{"id":131,"date":"2024-10-30T17:54:38","date_gmt":"2024-10-30T09:54:38","guid":{"rendered":"https:\/\/zhoujibin.com\/?p=131"},"modified":"2024-10-30T17:54:38","modified_gmt":"2024-10-30T09:54:38","slug":"linux%e6%90%ad%e5%bb%bal2tp%e6%9c%8d%e5%8a%a1","status":"publish","type":"post","link":"https:\/\/zhoujibin.com\/?p=131","title":{"rendered":"Linux\u642d\u5efaL2TP\u670d\u52a1"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">\u57fa\u7840\u73af\u5883<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">\u7cfb\u7edf\u7248\u672c<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>centos7.6<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">ip\u5730\u5740<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># \u53ef\u4f7f\u7528ifconfig\u67e5\u770b inet \u5bf9\u5e94\u7684\u503c\u5373\u53ef\nifcongig\neth0: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt;  mtu 1500\n        inet 172.17.21.70  netmask 255.255.192.0  broadcast 172.17.63.255\n        ether 00:16:3e:0a:ae:40  txqueuelen 1000  (Ethernet)\n        RX packets 26818  bytes 38644694 (36.8 MiB)\n        RX errors 0  dropped 0  overruns 0  frame 0\n        TX packets 3048  bytes 313650 (306.2 KiB)\n        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0\n\nlo: flags=73&lt;UP,LOOPBACK,RUNNING&gt;  mtu 65536\n        inet 127.0.0.1  netmask 255.0.0.0\n        loop  txqueuelen 1000  (Local Loopback)\n        RX packets 0  bytes 0 (0.0 B)\n        RX errors 0  dropped 0  overruns 0  frame 0\n        TX packets 0  bytes 0 (0.0 B)\n        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">\u4e00\u952e\u5b89\u88c5<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">\u83b7\u53d6\u811a\u672c<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\u5728\u7ebf\u811a\u672c<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># \u83b7\u53d6\u5728\u7ebf\u811a\u672c\nwget --no-check-certificate https:\/\/raw.githubusercontent.com\/teddysun\/across\/master\/l2tp.sh<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">\u79bb\u7ebf\u811a\u672c<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># \u65b0\u5efa\u811a\u672c\u6587\u4ef6\uff0c\u8f93\u5165\u4e0b\u5217\u5185\u5bb9\u5373\u53ef\ntouch l2tp.sh;\n\n#!\/usr\/bin\/env bash\nPATH=\/bin:\/sbin:\/usr\/bin:\/usr\/sbin:\/usr\/local\/bin:\/usr\/local\/sbin:~\/bin\nexport PATH\n#=======================================================================#\n#   System Supported:  CentOS 6+ \/ Debian 7+ \/ Ubuntu 12+               #\n#   Description: L2TP VPN Auto Installer                                #\n#   Author: Teddysun &lt;i@teddysun.com&gt;                                   #\n#   Intro:  https:\/\/teddysun.com\/448.html                               #\n#=======================================================================#\ncur_dir=`pwd`\n\nlibreswan_filename=\"libreswan-3.27\"\ndownload_root_url=\"https:\/\/dl.lamp.sh\/files\"\n\nrootness(){\n    if &#91;&#91; $EUID -ne 0 ]]; then\n       echo \"Error:This script must be run as root!\" 1&gt;&amp;2\n       exit 1\n    fi\n}\n\ntunavailable(){\n    if &#91;&#91; ! -e \/dev\/net\/tun ]]; then\n        echo \"Error:TUN\/TAP is not available!\" 1&gt;&amp;2\n        exit 1\n    fi\n}\n\ndisable_selinux(){\nif &#91; -s \/etc\/selinux\/config ] &amp;&amp; grep 'SELINUX=enforcing' \/etc\/selinux\/config; then\n    sed -i 's\/SELINUX=enforcing\/SELINUX=disabled\/g' \/etc\/selinux\/config\n    setenforce 0\nfi\n}\n\nget_opsy(){\n    &#91; -f \/etc\/redhat-release ] &amp;&amp; awk '{print ($1,$3~\/^&#91;0-9]\/?$3:$4)}' \/etc\/redhat-release &amp;&amp; return\n    &#91; -f \/etc\/os-release ] &amp;&amp; awk -F'&#91;= \"]' '\/PRETTY_NAME\/{print $3,$4,$5}' \/etc\/os-release &amp;&amp; return\n    &#91; -f \/etc\/lsb-release ] &amp;&amp; awk -F'&#91;=\"]+' '\/DESCRIPTION\/{print $2}' \/etc\/lsb-release &amp;&amp; return\n}\n\nget_os_info(){\n    IP=$( ip addr | egrep -o '&#91;0-9]{1,3}\\.&#91;0-9]{1,3}\\.&#91;0-9]{1,3}\\.&#91;0-9]{1,3}' | egrep -v \"^192\\.168|^172\\.1&#91;6-9]\\.|^172\\.2&#91;0-9]\\.|^172\\.3&#91;0-2]\\.|^10\\.|^127\\.|^255\\.|^0\\.\" | head -n 1 )\n    &#91; -z ${IP} ] &amp;&amp; IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )\n\n    local cname=$( awk -F: '\/model name\/ {name=$2} END {print name}' \/proc\/cpuinfo | sed 's\/^&#91; \\t]*\/\/;s\/&#91; \\t]*$\/\/' )\n    local cores=$( awk -F: '\/model name\/ {core++} END {print core}' \/proc\/cpuinfo )\n    local freq=$( awk -F: '\/cpu MHz\/ {freq=$2} END {print freq}' \/proc\/cpuinfo | sed 's\/^&#91; \\t]*\/\/;s\/&#91; \\t]*$\/\/' )\n    local tram=$( free -m | awk '\/Mem\/ {print $2}' )\n    local swap=$( free -m | awk '\/Swap\/ {print $2}' )\n    local up=$( awk '{a=$1\/86400;b=($1%86400)\/3600;c=($1%3600)\/60;d=$1%60} {printf(\"%ddays, %d:%d:%d\\n\",a,b,c,d)}' \/proc\/uptime )\n    local load=$( w | head -1 | awk -F'load average:' '{print $2}' | sed 's\/^&#91; \\t]*\/\/;s\/&#91; \\t]*$\/\/' )\n    local opsy=$( get_opsy )\n    local arch=$( uname -m )\n    local lbit=$( getconf LONG_BIT )\n    local host=$( hostname )\n    local kern=$( uname -r )\n\n    echo \"########## System Information ##########\"\n    echo \n    echo \"CPU model            : ${cname}\"\n    echo \"Number of cores      : ${cores}\"\n    echo \"CPU frequency        : ${freq} MHz\"\n    echo \"Total amount of ram  : ${tram} MB\"\n    echo \"Total amount of swap : ${swap} MB\"\n    echo \"System uptime        : ${up}\"\n    echo \"Load average         : ${load}\"\n    echo \"OS                   : ${opsy}\"\n    echo \"Arch                 : ${arch} (${lbit} Bit)\"\n    echo \"Kernel               : ${kern}\"\n    echo \"Hostname             : ${host}\"\n    echo \"IPv4 address         : ${IP}\"\n    echo \n    echo \"########################################\"\n}\n\ncheck_sys(){\n    local checkType=$1\n    local value=$2\n\n    local release=''\n    local systemPackage=''\n\n    if &#91;&#91; -f \/etc\/redhat-release ]]; then\n        release=\"centos\"\n        systemPackage=\"yum\"\n    elif cat \/etc\/issue | grep -Eqi \"debian\"; then\n        release=\"debian\"\n        systemPackage=\"apt\"\n    elif cat \/etc\/issue | grep -Eqi \"ubuntu\"; then\n        release=\"ubuntu\"\n        systemPackage=\"apt\"\n    elif cat \/etc\/issue | grep -Eqi \"centos|red hat|redhat\"; then\n        release=\"centos\"\n        systemPackage=\"yum\"\n    elif cat \/proc\/version | grep -Eqi \"debian\"; then\n        release=\"debian\"\n        systemPackage=\"apt\"\n    elif cat \/proc\/version | grep -Eqi \"ubuntu\"; then\n        release=\"ubuntu\"\n        systemPackage=\"apt\"\n    elif cat \/proc\/version | grep -Eqi \"centos|red hat|redhat\"; then\n        release=\"centos\"\n        systemPackage=\"yum\"\n    fi\n\n    if &#91;&#91; ${checkType} == \"sysRelease\" ]]; then\n        if &#91; \"$value\" == \"$release\" ];then\n            return 0\n        else\n            return 1\n        fi\n    elif &#91;&#91; ${checkType} == \"packageManager\" ]]; then\n        if &#91; \"$value\" == \"$systemPackage\" ];then\n            return 0\n        else\n            return 1\n        fi\n    fi\n}\n\nrand(){\n    index=0\n    str=\"\"\n    for i in {a..z}; do arr&#91;index]=${i}; index=`expr ${index} + 1`; done\n    for i in {A..Z}; do arr&#91;index]=${i}; index=`expr ${index} + 1`; done\n    for i in {0..9}; do arr&#91;index]=${i}; index=`expr ${index} + 1`; done\n    for i in {1..10}; do str=\"$str${arr&#91;$RANDOM%$index]}\"; done\n    echo ${str}\n}\n\nis_64bit(){\n    if &#91; `getconf WORD_BIT` = '32' ] &amp;&amp; &#91; `getconf LONG_BIT` = '64' ] ; then\n        return 0\n    else\n        return 1\n    fi\n}\n\ndownload_file(){\n    if &#91; -s ${1} ]; then\n        echo \"$1 &#91;found]\"\n    else\n        echo \"$1 not found!!!download now...\"\n        if ! wget -c -t3 -T60 ${download_root_url}\/${1}; then\n            echo \"Failed to download $1, please download it to ${cur_dir} directory manually and try again.\"\n            exit 1\n        fi\n    fi\n}\n\nversionget(){\n    if &#91;&#91; -s \/etc\/redhat-release ]];then\n        grep -oE  \"&#91;0-9.]+\" \/etc\/redhat-release\n    else\n        grep -oE  \"&#91;0-9.]+\" \/etc\/issue\n    fi\n}\n\ncentosversion(){\n    if check_sys sysRelease centos;then\n        local code=${1}\n        local version=\"`versionget`\"\n        local main_ver=${version%%.*}\n        if &#91; \"${main_ver}\" == \"${code}\" ];then\n            return 0\n        else\n            return 1\n        fi\n    else\n        return 1\n    fi\n}\n\ndebianversion(){\n    if check_sys sysRelease debian;then\n        local version=$( get_opsy )\n        local code=${1}\n        local main_ver=$( echo ${version} | sed 's\/&#91;^0-9]\/\/g')\n        if &#91; \"${main_ver}\" == \"${code}\" ];then\n            return 0\n        else\n            return 1\n        fi\n    else\n        return 1\n    fi\n}\n\nversion_check(){\n    if check_sys packageManager yum; then\n        if centosversion 5; then\n            echo \"Error: CentOS 5 is not supported, Please re-install OS and try again.\"\n            exit 1\n        fi\n    fi\n}\n\nget_char(){\n    SAVEDSTTY=`stty -g`\n    stty -echo\n    stty cbreak\n    dd if=\/dev\/tty bs=1 count=1 2&gt; \/dev\/null\n    stty -raw\n    stty echo\n    stty $SAVEDSTTY\n}\n\npreinstall_l2tp(){\n\n    echo\n    if &#91; -d \"\/proc\/vz\" ]; then\n        echo -e \"\\033&#91;41;37m WARNING: \\033&#91;0m Your VPS is based on OpenVZ, and IPSec might not be supported by the kernel.\"\n        echo \"Continue installation? (y\/n)\"\n        read -p \"(Default: n)\" agree\n        &#91; -z ${agree} ] &amp;&amp; agree=\"n\"\n        if &#91; \"${agree}\" == \"n\" ]; then\n            echo\n            echo \"L2TP installation cancelled.\"\n            echo\n            exit 0\n        fi\n    fi\n    echo\n    echo \"Please enter IP-Range:\"\n    read -p \"(Default Range: 192.168.18):\" iprange\n    &#91; -z ${iprange} ] &amp;&amp; iprange=\"192.168.18\"\n\n    echo \"Please enter PSK:\"\n    read -p \"(Default PSK: teddysun.com):\" mypsk\n    &#91; -z ${mypsk} ] &amp;&amp; mypsk=\"teddysun.com\"\n\n    echo \"Please enter Username:\"\n    read -p \"(Default Username: teddysun):\" username\n    &#91; -z ${username} ] &amp;&amp; username=\"teddysun\"\n\n    password=`rand`\n    echo \"Please enter ${username}'s password:\"\n    read -p \"(Default Password: ${password}):\" tmppassword\n    &#91; ! -z ${tmppassword} ] &amp;&amp; password=${tmppassword}\n\n    echo\n    echo \"ServerIP:${IP}\"\n    echo \"Server Local IP:${iprange}.1\"\n    echo \"Client Remote IP Range:${iprange}.2-${iprange}.254\"\n    echo \"PSK:${mypsk}\"\n    echo\n    echo \"Press any key to start... or press Ctrl + C to cancel.\"\n    char=`get_char`\n\n}\n\ninstall_l2tp(){\n\n    mknod \/dev\/random c 1 9\n\n    if check_sys packageManager apt; then\n        apt-get -y update\n\n        if debianversion 7; then\n            if is_64bit; then\n                local libnspr4_filename1=\"libnspr4_4.10.7-1_amd64.deb\"\n                local libnspr4_filename2=\"libnspr4-0d_4.10.7-1_amd64.deb\"\n                local libnspr4_filename3=\"libnspr4-dev_4.10.7-1_amd64.deb\"\n                local libnspr4_filename4=\"libnspr4-dbg_4.10.7-1_amd64.deb\"\n                local libnss3_filename1=\"libnss3_3.17.2-1.1_amd64.deb\"\n                local libnss3_filename2=\"libnss3-1d_3.17.2-1.1_amd64.deb\"\n                local libnss3_filename3=\"libnss3-tools_3.17.2-1.1_amd64.deb\"\n                local libnss3_filename4=\"libnss3-dev_3.17.2-1.1_amd64.deb\"\n                local libnss3_filename5=\"libnss3-dbg_3.17.2-1.1_amd64.deb\"\n            else\n                local libnspr4_filename1=\"libnspr4_4.10.7-1_i386.deb\"\n                local libnspr4_filename2=\"libnspr4-0d_4.10.7-1_i386.deb\"\n                local libnspr4_filename3=\"libnspr4-dev_4.10.7-1_i386.deb\"\n                local libnspr4_filename4=\"libnspr4-dbg_4.10.7-1_i386.deb\"\n                local libnss3_filename1=\"libnss3_3.17.2-1.1_i386.deb\"\n                local libnss3_filename2=\"libnss3-1d_3.17.2-1.1_i386.deb\"\n                local libnss3_filename3=\"libnss3-tools_3.17.2-1.1_i386.deb\"\n                local libnss3_filename4=\"libnss3-dev_3.17.2-1.1_i386.deb\"\n                local libnss3_filename5=\"libnss3-dbg_3.17.2-1.1_i386.deb\"\n            fi\n            rm -rf ${cur_dir}\/l2tp\n            mkdir -p ${cur_dir}\/l2tp\n            cd ${cur_dir}\/l2tp\n            download_file \"${libnspr4_filename1}\"\n            download_file \"${libnspr4_filename2}\"\n            download_file \"${libnspr4_filename3}\"\n            download_file \"${libnspr4_filename4}\"\n            download_file \"${libnss3_filename1}\"\n            download_file \"${libnss3_filename2}\"\n            download_file \"${libnss3_filename3}\"\n            download_file \"${libnss3_filename4}\"\n            download_file \"${libnss3_filename5}\"\n            dpkg -i ${libnspr4_filename1} ${libnspr4_filename2} ${libnspr4_filename3} ${libnspr4_filename4}\n            dpkg -i ${libnss3_filename1} ${libnss3_filename2} ${libnss3_filename3} ${libnss3_filename4} ${libnss3_filename5}\n\n            apt-get -y install wget gcc ppp flex bison make pkg-config libpam0g-dev libcap-ng-dev iptables \\\n                               libcap-ng-utils libunbound-dev libevent-dev libcurl4-nss-dev libsystemd-daemon-dev\n        else\n            apt-get -y install wget gcc ppp flex bison make python libnss3-dev libnss3-tools libselinux-dev iptables \\\n                               libnspr4-dev pkg-config libpam0g-dev libcap-ng-dev libcap-ng-utils libunbound-dev \\\n                               libevent-dev libcurl4-nss-dev libsystemd-dev\n        fi\n        apt-get -y --no-install-recommends install xmlto\n        apt-get -y install xl2tpd\n\n        compile_install\n    elif check_sys packageManager yum; then\n        echo \"Adding the EPEL repository...\"\n        yum -y install epel-release yum-utils\n        &#91; ! -f \/etc\/yum.repos.d\/epel.repo ] &amp;&amp; echo \"Install EPEL repository failed, please check it.\" &amp;&amp; exit 1\n        yum-config-manager --enable epel\n        echo \"Adding the EPEL repository complete...\"\n\n        if centosversion 7; then\n            yum -y install ppp libreswan xl2tpd firewalld\n            yum_install\n        elif centosversion 6; then\n            yum -y remove libevent-devel\n            yum -y install libevent2-devel\n            yum -y install nss-devel nspr-devel pkgconfig pam-devel \\\n                           libcap-ng-devel libselinux-devel lsof \\\n                           curl-devel flex bison gcc ppp make iptables gmp-devel \\\n                           fipscheck-devel unbound-devel xmlto libpcap-devel xl2tpd\n\n            compile_install\n        fi\n    fi\n\n}\n\nconfig_install(){\n\n    cat &gt; \/etc\/ipsec.conf&lt;&lt;EOF\nversion 2.0\n\nconfig setup\n    protostack=netkey\n    nhelpers=0\n    uniqueids=no\n    interfaces=%defaultroute\n    virtual_private=%v4:10.0.0.0\/8,%v4:192.168.0.0\/16,%v4:172.16.0.0\/12,%v4:!${iprange}.0\/24\n\nconn l2tp-psk\n    rightsubnet=vhost:%priv\n    also=l2tp-psk-nonat\n\nconn l2tp-psk-nonat\n    authby=secret\n    pfs=no\n    auto=add\n    keyingtries=3\n    rekey=no\n    ikelifetime=8h\n    keylife=1h\n    type=transport\n    left=%defaultroute\n    leftid=${IP}\n    leftprotoport=17\/1701\n    right=%any\n    rightprotoport=17\/%any\n    dpddelay=40\n    dpdtimeout=130\n    dpdaction=clear\n    sha2-truncbug=yes\nEOF\n\n    cat &gt; \/etc\/ipsec.secrets&lt;&lt;EOF\n%any %any : PSK \"${mypsk}\"\nEOF\n\n    cat &gt; \/etc\/xl2tpd\/xl2tpd.conf&lt;&lt;EOF<\/code><\/pre>\n\n\n<p>[global]<\/p>\n\n\n\n<p>port = 1701<\/p>\n\n\n<p>[lns default]<\/p>\n\n\n\n<p>ip range = ${iprange}.2-${iprange}.254 local ip = ${iprange}.1 require chap = yes refuse pap = yes require authentication = yes name = l2tpd ppp debug = yes pppoptfile = \/etc\/ppp\/options.xl2tpd length bit = yes EOF cat &gt; \/etc\/ppp\/options.xl2tpd&lt;&lt;EOF ipcp-accept-local ipcp-accept-remote require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 noccp auth hide-password idle 1800 mtu 1410 mru 1410 nodefaultroute debug proxyarp connect-delay 5000 EOF rm -f \/etc\/ppp\/chap-secrets cat &gt; \/etc\/ppp\/chap-secrets&lt;&lt;EOF # Secrets for authentication using CHAP # client server secret IP addresses ${username} l2tpd ${password} * EOF } compile_install(){ rm -rf ${cur_dir}\/l2tp mkdir -p ${cur_dir}\/l2tp cd ${cur_dir}\/l2tp download_file &#8220;${libreswan_filename}.tar.gz&#8221; tar -zxf ${libreswan_filename}.tar.gz cd ${cur_dir}\/l2tp\/${libreswan_filename} cat &gt; Makefile.inc.local &lt;&lt;&#8216;EOF&#8217; WERROR_CFLAGS = USE_DNSSEC = false USE_DH31 = false USE_GLIBC_KERN_FLIP_HEADERS = true EOF make programs &amp;&amp; make install \/usr\/local\/sbin\/ipsec &#8211;version &gt;\/dev\/null 2&gt;&amp;1 if [ $? -ne 0 ]; then echo &#8220;${libreswan_filename} install failed.&#8221; exit 1 fi config_install cp -pf \/etc\/sysctl.conf \/etc\/sysctl.conf.bak sed -i &#8216;s\/net.ipv4.ip_forward = 0\/net.ipv4.ip_forward = 1\/g&#8217; \/etc\/sysctl.conf for each in `ls \/proc\/sys\/net\/ipv4\/conf\/`; do echo &#8220;net.ipv4.conf.${each}.accept_source_route=0&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.conf.${each}.accept_redirects=0&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.conf.${each}.send_redirects=0&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.conf.${each}.rp_filter=0&#8221; &gt;&gt; \/etc\/sysctl.conf done sysctl -p if centosversion 6; then [ -f \/etc\/sysconfig\/iptables ] &amp;&amp; cp -pf \/etc\/sysconfig\/iptables \/etc\/sysconfig\/iptables.old.`date +%Y%m%d` if [ &#8220;`iptables -L -n | grep -c &#8216;\\-\\-&#8216;`&#8221; == &#8220;0&#8221; ]; then cat &gt; \/etc\/sysconfig\/iptables &lt;&lt;EOF # Added by L2TP VPN script *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp &#8211;dport 22 -j ACCEPT -A INPUT -p udp -m multiport &#8211;dports 500,4500,1701 -j ACCEPT -A FORWARD -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s ${iprange}.0\/24 -j ACCEPT COMMIT *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s ${iprange}.0\/24 -j SNAT &#8211;to-source ${IP} COMMIT EOF else iptables -I INPUT -p udp -m multiport &#8211;dports 500,4500,1701 -j ACCEPT iptables -I FORWARD -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -s ${iprange}.0\/24 -j ACCEPT iptables -t nat -A POSTROUTING -s ${iprange}.0\/24 -j SNAT &#8211;to-source ${IP} \/etc\/init.d\/iptables save fi if [ ! -f \/etc\/ipsec.d\/cert9.db ]; then echo &gt; \/var\/tmp\/libreswan-nss-pwd certutil -N -f \/var\/tmp\/libreswan-nss-pwd -d \/etc\/ipsec.d rm -f \/var\/tmp\/libreswan-nss-pwd fi chkconfig &#8211;add iptables chkconfig iptables on chkconfig &#8211;add ipsec chkconfig ipsec on chkconfig &#8211;add xl2tpd chkconfig xl2tpd on \/etc\/init.d\/iptables restart \/etc\/init.d\/ipsec start \/etc\/init.d\/xl2tpd start else [ -f \/etc\/iptables.rules ] &amp;&amp; cp -pf \/etc\/iptables.rules \/etc\/iptables.rules.old.`date +%Y%m%d` if [ &#8220;`iptables -L -n | grep -c &#8216;\\-\\-&#8216;`&#8221; == &#8220;0&#8221; ]; then cat &gt; \/etc\/iptables.rules &lt;&lt;EOF # Added by L2TP VPN script *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp &#8211;dport 22 -j ACCEPT -A INPUT -p udp -m multiport &#8211;dports 500,4500,1701 -j ACCEPT -A FORWARD -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s ${iprange}.0\/24 -j ACCEPT COMMIT *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s ${iprange}.0\/24 -j SNAT &#8211;to-source ${IP} COMMIT EOF else iptables -I INPUT -p udp -m multiport &#8211;dports 500,4500,1701 -j ACCEPT iptables -I FORWARD -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -s ${iprange}.0\/24 -j ACCEPT iptables -t nat -A POSTROUTING -s ${iprange}.0\/24 -j SNAT &#8211;to-source ${IP} \/sbin\/iptables-save &gt; \/etc\/iptables.rules fi cat &gt; \/etc\/network\/if-up.d\/iptables &lt;&lt;EOF #!\/bin\/sh \/sbin\/iptables-restore &lt; \/etc\/iptables.rules EOF chmod +x \/etc\/network\/if-up.d\/iptables if [ ! -f \/etc\/ipsec.d\/cert9.db ]; then echo &gt; \/var\/tmp\/libreswan-nss-pwd certutil -N -f \/var\/tmp\/libreswan-nss-pwd -d \/etc\/ipsec.d rm -f \/var\/tmp\/libreswan-nss-pwd fi update-rc.d -f xl2tpd defaults cp -f \/etc\/rc.local \/etc\/rc.local.old.`date +%Y%m%d` sed &#8211;follow-symlinks -i -e &#8216;\/^exit 0\/d&#8217; \/etc\/rc.local cat &gt;&gt; \/etc\/rc.local &lt;&lt;EOF # Added by L2TP VPN script echo 1 &gt; \/proc\/sys\/net\/ipv4\/ip_forward \/usr\/sbin\/service ipsec start exit 0 EOF chmod +x \/etc\/rc.local echo 1 &gt; \/proc\/sys\/net\/ipv4\/ip_forward \/sbin\/iptables-restore &lt; \/etc\/iptables.rules \/usr\/sbin\/service ipsec start \/usr\/sbin\/service xl2tpd restart fi } yum_install(){ config_install cp -pf \/etc\/sysctl.conf \/etc\/sysctl.conf.bak echo &#8220;# Added by L2TP VPN&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.ip_forward=1&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.tcp_syncookies=1&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.icmp_echo_ignore_broadcasts=1&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.icmp_ignore_bogus_error_responses=1&#8221; &gt;&gt; \/etc\/sysctl.conf for each in `ls \/proc\/sys\/net\/ipv4\/conf\/`; do echo &#8220;net.ipv4.conf.${each}.accept_source_route=0&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.conf.${each}.accept_redirects=0&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.conf.${each}.send_redirects=0&#8221; &gt;&gt; \/etc\/sysctl.conf echo &#8220;net.ipv4.conf.${each}.rp_filter=0&#8243; &gt;&gt; \/etc\/sysctl.conf done sysctl -p cat &gt; \/etc\/firewalld\/services\/xl2tpd.xml&lt;&lt;EOF &lt;?xml version=&#8221;1.0&#8243; encoding=&#8221;utf-8&#8243;?&gt; &lt;service&gt; &lt;short&gt;xl2tpd&lt;\/short&gt; &lt;description&gt;L2TP IPSec&lt;\/description&gt; &lt;port protocol=&#8221;udp&#8221; port=&#8221;4500&#8243;\/&gt; &lt;port protocol=&#8221;udp&#8221; port=&#8221;1701&#8243;\/&gt; &lt;\/service&gt; EOF chmod 640 \/etc\/firewalld\/services\/xl2tpd.xml systemctl enable ipsec systemctl enable xl2tpd systemctl enable firewalld systemctl status firewalld &gt; \/dev\/null 2&gt;&amp;1 if [ $? -eq 0 ]; then firewall-cmd &#8211;reload echo &#8220;Checking firewalld status&#8230;&#8221; firewall-cmd &#8211;list-all echo &#8220;add firewalld rules&#8230;&#8221; firewall-cmd &#8211;permanent &#8211;add-service=ipsec firewall-cmd &#8211;permanent &#8211;add-service=xl2tpd firewall-cmd &#8211;permanent &#8211;add-masquerade firewall-cmd &#8211;reload else echo &#8220;Firewalld looks like not running, trying to start&#8230;&#8221; systemctl start firewalld if [ $? -eq 0 ]; then echo &#8220;Firewalld start successfully&#8230;&#8221; firewall-cmd &#8211;reload echo &#8220;Checking firewalld status&#8230;&#8221; firewall-cmd &#8211;list-all echo &#8220;adding firewalld rules&#8230;&#8221; firewall-cmd &#8211;permanent &#8211;add-service=ipsec firewall-cmd &#8211;permanent &#8211;add-service=xl2tpd firewall-cmd &#8211;permanent &#8211;add-masquerade firewall-cmd &#8211;reload else echo &#8220;Failed to start firewalld. please enable udp port 500 4500 1701 manually if necessary.&#8221; fi fi systemctl restart ipsec systemctl restart xl2tpd echo &#8220;Checking ipsec status&#8230;&#8221; systemctl -a | grep ipsec echo &#8220;Checking xl2tpd status&#8230;&#8221; systemctl -a | grep xl2tpd echo &#8220;Checking firewalld status&#8230;&#8221; firewall-cmd &#8211;list-all } finally(){ cd ${cur_dir} rm -fr ${cur_dir}\/l2tp # create l2tp command cp -f ${cur_dir}\/`basename $0` \/usr\/bin\/l2tp echo &#8220;Please wait a moment&#8230;&#8221; sleep 5 ipsec verify echo echo &#8220;###############################################################&#8221; echo &#8220;# L2TP VPN Auto Installer #&#8221; echo &#8220;# System Supported: CentOS 6+ \/ Debian 7+ \/ Ubuntu 12+ #&#8221; echo &#8220;# Intro: https:\/\/teddysun.com\/448.html #&#8221; echo &#8220;# Author: Teddysun &lt;i@teddysun.com&gt; #&#8221; echo &#8220;###############################################################&#8221; echo &#8220;If there is no [FAILED] above, you can connect to your L2TP &#8221; echo &#8220;VPN Server with the default Username\/Password is below:&#8221; echo echo &#8220;Server IP: ${IP}&#8221; echo &#8220;PSK : ${mypsk}&#8221; echo &#8220;Username : ${username}&#8221; echo &#8220;Password : ${password}&#8221; echo echo &#8220;If you want to modify user settings, please use below command(s):&#8221; echo &#8220;l2tp -a (Add a user)&#8221; echo &#8220;l2tp -d (Delete a user)&#8221; echo &#8220;l2tp -l (List all users)&#8221; echo &#8220;l2tp -m (Modify a user password)&#8221; echo echo &#8220;Welcome to visit our website: https:\/\/teddysun.com\/448.html&#8221; echo &#8220;Enjoy it!&#8221; echo } l2tp(){ clear echo echo &#8220;###############################################################&#8221; echo &#8220;# L2TP VPN Auto Installer #&#8221; echo &#8220;# System Supported: CentOS 6+ \/ Debian 7+ \/ Ubuntu 12+ #&#8221; echo &#8220;# Intro: https:\/\/teddysun.com\/448.html #&#8221; echo &#8220;# Author: Teddysun &lt;i@teddysun.com&gt; #&#8221; echo &#8220;###############################################################&#8221; echo rootness tunavailable disable_selinux version_check get_os_info preinstall_l2tp install_l2tp finally } list_users(){ if [ ! -f \/etc\/ppp\/chap-secrets ];then echo &#8220;Error: \/etc\/ppp\/chap-secrets file not found.&#8221; exit 1 fi local line=&#8221;+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-+\\n&#8221; local string=%20s printf &#8220;${line}|${string} |${string} |\\n${line}&#8221; Username Password grep -v &#8220;^#&#8221; \/etc\/ppp\/chap-secrets | awk &#8216;{printf &#8220;|&#8217;${string}&#8217; |&#8217;${string}&#8217; |\\n&#8221;, $1,$3}&#8217; printf ${line} } add_user(){ while : do read -p &#8220;Please input your Username:&#8221; user if [ -z ${user} ]; then echo &#8220;Username can not be empty&#8221; else grep -w &#8220;${user}&#8221; \/etc\/ppp\/chap-secrets &gt; \/dev\/null 2&gt;&amp;1 if [ $? -eq 0 ];then echo &#8220;Username (${user}) already exists. Please re-enter your username.&#8221; else break fi fi done pass=`rand` echo &#8220;Please input ${user}&#8217;s password:&#8221; read -p &#8220;(Default Password: ${pass}):&#8221; tmppass [ ! -z ${tmppass} ] &amp;&amp; pass=${tmppass} echo &#8220;${user} l2tpd ${pass} *&#8221; &gt;&gt; \/etc\/ppp\/chap-secrets echo &#8220;Username (${user}) add completed.&#8221; } del_user(){ while : do read -p &#8220;Please input Username you want to delete it:&#8221; user if [ -z ${user} ]; then echo &#8220;Username can not be empty&#8221; else grep -w &#8220;${user}&#8221; \/etc\/ppp\/chap-secrets &gt;\/dev\/null 2&gt;&amp;1 if [ $? -eq 0 ];then break else echo &#8220;Username (${user}) is not exists. Please re-enter your username.&#8221; fi fi done sed -i &#8220;\/^\\&lt;${user}\\&gt;\/d&#8221; \/etc\/ppp\/chap-secrets echo &#8220;Username (${user}) delete completed.&#8221; } mod_user(){ while : do read -p &#8220;Please input Username you want to change password:&#8221; user if [ -z ${user} ]; then echo &#8220;Username can not be empty&#8221; else grep -w &#8220;${user}&#8221; \/etc\/ppp\/chap-secrets &gt;\/dev\/null 2&gt;&amp;1 if [ $? -eq 0 ];then break else echo &#8220;Username (${user}) is not exists. Please re-enter your username.&#8221; fi fi done pass=`rand` echo &#8220;Please input ${user}&#8217;s new password:&#8221; read -p &#8220;(Default Password: ${pass}):&#8221; tmppass [ ! -z ${tmppass} ] &amp;&amp; pass=${tmppass} sed -i &#8220;\/^\\&lt;${user}\\&gt;\/d&#8221; \/etc\/ppp\/chap-secrets echo &#8220;${user} l2tpd ${pass} *&#8221; &gt;&gt; \/etc\/ppp\/chap-secrets echo &#8220;Username ${user}&#8217;s password has been changed.&#8221; } # Main process action=$1 if [ -z ${action} ] &amp;&amp; [ &#8220;`basename $0`&#8221; != &#8220;l2tp&#8221; ]; then action=install fi case ${action} in install) l2tp 2&gt;&amp;1 | tee ${cur_dir}\/l2tp.log ;; -l|&#8211;list) list_users ;; -a|&#8211;add) add_user ;; -d|&#8211;del) del_user ;; -m|&#8211;mod) mod_user ;; -h|&#8211;help) echo &#8220;Usage: `basename $0` -l,&#8211;list List all users&#8221; echo &#8221; `basename $0` -a,&#8211;add Add a user&#8221; echo &#8221; `basename $0` -d,&#8211;del Delete a user&#8221; echo &#8221; `basename $0` -m,&#8211;mod Modify a user password&#8221; echo &#8221; `basename $0` -h,&#8211;help Print this help information&#8221; ;; *) echo &#8220;Usage: `basename $0` [-l,&#8211;list|-a,&#8211;add|-d,&#8211;del|-m,&#8211;mod|-h,&#8211;help]&#8221; &amp;&amp; exit ;; esac<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u6267\u884c\u811a\u672c<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># \u8d4b\u4e88\u811a\u672c\u6267\u884c\u6743\u9650\nchmod +x l2tp.sh\n# \u6267\u884c\u811a\u672c\uff08\u82e5\u975eroot\u7528\u6237\uff0c\u9700\u8981\u4f7f\u7528sudo .\/l2tp.sh \u6267\u884c\uff09\n.\/l2tp.sh\n\n# \u811a\u672c\u6267\u884c\u5b8c\u6bd5\u540e\u4f1a\u51fa\u73b0\u4e0b\u5217\u754c\u9762\uff0c\u6b64\u5904\u8f93\u5165\u57fa\u7840\u73af\u5883\u4e2dip\u5730\u5740\u5bf9\u5e94\u7684\u8303\u56f4\u6bb5\u5373\u53ef\uff0c\u6b64\u5904\u4e3a\uff1a172.17.21\nPlease input IP-Range:\n(Default Range: 192.168.18):\n\u8f93\u5165\u672c\u5730IP\u6bb5\u8303\u56f4\uff08\u672c\u5730\u7535\u8111\u8fde\u63a5\u5230VPS\u540e\u7ed9\u5206\u914d\u7684\u4e00\u4e2a\u672c\u5730IP\u5730\u5740\uff09\uff0c\u76f4\u63a5\u56de\u8f66\u610f\u5473\u7740\u8f93\u5165\u9ed8\u8ba4\u503c192.168.18\n\n# \u6b64\u5904\u53ef\u81ea\u5b9a\u4e49\u8f93\u5165\nPlease input PSK:\n(Default PSK: teddysun.com):\nPSK\u610f\u4e3a\u9884\u5171\u4eab\u5bc6\u94a5\uff0c\u5373\u6307\u5b9a\u4e00\u4e2a\u5bc6\u94a5\u5c06\u6765\u5728\u8fde\u63a5\u65f6\u9700\u8981\u7528\u5230\uff0c\u76f4\u63a5\u56de\u8f66\u610f\u5473\u7740\u8f93\u5165\u9ed8\u8ba4\u503cteddysun.com\n\nPlease input Username:\n(Default Username: teddysun):\nUsername\u610f\u4e3a\u7528\u6237\u540d\uff0c\u5373\u7b2c\u4e00\u4e2a\u9ed8\u8ba4\u7528\u6237\u3002\u76f4\u63a5\u56de\u8f66\u610f\u5473\u7740\u8f93\u5165\u9ed8\u8ba4\u503cteddysun\n\nPlease input teddysun\u2019s password:\n(Default Password: Q4SKhu2EXQ):\n\u8f93\u5165\u7528\u6237\u7684\u5bc6\u7801\uff0c\u9ed8\u8ba4\u4f1a\u968f\u673a\u751f\u6210\u4e00\u4e2a10\u4f4d\u5305\u542b\u5927\u5c0f\u5199\u5b57\u6bcd\u548c\u6570\u5b57\u7684\u5bc6\u7801\uff0c\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u6307\u5b9a\u5bc6\u7801\u3002\n\nServerIP:your_server_main_IP\n\u663e\u793a\u4f60\u7684 VPS \u7684\u4e3b IP\uff08\u5982\u679c\u662f\u591a IP \u7684 VPS \u4e5f\u53ea\u663e\u793a\u4e00\u4e2a\uff09\n\nServer Local IP:192.168.18.1\n\u663e\u793a\u4f60\u7684 VPS \u7684\u672c\u5730 IP\uff08\u9ed8\u8ba4\u5373\u53ef\uff09\n\nClient Remote IP Range:192.168.18.2-192.168.18.254\n\u663e\u793a IP \u6bb5\u8303\u56f4\n\nPSK:teddysun.com\n\u663e\u793a PSK\n\nPress any key to start\u2026or Press Ctrl+c to cancel\n\u6309\u4e0b\u4efb\u610f\u6309\u952e\u7ee7\u7eed\uff0c\u5982\u679c\u60f3\u53d6\u6d88\u5b89\u88c5\uff0c\u8bf7\u6309Ctrl+c\u952e\n\n# \u7b49\u5f85\u5b89\u88c5\u7ed3\u679c\u5373\u53ef<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">\u57fa\u7840\u547d\u4ee4<\/h1>\n\n\n\n<pre class=\"wp-block-code\"><code># \u65b0\u589e\u7528\u6237\nl2tp -a \n# \u5220\u9664\u7528\u6237\nl2tp -d \n# \u4fee\u6539\u73b0\u6709\u7684\u7528\u6237\u7684\u5bc6\u7801\nl2tp -m \n# \u5217\u51fa\u6240\u6709\u7528\u6237\u540d\u548c\u5bc6\u7801\nl2tp -l \n# \u5217\u51fa\u5e2e\u52a9\u4fe1\u606f\nl2tp -h \n\n# \u67e5\u770b ipsec \u8fd0\u884c\u72b6\u6001\nipsec status\n# \u542f\u52a8 ipsec\nipsec start\n# \u505c\u6b62 ipsec\nipsec stop\n# \u91cd\u542f ipsec\nipsec restart\n# ipsec \u7b80\u4ecb:https:\/\/baike.baidu.com\/item\/IPSec\/2472311<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">\u5f00\u653eUDP\u7aef\u53e3<\/h1>\n\n\n\n<pre class=\"wp-block-code\"><code># \u653e\u884c500\u30014500\u7aef\u53e3<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">\u914d\u7f6e IPsec\/L2TP VPN \u5ba2\u6237\u7aef<\/h1>\n\n\n\n<p><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md\">\u914d\u7f6e\u539f\u6587\u8fde\u63a5<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5e73\u53f0\u540d\u79f0<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows\">Windows<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#os-x\">OS X (macOS)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#android\">Android<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ios\">iOS (iPhone\/iPad)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#chrome-os\">Chrome OS (Chromebook)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#linux\">Linux<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">IKEv1 \u6545\u969c\u6392\u9664<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Windows<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a> \u6a21\u5f0f\u8fde\u63a5\uff08\u63a8\u8350\uff09\u3002<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Windows 11<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u53f3\u952e\u5355\u51fb\u7cfb\u7edf\u6258\u76d8\u4e2d\u7684\u65e0\u7ebf\/\u7f51\u7edc\u56fe\u6807\u3002<\/li>\n\n\n\n<li>\u9009\u62e9 <strong>\u7f51\u7edc\u548c Internet \u8bbe\u7f6e<\/strong>\uff0c\u7136\u540e\u5728\u6253\u5f00\u7684\u9875\u9762\u4e2d\u5355\u51fb <strong>VPN<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u6dfb\u52a0 VPN<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u4ece <strong>VPN \u63d0\u4f9b\u5546<\/strong> \u4e0b\u62c9\u83dc\u5355\u9009\u62e9 <strong>Windows (\u5185\u7f6e)<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u8fde\u63a5\u540d\u79f0<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u5185\u5bb9\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u670d\u52a1\u5668\u540d\u79f0\u6216\u5730\u5740<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/li>\n\n\n\n<li>\u4ece <strong>VPN \u7c7b\u578b<\/strong> \u4e0b\u62c9\u83dc\u5355\u9009\u62e9 <strong>\u4f7f\u7528\u9884\u5171\u4eab\u5bc6\u94a5\u7684 L2TP\/IPsec<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u9884\u5171\u4eab\u5bc6\u94a5<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u7528\u6237\u540d<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u5bc6\u7801<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u5bc6\u7801<\/code>\u3002<\/li>\n\n\n\n<li>\u9009\u4e2d <strong>\u8bb0\u4f4f\u6211\u7684\u767b\u5f55\u4fe1\u606f<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u4fdd\u5b58<\/strong> \u4fdd\u5b58 VPN \u8fde\u63a5\u7684\u8be6\u7ec6\u4fe1\u606f\u3002<\/li>\n<\/ol>\n\n\n\n<p><strong>\u6ce8\uff1a<\/strong> \u5728\u9996\u6b21\u8fde\u63a5\u4e4b\u524d\u9700\u8981<a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-\u9519\u8bef-809\">\u4fee\u6539\u4e00\u6b21\u6ce8\u518c\u8868<\/a>\uff0c\u4ee5\u89e3\u51b3 VPN \u670d\u52a1\u5668 \u548c\/\u6216 \u5ba2\u6237\u7aef\u4e0e NAT \uff08\u6bd4\u5982\u5bb6\u7528\u8def\u7531\u5668\uff09\u7684\u517c\u5bb9\u95ee\u9898\u3002<\/p>\n\n\n\n<p>\u8981\u8fde\u63a5\u5230 VPN\uff1a\u5355\u51fb <strong>\u8fde\u63a5<\/strong> \u6309\u94ae\uff0c\u6216\u8005\u5355\u51fb\u7cfb\u7edf\u6258\u76d8\u4e2d\u7684\u65e0\u7ebf\/\u7f51\u7edc\u56fe\u6807\uff0c\u5355\u51fb <strong>VPN<\/strong>\uff0c\u7136\u540e\u9009\u62e9\u65b0\u7684 VPN \u8fde\u63a5\u5e76\u5355\u51fb <strong>\u8fde\u63a5<\/strong>\u3002\u5982\u679c\u51fa\u73b0\u63d0\u793a\uff0c\u5728\u767b\u5f55\u7a97\u53e3\u4e2d\u8f93\u5165 <code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code> \u548c <code>\u5bc6\u7801<\/code> \uff0c\u5e76\u5355\u51fb <strong>\u786e\u5b9a<\/strong>\u3002\u6700\u540e\u4f60\u53ef\u4ee5\u5230 <a href=\"https:\/\/www.ipchicken.com\/\">\u8fd9\u91cc<\/a> \u68c0\u6d4b\u4f60\u7684 IP \u5730\u5740\uff0c\u5e94\u8be5\u663e\u793a\u4e3a<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u5728\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u53c2\u89c1 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">\u6545\u969c\u6392\u9664<\/a>\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Windows 10 and 8<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u53f3\u952e\u5355\u51fb\u7cfb\u7edf\u6258\u76d8\u4e2d\u7684\u65e0\u7ebf\/\u7f51\u7edc\u56fe\u6807\u3002<\/li>\n\n\n\n<li>\u9009\u62e9 <strong>\u6253\u5f00&#8221;\u7f51\u7edc\u548c Internet&#8221;\u8bbe\u7f6e<\/strong>\uff0c\u7136\u540e\u5728\u6253\u5f00\u7684\u9875\u9762\u4e2d\u5355\u51fb <strong>\u7f51\u7edc\u548c\u5171\u4eab\u4e2d\u5fc3<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u8bbe\u7f6e\u65b0\u7684\u8fde\u63a5\u6216\u7f51\u7edc<\/strong>\u3002<\/li>\n\n\n\n<li>\u9009\u62e9 <strong>\u8fde\u63a5\u5230\u5de5\u4f5c\u533a<\/strong>\uff0c\u7136\u540e\u5355\u51fb <strong>\u4e0b\u4e00\u6b65<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u4f7f\u7528\u6211\u7684Internet\u8fde\u63a5 (VPN)<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>Internet\u5730\u5740<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u76ee\u6807\u540d\u79f0<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u5185\u5bb9\u3002\u5355\u51fb <strong>\u521b\u5efa<\/strong>\u3002<\/li>\n\n\n\n<li>\u8fd4\u56de <strong>\u7f51\u7edc\u548c\u5171\u4eab\u4e2d\u5fc3<\/strong>\u3002\u5355\u51fb\u5de6\u4fa7\u7684 <strong>\u66f4\u6539\u9002\u914d\u5668\u8bbe\u7f6e<\/strong>\u3002<\/li>\n\n\n\n<li>\u53f3\u952e\u5355\u51fb\u65b0\u521b\u5efa\u7684 VPN \u8fde\u63a5\uff0c\u5e76\u9009\u62e9 <strong>\u5c5e\u6027<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u5b89\u5168<\/strong> \u9009\u9879\u5361\uff0c\u4ece <strong>VPN \u7c7b\u578b<\/strong> \u4e0b\u62c9\u83dc\u5355\u4e2d\u9009\u62e9 &#8220;\u4f7f\u7528 IPsec \u7684\u7b2c 2 \u5c42\u96a7\u9053\u534f\u8bae (L2TP\/IPSec)&#8221;\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u5141\u8bb8\u4f7f\u7528\u8fd9\u4e9b\u534f\u8bae<\/strong>\u3002\u9009\u4e2d &#8220;\u8d28\u8be2\u63e1\u624b\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae (CHAP)&#8221; \u548c &#8220;Microsoft CHAP \u7248\u672c 2 (MS-CHAP v2)&#8221; \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u9ad8\u7ea7\u8bbe\u7f6e<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u4f7f\u7528\u9884\u5171\u4eab\u5bc6\u94a5\u4f5c\u8eab\u4efd\u9a8c\u8bc1<\/strong> \u5e76\u5728 <strong>\u5bc6\u94a5<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u786e\u5b9a<\/strong> \u5173\u95ed <strong>\u9ad8\u7ea7\u8bbe\u7f6e<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u786e\u5b9a<\/strong> \u4fdd\u5b58 VPN \u8fde\u63a5\u7684\u8be6\u7ec6\u4fe1\u606f\u3002<\/li>\n<\/ol>\n\n\n\n<p><strong>\u6ce8\uff1a<\/strong> \u5728\u9996\u6b21\u8fde\u63a5\u4e4b\u524d\u9700\u8981<a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-\u9519\u8bef-809\">\u4fee\u6539\u4e00\u6b21\u6ce8\u518c\u8868<\/a>\uff0c\u4ee5\u89e3\u51b3 VPN \u670d\u52a1\u5668 \u548c\/\u6216 \u5ba2\u6237\u7aef\u4e0e NAT \uff08\u6bd4\u5982\u5bb6\u7528\u8def\u7531\u5668\uff09\u7684\u517c\u5bb9\u95ee\u9898\u3002<\/p>\n\n\n\n<p>\u8981\u8fde\u63a5\u5230 VPN\uff1a\u5355\u51fb\u7cfb\u7edf\u6258\u76d8\u4e2d\u7684\u65e0\u7ebf\/\u7f51\u7edc\u56fe\u6807\uff0c\u9009\u62e9\u65b0\u7684 VPN \u8fde\u63a5\uff0c\u7136\u540e\u5355\u51fb <strong>\u8fde\u63a5<\/strong>\u3002\u5982\u679c\u51fa\u73b0\u63d0\u793a\uff0c\u5728\u767b\u5f55\u7a97\u53e3\u4e2d\u8f93\u5165 <code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code> \u548c <code>\u5bc6\u7801<\/code> \uff0c\u5e76\u5355\u51fb <strong>\u786e\u5b9a<\/strong>\u3002\u6700\u540e\u4f60\u53ef\u4ee5\u5230 <a href=\"https:\/\/www.ipchicken.com\/\">\u8fd9\u91cc<\/a> \u68c0\u6d4b\u4f60\u7684 IP \u5730\u5740\uff0c\u5e94\u8be5\u663e\u793a\u4e3a<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u5728\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u53c2\u89c1 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">\u6545\u969c\u6392\u9664<\/a>\u3002<\/p>\n\n\n\n<p>\u53e6\u5916\uff0c\u9664\u4e86\u6309\u7167\u4ee5\u4e0a\u6b65\u9aa4\u64cd\u4f5c\uff0c\u4f60\u4e5f\u53ef\u4ee5\u8fd0\u884c\u4e0b\u9762\u7684 Windows PowerShell \u547d\u4ee4\u6765\u521b\u5efa VPN \u8fde\u63a5\u3002\u5c06 <code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code> \u548c <code>\u4f60\u7684 VPN IPsec PSK<\/code> \u6362\u6210\u4f60\u81ea\u5df1\u7684\u503c\uff0c\u7528\u5355\u5f15\u53f7\u62ec\u8d77\u6765\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u4e0d\u4fdd\u5b58\u547d\u4ee4\u884c\u5386\u53f2\u8bb0\u5f55\nSet-PSReadlineOption \u2013HistorySaveStyle SaveNothing\n# \u521b\u5efa VPN \u8fde\u63a5\nAdd-VpnConnection -Name 'My IPsec VPN' -ServerAddress '\u4f60\u7684 VPN \u670d\u52a1\u5668 IP' `\n  -L2tpPsk '\u4f60\u7684 VPN IPsec PSK' -TunnelType L2tp -EncryptionLevel Required `\n  -AuthenticationMethod Chap,MSChapv2 -Force -RememberCredential -PassThru\n# \u5ffd\u7565 data encryption \u8b66\u544a\uff08\u6570\u636e\u5728 IPsec \u96a7\u9053\u4e2d\u5df2\u88ab\u52a0\u5bc6\uff09<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Windows 7, Vista and XP<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u5355\u51fb\u5f00\u59cb\u83dc\u5355\uff0c\u9009\u62e9\u63a7\u5236\u9762\u677f\u3002<\/li>\n\n\n\n<li>\u8fdb\u5165 <strong>\u7f51\u7edc\u548cInternet<\/strong> \u90e8\u5206\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u7f51\u7edc\u548c\u5171\u4eab\u4e2d\u5fc3<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u8bbe\u7f6e\u65b0\u7684\u8fde\u63a5\u6216\u7f51\u7edc<\/strong>\u3002<\/li>\n\n\n\n<li>\u9009\u62e9 <strong>\u8fde\u63a5\u5230\u5de5\u4f5c\u533a<\/strong>\uff0c\u7136\u540e\u5355\u51fb <strong>\u4e0b\u4e00\u6b65<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u4f7f\u7528\u6211\u7684Internet\u8fde\u63a5 (VPN)<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>Internet\u5730\u5740<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u76ee\u6807\u540d\u79f0<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u5185\u5bb9\u3002<\/li>\n\n\n\n<li>\u9009\u4e2d <strong>\u73b0\u5728\u4e0d\u8fde\u63a5\uff1b\u4ec5\u8fdb\u884c\u8bbe\u7f6e\u4ee5\u4fbf\u7a0d\u540e\u8fde\u63a5<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u4e0b\u4e00\u6b65<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u7528\u6237\u540d<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u5bc6\u7801<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u5bc6\u7801<\/code>\u3002<\/li>\n\n\n\n<li>\u9009\u4e2d <strong>\u8bb0\u4f4f\u6b64\u5bc6\u7801<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u521b\u5efa<\/strong>\uff0c\u7136\u540e\u5355\u51fb <strong>\u5173\u95ed<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u8fd4\u56de <strong>\u7f51\u7edc\u548c\u5171\u4eab\u4e2d\u5fc3<\/strong>\u3002\u5355\u51fb\u5de6\u4fa7\u7684 <strong>\u66f4\u6539\u9002\u914d\u5668\u8bbe\u7f6e<\/strong>\u3002<\/li>\n\n\n\n<li>\u53f3\u952e\u5355\u51fb\u65b0\u521b\u5efa\u7684 VPN \u8fde\u63a5\uff0c\u5e76\u9009\u62e9 <strong>\u5c5e\u6027<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u9009\u9879<\/strong> \u9009\u9879\u5361\uff0c\u53d6\u6d88\u9009\u4e2d <strong>\u5305\u62ecWindows\u767b\u5f55\u57df<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u5b89\u5168<\/strong> \u9009\u9879\u5361\uff0c\u4ece <strong>VPN \u7c7b\u578b<\/strong> \u4e0b\u62c9\u83dc\u5355\u4e2d\u9009\u62e9 &#8220;\u4f7f\u7528 IPsec \u7684\u7b2c 2 \u5c42\u96a7\u9053\u534f\u8bae (L2TP\/IPSec)&#8221;\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u5141\u8bb8\u4f7f\u7528\u8fd9\u4e9b\u534f\u8bae<\/strong>\u3002\u9009\u4e2d &#8220;\u8d28\u8be2\u63e1\u624b\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae (CHAP)&#8221; \u548c &#8220;Microsoft CHAP \u7248\u672c 2 (MS-CHAP v2)&#8221; \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u9ad8\u7ea7\u8bbe\u7f6e<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u4f7f\u7528\u9884\u5171\u4eab\u5bc6\u94a5\u4f5c\u8eab\u4efd\u9a8c\u8bc1<\/strong> \u5e76\u5728 <strong>\u5bc6\u94a5<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u786e\u5b9a<\/strong> \u5173\u95ed <strong>\u9ad8\u7ea7\u8bbe\u7f6e<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u786e\u5b9a<\/strong> \u4fdd\u5b58 VPN \u8fde\u63a5\u7684\u8be6\u7ec6\u4fe1\u606f\u3002<\/li>\n<\/ol>\n\n\n\n<p><strong>\u6ce8\uff1a<\/strong> \u5728\u9996\u6b21\u8fde\u63a5\u4e4b\u524d\u9700\u8981<a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-\u9519\u8bef-809\">\u4fee\u6539\u4e00\u6b21\u6ce8\u518c\u8868<\/a>\uff0c\u4ee5\u89e3\u51b3 VPN \u670d\u52a1\u5668 \u548c\/\u6216 \u5ba2\u6237\u7aef\u4e0e NAT \uff08\u6bd4\u5982\u5bb6\u7528\u8def\u7531\u5668\uff09\u7684\u517c\u5bb9\u95ee\u9898\u3002<\/p>\n\n\n\n<p>\u8981\u8fde\u63a5\u5230 VPN\uff1a\u5355\u51fb\u7cfb\u7edf\u6258\u76d8\u4e2d\u7684\u65e0\u7ebf\/\u7f51\u7edc\u56fe\u6807\uff0c\u9009\u62e9\u65b0\u7684 VPN \u8fde\u63a5\uff0c\u7136\u540e\u5355\u51fb <strong>\u8fde\u63a5<\/strong>\u3002\u5982\u679c\u51fa\u73b0\u63d0\u793a\uff0c\u5728\u767b\u5f55\u7a97\u53e3\u4e2d\u8f93\u5165 <code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code> \u548c <code>\u5bc6\u7801<\/code> \uff0c\u5e76\u5355\u51fb <strong>\u786e\u5b9a<\/strong>\u3002\u6700\u540e\u4f60\u53ef\u4ee5\u5230 <a href=\"https:\/\/www.ipchicken.com\/\">\u8fd9\u91cc<\/a> \u68c0\u6d4b\u4f60\u7684 IP \u5730\u5740\uff0c\u5e94\u8be5\u663e\u793a\u4e3a<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u5728\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u53c2\u89c1 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">\u6545\u969c\u6392\u9664<\/a>\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">OS X<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a>\uff08\u63a8\u8350\uff09\u6216\u8005 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-xauth-zh.md\">IPsec\/XAuth<\/a> \u6a21\u5f0f\u8fde\u63a5\u3002<\/p>\n<\/blockquote>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u6253\u5f00\u7cfb\u7edf\u504f\u597d\u8bbe\u7f6e\u5e76\u8f6c\u5230\u7f51\u7edc\u90e8\u5206\u3002<\/li>\n\n\n\n<li>\u5728\u7a97\u53e3\u5de6\u4e0b\u89d2\u5355\u51fb <strong>+<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u4ece <strong>\u63a5\u53e3<\/strong> \u4e0b\u62c9\u83dc\u5355\u9009\u62e9 <strong>VPN<\/strong>\u3002<\/li>\n\n\n\n<li>\u4ece <strong>VPN\u7c7b\u578b<\/strong> \u4e0b\u62c9\u83dc\u5355\u9009\u62e9 <strong>IPSec \u4e0a\u7684 L2TP<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u670d\u52a1\u540d\u79f0<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u5185\u5bb9\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u521b\u5efa<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u670d\u52a1\u5668\u5730\u5740<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u5e10\u6237\u540d\u79f0<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u8ba4\u8bc1\u8bbe\u7f6e<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u7528\u6237\u8ba4\u8bc1<\/strong> \u90e8\u5206\uff0c\u9009\u62e9 <strong>\u5bc6\u7801<\/strong> \u5355\u9009\u6309\u94ae\uff0c\u7136\u540e\u8f93\u5165<code>\u4f60\u7684 VPN \u5bc6\u7801<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u673a\u5668\u8ba4\u8bc1<\/strong> \u90e8\u5206\uff0c\u9009\u62e9 <strong>\u5171\u4eab\u7684\u5bc6\u94a5<\/strong> \u5355\u9009\u6309\u94ae\uff0c\u7136\u540e\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u4fdd\u6301 <strong>\u7fa4\u7ec4\u540d\u79f0<\/strong> \u5b57\u6bb5\u7a7a\u767d\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u597d<\/strong>\u3002<\/li>\n\n\n\n<li>\u9009\u4e2d <strong>\u5728\u83dc\u5355\u680f\u4e2d\u663e\u793a VPN \u72b6\u6001<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li><strong>\uff08\u91cd\u8981\uff09<\/strong> \u5355\u51fb <strong>\u9ad8\u7ea7<\/strong> \u6309\u94ae\uff0c\u5e76\u9009\u4e2d <strong>\u901a\u8fc7VPN\u8fde\u63a5\u53d1\u9001\u6240\u6709\u901a\u4fe1<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li><strong>\uff08\u91cd\u8981\uff09<\/strong> \u5355\u51fb <strong>TCP\/IP<\/strong> \u9009\u9879\u5361\uff0c\u5e76\u5728 <strong>\u914d\u7f6eIPv6<\/strong> \u90e8\u5206\u4e2d\u9009\u62e9 <strong>\u4ec5\u672c\u5730\u94fe\u63a5<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u597d<\/strong> \u5173\u95ed\u9ad8\u7ea7\u8bbe\u7f6e\uff0c\u7136\u540e\u5355\u51fb <strong>\u5e94\u7528<\/strong> \u4fdd\u5b58VPN\u8fde\u63a5\u4fe1\u606f\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u8981\u8fde\u63a5\u5230 VPN\uff1a\u4f7f\u7528\u83dc\u5355\u680f\u4e2d\u7684\u56fe\u6807\uff0c\u6216\u8005\u6253\u5f00\u7cfb\u7edf\u504f\u597d\u8bbe\u7f6e\u7684\u7f51\u7edc\u90e8\u5206\uff0c\u9009\u62e9 VPN \u5e76\u5355\u51fb <strong>\u8fde\u63a5<\/strong>\u3002\u6700\u540e\u4f60\u53ef\u4ee5\u5230 <a href=\"https:\/\/www.ipchicken.com\/\">\u8fd9\u91cc<\/a> \u68c0\u6d4b\u4f60\u7684 IP \u5730\u5740\uff0c\u5e94\u8be5\u663e\u793a\u4e3a<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u5728\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u53c2\u89c1 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">\u6545\u969c\u6392\u9664<\/a>\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Android<\/h2>\n\n\n\n<p><strong>\u91cd\u8981\uff1a<\/strong> Android \u7528\u6237\u5e94\u8be5\u4f7f\u7528\u66f4\u5b89\u5168\u7684 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2 \u6a21\u5f0f<\/a> \u8fde\u63a5\uff08\u63a8\u8350\uff09\u3002Android 12+ \u4ec5\u652f\u6301 IKEv2 \u6a21\u5f0f\u3002Android \u7cfb\u7edf\u81ea\u5e26\u7684 VPN \u5ba2\u6237\u7aef\u5bf9 IPsec\/L2TP \u548c IPsec\/XAuth (&#8220;Cisco IPsec&#8221;) \u6a21\u5f0f\u4f7f\u7528\u5b89\u5168\u6027\u8f83\u4f4e\u7684 <code>modp1024<\/code> (DH group 2)\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u4f60\u4ecd\u7136\u60f3\u7528 IPsec\/L2TP \u6a21\u5f0f\u8fde\u63a5\uff0c\u4f60\u5fc5\u987b\u9996\u5148\u7f16\u8f91 VPN \u670d\u52a1\u5668\u4e0a\u7684 <code>\/etc\/ipsec.conf<\/code> \u5e76\u5728 <code>ike=...<\/code> \u4e00\u884c\u7684\u672b\u5c3e\u52a0\u4e0a <code>,aes256-sha2;modp1024,aes128-sha1;modp1024<\/code> \u5b57\u6837\u3002\u4fdd\u5b58\u6587\u4ef6\u5e76\u8fd0\u884c <code>sudo service ipsec restart<\/code>\u3002<\/p>\n\n\n\n<p>Docker \u7528\u6237\uff1a\u5728 <a href=\"https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server\/blob\/master\/README-zh.md#\u5982\u4f55\u4f7f\u7528\u672c\u955c\u50cf\">\u4f60\u7684 env \u6587\u4ef6<\/a> \u4e2d\u6dfb\u52a0 <code>VPN_ENABLE_MODP1024=yes<\/code>\uff0c\u7136\u540e\u91cd\u65b0\u521b\u5efa Docker \u5bb9\u5668\u3002<\/p>\n\n\n\n<p>\u7136\u540e\u5728\u4f60\u7684 Android \u8bbe\u5907\u4e0a\u8fdb\u884c\u4ee5\u4e0b\u6b65\u9aa4\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u542f\u52a8 <strong>\u8bbe\u7f6e<\/strong> \u5e94\u7528\u7a0b\u5e8f\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u7f51\u7edc\u548c\u4e92\u8054\u7f51<\/strong>\u3002\u6216\u8005\uff0c\u5982\u679c\u4f60\u4f7f\u7528 Android 7 \u6216\u66f4\u65e9\u7248\u672c\uff0c\u5728 <strong>\u65e0\u7ebf\u548c\u7f51\u7edc<\/strong> \u90e8\u5206\u5355\u51fb <strong>\u66f4\u591a\u2026<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>VPN<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u6dfb\u52a0VPN\u914d\u7f6e\u6587\u4ef6<\/strong> \u6216\u7a97\u53e3\u53f3\u4e0a\u89d2\u7684 <strong>+<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u540d\u79f0<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u5185\u5bb9\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u7c7b\u578b<\/strong> \u4e0b\u62c9\u83dc\u5355\u9009\u62e9 <strong>L2TP\/IPSec PSK<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u670d\u52a1\u5668\u5730\u5740<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/li>\n\n\n\n<li>\u4fdd\u6301 <strong>L2TP \u5bc6\u94a5<\/strong> \u5b57\u6bb5\u7a7a\u767d\u3002<\/li>\n\n\n\n<li>\u4fdd\u6301 <strong>IPSec \u6807\u8bc6\u7b26<\/strong> \u5b57\u6bb5\u7a7a\u767d\u3002<\/li>\n\n\n\n<li>\u5728 <strong>IPSec \u9884\u5171\u4eab\u5bc6\u94a5<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u4fdd\u5b58<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb\u65b0\u7684VPN\u8fde\u63a5\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u7528\u6237\u540d<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u5bc6\u7801<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u5bc6\u7801<\/code>\u3002<\/li>\n\n\n\n<li>\u9009\u4e2d <strong>\u4fdd\u5b58\u5e10\u6237\u4fe1\u606f<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u8fde\u63a5<\/strong>\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u8fde\u63a5\u6210\u529f\u540e\uff0c\u4f1a\u5728\u901a\u77e5\u680f\u663e\u793a\u56fe\u6807\u3002\u6700\u540e\u4f60\u53ef\u4ee5\u5230 <a href=\"https:\/\/www.ipchicken.com\/\">\u8fd9\u91cc<\/a> \u68c0\u6d4b\u4f60\u7684 IP \u5730\u5740\uff0c\u5e94\u8be5\u663e\u793a\u4e3a<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u5728\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u53c2\u89c1 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">\u6545\u969c\u6392\u9664<\/a>\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">iOS<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a>\uff08\u63a8\u8350\uff09\u6216\u8005 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-xauth-zh.md\">IPsec\/XAuth<\/a> \u6a21\u5f0f\u8fde\u63a5\u3002<\/p>\n<\/blockquote>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u8fdb\u5165\u8bbe\u7f6e -> \u901a\u7528 -> VPN\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u6dfb\u52a0VPN\u914d\u7f6e\u2026<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u7c7b\u578b<\/strong> \u3002\u9009\u62e9 <strong>L2TP<\/strong> \u5e76\u8fd4\u56de\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u63cf\u8ff0<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u5185\u5bb9\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u670d\u52a1\u5668<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u5e10\u6237<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u5bc6\u7801<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u5bc6\u7801<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u5bc6\u94a5<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u542f\u7528 <strong>\u53d1\u9001\u6240\u6709\u6d41\u91cf<\/strong> \u9009\u9879\u3002<\/li>\n\n\n\n<li>\u5355\u51fb\u53f3\u4e0a\u89d2\u7684 <strong>\u5b8c\u6210<\/strong>\u3002<\/li>\n\n\n\n<li>\u542f\u7528 <strong>VPN<\/strong> \u8fde\u63a5\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u8fde\u63a5\u6210\u529f\u540e\uff0c\u4f1a\u5728\u901a\u77e5\u680f\u663e\u793a\u56fe\u6807\u3002\u6700\u540e\u4f60\u53ef\u4ee5\u5230 <a href=\"https:\/\/www.ipchicken.com\/\">\u8fd9\u91cc<\/a> \u68c0\u6d4b\u4f60\u7684 IP \u5730\u5740\uff0c\u5e94\u8be5\u663e\u793a\u4e3a<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u5728\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u53c2\u89c1 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">\u6545\u969c\u6392\u9664<\/a>\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Chrome OS<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a> \u6a21\u5f0f\u8fde\u63a5\uff08\u63a8\u8350\uff09\u3002<\/p>\n<\/blockquote>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u8fdb\u5165\u8bbe\u7f6e -> \u7f51\u7edc\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u6dfb\u52a0\u8fde\u63a5<\/strong>\uff0c\u7136\u540e\u5355\u51fb <strong>\u6dfb\u52a0\u5185\u7f6e VPN<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u670d\u52a1\u540d\u79f0<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u5185\u5bb9\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u63d0\u4f9b\u5546\u7c7b\u578b<\/strong> \u4e0b\u62c9\u83dc\u5355\u9009\u62e9 <strong>L2TP\/IPsec<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u670d\u52a1\u5668\u4e3b\u673a\u540d<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u8eab\u4efd\u9a8c\u8bc1\u7c7b\u578b<\/strong> \u4e0b\u62c9\u83dc\u5355\u9009\u62e9 <strong>\u9884\u5171\u4eab\u5bc6\u94a5<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u7528\u6237\u540d<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u5bc6\u7801<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u5bc6\u7801<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>\u9884\u5171\u4eab\u5bc6\u94a5<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u4fdd\u6301\u5176\u4ed6\u5b57\u6bb5\u7a7a\u767d\u3002<\/li>\n\n\n\n<li>\u542f\u7528 <strong>\u4fdd\u5b58\u8eab\u4efd\u4fe1\u606f\u548c\u5bc6\u7801<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u8fde\u63a5<\/strong>\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u8fde\u63a5\u6210\u529f\u540e\uff0c\u7f51\u7edc\u72b6\u6001\u56fe\u6807\u4e0a\u4f1a\u51fa\u73b0 VPN \u6307\u793a\u3002\u4f60\u53ef\u4ee5\u5230 <a href=\"https:\/\/www.ipchicken.com\/\">\u8fd9\u91cc<\/a> \u68c0\u6d4b\u4f60\u7684 IP \u5730\u5740\uff0c\u5e94\u8be5\u663e\u793a\u4e3a<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u5728\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u53c2\u89c1 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">\u6545\u969c\u6392\u9664<\/a>\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Linux<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a> \u6a21\u5f0f\u8fde\u63a5\uff08\u63a8\u8350\uff09\u3002<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Ubuntu Linux<\/h3>\n\n\n\n<p>Ubuntu 18.04 \u548c\u66f4\u65b0\u7248\u672c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528 <code>apt<\/code> \u5b89\u88c5 <a href=\"https:\/\/packages.ubuntu.com\/search?keywords=network-manager-l2tp-gnome\">network-manager-l2tp-gnome<\/a> \u8f6f\u4ef6\u5305\uff0c\u7136\u540e\u901a\u8fc7 GUI \u914d\u7f6e IPsec\/L2TP VPN \u5ba2\u6237\u7aef\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u8fdb\u5165 Settings -> Network -> VPN\u3002\u5355\u51fb <strong>+<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u9009\u62e9 <strong>Layer 2 Tunneling Protocol (L2TP)<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>Name<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u5185\u5bb9\u3002<\/li>\n\n\n\n<li>\u5728 <strong>Gateway<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>User name<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code>\u3002<\/li>\n\n\n\n<li>\u53f3\u952e\u5355\u51fb <strong>Password<\/strong> \u5b57\u6bb5\u4e2d\u7684 <strong>?<\/strong>\uff0c\u9009\u62e9 <strong>Store the password only for this user<\/strong>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>Password<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN \u5bc6\u7801<\/code>\u3002<\/li>\n\n\n\n<li>\u4fdd\u6301 <strong>NT Domain<\/strong> \u5b57\u6bb5\u7a7a\u767d\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>IPsec Settings\u2026<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u9009\u4e2d <strong>Enable IPsec tunnel to L2TP host<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u4fdd\u6301 <strong>Gateway ID<\/strong> \u5b57\u6bb5\u7a7a\u767d\u3002<\/li>\n\n\n\n<li>\u5728 <strong>Pre-shared key<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u5c55\u5f00 <strong>Advanced<\/strong> \u90e8\u5206\u3002<\/li>\n\n\n\n<li>\u5728 <strong>Phase1 Algorithms<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165 <code>aes128-sha1-modp2048<\/code>\u3002<\/li>\n\n\n\n<li>\u5728 <strong>Phase2 Algorithms<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165 <code>aes128-sha1<\/code>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>OK<\/strong>\uff0c\u7136\u540e\u5355\u51fb <strong>Add<\/strong> \u4fdd\u5b58 VPN \u8fde\u63a5\u4fe1\u606f\u3002<\/li>\n\n\n\n<li>\u542f\u7528 <strong>VPN<\/strong> \u8fde\u63a5\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u5982\u679c\u5728\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u5c1d\u8bd5 <a href=\"https:\/\/github.com\/nm-l2tp\/NetworkManager-l2tp\/blob\/2926ea0239fe970ff08cb8a7863f8cb519ece032\/README.md#unable-to-establish-l2tp-connection-without-udp-source-port-1701\">\u8fd9\u4e2a\u89e3\u51b3\u65b9\u6848<\/a>\u3002<\/p>\n\n\n\n<p>\u8fde\u63a5\u6210\u529f\u540e\uff0c\u4f60\u53ef\u4ee5\u5230 <a href=\"https:\/\/www.ipchicken.com\/\">\u8fd9\u91cc<\/a> \u68c0\u6d4b\u4f60\u7684 IP \u5730\u5740\uff0c\u5e94\u8be5\u663e\u793a\u4e3a<code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Fedora \u548c CentOS<\/h3>\n\n\n\n<p>Fedora 28\uff08\u548c\u66f4\u65b0\u7248\u672c\uff09\u548c CentOS 8\/7 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-xauth-zh.md\">IPsec\/XAuth<\/a> \u6a21\u5f0f\u8fde\u63a5\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u5176\u5b83 Linux<\/h3>\n\n\n\n<p>\u9996\u5148\u770b <a href=\"https:\/\/github.com\/nm-l2tp\/NetworkManager-l2tp\/wiki\/Prebuilt-Packages\">\u8fd9\u91cc<\/a> \u4ee5\u786e\u8ba4 <code>network-manager-l2tp<\/code> \u548c <code>network-manager-l2tp-gnome<\/code> \u8f6f\u4ef6\u5305\u662f\u5426\u5728\u4f60\u7684 Linux \u7248\u672c\u4e0a\u53ef\u7528\u3002\u5982\u679c\u53ef\u7528\uff0c\u5b89\u88c5\u5b83\u4eec\uff08\u9009\u62e9\u4f7f\u7528 strongSwan\uff09\u5e76\u53c2\u89c1\u4e0a\u9762\u7684\u8bf4\u660e\u3002\u53e6\u5916\uff0c\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u884c\u914d\u7f6e Linux VPN \u5ba2\u6237\u7aef\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u4f7f\u7528\u547d\u4ee4\u884c\u914d\u7f6e Linux VPN \u5ba2\u6237\u7aef<\/h3>\n\n\n\n<p>\u9ad8\u7ea7\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u884c\u914d\u7f6e Linux VPN \u5ba2\u6237\u7aef\u3002\u53e6\u5916\uff0c\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a> \u6a21\u5f0f\u8fde\u63a5\uff08\u63a8\u8350\uff09\uff0c\u6216\u8005 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#linux\">\u4f7f\u7528\u56fe\u5f62\u754c\u9762\u914d\u7f6e<\/a>\u3002\u4ee5\u4e0b\u8bf4\u660e\u53d7\u5230 <a href=\"https:\/\/gist.github.com\/psanford\/42c550a1a6ad3cb70b13e4aaa94ddb1c\">Peter Sanford \u7684\u5de5\u4f5c<\/a> \u7684\u542f\u53d1\u3002\u8fd9\u4e9b\u547d\u4ee4\u5fc5\u987b\u5728\u4f60\u7684 VPN \u5ba2\u6237\u7aef\u4e0a\u4f7f\u7528 <code>root<\/code> \u8d26\u6237\u8fd0\u884c\u3002<\/p>\n\n\n\n<p>\u8981\u914d\u7f6e VPN \u5ba2\u6237\u7aef\uff0c\u9996\u5148\u5b89\u88c5\u4ee5\u4e0b\u8f6f\u4ef6\u5305\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ubuntu and Debian\napt-get update\napt-get install strongswan xl2tpd net-tools\n\n# Fedora\nyum install strongswan xl2tpd net-tools\n\n# CentOS\nyum install epel-release\nyum --enablerepo=epel install strongswan xl2tpd net-tools<\/code><\/pre>\n\n\n\n<p>\u521b\u5efa VPN \u53d8\u91cf\uff08\u66ff\u6362\u4e3a\u4f60\u81ea\u5df1\u7684\u503c\uff09\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>VPN_SERVER_IP='\u4f60\u7684VPN\u670d\u52a1\u5668IP'\nVPN_IPSEC_PSK='\u4f60\u7684IPsec\u9884\u5171\u4eab\u5bc6\u94a5'\nVPN_USER='\u4f60\u7684VPN\u7528\u6237\u540d'\nVPN_PASSWORD='\u4f60\u7684VPN\u5bc6\u7801'<\/code><\/pre>\n\n\n\n<p>\u914d\u7f6e strongSwan\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat &gt; \/etc\/ipsec.conf &lt;&lt;EOF\n# ipsec.conf - strongSwan IPsec configuration file\n\nconn myvpn\n  auto=add\n  keyexchange=ikev1\n  authby=secret\n  type=transport\n  left=%defaultroute\n  leftprotoport=17\/1701\n  rightprotoport=17\/1701\n  right=$VPN_SERVER_IP\n  ike=aes128-sha1-modp2048\n  esp=aes128-sha1\nEOF\n\ncat &gt; \/etc\/ipsec.secrets &lt;&lt;EOF\n: PSK \"$VPN_IPSEC_PSK\"\nEOF\n\nchmod 600 \/etc\/ipsec.secrets\n\n# For CentOS and Fedora ONLY\nmv \/etc\/strongswan\/ipsec.conf \/etc\/strongswan\/ipsec.conf.old 2&gt;\/dev\/null\nmv \/etc\/strongswan\/ipsec.secrets \/etc\/strongswan\/ipsec.secrets.old 2&gt;\/dev\/null\nln -s \/etc\/ipsec.conf \/etc\/strongswan\/ipsec.conf\nln -s \/etc\/ipsec.secrets \/etc\/strongswan\/ipsec.secrets<\/code><\/pre>\n\n\n\n<p>\u914d\u7f6e xl2tpd\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat &gt; \/etc\/xl2tpd\/xl2tpd.conf &lt;&lt;EOF<\/code><\/pre>\n\n\n<p>[lac myvpn]<\/p>\n\n\n\n<p>lns = $VPN_SERVER_IP ppp debug = yes pppoptfile = \/etc\/ppp\/options.l2tpd.client length bit = yes EOF cat &gt; \/etc\/ppp\/options.l2tpd.client &lt;&lt;EOF ipcp-accept-local ipcp-accept-remote refuse-eap require-chap noccp noauth mtu 1280 mru 1280 noipdefault defaultroute usepeerdns connect-delay 5000 name &#8220;$VPN_USER&#8221; password &#8220;$VPN_PASSWORD&#8221; EOF chmod 600 \/etc\/ppp\/options.l2tpd.client<\/p>\n\n\n\n<p>\u81f3\u6b64 VPN \u5ba2\u6237\u7aef\u914d\u7f6e\u5df2\u5b8c\u6210\u3002\u6309\u7167\u4e0b\u9762\u7684\u6b65\u9aa4\u8fdb\u884c\u8fde\u63a5\u3002<\/p>\n\n\n\n<p><strong>\u6ce8\uff1a<\/strong> \u5f53\u4f60\u6bcf\u6b21\u5c1d\u8bd5\u8fde\u63a5\u5230 VPN \u65f6\uff0c\u5fc5\u987b\u91cd\u590d\u4e0b\u9762\u7684\u6240\u6709\u6b65\u9aa4\u3002<\/p>\n\n\n\n<p>\u521b\u5efa xl2tpd \u63a7\u5236\u6587\u4ef6\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir -p \/var\/run\/xl2tpd\ntouch \/var\/run\/xl2tpd\/l2tp-control<\/code><\/pre>\n\n\n\n<p>\u91cd\u542f\u670d\u52a1\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>service strongswan restart\n\n# \u9002\u7528\u4e8e Ubuntu 20.04\uff0c\u5982\u679c strongswan \u670d\u52a1\u4e0d\u5b58\u5728\nipsec restart\n\nservice xl2tpd restart<\/code><\/pre>\n\n\n\n<p>\u5f00\u59cb IPsec \u8fde\u63a5\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ubuntu and Debian\nipsec up myvpn\n\n# CentOS and Fedora\nstrongswan up myvpn<\/code><\/pre>\n\n\n\n<p>\u5f00\u59cb L2TP \u8fde\u63a5\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"c myvpn\" &gt; \/var\/run\/xl2tpd\/l2tp-control<\/code><\/pre>\n\n\n\n<p>\u8fd0\u884c <code>ifconfig<\/code> \u5e76\u4e14\u68c0\u67e5\u8f93\u51fa\u3002\u73b0\u5728\u4f60\u5e94\u8be5\u770b\u5230\u4e00\u4e2a\u65b0\u7684\u7f51\u7edc\u63a5\u53e3 <code>ppp0<\/code>\u3002<\/p>\n\n\n\n<p>\u68c0\u67e5\u4f60\u73b0\u6709\u7684\u9ed8\u8ba4\u8def\u7531\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ip route<\/code><\/pre>\n\n\n\n<p>\u5728\u8f93\u51fa\u4e2d\u67e5\u627e\u4ee5\u4e0b\u884c\uff1a <code>default via X.X.X.X ...<\/code>\u3002\u8bb0\u4e0b\u8fd9\u4e2a\u7f51\u5173 IP\uff0c\u5e76\u4e14\u5728\u4e0b\u9762\u7684\u4e24\u4e2a\u547d\u4ee4\u4e2d\u4f7f\u7528\u3002<\/p>\n\n\n\n<p>\u4ece\u65b0\u7684\u9ed8\u8ba4\u8def\u7531\u4e2d\u6392\u9664\u4f60\u7684 VPN \u670d\u52a1\u5668\u7684\u516c\u6709 IP\uff08\u66ff\u6362\u4e3a\u4f60\u81ea\u5df1\u7684\u503c\uff09\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>route add \u4f60\u7684VPN\u670d\u52a1\u5668\u7684\u516c\u6709IP gw X.X.X.X<\/code><\/pre>\n\n\n\n<p>\u5982\u679c\u4f60\u7684 VPN \u5ba2\u6237\u7aef\u662f\u4e00\u4e2a\u8fdc\u7a0b\u670d\u52a1\u5668\uff0c\u5219\u5fc5\u987b\u4ece\u65b0\u7684\u9ed8\u8ba4\u8def\u7531\u4e2d\u6392\u9664\u4f60\u7684\u672c\u5730\u7535\u8111\u7684\u516c\u6709 IP\uff0c\u4ee5\u907f\u514d SSH \u4f1a\u8bdd\u88ab\u65ad\u5f00 \uff08\u66ff\u6362\u4e3a<a href=\"https:\/\/www.ipchicken.com\/\">\u5b9e\u9645\u503c<\/a>\uff09\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>route add \u4f60\u7684\u672c\u5730\u7535\u8111\u7684\u516c\u6709IP gw X.X.X.X<\/code><\/pre>\n\n\n\n<p>\u6dfb\u52a0\u4e00\u4e2a\u65b0\u7684\u9ed8\u8ba4\u8def\u7531\uff0c\u5e76\u4e14\u5f00\u59cb\u901a\u8fc7 VPN \u670d\u52a1\u5668\u53d1\u9001\u6570\u636e\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>route add default dev ppp0<\/code><\/pre>\n\n\n\n<p>\u81f3\u6b64 VPN \u8fde\u63a5\u5df2\u6210\u529f\u5b8c\u6210\u3002\u68c0\u67e5 VPN \u662f\u5426\u6b63\u5e38\u5de5\u4f5c\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -qO- http:\/\/ipv4.icanhazip.com; echo<\/code><\/pre>\n\n\n\n<p>\u4ee5\u4e0a\u547d\u4ee4\u5e94\u8be5\u8fd4\u56de <code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\u3002<\/p>\n\n\n\n<p>\u8981\u505c\u6b62\u901a\u8fc7 VPN \u670d\u52a1\u5668\u53d1\u9001\u6570\u636e\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>route del default dev ppp0<\/code><\/pre>\n\n\n\n<p>\u8981\u65ad\u5f00\u8fde\u63a5\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ubuntu and Debian\necho \"d myvpn\" &gt; \/var\/run\/xl2tpd\/l2tp-control\nipsec down myvpn\n\n# CentOS and Fedora\necho \"d myvpn\" &gt; \/var\/run\/xl2tpd\/l2tp-control\nstrongswan down myvpn<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">IKEv1 \u6545\u969c\u6392\u9664<\/h2>\n\n\n\n<p><em>\u5176\u4ed6\u8bed\u8a00\u7248\u672c: <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients.md#ikev1-troubleshooting\">English<\/a>, <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ikev1-\u6545\u969c\u6392\u9664\">\u4e2d\u6587<\/a>\u3002<\/em><\/p>\n\n\n\n<p><strong>\u53e6\u89c1\uff1a<\/strong> <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md#ikev2-\u6545\u969c\u6392\u9664\">IKEv2 \u6545\u969c\u6392\u9664<\/a> \u548c <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/advanced-usage-zh.md\">\u9ad8\u7ea7\u7528\u6cd5<\/a>\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#\u68c0\u67e5\u65e5\u5fd7\u53ca-vpn-\u72b6\u6001\">\u68c0\u67e5\u65e5\u5fd7\u53ca VPN \u72b6\u6001<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-\u9519\u8bef-809\">Windows \u9519\u8bef 809<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-\u9519\u8bef-789-\u6216-691\">Windows \u9519\u8bef 789 \u6216 691<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-\u9519\u8bef-628-\u6216-766\">Windows \u9519\u8bef 628 \u6216 766<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-10-\u6b63\u5728\u8fde\u63a5\">Windows 10 \u6b63\u5728\u8fde\u63a5<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-10-\u5347\u7ea7\">Windows 10 \u5347\u7ea7<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-dns-\u6cc4\u6f0f\u548c-ipv6\">Windows DNS \u6cc4\u6f0f\u548c IPv6<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#android-mtumss-\u95ee\u9898\">Android MTU\/MSS \u95ee\u9898<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#android-6-\u548c-7\">Android 6 \u548c 7<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#macos-\u901a\u8fc7-vpn-\u53d1\u9001\u901a\u4fe1\">macOS \u901a\u8fc7 VPN \u53d1\u9001\u901a\u4fe1<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#ios-13-\u548c-macos-101511\">iOS 13+ \u548c macOS 10.15\/11+<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#iosandroid-\u7761\u7720\u6a21\u5f0f\">iOS\/Android \u7761\u7720\u6a21\u5f0f<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#debian-1110-\u5185\u6838\">Debian 11\/10 \u5185\u6838<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#\u5176\u5b83\u9519\u8bef\">\u5176\u5b83\u9519\u8bef<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u68c0\u67e5\u65e5\u5fd7\u53ca VPN \u72b6\u6001<\/h3>\n\n\n\n<p>\u4ee5\u4e0b\u547d\u4ee4\u9700\u8981\u4f7f\u7528 <code>root<\/code> \u8d26\u6237\uff08\u6216\u8005 <code>sudo<\/code>\uff09\u8fd0\u884c\u3002<\/p>\n\n\n\n<p>\u9996\u5148\uff0c\u91cd\u542f VPN \u670d\u52a1\u5668\u4e0a\u7684\u76f8\u5173\u670d\u52a1\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>service ipsec restart\nservice xl2tpd restart<\/code><\/pre>\n\n\n\n<p><strong>Docker \u7528\u6237\uff1a<\/strong> \u8fd0\u884c <code>docker restart ipsec-vpn-server<\/code>\u3002<\/p>\n\n\n\n<p>\u7136\u540e\u91cd\u542f\u4f60\u7684 VPN \u5ba2\u6237\u7aef\u8bbe\u5907\uff0c\u5e76\u91cd\u8bd5\u8fde\u63a5\u3002\u5982\u679c\u4ecd\u7136\u65e0\u6cd5\u8fde\u63a5\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u5220\u9664\u5e76\u91cd\u65b0\u521b\u5efa VPN \u8fde\u63a5\u3002\u8bf7\u786e\u4fdd\u8f93\u5165\u4e86\u6b63\u786e\u7684 VPN \u670d\u52a1\u5668\u5730\u5740\u548c VPN \u767b\u5f55\u51ed\u8bc1\u3002<\/p>\n\n\n\n<p>\u5bf9\u4e8e\u6709\u5916\u90e8\u9632\u706b\u5899\u7684\u670d\u52a1\u5668\uff08\u6bd4\u5982 <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/ec2-security-groups.html\">EC2<\/a>\/<a href=\"https:\/\/cloud.google.com\/vpc\/docs\/firewalls\">GCE<\/a>\uff09\uff0c\u8bf7\u4e3a VPN \u6253\u5f00 UDP \u7aef\u53e3 500 \u548c 4500\u3002<\/p>\n\n\n\n<p>\u68c0\u67e5 Libreswan (IPsec) \u548c xl2tpd \u65e5\u5fd7\u662f\u5426\u6709\u9519\u8bef\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ubuntu &amp; Debian\ngrep pluto \/var\/log\/auth.log\ngrep xl2tpd \/var\/log\/syslog\n\n# CentOS\/RHEL, Rocky Linux, AlmaLinux, Oracle Linux &amp; Amazon Linux 2\ngrep pluto \/var\/log\/secure\ngrep xl2tpd \/var\/log\/messages\n\n# Alpine Linux\ngrep pluto \/var\/log\/messages\ngrep xl2tpd \/var\/log\/messages<\/code><\/pre>\n\n\n\n<p>\u68c0\u67e5 IPsec VPN \u670d\u52a1\u5668\u72b6\u6001\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ipsec status<\/code><\/pre>\n\n\n\n<p>\u67e5\u770b\u5f53\u524d\u5df2\u5efa\u7acb\u7684 VPN \u8fde\u63a5\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ipsec trafficstatus<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Windows \u9519\u8bef 809<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u9519\u8bef 809\uff1a\u65e0\u6cd5\u5efa\u7acb\u8ba1\u7b97\u673a\u4e0e VPN \u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u8fde\u63a5\uff0c\u56e0\u4e3a\u8fdc\u7a0b\u670d\u52a1\u5668\u672a\u54cd\u5e94\u3002\u8fd9\u53ef\u80fd\u662f\u56e0\u4e3a\u672a\u5c06\u8ba1\u7b97\u673a\u4e0e\u8fdc\u7a0b\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u67d0\u79cd\u7f51\u7edc\u8bbe\u5907(\u5982\u9632\u706b\u5899\u3001NAT\u3001\u8def\u7531\u5668\u7b49)\u914d\u7f6e\u4e3a\u5141\u8bb8 VPN \u8fde\u63a5\u3002\u8bf7\u4e0e\u7ba1\u7406\u5458\u6216\u670d\u52a1\u63d0\u4f9b\u5546\u8054\u7cfb\u4ee5\u786e\u5b9a\u54ea\u79cd\u8bbe\u5907\u53ef\u80fd\u4ea7\u751f\u6b64\u95ee\u9898\u3002<\/p>\n<\/blockquote>\n\n\n\n<p><strong>\u6ce8\uff1a<\/strong> \u4ec5\u5f53\u4f60\u4f7f\u7528 IPsec\/L2TP \u6a21\u5f0f\u8fde\u63a5\u5230 VPN \u65f6\uff0c\u624d\u9700\u8981\u8fdb\u884c\u4e0b\u9762\u7684\u6ce8\u518c\u8868\u66f4\u6539\u3002\u5bf9\u4e8e <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a> \u548c <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-xauth-zh.md\">IPsec\/XAuth<\/a> \u6a21\u5f0f\uff0c<strong>\u4e0d\u9700\u8981<\/strong> \u8fdb\u884c\u6b64\u66f4\u6539\u3002<\/p>\n\n\n\n<p>\u8981\u89e3\u51b3\u6b64\u9519\u8bef\uff0c\u5728\u9996\u6b21\u8fde\u63a5\u4e4b\u524d\u9700\u8981<a href=\"https:\/\/documentation.meraki.com\/MX-Z\/Client_VPN\/Troubleshooting_Client_VPN#Windows_Error_809\">\u4fee\u6539\u4e00\u6b21\u6ce8\u518c\u8868<\/a>\uff0c\u4ee5\u89e3\u51b3 VPN \u670d\u52a1\u5668 \u548c\/\u6216 \u5ba2\u6237\u7aef\u4e0e NAT \uff08\u6bd4\u5982\u5bb6\u7528\u8def\u7531\u5668\uff09\u7684\u517c\u5bb9\u95ee\u9898\u3002\u8bf7\u4e0b\u8f7d\u5e76\u5bfc\u5165\u4e0b\u9762\u7684 <code>.reg<\/code> \u6587\u4ef6\uff0c\u6216\u8005\u6253\u5f00 <a href=\"http:\/\/www.cnblogs.com\/xxcanghai\/p\/4610054.html\">\u63d0\u5347\u6743\u9650\u547d\u4ee4\u63d0\u793a\u7b26<\/a> \u5e76\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002<strong>\u5b8c\u6210\u540e\u5fc5\u987b\u91cd\u542f\u8ba1\u7b97\u673a\u3002<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u9002\u7528\u4e8e Windows Vista, 7, 8, 10 \u548c 11 (<a href=\"https:\/\/github.com\/hwdsl2\/vpn-extras\/releases\/download\/v1.0.0\/Fix_VPN_Error_809_Windows_Vista_7_8_10_Reboot_Required.reg\">\u4e0b\u8f7d .reg \u6587\u4ef6<\/a>)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>  REG ADD HKLM\\SYSTEM\\CurrentControlSet\\Services\\PolicyAgent \/v AssumeUDPEncapsulationContextOnSendRule \/t REG_DWORD \/d 0x2 \/f<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4ec5\u9002\u7528\u4e8e Windows XP (<a href=\"https:\/\/github.com\/hwdsl2\/vpn-extras\/releases\/download\/v1.0.0\/Fix_VPN_Error_809_Windows_XP_ONLY_Reboot_Required.reg\">\u4e0b\u8f7d .reg \u6587\u4ef6<\/a>)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>  REG ADD HKLM\\SYSTEM\\CurrentControlSet\\Services\\IPSec \/v AssumeUDPEncapsulationContextOnSendRule \/t REG_DWORD \/d 0x2 \/f<\/code><\/pre>\n\n\n\n<p>\u53e6\u5916\uff0c\u67d0\u4e9b\u4e2a\u522b\u7684 Windows \u7cfb\u7edf\u914d\u7f6e\u7981\u7528\u4e86 IPsec \u52a0\u5bc6\uff0c\u6b64\u65f6\u4e5f\u4f1a\u5bfc\u81f4\u8fde\u63a5\u5931\u8d25\u3002\u8981\u91cd\u65b0\u542f\u7528\u5b83\uff0c\u53ef\u4ee5\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5e76\u91cd\u542f\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u9002\u7528\u4e8e Windows XP, Vista, 7, 8, 10 \u548c 11 (<a href=\"https:\/\/github.com\/hwdsl2\/vpn-extras\/releases\/download\/v1.0.0\/Fix_VPN_Error_809_Allow_IPsec_Reboot_Required.reg\">\u4e0b\u8f7d .reg \u6587\u4ef6<\/a>)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>  REG ADD HKLM\\SYSTEM\\CurrentControlSet\\Services\\RasMan\\Parameters \/v ProhibitIpSec \/t REG_DWORD \/d 0x0 \/f<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Windows \u9519\u8bef 789 \u6216 691<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u9519\u8bef 789\uff1aL2TP \u8fde\u63a5\u5c1d\u8bd5\u5931\u8d25\uff0c\u56e0\u4e3a\u5b89\u5168\u5c42\u5728\u521d\u59cb\u5316\u4e0e\u8fdc\u7a0b\u8ba1\u7b97\u673a\u7684\u534f\u5546\u65f6\u9047\u5230\u4e00\u4e2a\u5904\u7406\u9519\u8bef\u3002<\/p>\n\n\n\n<p>\u9519\u8bef 691\uff1a\u7531\u4e8e\u6307\u5b9a\u7684\u7528\u6237\u540d\u548c\/\u6216\u5bc6\u7801\u65e0\u6548\u800c\u62d2\u7edd\u8fde\u63a5\u3002\u4e0b\u5217\u6761\u4ef6\u53ef\u80fd\u4f1a\u5bfc\u81f4\u6b64\u60c5\u51b5\uff1a\u7528\u6237\u540d\u548c\/\u6216\u5bc6\u7801\u952e\u5165\u9519\u8bef\u2026<\/p>\n<\/blockquote>\n\n\n\n<p>\u5bf9\u4e8e\u9519\u8bef 789\uff0c\u70b9\u51fb <a href=\"https:\/\/documentation.meraki.com\/MX\/Client_VPN\/Troubleshooting_Client_VPN#Windows_Error_789\">\u8fd9\u91cc<\/a> \u67e5\u770b\u6545\u969c\u6392\u9664\u4fe1\u606f\u3002\u5bf9\u4e8e\u9519\u8bef 691\uff0c\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u5220\u9664\u5e76\u91cd\u65b0\u521b\u5efa VPN \u8fde\u63a5\uff0c\u6309\u7167\u672c\u6587\u6863\u4e2d\u7684\u6b65\u9aa4\u64cd\u4f5c\u3002\u8bf7\u786e\u4fdd\u8f93\u5165\u4e86\u6b63\u786e\u7684 VPN \u767b\u5f55\u51ed\u8bc1\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Windows \u9519\u8bef 628 \u6216 766<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u9519\u8bef 628\uff1a\u5728\u8fde\u63a5\u5b8c\u6210\u524d\uff0c\u8fde\u63a5\u88ab\u8fdc\u7a0b\u8ba1\u7b97\u673a\u7ec8\u6b62\u3002<\/p>\n\n\n\n<p>\u9519\u8bef 766\uff1a\u627e\u4e0d\u5230\u8bc1\u4e66\u3002\u4f7f\u7528\u901a\u8fc7 IPSec \u7684 L2TP \u534f\u8bae\u7684\u8fde\u63a5\u8981\u6c42\u5b89\u88c5\u4e00\u4e2a\u673a\u5668\u8bc1\u4e66\u3002\u5b83\u4e5f\u53eb\u505a\u8ba1\u7b97\u673a\u8bc1\u4e66\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>\u8981\u89e3\u51b3\u8fd9\u4e9b\u9519\u8bef\uff0c\u8bf7\u6309\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u53f3\u952e\u5355\u51fb\u7cfb\u7edf\u6258\u76d8\u4e2d\u7684\u65e0\u7ebf\/\u7f51\u7edc\u56fe\u6807\u3002<\/li>\n\n\n\n<li>\u9009\u62e9 <strong>\u6253\u5f00\u7f51\u7edc\u548c\u5171\u4eab\u4e2d\u5fc3<\/strong>\u3002\u6216\u8005\uff0c\u5982\u679c\u4f60\u4f7f\u7528 Windows 10 \u7248\u672c 1709 \u6216\u4ee5\u4e0a\uff0c\u9009\u62e9 <strong>\u6253\u5f00&#8221;\u7f51\u7edc\u548c Internet&#8221;\u8bbe\u7f6e<\/strong>\uff0c\u7136\u540e\u5728\u6253\u5f00\u7684\u9875\u9762\u4e2d\u5355\u51fb <strong>\u7f51\u7edc\u548c\u5171\u4eab\u4e2d\u5fc3<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb\u5de6\u4fa7\u7684 <strong>\u66f4\u6539\u9002\u914d\u5668\u8bbe\u7f6e<\/strong>\u3002\u53f3\u952e\u5355\u51fb\u65b0\u7684 VPN \u8fde\u63a5\uff0c\u5e76\u9009\u62e9 <strong>\u5c5e\u6027<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u5b89\u5168<\/strong> \u9009\u9879\u5361\uff0c\u4ece <strong>VPN \u7c7b\u578b<\/strong> \u4e0b\u62c9\u83dc\u5355\u4e2d\u9009\u62e9 &#8220;\u4f7f\u7528 IPsec \u7684\u7b2c 2 \u5c42\u96a7\u9053\u534f\u8bae (L2TP\/IPSec)&#8221;\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u5141\u8bb8\u4f7f\u7528\u8fd9\u4e9b\u534f\u8bae<\/strong>\u3002\u9009\u4e2d &#8220;\u8d28\u8be2\u63e1\u624b\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae (CHAP)&#8221; \u548c &#8220;Microsoft CHAP \u7248\u672c 2 (MS-CHAP v2)&#8221; \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u9ad8\u7ea7\u8bbe\u7f6e<\/strong> \u6309\u94ae\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u4f7f\u7528\u9884\u5171\u4eab\u5bc6\u94a5\u4f5c\u8eab\u4efd\u9a8c\u8bc1<\/strong> \u5e76\u5728 <strong>\u5bc6\u94a5<\/strong> \u5b57\u6bb5\u4e2d\u8f93\u5165<code>\u4f60\u7684 VPN IPsec PSK<\/code>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u786e\u5b9a<\/strong> \u5173\u95ed <strong>\u9ad8\u7ea7\u8bbe\u7f6e<\/strong>\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>\u786e\u5b9a<\/strong> \u4fdd\u5b58 VPN \u8fde\u63a5\u7684\u8be6\u7ec6\u4fe1\u606f\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u8bf7\u53c2\u89c1 VPN \u8fde\u63a5\u5c5e\u6027\u5bf9\u8bdd\u6846\u7684<a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/images\/vpn-properties-zh.png\">\u5c4f\u5e55\u622a\u56fe<\/a>\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Windows 10 \u6b63\u5728\u8fde\u63a5<\/h3>\n\n\n\n<p>\u5982\u679c\u4f60\u4f7f\u7528 Windows 10 \u5e76\u4e14 VPN \u5361\u5728 &#8220;\u6b63\u5728\u8fde\u63a5&#8221; \u72b6\u6001\u8d85\u8fc7\u51e0\u5206\u949f\uff0c\u5c1d\u8bd5\u4ee5\u4e0b\u6b65\u9aa4\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u53f3\u952e\u5355\u51fb\u7cfb\u7edf\u6258\u76d8\u4e2d\u7684\u65e0\u7ebf\/\u7f51\u7edc\u56fe\u6807\u3002<\/li>\n\n\n\n<li>\u9009\u62e9 <strong>\u6253\u5f00&#8221;\u7f51\u7edc\u548c Internet&#8221;\u8bbe\u7f6e<\/strong>\uff0c\u7136\u540e\u5728\u6253\u5f00\u7684\u9875\u9762\u4e2d\u5355\u51fb\u5de6\u4fa7\u7684 <strong>VPN<\/strong>\u3002<\/li>\n\n\n\n<li>\u9009\u62e9\u65b0\u7684 VPN \u8fde\u63a5\uff0c\u7136\u540e\u5355\u51fb <strong>\u8fde\u63a5<\/strong>\u3002\u5982\u679c\u51fa\u73b0\u63d0\u793a\uff0c\u5728\u767b\u5f55\u7a97\u53e3\u4e2d\u8f93\u5165 <code>\u4f60\u7684 VPN \u7528\u6237\u540d<\/code> \u548c <code>\u5bc6\u7801<\/code> \uff0c\u5e76\u5355\u51fb <strong>\u786e\u5b9a<\/strong>\u3002<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Windows 10 \u5347\u7ea7<\/h3>\n\n\n\n<p>\u5728\u5347\u7ea7 Windows 10 \u7248\u672c\u4e4b\u540e \uff08\u6bd4\u5982\u4ece 1709 \u5230 1803\uff09\uff0c\u4f60\u53ef\u80fd\u9700\u8981\u91cd\u65b0\u6309\u7167\u4e0a\u9762\u7684 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#windows-\u9519\u8bef-809\">Windows \u9519\u8bef 809<\/a> \u4e2d\u7684\u6b65\u9aa4\u4fee\u6539\u6ce8\u518c\u8868\u5e76\u91cd\u542f\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Windows DNS \u6cc4\u6f0f\u548c IPv6<\/h3>\n\n\n\n<p>Windows 8, 10 \u548c 11 \u9ed8\u8ba4\u4f7f\u7528 &#8220;smart multi-homed name resolution&#8221; \uff08\u667a\u80fd\u591a\u5bbf\u4e3b\u540d\u79f0\u89e3\u6790\uff09\u3002\u5982\u679c\u4f60\u7684\u56e0\u7279\u7f51\u9002\u914d\u5668\u7684 DNS \u670d\u52a1\u5668\u5728\u672c\u5730\u7f51\u6bb5\u4e0a\uff0c\u5728\u4f7f\u7528 Windows \u81ea\u5e26\u7684 IPsec VPN \u5ba2\u6237\u7aef\u65f6\u53ef\u80fd\u4f1a\u5bfc\u81f4 &#8220;DNS \u6cc4\u6f0f&#8221;\u3002\u8981\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5 <a href=\"https:\/\/www.neowin.net\/news\/guide-prevent-dns-leakage-while-using-a-vpn-on-windows-10-and-windows-8\/\">\u7981\u7528\u667a\u80fd\u591a\u5bbf\u4e3b\u540d\u79f0\u89e3\u6790<\/a>\uff0c\u6216\u8005\u914d\u7f6e\u4f60\u7684\u56e0\u7279\u7f51\u9002\u914d\u5668\u4ee5\u4f7f\u7528\u5728\u4f60\u7684\u672c\u5730\u7f51\u6bb5\u4e4b\u5916\u7684 DNS \u670d\u52a1\u5668\uff08\u6bd4\u5982 8.8.8.8 \u548c 8.8.4.4\uff09\u3002\u5728\u5b8c\u6210\u540e<a href=\"https:\/\/support.opendns.com\/hc\/en-us\/articles\/227988627-How-to-clear-the-DNS-Cache-\">\u6e05\u9664 DNS \u7f13\u5b58<\/a>\u5e76\u4e14\u91cd\u542f\u8ba1\u7b97\u673a\u3002<\/p>\n\n\n\n<p>\u53e6\u5916\uff0c\u5982\u679c\u4f60\u7684\u8ba1\u7b97\u673a\u542f\u7528\u4e86 IPv6\uff0c\u6240\u6709\u7684 IPv6 \u6d41\u91cf\uff08\u5305\u62ec DNS \u8bf7\u6c42\uff09\u90fd\u5c06\u7ed5\u8fc7 VPN\u3002\u8981\u5728 Windows \u4e0a\u7981\u7528 IPv6\uff0c\u8bf7\u770b<a href=\"https:\/\/support.microsoft.com\/zh-cn\/help\/929852\/guidance-for-configuring-ipv6-in-windows-for-advanced-users\">\u8fd9\u91cc<\/a>\u3002\u5982\u679c\u4f60\u9700\u8981\u652f\u6301 IPv6 \u7684 VPN\uff0c\u53ef\u4ee5\u53e6\u5916\u5c1d\u8bd5 <a href=\"https:\/\/github.com\/hwdsl2\/openvpn-install\/blob\/master\/README-zh.md\">OpenVPN<\/a>\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Android MTU\/MSS \u95ee\u9898<\/h3>\n\n\n\n<p>\u67d0\u4e9b Android \u8bbe\u5907\u6709 MTU\/MSS \u95ee\u9898\uff0c\u8868\u73b0\u4e3a\u4f7f\u7528 IPsec\/XAuth (&#8220;Cisco IPsec&#8221;) \u6a21\u5f0f\u53ef\u4ee5\u8fde\u63a5\u5230 VPN \u4f46\u662f\u65e0\u6cd5\u6253\u5f00\u7f51\u7ad9\u3002\u5982\u679c\u4f60\u9047\u5230\u8be5\u95ee\u9898\uff0c\u5c1d\u8bd5\u5728 VPN \u670d\u52a1\u5668\u4e0a\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002\u5982\u679c\u6210\u529f\u89e3\u51b3\uff0c\u4f60\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u547d\u4ee4\u6dfb\u52a0\u5230 <code>\/etc\/rc.local<\/code> \u4ee5\u4f7f\u5b83\u4eec\u91cd\u542f\u540e\u7ee7\u7eed\u6709\u6548\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -t mangle -A FORWARD -m policy --pol ipsec --dir in \\\n  -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 \\\n  -j TCPMSS --set-mss 1360\niptables -t mangle -A FORWARD -m policy --pol ipsec --dir out \\\n  -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 \\\n  -j TCPMSS --set-mss 1360\n\necho 1 &gt; \/proc\/sys\/net\/ipv4\/ip_no_pmtu_disc<\/code><\/pre>\n\n\n\n<p><strong>Docker \u7528\u6237\uff1a<\/strong> \u8981\u4fee\u590d\u8fd9\u4e2a\u95ee\u9898\uff0c\u4e0d\u9700\u8981\u8fd0\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u4f60\u53ef\u4ee5\u5728<a href=\"https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server\/blob\/master\/README-zh.md#\u5982\u4f55\u4f7f\u7528\u672c\u955c\u50cf\">\u4f60\u7684 env \u6587\u4ef6<\/a>\u4e2d\u6dfb\u52a0 <code>VPN_ANDROID_MTU_FIX=yes<\/code>\uff0c\u7136\u540e\u91cd\u65b0\u521b\u5efa Docker \u5bb9\u5668\u3002<\/p>\n\n\n\n<p>\u53c2\u8003\u94fe\u63a5\uff1a[<a href=\"https:\/\/www.zeitgeist.se\/2013\/11\/26\/mtu-woes-in-ipsec-tunnels-how-to-fix\/\">1]<\/a>\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Android 6 \u548c 7<\/h3>\n\n\n\n<p>\u5982\u679c\u4f60\u7684 Android 6.x \u6216\u8005 7.x \u8bbe\u5907\u65e0\u6cd5\u8fde\u63a5\uff0c\u8bf7\u5c1d\u8bd5\u4ee5\u4e0b\u6b65\u9aa4\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u5355\u51fb VPN \u8fde\u63a5\u65c1\u8fb9\u7684\u8bbe\u7f6e\u6309\u94ae\uff0c\u9009\u62e9 &#8220;Show advanced options&#8221; \u5e76\u4e14\u6eda\u52a8\u5230\u5e95\u90e8\u3002\u5982\u679c\u9009\u9879 &#8220;Backward compatible mode&#8221; \u5b58\u5728\uff08\u53c2\u89c1<a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/images\/vpn-profile-Android.png\">\u5c4f\u5e55\u622a\u56fe<\/a>\uff09\uff0c\u8bf7\u542f\u7528\u5b83\u5e76\u91cd\u8bd5\u8fde\u63a5\u3002\u5982\u679c\u4e0d\u5b58\u5728\uff0c\u8bf7\u5c1d\u8bd5\u4e0b\u4e00\u6b65\u3002<\/li>\n\n\n\n<li>\u7f16\u8f91 VPN \u670d\u52a1\u5668\u4e0a\u7684 <code>\/etc\/ipsec.conf<\/code>\u3002\u627e\u5230 <code>sha2-truncbug<\/code> \u4e00\u884c\u5e76\u5207\u6362\u5b83\u7684\u503c\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c\u5c06 <code>sha2-truncbug=no<\/code> \u66ff\u6362\u4e3a <code>sha2-truncbug=yes<\/code>\uff0c\u6216\u8005\u5c06 <code>sha2-truncbug=yes<\/code> \u66ff\u6362\u4e3a <code>sha2-truncbug=no<\/code>\u3002\u4fdd\u5b58\u4fee\u6539\u5e76\u8fd0\u884c <code>service ipsec restart<\/code>\u3002\u7136\u540e\u91cd\u65b0\u8fde\u63a5 VPN\u3002<\/li>\n<\/ol>\n\n\n\n<p><strong>Docker \u7528\u6237\uff1a<\/strong> \u5982\u9700\u5728 <code>\/etc\/ipsec.conf<\/code> \u4e2d\u8bbe\u7f6e <code>sha2-truncbug=yes<\/code>\uff08\u9ed8\u8ba4\u4e3a <code>no<\/code>\uff09\uff0c\u4f60\u53ef\u4ee5\u5728<a href=\"https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server\/blob\/master\/README-zh.md#\u5982\u4f55\u4f7f\u7528\u672c\u955c\u50cf\">\u4f60\u7684 env \u6587\u4ef6<\/a>\u4e2d\u6dfb\u52a0 <code>VPN_SHA2_TRUNCBUG=yes<\/code>\uff0c\u7136\u540e\u91cd\u65b0\u521b\u5efa Docker \u5bb9\u5668\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">macOS \u901a\u8fc7 VPN \u53d1\u9001\u901a\u4fe1<\/h3>\n\n\n\n<p>OS X (macOS) \u7528\u6237\uff1a \u5982\u679c\u53ef\u4ee5\u6210\u529f\u5730\u4f7f\u7528 IPsec\/L2TP \u6a21\u5f0f\u8fde\u63a5\uff0c\u4f46\u662f\u4f60\u7684\u516c\u6709 IP \u6ca1\u6709\u663e\u793a\u4e3a <code>\u4f60\u7684 VPN \u670d\u52a1\u5668 IP<\/code>\uff0c\u8bf7\u9605\u8bfb\u4e0a\u9762\u7684 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-zh.md#os-x\">OS X<\/a> \u90e8\u5206\u5e76\u5b8c\u6210\u4ee5\u4e0b\u6b65\u9aa4\u3002\u4fdd\u5b58 VPN \u914d\u7f6e\u7136\u540e\u91cd\u65b0\u8fde\u63a5\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u5355\u51fb <strong>\u9ad8\u7ea7<\/strong> \u6309\u94ae\uff0c\u5e76\u9009\u4e2d <strong>\u901a\u8fc7VPN\u8fde\u63a5\u53d1\u9001\u6240\u6709\u901a\u4fe1<\/strong> \u590d\u9009\u6846\u3002<\/li>\n\n\n\n<li>\u5355\u51fb <strong>TCP\/IP<\/strong> \u9009\u9879\u5361\uff0c\u5e76\u5728 <strong>\u914d\u7f6eIPv6<\/strong> \u90e8\u5206\u4e2d\u9009\u62e9 <strong>\u4ec5\u672c\u5730\u94fe\u63a5<\/strong>\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u5982\u679c\u5728\u5c1d\u8bd5\u4e0a\u9762\u6b65\u9aa4\u4e4b\u540e\uff0c\u4f60\u7684\u8ba1\u7b97\u673a\u4ecd\u7136\u4e0d\u80fd\u901a\u8fc7 VPN \u8fde\u63a5\u53d1\u9001\u901a\u4fe1\uff0c\u68c0\u67e5\u4e00\u4e0b\u670d\u52a1\u987a\u5e8f\u3002\u8fdb\u5165\u7cfb\u7edf\u504f\u597d\u8bbe\u7f6e\u4e2d\u7684\u7f51\u7edc\u90e8\u5206\uff0c\u5355\u51fb\u5de6\u4fa7\u8fde\u63a5\u5217\u8868\u4e0b\u65b9\u7684\u9f7f\u8f6e\u6309\u94ae\uff0c\u9009\u62e9 &#8220;\u8bbe\u5b9a\u670d\u52a1\u987a\u5e8f&#8221;\u3002\u7136\u540e\u5c06 VPN \u8fde\u63a5\u62d6\u52a8\u5230\u9876\u7aef\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">iOS 13+ \u548c macOS 10.15\/11+<\/h3>\n\n\n\n<p>\u5982\u679c\u4f60\u7684\u8bbe\u5907\u8fd0\u884c iOS 13+, macOS 10.15 (Catalina), macOS 11 (Big Sur) \u6216\u4ee5\u4e0a\u7248\u672c\uff0c\u5e76\u4e14\u65e0\u6cd5\u8fde\u63a5\u5230 VPN\uff0c\u8bf7\u5c1d\u8bd5\u4ee5\u4e0b\u6b65\u9aa4\uff1a\u7f16\u8f91 VPN \u670d\u52a1\u5668\u4e0a\u7684 <code>\/etc\/ipsec.conf<\/code>\u3002\u627e\u5230 <code>sha2-truncbug=yes<\/code> \u5e76\u5c06\u5b83\u66ff\u6362\u4e3a <code>sha2-truncbug=no<\/code>\u3002\u4fdd\u5b58\u4fee\u6539\u5e76\u8fd0\u884c <code>service ipsec restart<\/code>\u3002\u7136\u540e\u91cd\u65b0\u8fde\u63a5 VPN\u3002<\/p>\n\n\n\n<p>\u53e6\u5916\uff0cmacOS Big Sur 11.0 \u7528\u6237\u5e94\u8be5\u66f4\u65b0\u5230\u7248\u672c 11.1 \u6216\u4ee5\u4e0a\uff0c\u4ee5\u4fee\u590d VPN \u8fde\u63a5\u7684\u67d0\u4e9b\u95ee\u9898\u3002\u8981\u68c0\u67e5 macOS \u7248\u672c\u5e76\u5b89\u88c5\u66f4\u65b0\uff0c\u8bf7\u770b<a href=\"https:\/\/www.businessinsider.com\/how-to-check-mac-os-version\">\u8fd9\u91cc<\/a>\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">iOS\/Android \u7761\u7720\u6a21\u5f0f<\/h3>\n\n\n\n<p>\u4e3a\u4e86\u8282\u7ea6\u7535\u6c60\uff0ciOS \u8bbe\u5907 (iPhone\/iPad) \u5728\u5c4f\u5e55\u53d8\u9ed1\uff08\u7761\u7720\u6a21\u5f0f\uff09\u4e4b\u540e\u4e0d\u4e45\u5c31\u4f1a\u81ea\u52a8\u65ad\u5f00 Wi-Fi \u8fde\u63a5\u3002\u8fd9\u4f1a\u5bfc\u81f4 IPsec VPN \u65ad\u5f00\u3002\u8be5\u884c\u4e3a\u662f\u88ab <a href=\"https:\/\/discussions.apple.com\/thread\/2333948\">\u6545\u610f\u8bbe\u8ba1\u7684<\/a> \u5e76\u4e14\u4e0d\u80fd\u88ab\u914d\u7f6e\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u9700\u8981 VPN \u5728\u8bbe\u5907\u5524\u9192\u540e\u81ea\u52a8\u91cd\u8fde\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a> \u6a21\u5f0f\u8fde\u63a5\uff08\u63a8\u8350\uff09\u5e76\u542f\u7528 &#8220;VPN On Demand&#8221; \u529f\u80fd\u3002\u6216\u8005\u4f60\u4e5f\u53ef\u4ee5\u53e6\u5916\u5c1d\u8bd5\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/openvpn-install\/blob\/master\/README-zh.md\">OpenVPN<\/a>\uff0c\u5b83\u652f\u6301 <a href=\"https:\/\/openvpn.net\/vpn-server-resources\/faq-regarding-openvpn-connect-ios\/\">\u4e00\u4e9b\u9009\u9879<\/a> \u6bd4\u5982 &#8220;Reconnect on Wakeup&#8221; \u548c &#8220;Seamless Tunnel&#8221;\u3002<\/p>\n\n\n\n<p>Android \u8bbe\u5907\u5728\u8fdb\u5165\u7761\u7720\u6a21\u5f0f\u4e0d\u4e45\u540e\u4e5f\u4f1a\u65ad\u5f00 Wi-Fi \u8fde\u63a5\uff0c\u5982\u679c\u4f60\u6ca1\u6709\u542f\u7528\u9009\u9879 &#8220;\u7761\u7720\u671f\u95f4\u4fdd\u6301 WLAN \u5f00\u542f&#8221; \u7684\u8bdd\u3002\u8be5\u9009\u9879\u5728 Android 8 (Oreo) \u548c\u66f4\u65b0\u7248\u672c\u4e2d\u4e0d\u518d\u53ef\u7528\u3002\u53e6\u5916\uff0c\u4f60\u4e5f\u53ef\u4ee5\u5c1d\u8bd5\u6253\u5f00 &#8220;\u59cb\u7ec8\u5f00\u542f VPN&#8221; \u9009\u9879\u4ee5\u4fdd\u6301\u8fde\u63a5\u3002\u8be6\u60c5\u8bf7\u770b <a href=\"https:\/\/support.google.com\/android\/answer\/9089766?hl=zh-Hans\">\u8fd9\u91cc<\/a>\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Debian 11\/10 \u5185\u6838<\/h3>\n\n\n\n<p>Debian 11 \u6216\u8005 10 \u7528\u6237\uff1a\u8fd0\u884c <code>uname -r<\/code> \u68c0\u67e5\u4f60\u7684\u670d\u52a1\u5668\u7684 Linux \u5185\u6838\u7248\u672c\u3002\u5982\u679c\u5b83\u5305\u542b <code>cloud<\/code> \u5b57\u6837\uff0c\u5e76\u4e14 <code>\/dev\/ppp<\/code> \u4e0d\u5b58\u5728\uff0c\u5219\u8be5\u5185\u6838\u7f3a\u5c11 <code>ppp<\/code> \u652f\u6301\u4ece\u800c\u4e0d\u80fd\u4f7f\u7528 IPsec\/L2TP \u6a21\u5f0f\u3002VPN \u5b89\u88c5\u811a\u672c\u4f1a\u5c1d\u8bd5\u68c0\u6d4b\u6b64\u60c5\u5f62\u5e76\u663e\u793a\u8b66\u544a\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u4f60\u53ef\u4ee5\u53e6\u5916\u4f7f\u7528 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\">IKEv2<\/a> \u6216\u8005 <a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/clients-xauth-zh.md\">IPsec\/XAuth<\/a> \u6a21\u5f0f\u8fde\u63a5\u5230 VPN\u3002<\/p>\n\n\n\n<p>\u8981\u89e3\u51b3 IPsec\/L2TP \u6a21\u5f0f\u7684\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u6362\u7528\u6807\u51c6\u7684 Linux \u5185\u6838\uff0c\u901a\u8fc7\u5b89\u88c5\u6bd4\u5982 <code>linux-image-amd64<\/code> \u8f6f\u4ef6\u5305\u6765\u5b9e\u73b0\u3002\u7136\u540e\u66f4\u65b0 GRUB \u7684\u5185\u6838\u9ed8\u8ba4\u503c\u5e76\u91cd\u542f\u670d\u52a1\u5668\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u5176\u5b83\u9519\u8bef<\/h3>\n\n\n\n<p>\u5982\u679c\u4f60\u9047\u5230\u5176\u5b83\u9519\u8bef\uff0c\u8bf7\u53c2\u89c1\u4ee5\u4e0b\u94fe\u63a5\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>http:\/\/www.tp-link.com\/en\/faq-1029.html<\/li>\n\n\n\n<li>https:\/\/documentation.meraki.com\/MX-Z\/Client_VPN\/Troubleshooting_Client_VPN#Common_Connection_Issues<\/li>\n\n\n\n<li>https:\/\/stackoverflow.com\/questions\/25245854\/windows-8-1-gets-error-720-on-connect-vpn<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u57fa\u7840\u73af\u5883 \u7cfb\u7edf\u7248\u672c ip\u5730\u5740 \u4e00\u952e\u5b89\u88c5 \u83b7\u53d6\u811a\u672c \u5728\u7ebf\u811a\u672c \u79bb\u7ebf\u811a\u672c port = 1701 ip range [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[31],"class_list":["post-131","post","type-post","status-publish","format-standard","hentry","category-linux","tag-31"],"_links":{"self":[{"href":"https:\/\/zhoujibin.com\/index.php?rest_route=\/wp\/v2\/posts\/131"}],"collection":[{"href":"https:\/\/zhoujibin.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zhoujibin.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zhoujibin.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zhoujibin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=131"}],"version-history":[{"count":1,"href":"https:\/\/zhoujibin.com\/index.php?rest_route=\/wp\/v2\/posts\/131\/revisions"}],"predecessor-version":[{"id":132,"href":"https:\/\/zhoujibin.com\/index.php?rest_route=\/wp\/v2\/posts\/131\/revisions\/132"}],"wp:attachment":[{"href":"https:\/\/zhoujibin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zhoujibin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zhoujibin.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}