r******i
发帖数: 610 | 1 我说的这三个都满足server和client的要求……
IKEv1和L2TP我记得Android自带客户端
IKEv2在Play Store里面有Strongswan
Cisco Anyconnect在Windows和Android上都有官方的客户端
IKEv1在Windows上需要Shrew VPN Client,其他两种自带客户端
个人觉得从方便配置和速度的角度来看IKEv1比较平衡 |
|
l****z
发帖数: 29846 | 2 这里现讲怎么fix.
IE已经fix了.
用最新版firefox V38.01的可以很简单的fix.
Chrome和其他的不知道. 因为我基本不用.
=====
jscher2000 wrote:
Disable the insecure ciphers here:
(1) In a new tab, type or paste about:config in the address bar and press
Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste ssl3 and pause while the
list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch
it from true to false (this usually would be the first item on the list)
... 阅读全帖 |
|
m**t
发帖数: 1292 | 3 in fact, any none (IP|UDP/TCP) were having problems, such as IPinIP tunneling,
also certain application level protocols are having issues with NAT due to
design defects, an example is IKEv1. Anyway, as additional info, other than
voIP, there were RFCs or drafts in IPsec, MOBIKE, MIPv4 WG, MIPv6 WG targeting
the NAT traversal issues.
。 |
|
m**t
发帖数: 1292 | 4 如果是IKEv1, IPsec 的 peers IP/GateWay IP 不可变化,否则需要新的TUNNEL. 你说
的这个, 可能有有几种scenarios, 因为对CISCO 的CLI 没什么感觉,所以不确定
1. SPOKE端是两个GATEWAY IPs, 跟DPD 一起用, IP1 fail 后,使用IP2 做IKE重新建
立TUNNEL。
2. 如果是IKEv2, 或者是好像思科搞过一个过渡的东西, 可以不需要新的IKE,制作
个SA_UPDATE 更新GATEWAY IP。 这种算是STATEFUL 的
3. 条件允许,两端应该都可以做HRSP/SSO 把IP take over,在做个SA backup 就好了 |
|
r******i
发帖数: 610 | 5 多了,Strongswan可以架IKEv1/IKEv2,ocserv可以开Cisco Anyconnect,Strongswan+
xl2tpd用L2TP…… |
|
