Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PPP adapter VNet1:
- Connection-specific DNS Suffix .:
- Description.....................: VNet1
- Physical Address................:
- DHCP Enabled....................: No
- Autoconfiguration Enabled.......: Yes
- IPv4 Address....................: 172.16.201.3(Preferred)
- Subnet Mask.....................: 255.255.255.255
- Default Gateway.................:
- NetBIOS over Tcpip..............: Enabled
- apt-get install strongswan-ikev2 strongswan-plugin-eap-tls
- # in Ubuntu 16.04 install libstrongswan-standard-plugins for p12 keypair container support
- apt-get install libstrongswan-standard-plugins
- sudo sed -i 's/sload =.*/ load = no/g' /etc/strongswan.d/charon/openssl.conf
- sudo sed -i 's/sload =.*/ load = no/g' /etc/strongswan.d/charon/{af-alg,ctr,gcrypt}.conf
- # Generate CA
- ipsec pki --gen --outform pem > caKey.pem
- ipsec pki --self --in caKey.pem --dn "CN=VPN CA" --ca --outform pem > caCert.pem
- # Print CA certificate in base64 format, supported by Azure portal. Will be used later in this document.
- openssl x509 -in caCert.pem -outform der | base64 -w0 ; echo
- # Generate user's certificate and put it into p12 bundle.
- export PASSWORD="password"
- export USERNAME="client"
- ipsec pki --gen --outform pem > "${USERNAME}Key.pem"
- ipsec pki --pub --in "${USERNAME}Key.pem" | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "CN=${USERNAME}" --san "${USERNAME}" --flag clientAuth --outform pem > "${USERNAME}Cert.pem"
- # Generate p12 bundle
- openssl pkcs12 -in "${USERNAME}Cert.pem" -inkey "${USERNAME}Key.pem" -certfile caCert.pem -export -out "${USERNAME}.p12" -password "pass:${PASSWORD}"
- sudo unzip -j downloaded.zip Generic/VpnServerRoot.cer -d /etc/ipsec.d/cacerts
- openssl x509 -inform der -in /etc/ipsec.d/cacerts/VpnServerRoot.cer -text -noout
- $ unzip -p downloaded.zip Generic/VpnSettings.xml | grep VpnServer
- <VpnServer>azuregateway-00112233-4455-6677-8899-aabbccddeeff-aabbccddeeff.cloudapp.net</VpnServer>
- sudo cp client.p12 /etc/ipsec.d/private/
- config setup
- conn azure
- keyexchange=ikev2
- type=tunnel
- leftfirewall=yes
- left=%any
- leftauth=eap-tls
- leftid=%client # use the DNS alternative name prefixed with the %
- right=azuregateway-00112233-4455-6677-8899-aabbccddeeff-aabbccddeeff.cloudapp.net # Azure VPN gateway address
- rightid=%azuregateway-00112233-4455-6677-8899-aabbccddeeff-aabbccddeeff.cloudapp.net # Azure VPN gateway address, prefixed with %
- rightsubnet=0.0.0.0/0
- leftsourceip=%config
- auto=add
- : P12 client.p12 'password' # key filename inside /etc/ipsec.d/private directory
- sudo ipsec restart
- sudo ipsec up azure
Add Comment
Please, Sign In to add comment