关注我们: 微信公众号

微信公众号

电脑用户请使用手机扫描二维码

手机用户请微信打开后长按二维码 -> 识别二维码

微博

1.Determine VPN Type IPsec or SSL)

VPN试用 2026-07-01 23:16:34 1 0

Setting up a Hillstone VPN on Linux typically involves using IPsec (IKEv1/IKEv2) or SSL VPN (if supported by your Hillstone firewall). Below are general steps for configuring a VPN connection to a Hillstone firewall from a Linux system.

  • IPsec VPN (more common for site-to-site or client-to-site):
    • Uses strongSwan, Libreswan, or OpenSwan on Linux.
  • SSL VPN (if Hillstone supports it):
    • May require a client like OpenConnect or stunnel.

Configure IPsec VPN (Using strongSwan)

If your Hillstone firewall uses IPsec (IKEv1/IKEv2), follow these steps:

Install strongSwan

sudo apt update && sudo apt install strongswan  # Debian/Ubuntu
sudo dnf install strongswan                     # Fedora/RHEL

Edit IPsec Configuration

Open /etc/ipsec.conf and add:

conn hillstone-vpn
    authby=secret
    auto=start
    ike=aes256-sha1-modp1024
    esp=aes256-sha1
    keyexchange=ikev1  # or ikev2 (check Hillstone config)
    left=%defaultroute
    leftsubnet=0.0.0.0/0
    right=HILLSTONE_PUBLIC_IP
    rightsubnet=REMOTE_SUBNET
    type=tunnel
    aggressive=no

Edit Secrets File (/etc/ipsec.secrets)

YOUR_LINUX_IP HILLSTONE_PUBLIC_IP : PSK "PRE_SHARED_KEY"

Start IPsec

sudo systemctl restart strongswan
sudo ipsec up hillstone-vpn

Check status:

sudo ipsec status

SSL VPN (If Supported)

If Hillstone supports SSL VPN, try using openconnect:

Install OpenConnect

sudo apt install openconnect  # Debian/Ubuntu
sudo dnf install openconnect  # Fedora/RHEL

Connect to VPN

sudo openconnect --protocol=anyconnect HILLSTONE_PUBLIC_IP

(Follow prompts for username/password.)


Troubleshooting

  • Check firewall rules (allow UDP 500, 4500 for IPsec).
  • Verify PSK, encryption settings match Hillstone config.
  • Use tcpdump to debug:
    sudo tcpdump -i eth0 udp port 500 or port 4500

Hillstone Firewall Side

Ensure the Hillstone firewall is configured to:

  • Allow IKE/IPsec or SSL VPN.
  • Match encryption settings (AES, SHA, DH group).
  • Assign IP pool for clients.

Let me know if you need help with specific Hillstone models or advanced configurations!

1.Determine VPN Type IPsec or SSL)

如果没有特点说明,本站所有内容均由蓝快加速器-VPN全球网络加速器|柔软而强大的网络自由—蓝快VPN原创,转载请注明出处!