![shrew soft vpn ikev2 shrew soft vpn ikev2](https://support.strongvpn.com/hc/article_attachments/360051771714/3.png)
![shrew soft vpn ikev2 shrew soft vpn ikev2](https://support.strongvpn.com/hc/article_attachments/360051771654/1.png)
IPSec PKI-pub-in Client.pem | IPSec PKI-issue-cacert ca.cert.pem-cakey ca.pem-dn "C=col, O=ssvpn, Cn=vpn Client"-outform PEM > Client.cert. Sign the client certificate with CA (the value of C,o is the same as the value of the 2nd CA above, the value of CN is arbitrary): Note: The values for "c=" and "o=" in the above command are consistent with the value of C,o in the 2nd step ca.ĥ, the private key required to generate the client certificate: IPSec PKI-pub-in Server.pem | IPSec PKI-issue-cacert ca.cert.pem-cakey ca.pem-dn "C=col, O=ssvpn, cn=123.123.123.123"-san= "123.1 23.123.123"-flag serverauth-flag ikeintermediate-outform PEM > Then replace the 123.123.123.123 in the following command with the IP address or domain name of your own server, and you will need to replace two places:
![shrew soft vpn ikev2 shrew soft vpn ikev2](https://www.shrew.net/static/help-2.1.x/files/img_21.png)
To issue a server certificate with a CA certificateįirst confirm your server's IP address or domain name, in the future when the client connection can only use the address in the certificate connection (multi-server using the same root certificate CA, please do the server's domain name resolution), The private key required to generate the server certificate: IPSec PKI-self-in ca.pem-dn "C=col, O=ssvpn, Cn=vpnca"-ca-outform PEM >ca.cert.pem configure-enable-eap-identity-enable-eap-md5-enable-eap-mschapv2-enable-eap-tls-enable-eap-ttls- Enable-eap-peap-ENABLE-EAP-TNC-enable-eap-dynamic-enable-eap-radius-enable-xauth-eap-enable-xauth-pam- Enable-dhcp-enable-openssl-enable-addrblock-enable-unity-enable-certexpire-enable-radattr-enable-tools- Enable-openssl-disable-gmpĤ, generate the CA certificate private key
#SHREW SOFT VPN IKEV2 INSTALL#
Yum install pam-devel openssl-devel make GCC