PPTP VPN is no longer supported in iOS 10 and macOS Sierra for security concerns[1]. The alternative protocols are L2TP over IPSec,
IKEv2, Cisco IPSec. It forces me to update my previous blog Set up VPN on OS X with AWS.
1. Set up VPN on the server-side, AWS
Step 1: Connect to EC2 instance through SSH
$ ssh -i wp_sparkandshine.pem ubuntu@52.68.57.153
Step 2: Download IPsec VPN Server Auto Setup Scripts
ubuntu@ip-xx-xx-xx-xx:~$ wget https://git.io/vpnsetup -O vpnsetup.sh
Step 3 (Option): Configure the following fieldsvpnsetup.sh
YOUR_IPSEC_PSK=''
YOUR_USERNAME=''
YOUR_PASSWORD=''
Step 4: Run the shell script
sudo sh vpnsetup.sh
Done.
2. Set up VPN on the user-side, macOS
Follow the instructions on Configure IPsec/L2TP VPN Clients to set up IPsec/L2TP VPN clients.
Enjoy it:-)
3. Manage VPN Users
Excerpt from Manage VPN Users:
(1) IPsec PSK
The IPsec PSK (pre-shared key) is stored in /etc/ipsec.secrets
. To change to a new PSK, just edit this file. All VPN users will share the same IPsec PSK.
%any %any : PSK "your_ipsec_pre_shared_key"
(2) IPsec/L2TP
For IPsec/L2TP
, VPN users are specified in /etc/ppp/chap-secrets
. The format of this file is:
"your_vpn_username_1" l2tpd "your_vpn_password_1" *
"your_vpn_username_2" l2tpd "your_vpn_password_2" *
... ...
(3) Cisco IPsec
For IPsec/XAuth ("Cisco IPsec")
, VPN users are specified in /etc/ipsec.d/passwd
. The format of this file is:
your_vpn_username_1:your_vpn_password_1_hashed:xauth-psk
your_vpn_username_2:your_vpn_password_2_hashed:xauth-psk
... ...
Passwords in this file are salted and hashed. This step can be done using e.g. the openssl
utility:
# The output will be your_vpn_password_1_hashed
openssl passwd -1 'your_vpn_password_1'
(4) Restart service
sudo service ipsec restart
sudo service xl2tpd restart
References:
[1] Prepare for removal of PPTP VPN before you upgrade to iOS 10 and macOS Sierra
[2] GitHub: IPsec VPN Server Auto Setup Scripts
[3] GitHub: Configure IPsec/L2TP VPN Clients
[3] GitHub: Manage VPN Users
微信赞赏
支付宝赞赏