为了测试IPSec连接,我在没有UI的Ubuntu 16上使用了客户端实现StrongSwan。
是否可以仅使用PowerShell创建和测试VPN连接?
可用资产: -公共VPN端点即IP - 用户名 -密码 -PSK(私钥)
答案 0 :(得分:0)
此脚本用于cert-auth,但您可以修改:
# Set these to the correct values
$server_address = "vpn.example.com"
$connection_name = "VPN Connection"
$certificate_path = "certificate.p12"
$ca_cert_path = "strongswanCert.pem"
$password = ConvertTo-SecureString -String "P12 passphrase" -AsPlainText -Force
# Import machine cert
Import-PfxCertificate -FilePath $certificate_path -CertStoreLocation Cert:\LocalMachine\My\ -Password $password
# Import CA root
Import-Certificate -FilePath $ca_cert_path -CertStoreLocation Cert:\LocalMachine\Root\
# Add VPN connection IKEv2 with machine cert
Add-VpnConnection -Name $connection_name -ServerAddress $server_address -TunnelType Ikev2 -EncryptionLevel Required -AuthenticationMethod MachineCertificate -AllUserConnection
# Add IPv6 default route (::/0 does not work)
Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix ::/1
Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix 8000::/1