我正在编写一个将在用户计算机上设置 VPN 的程序。我的系统管理员告诉我 VPN 的安全页面必须有 these检查了安全设置,没有其他设置。
我用过this代码作为我自己的基础。我的版本几乎所有设置都正确,除了它无法取消选中标题为 Challenge Handshake Authentication Protocol (CHAP) 和 Microsoft CHAP Version 2 (MS-CHAP v2) 的 2 个框。是否可以通过编程方式取消选中这两个复选框,同时将 Data Encryption 下拉列表设置为 Require Encryption?这是我的代码:
void createVPN()
{
DWORD size = 0;
RasGetEntryProperties(NULL, L"", NULL, &size, NULL, NULL);
LPRASENTRY pras = (LPRASENTRY)malloc(size);
memset(pras, 0, size);
pras->dwSize = size;
pras->dwType = RASET_Vpn;
pras->dwRedialCount = 1;
pras->dwRedialPause = 60;
pras->dwfNetProtocols = RASNP_Ip;
pras->dwEncryptionType = ET_Require;
wcscpy_s(pras->szLocalPhoneNumber, L"meraki.companyname.com");
wcscpy_s(pras->szDeviceType, RASDT_Vpn);
pras->dwfOptions = RASEO_RemoteDefaultGateway;
pras->dwVpnStrategy = VS_L2tpOnly;
pras->dwfOptions2 |= RASEO2_UsePreSharedKey;
pras->dwfOptions &= ~(RASEO_RequireCHAP | RASEO_RequireMsCHAP | RASEO_RequireMsCHAP2);//This should unset the CHAP flags, but it doesn't.
RasSetEntryProperties(NULL, L"CompanyName Meraki VPN", pras, pras->dwSize, NULL, 0);
RASCREDENTIALS ras_cre_psk = { 0 };
ras_cre_psk.dwSize = sizeof(ras_cre_psk);
ras_cre_psk.dwMask = RASCM_PreSharedKey;
wcscpy_s(ras_cre_psk.szPassword, L"redacted");
RasSetCredentials(NULL, L"CompanyName Meraki VPN", &ras_cre_psk, FALSE);
free(pras);
}
我认为通过将 pras->dwEncryptionType 设置为 ET_Require,可以防止 RASEO_RequireCHAP 和其他 CHAP 标志被取消设置,但是在 Windows GUI 中,可以取消选中它们并将 Data Encryption 设置为 Require Encryption。我的系统管理员告诉我,如果选中任一 CHAP 复选框,或者如果 Data Encryption 未设置为 Require Encryption,连接将无法工作。我能做什么?
最佳答案
我终于明白了。您必须设置 RASEO_RequirePAP 开关。这是函数的最终版本:
void createVPN()
{
DWORD size = 0;
RasGetEntryProperties(NULL, L"", NULL, &size, NULL, NULL);
RASENTRY rasEntry = {};
rasEntry.dwSize = sizeof(rasEntry);
rasEntry.dwType = RASET_Vpn;
rasEntry.dwRedialCount = 1;
rasEntry.dwRedialPause = 60;
rasEntry.dwfNetProtocols = RASNP_Ip;
rasEntry.dwEncryptionType = ET_Require;
wcscpy_s(rasEntry.szLocalPhoneNumber, L"meraki.enoble.com");
wcscpy_s(rasEntry.szDeviceType, RASDT_Vpn);
rasEntry.dwfOptions = RASEO_RemoteDefaultGateway;
rasEntry.dwVpnStrategy = VS_L2tpOnly;
rasEntry.dwfOptions2 |= RASEO2_UsePreSharedKey;
rasEntry.dwfOptions |= RASEO_RequirePAP;
RasSetEntryProperties(NULL, L"Enoble Meraki VPN", &rasEntry, rasEntry.dwSize, NULL, 0);
RASCREDENTIALS ras_cre_psk = { 0 };
ras_cre_psk.dwSize = sizeof(ras_cre_psk);
ras_cre_psk.dwMask = RASCM_PreSharedKey;
wcscpy_s(ras_cre_psk.szPassword, L"passport2k");
RasSetCredentials(NULL, L"Enoble Meraki VPN", &ras_cre_psk, FALSE);
}
我希望这对某些人有帮助。
关于C++:在 Windows RAS API 中禁用 RequireCHAP 和 RequireMsCHAP2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29686355/