使用开源VPN搭建个人虚拟专用网络

开源 0

1、引言

        想必大多数人都遇见过这个问题:在下载某些项目依赖,或者某些编程相关的工具时网速极慢,只有可怜的几十k的网速,甚至有时候只有几k,当时真有一种把电脑砸了的冲动。而造成这个问题的主要原因就是这些站点的服务器在国外,我们访问时自然要受到限制,那有没有解决办法呢?当然有,今天我就教你使用开源应用实现虚拟专用网络,突破访问限制,以后妈妈再也不用担心我网络限速了。

2、开源应用选择

        开源VPN很多,但是比较著名的就那么几个,比如大多数人熟知的Open VPN,但是我并不推荐使用它,因为这个应用不同版本配置都有差别,网上也充斥着很多相关的使用教程,但怎一个混乱了得,几乎都是东拼西凑,而且操作极其复杂,说实话,我也没搭建成功过,因此我选择了它——ipsec-vpn,关于这个VPN的使用可谓是简单到了极点,完全是傻瓜式安装,接下来,我就带你去安装配置这个VPN。

3、服务器配置

        首先你需要准备一台linux服务器,Ubuntu、Debian 或 CentOS都行,但必须是服务器,本地虚拟机中无法安装成功,而且有个问题,这个应用和服务器防火墙冲突,一旦安装,服务器防火墙就会被强行关闭,傻瓜式安装就有这个问题,除非是自定义配置,安装方法也很简单,直接复制下方代码块中的命令,在服务器root用户下执行,然后遇见y/n选择就输入y回车就行,其它都不用管,很快就安装好。

wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh

4、客户端搭建

        只要使用上方命令配置好服务器端后,就会自动生成一套相关的配置文件,然后使用宝塔面板或者WinSCP等下载工具将其下载到本地就能配置使用,这一套配置文件代表一个连接入口,如果需要添加或删除也可以自行操作,配置文件在root目录下,如下图所示:

4.1、Windows客户端配置

        Windows 8、10、11配置使用本方式,其它版本不支持,把.p12后缀结尾的文件保存到本地,单独放在一个文件夹里,然后生成一个纯文本文件,更改名字为:ikev2_config_import.cmd,记住一定要把整个名字修改,包括后缀都要保持一致,然后用文本编辑器打开文件,复制下面的shell脚本命令到该文件中保存退出,将其放在.p12结尾的文件的相同文件夹下。然后右键单击保存的脚本,选择 属性。单击对话框下方的 解除锁定,然后单击 确定,当然不需要解除锁定的就不用管。接着选中cmd脚本文件,右键管理员模式运行,然后按照提示输入.p12文件的文件名,不输入后缀,如果出错再输入后缀,输入服务器ip地址,并为连接取个名字,完成后退出,就会在电脑网络那里多出一个选项,点击就能连接VPN,再点击就断开。

@echo off:: IKEv2 Configuration Import Helper Script for Windows 8, 10 and 11:: Copyright (C) 2022 Lin Song <linsongui@gmail.com>:: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0:: Unported License: http://creativecommons.org/licenses/by-sa/3.0/:: Attribution required: please include my name in any derivative and let me:: know how you have improved it!setlocal DisableDelayedExpansionset "SPath=%SystemRoot%/System32"if exist "%SystemRoot%/Sysnative/reg.exe" (set "SPath=%SystemRoot%/Sysnative")set "Path=%SPath%;%SystemRoot%;%SPath%/Wbem;%SPath%/WindowsPowerShell/v1.0/"set "_err====== ERROR ====="set "_work=%~dp0"if "%_work:~-1%"=="/" set "_work=%_work:~0,-1%"for /f "tokens=4-5 delims=. " %%i in ('ver') do set version=%%i.%%jif "%version%" == "10.0" goto :Check_Adminif "%version%" == "6.3" goto :Check_Adminif "%version%" == "6.2" goto :Check_Admingoto :E_Win:Check_Adminreg query HKU/S-1-5-19 >nul 2>&1 || goto :E_Adminwhere certutil >nul 2>&1if %errorlevel% neq 0 goto :E_Cuwhere powershell >nul 2>&1if %errorlevel% neq 0 goto :E_Pstitle IKEv2 Configuration Import Helper Scriptsetlocal EnableDelayedExpansioncd /d "!_work!"@clsecho ===================================================================echo Welcome^^! Use this helper script to import an IKEv2 configurationecho into a PC running Windows 8, 10 or 11.echo For more details, see https://vpnsetup.net/ikev2echo.echo Before continuing, you must put the .p12 file you transferred fromecho the VPN server in the *same folder* as this script.echo ===================================================================set client_name_gen=for /F "eol=| delims=" %%f in ('dir "*.p12" /A-D /B /O-D /TW 2^>nul') do (  set "p12_latest=%%f"  set "client_name_gen=!p12_latest:.p12=!"  goto :Enter_Client_Name):Enter_Client_Nameecho.echo Enter the name of the IKEv2 VPN client to import.echo Note: This is the same as the .p12 filename without extension.set client_name=set p12_file=if defined client_name_gen (  echo To accept the suggested client name, press Enter.  set /p client_name="VPN client name: [%client_name_gen%] "  if not defined client_name set "client_name=%client_name_gen%") else (  set /p client_name="VPN client name: "  if not defined client_name goto :Abort)set "client_name=%client_name:"=%"set "client_name=%client_name: =%"set "p12_file=%_work%/%client_name%.p12"if not exist "!p12_file!" (  echo.  echo ERROR: File "!p12_file!" not found.  echo You must put the .p12 file you transferred from the VPN server  echo in the *same folder* as this script.  goto :Enter_Client_Name)echo.echo Enter the IP address (or DNS name) of the VPN server.echo Note: This must exactly match the VPN server address in the outputecho of the IKEv2 helper script on your server.set server_addr=set /p server_addr="VPN server address: "if not defined server_addr goto :Abortset "server_addr=%server_addr:"=%"set "server_addr=%server_addr: =%"set "conn_name_gen=IKEv2 VPN %server_addr%"powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1if !errorlevel! neq 0 (  goto :Enter_Conn_Name)set "conn_name_gen=IKEv2 VPN 2 %server_addr%"powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1if !errorlevel! neq 0 (  goto :Enter_Conn_Name)set "conn_name_gen=IKEv2 VPN 3 %server_addr%"powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1if !errorlevel! equ 0 (  set conn_name_gen=):Enter_Conn_Nameecho.echo Provide a name for the new IKEv2 connection.set conn_name=if defined conn_name_gen (  echo To accept the suggested connection name, press Enter.  set /p conn_name="IKEv2 connection name: [%conn_name_gen%] "  if not defined conn_name set "conn_name=%conn_name_gen%") else (  set /p conn_name="IKEv2 connection name: "  if not defined conn_name goto :Abort)set "conn_name=%conn_name:"=%"powershell -command "Get-VpnConnection -Name '%conn_name%'" >nul 2>&1if !errorlevel! equ 0 (  echo.  echo ERROR: A connection with this name already exists.  goto :Enter_Conn_Name)echo.echo Importing .p12 file...certutil -f -p "" -importpfx "%p12_file%" NoExport >nul 2>&1if !errorlevel! equ 0 goto :Create_Connecho When prompted, enter the password for client config files, which can be foundecho in the output of the IKEv2 helper script on your server.:Import_P12certutil -f -importpfx "%p12_file%" NoExportif !errorlevel! neq 0 goto :Import_P12:Create_Connecho.echo Creating VPN connection...powershell -command "Add-VpnConnection -ServerAddress '%server_addr%' -Name '%conn_name%' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"if !errorlevel! neq 0 (  echo ERROR: Could not create the IKEv2 VPN connection.  goto :Done)echo Setting IPsec configuration...powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName '%conn_name%' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"if !errorlevel! neq 0 (  echo ERROR: Could not set IPsec configuration for the IKEv2 VPN connection.  goto :Done)echo IKEv2 configuration successfully imported^^!echo To connect to the VPN, click on the wireless/network icon in your system tray,echo select the "%conn_name%" VPN entry, and click Connect.goto :Done:E_Adminecho %_err%echo This script requires administrator privileges.echo Right-click on the script and select 'Run as administrator'.goto :Done:E_Winecho %_err%echo This script requires Windows 8, 10 or 11.echo Windows 7 users can manually import IKEv2 configuration. See https://vpnsetup.net/ikev2goto :Done:E_Cuecho %_err%echo This script requires 'certutil', which is not detected.goto :Done:E_Psecho %_err%echo This script requires 'powershell', which is not detected.goto :Done:Abortecho.echo Abort. No changes were made.:Doneecho.echo Press any key to exit.pause >nulgoto :eof

4.2、安卓客户端配置

        将.sswan结尾的文件保存到本地,然后前往下方代码块中的下载地址下载安卓开源客户端最新版本,打开应用后,单击右上角的三个点,单机导入VPN配置,在文件夹中找到.sswan结尾的文件,选中,然后点击从VPN配置中导入证书,按照提示操作,在VPN选项中一定要选择VPN,操作完就会返回界面,你就会发现界面中多了一个连接节点,点击就能连接,初次使用会有权限使用,都要同意。

https://download.strongswan.org/Android/

4.3、其它操作系统客户端配置

        关于使用苹果或linux等其它操作系统的客户端配置我就不一一列出了,如果需要,请访问下方网址获取我的联系方式联系我,备注网络我就知道了。

http://code.drjtrtj.xyz/

也许您对下面的内容还感兴趣: