No "public_ip" show, is there a problem?

hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

Other

25.28k stars 6.32k forks source link

No "public_ip" show, is there a problem? #656

Closed leafonsword closed 4 years ago

leafonsword commented 5 years ago

Following cmd shows:

certutil -L -d sql:/etc/ipsec.d

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

IKEv2 VPN CA                                                 CTu,u,u
vpnclient                                                    u,u,u

But documnet's example is this:

Certificate Nickname                               Trust Attributes
                                                   SSL,S/MIME,JAR/XPI

IKEv2 VPN CA                                       CTu,u,u
($PUBLIC_IP)                                       u,u,u
vpnclient                                          u,u,u

Is there a problem?

letoams commented 5 years ago

On Wed, 9 Oct 2019, 刀尖红叶 wrote:

Following cmd shows:

certutil -L -d sql:/etc/ipsec.d

Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI

IKEv2 VPN CA CTu,u,u vpnclient u,u,u

That looks fine.

But documnet's example is this:

Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI

IKEv2 VPN CA CTu,u,u ($PUBLIC_IP) u,u,u vpnclient u,u,u

Is there a problem?

It just means that there were two end certificates in that NSS database, instead of just one in your case.

Paul

hwdsl2 commented 4 years ago

@leafonsword Hello! It looks like you missed the second part of step (3) in [1], which is to generate the VPN server certificate for IKEv2.

[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#set-up-ikev2-on-the-vpn-server