 15.05中配置IPsec IKEv2和MTU问题 http://zhmail.com/2016/02/15/configuring-ipsec-ikev2-in-openwrt-15-05/

SWAN之ikev2协议multi-level-ca-cr-init配置测试 https://blog.csdn.net/sinat_20184565/article/details/103038148

使用StrongSwan配置IPSec https://blog.csdn.net/puppylpg/article/details/64918562

rm -rf /etc/ipsec.d/cacerts/*
wget http://120.78.180.231/fullchain.pem -O /etc/ipsec.d/certs/mouu.net_fullchain.pem
wget http://120.78.180.231/privkey.pem -O /etc/ipsec.d/private/mouu.net_privkey.pem
wget http://120.78.180.231/chain.pem -O /etc/ipsec.d/cacerts/chain.pem
wget http://120.78.180.231/cert.pem -O /etc/ipsec.d/cacerts/cert.pem

sed -ie "s/Huixiong.crt/mouu.net_fullchain.pem/g" /etc/sstp-server.ini
sed -ie "s/HuixiongKey.key/mouu.net_privkey.pem/g" /etc/sstp-server.ini

sed -ie "s/Huixiong.crt/mouu.net_fullchain.pem/g" /etc/ipsec.conf
sed -ie "s/HuixiongKey.key/mouu.net_privkey.pem/g" /etc/ipsec.secrets
systemctl restart sstpd
ipsec stop
systemctl restart strongswan
systemctl status strongswan

安装

libcharon-extra-plugins libstrongswan libstrongswan-standard-plugins strongswan strongswan-charon strongswan-libcharon strongswan-starter libstrongswan-extra-plugins

2020 01 10更换证书为let’s encrypt后mac os和 ios可以连接IKEv2和ipsec，但是windows连接IKEv2时提示IKE凭证不可信，原因是没有将ca证书和chain证书放入/etc/ipsec.d/cacerts

/etc/ipsec.d/cacerts文件夹里需要cert.pem和chain.pem，这两个缺一不可，不需要trustid-x3-root.pem