IAM创建VPN配置文件使用的NEVPNMANAGER基于NevpnProtocoColikeV2,当我尝试连接到我的VPN服务器(algo vpn)时,我只在瞬间连接,然后断开连接,但是为什么?我尝试检查这个问题,但不知道什么(.
可能有人对此有所了解,或者您过去的错误检测到了?
这是服务器端日志:
Oct 12 08:49:17 server charon: 09[IKE] 195.114.147.67 is initiating an IKE_SA
Oct 12 08:49:18 server charon: 11[IKE] IKE_SA ikev2-pubkey[91] established between 168.119.152.40[168.119.152.40]...195.114.147.67[[email protected]]
Oct 12 08:49:18 server charon: 11[IKE] CHILD_SA ikev2-pubkey{4} established with SPIs c2424671_i 07f5b8dd_o and TS 0.0.0.0/0 ::/0 === 10.19.48.1/32 2001:db8:4160::1/128
Oct 12 08:49:23 server charon: 13[IKE] deleting IKE_SA ikev2-pubkey[91] between 168.119.152.40[168.119.152.40]...195.114.147.67[[email protected]]
Oct 12 08:49:23 server charon: 13[IKE] IKE_SA deleted
Oct 12 08:54:57 server charon: 07[IKE] 195.114.147.67 is initiating an IKE_SA
Oct 12 08:54:57 server charon: 12[IKE] 195.114.147.67 is initiating an IKE_SA
Oct 12 08:57:42 server charon: 11[IKE] 195.114.147.67 is initiating an IKE_SA
Oct 12 08:57:42 server charon: 06[IKE] 195.114.147.67 is initiating an IKE_SA
Oct 12 08:57:44 server charon: 13[IKE] 195.114.147.67 is initiating an IKE_SA
Oct 12 08:57:44 server charon: 07[IKE] 195.114.147.67 is initiating an IKE_SA
这是我的代码的示例。
import Foundation
import NetworkExtension
class VPNIKEv2Setup {
/*
VPN configuration was getting from file "client.mobileconfig" which was be generated on server(Algo VPN),
if VPN will be installing using this file all will be work well.
*/
let p12Password = "*****" // password from certificate file "client.p12"
let vpnServerAddress = "******" // vpn address
let vpnRemoteIdentifier = "*****" // remote identifier, in my case same like a vpn server address
let vpnLocalIdentifier = "client@935bfdbd-*********.algo" // local identifier name
let vpnServerCertificateIssuerCommonName = "s****r" // sertificate server name
static let shared = VPNIKEv2Setup()
let vpnManager = NEVPNManager.shared()
func initVPNTunnelProviderManager() {
print("CALL LOAD TO PREFERENCES...")
self.vpnManager.loadFromPreferences { [self] (error) -> Void in
if((error) != nil) {
print("VPN Preferences error: 1 - \(String(describing: error))")
} else {
let IKEv2Protocol = NEVPNProtocolIKEv2()
IKEv2Protocol.authenticationMethod = .certificate
IKEv2Protocol.serverAddress = self.vpnServerAddress
IKEv2Protocol.remoteIdentifier = self.vpnRemoteIdentifier
IKEv2Protocol.localIdentifier = self.vpnLocalIdentifier
IKEv2Protocol.useExtendedAuthentication = true
IKEv2Protocol.ikeSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM
IKEv2Protocol.ikeSecurityAssociationParameters.diffieHellmanGroup = .group20
IKEv2Protocol.ikeSecurityAssociationParameters.integrityAlgorithm = .SHA512
IKEv2Protocol.ikeSecurityAssociationParameters.lifetimeMinutes = 1440
IKEv2Protocol.childSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM
IKEv2Protocol.childSecurityAssociationParameters.diffieHellmanGroup = .group20
IKEv2Protocol.childSecurityAssociationParameters.integrityAlgorithm = .SHA512
IKEv2Protocol.childSecurityAssociationParameters.lifetimeMinutes = 1440
IKEv2Protocol.deadPeerDetectionRate = .medium
IKEv2Protocol.disableRedirect = true
IKEv2Protocol.disableMOBIKE = false
IKEv2Protocol.enableRevocationCheck = false
IKEv2Protocol.enablePFS = true
IKEv2Protocol.useConfigurationAttributeInternalIPSubnet = false
IKEv2Protocol.serverCertificateIssuerCommonName = self.vpnServerCertificateIssuerCommonName
IKEv2Protocol.disconnectOnSleep = false
IKEv2Protocol.certificateType = .ECDSA384
IKEv2Protocol.identityDataPassword = self.p12Password
IKEv2Protocol.identityData = self.dataFromFile()
self.vpnManager.protocolConfiguration = IKEv2Protocol
self.vpnManager.localizedDescription = "My VPN"
self.vpnManager.isEnabled = true
self.vpnManager.isOnDemandEnabled = true
//Set rules
var rules = [NEOnDemandRule]()
let rule = NEOnDemandRuleConnect()
rule.interfaceTypeMatch = .any
rules.append(rule)
print("SAVE TO PREFERENCES...")
//SAVE TO PREFERENCES...
self.vpnManager.saveToPreferences(completionHandler: { (error) -> Void in
if((error) != nil) {
print("VPN Preferences error: 2 - \(String(describing: error))")
} else {
print("CALL LOAD TO PREFERENCES AGAIN...")
//CALL LOAD TO PREFERENCES AGAIN...
self.vpnManager.loadFromPreferences(completionHandler: { (error) in
if ((error) != nil) {
print("VPN Preferences error: 2 - \(String(describing: error))")
} else {
var startError: NSError?
do {
//START THE CONNECTION...
try self.vpnManager.connection.startVPNTunnel()
} catch let error as NSError {
startError = error
print(startError.debugDescription)
} catch {
print("Fatal Error")
fatalError()
}
if ((startError) != nil) {
print("VPN Preferences error: 3 - \(String(describing: error))")
//Show alert here
print("title: Oops.., message: Something went wrong while connecting to the VPN. Please try again.")
print(startError.debugDescription)
} else {
//self.VPNStatusDidChange(nil)
print("Starting VPN...")
}
}
})
}
})
}
} //END OF .loadFromPreferences //
}
//MARK:- Connect VPN
static func connectVPN() {
VPNIKEv2Setup().initVPNTunnelProviderManager()
}
//MARK:- Disconnect VPN
static func disconnectVPN() {
VPNIKEv2Setup().vpnManager.connection.stopVPNTunnel()
}
//MARK:- Disconnect VPN
static func testConnect() {
do {
try VPNIKEv2Setup().vpnManager.connection.startVPNTunnel()
} catch let error {
print(error)
}
}
//MARK:- check connection staatus
static func checkStatus() {
let status = VPNIKEv2Setup().vpnManager.connection.status
print("VPN connection status = \(status.rawValue)")
switch status {
case NEVPNStatus.connected:
print("Connected")
case NEVPNStatus.invalid, NEVPNStatus.disconnected :
print("Disconnected")
case NEVPNStatus.connecting , NEVPNStatus.reasserting:
print("Connecting")
case NEVPNStatus.disconnecting:
print("Disconnecting")
default:
print("Unknown VPN connection status")
}
}
func dataFromFile() -> Data? {
let rootCertPath = Bundle.main.url(forResource: "client", withExtension: "p12")
print(rootCertPath?.absoluteURL)
return try? Data(contentsOf: rootCertPath!.absoluteURL)
}
}
IKEv2Protocol.ikeSecurityAssociationParameters.integrityAlgorithm = .SHA256
IKEv2Protocol.ikeSecurityAssociationParameters.diffieHellmanGroup = .group14
IKEv2Protocol.childSecurityAssociationParameters.integrityAlgorithm = .SHA256
IKEv2Protocol.childSecurityAssociationParameters.diffieHellmanGroup = .group14
调动死亡同伴检测(DPD)和Mobike
:
IKEv2Protocol.deadPeerDetectionRate = .low
IKEv2Protocol.disableMOBIKE = true
确定正确的证书设置
,然后尝试使用algo VPN的文件。
DPD超时或身份验证FAILURYSID。