自己搭建vpn
来源:互联网 发布:美容美发软件 编辑:程序博客网 时间:2024/06/04 20:03
经历一天的辛苦,终于成功用IKEv2搭建了自己的vpn服务器,用L2tp有个不好的地方就是锁屏不久就会掉线。而用IKEv2就不会。
接下来是步骤:
1. 拥有自己的VPS,我用的是vultr,日本东京的主机,速度很快。选用Ubuntu16.04的系统。
2. 无脑执行以下命令:
sudo echo "deb http://ftp.debian.org/debian wheezy-backports main" > /etc/apt/sources.list.d/wheezy-backports.listsudo gpg --keyserver pgpkeys.mit.edu --recv-key 8B48AD6246925553sudo gpg -a --export 8B48AD6246925553 | sudo apt-key add -sudo gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010sudo gpg -a --export 7638D0442B90D010 | sudo apt-key add -sudo apt-get -y update && sudo apt-get upgrade -ysudo apt-get -y install strongswan strongswan-plugin-openssl strongswan-plugin-eap-mschapv2echo "" > /etc/strongswan.confvim /etc/strongswan.conf:charon {load_modular = yes dns1 = 8.8.8.8 dns2 = 8.8.4.4plugins {include strongswan.d/charon/*.conf}}include strongswan.d/*.confecho "" > /etc/ipsec.confvim /etc/ipsec.conf:config setup strictcrlpolicy=no uniqueids = noconn %default mobike=yes dpdaction=clear dpddelay=35s dpdtimeout=200s fragmentation=yesconn iOS-IKEV2 auto=add keyexchange=ikev2 eap_identity=%any left=%any leftsubnet=0.0.0.0/0 rightsubnet=10.99.1.0/24 leftauth=psk leftid=%any right=%any rightsourceip=10.99.1.0/24 rightauth=eap-mschapv2 rightid=%anysudo echo "" > /etc/ipsec.secretsinclude /var/lib/strongswan/ipsec.secrets.inc# logins : PSK "SEXapPAm5x5OXktAzes9nxE3NvilpmIH1orpE2cIzgfWRZgQDYZ1Wm3thlfXXwn"myusername : EAP "自己设定密码"ifconfig 得到自己的网卡
sudo iptables -t nat -A POSTROUTING -s 10.99.1.0/24 -o ens3(ens3替换成自己的网卡) -j MASQUERADEsudo iptables -A FORWARD -s 10.99.1.0/24 -j ACCEPTsudo iptables -A INPUT -p udp --dport 500 -j ACCEPTsudo iptables -A INPUT -p udp --dport 4500 -j ACCEPTecho 1 > /proc/sys/net/ipv4/ip_forwardvim /etc/sysctl.conf:
net.ipv4.ip_forward=1
sudo sysctl -p创建配置文件myusername.mobileconfig编辑内容为:注意替换1.@@Replace with your password from /etc/ipsec.secrets@@ 为自己的密码
2. @@Replace with your server IP address@@ 为自己的IP
3. @@Replace with the PSK from /etc/ipsec.secrets@@ 为上述自己在.secrets中的PSK
4.@@My VPN Connection Name@@ 为vpn的名字,可以随便起
5.@@Replace with output from uuidgen@@ 为用uuidgen这个命令随机产生的,下面每一行执行一次
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>IKEv2</key> <dict> <key>AuthName</key> <string>myusername</string> <key>AuthPassword</key> <string>@@Replace with your password from /etc/ipsec.secrets@@</string> <key>AuthenticationMethod</key> <string>SharedSecret</string> <key>ChildSecurityAssociationParameters</key> <dict> <key>DiffieHellmanGroup</key> <integer>2</integer> <key>EncryptionAlgorithm</key> <string>3DES</string> <key>IntegrityAlgorithm</key> <string>SHA1-96</string> <key>LifeTimeInMinutes</key> <integer>1440</integer> </dict> <key>DeadPeerDetectionRate</key> <string>Medium</string> <key>DisableMOBIKE</key> <integer>0</integer> <key>DisableRedirect</key> <integer>0</integer> <key>EnableCertificateRevocationCheck</key> <integer>0</integer> <key>EnablePFS</key> <integer>0</integer> <key>ExtendedAuthEnabled</key> <true/> <key>IKESecurityAssociationParameters</key> <dict> <key>DiffieHellmanGroup</key> <integer>2</integer> <key>EncryptionAlgorithm</key> <string>3DES</string> <key>IntegrityAlgorithm</key> <string>SHA1-96</string> <key>LifeTimeInMinutes</key> <integer>1440</integer> </dict> <key>LocalIdentifier</key> <string>myserver.com.client</string> <key>RemoteAddress</key> <string>@@Replace with your server IP address@@</string> <key>RemoteIdentifier</key> <string>myserver.com.server</string> <key>SharedSecret</key> <string>@@Replace with the PSK from /etc/ipsec.secrets@@</string> <key>UseConfigurationAttributeInternalIPSubnet</key> <integer>0</integer> </dict> <key>IPv4</key> <dict> <key>OverridePrimary</key> <integer>1</integer> </dict> <key>PayloadDescription</key> <string>Configures VPN settings for iphone</string> <key>PayloadDisplayName</key> <string>TutorialVPN</string> <key>PayloadIdentifier</key> <string>com.apple.vpn.managed.@@Replace with output from uuidgen@@</string> <key>PayloadType</key> <string>com.apple.vpn.managed</string> <key>PayloadUUID</key> <string>@@Replace with output from uuidgen@@</string> <key>PayloadVersion</key> <real>1</real> <key>Proxies</key> <dict> <key>HTTPEnable</key> <integer>0</integer> <key>HTTPSEnable</key> <integer>0</integer> <key>ProxyAutoConfigEnable</key> <integer>0</integer> <key>ProxyAutoDiscoveryEnable</key> <integer>0</integer> </dict> <key>UserDefinedName</key> <string>@@My VPN Connection Name@@</string> <key>VPNType</key> <string>IKEv2</string> <key>VendorConfig</key> <dict/> </dict> </array> <key>PayloadDisplayName</key> <string>IKEv2</string> <key>PayloadIdentifier</key> <string>@@Replace with output from uuidgen@@</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>@@Replace with output from command uuidgen@@</string> <key>PayloadVersion</key> <integer>1</integer> </dict></plist>最后把上面的配置文件放到一个能用外链下载的服务器上去,我将自己的Ubuntu台式机配置了nginx。最后iPhone用sarafi打开链接下载安装配置文件,就可以连上vpn了
0 0
- 自己搭建vpn
- 搭建自己的VPN
- 自己搭建VPN服务器
- VPS+SS搭建自己的VPN
- 搭建自己的vpn,访问局域网
- 自己搭建对应的vpn服务器
- 搭建自己专属的vpn——Centos搭建vpn的几种办法
- 搭建自己专属的vpn——Centos搭建vpn的几种办法
- 搭建自己专属的vpn——Centos搭建vpn的几种办法
- 实例讲解 手把手教你搭建适合自己的VPN
- 如何使用aws搭建自己的VPN服务器
- 搭建自己专属的vpn——选择一个vps
- 在vps上搭建自己的vpn服务器
- 在linux中搭建自己服务器的vpn脚本
- 搭建vpn
- VPN搭建
- 搭建VPN
- vpn 搭建
- 算法导论--最优二叉搜索树
- 下载源代码的好地方
- C中static变量
- 归并排序
- Head First Servlets & JSP 学习心得(一)
- 自己搭建vpn
- wsdl2java命令及参数
- 队列的结构体封装实现(啊哈算法版,以解密QQ号为例)
- 顺序建立链表
- Cocos2d-x3.8.1暂停与继续游戏
- Android开发ViewPager和Fragment结合使用实现新闻类app基本框架(一)
- POI2010 Hamsters
- iOS-开发小技巧
- Linux下安装OpenCV问题:No rule to make target ;usr/lib/x86_64-linux-gnu/libGL.so