此处以Fedora 64位 32版本或33版本为例。
1. 通过yum 安装以下软件包
gmp-devel xl2tpd module-init-tools gcc openssl-devel make curl-devel libsqlite3x-devel
2. 编译安装resolvconf
cd ~wget http://roy.marples.name/downloads/openresolv/openresolv-3.3.2.tar.bz2tar fxjv openresolv-3.3.2.tar.bz2cd openresolv-3.3.2makesudo make install
3. 编译安装strongswan
cd ~wget http://download.strongswan.org/strongswan-5.9.1.tar.bz2tar fxjv strongswan-5.9.1.tar.bz2cd strongswan-5.9.1./configure --enable-chapoly --enable-gcm --enable-aesni --enable-sha3 --enable-eap-mschapv2 --enable-eap-ttls --enable-eap-peap --enable-eap-radius --enable-eap-identity --enable-xauth-eap --enable-radattr --enable-test-vectors --enable-sqlite --enable-openssl --enable-ccm --enable-addrblock --enable-dhcp --enable-farp --enable-xauth-generic --enable-eap-gtc --enable-eap-dynamic --enable-link_local_ts --enable-kernel-libipsec --enable-curl --enable-eap-md5 --enable-eap-tls --enable-eap-tnc --prefix= makesudo make install
4. 修改/etc/ipsec.conf,增加以下段落,注意[jAccount ID]改成自己的用户名
conn sjtu keyexchange=ikev2 left=%config leftsourceip=%config leftauth=eap-peap # Uncomment out the following two lines for faculty and staff. Comment out them for students. 以下两行仅教职工需要。 ike=aes256-sha1-modp1024,3des-sha1-modp1024! esp=aes128-sha2_256-modp1024,3des-sha1-modp1024! # right, "vpn.sjtu.edu.cn" for faculty and staff, "stu.vpn.sjtu.edu.cn" for students. 以下第一行适用于教职工,第二行适用于学生。 right=vpn.sjtu.edu.cn #right=stu.vpn.sjtu.edu.cn # rightid, "%any" for faculty and staff, "@stu.vpn.sjtu.edu.cn" for students. 以下第一行适用于教职工,第二行适用于学生。 rightid=%any #rightid=@stu.vpn.sjtu.edu.cn rightsubnet=0.0.0.0/0 rightauth=pubkey eap_identity=[jAccount ID] auto=add aaa_identity=@radius.net.sjtu.edu.cn
5. 修改/etc/ipsec.secrets,增加以下段落,注意将[jAccount ID]改成自己的用户名,[password]改成相应的密码
[jAccount ID] : EAP "[password]"
6. 在/etc/ipsec.d/cacerts/ 中放置以下证书文件
DigiCert_Global_Root_CA.pem
Go_Daddy_Root_Certificate_Authority_-_G2.pem
7. 修改/etc/resolvconf.conf,取消注释name_servers行,使其值为有效的DNS地址:
name_servers=[your network DNS ip address]
8. 启动 ipsec,连接sjtuvpn
sudo ipsec startsudo ipsec up sjtu
9. 断开sjtuvpn,关闭ipsec
sudo ipsec down sjtusudo ipsec stop