1、引言

        想必大多数人都遇见过这个问题：在下载某些项目依赖，或者某些编程相关的工具时网速极慢，只有可怜的几十k的网速，甚至有时候只有几k,当时真有一种把电脑砸了的冲动。而造成这个问题的主要原因就是这些站点的服务器在国外，我们访问时自然要受到限制，那有没有解决办法呢？当然有，今天我就教你使用开源应用实现虚拟专用网络，突破访问限制，以后妈妈再也不用担心我网络限速了。

2、开源应用选择

        开源VPN很多，但是比较著名的就那么几个，比如大多数人熟知的Open VPN,但是我并不推荐使用它，因为这个应用不同版本配置都有差别，网上也充斥着很多相关的使用教程，但怎一个混乱了得，几乎都是东拼西凑，而且操作极其复杂，说实话，我也没搭建成功过，因此我选择了它——ipsec-vpn，关于这个VPN的使用可谓是简单到了极点，完全是傻瓜式安装，接下来，我就带你去安装配置这个VPN。

3、服务器配置

        首先你需要准备一台linux服务器，Ubuntu、Debian 或 CentOS都行，但必须是服务器，本地虚拟机中无法安装成功，而且有个问题，这个应用和服务器防火墙冲突，一旦安装，服务器防火墙就会被强行关闭，傻瓜式安装就有这个问题，除非是自定义配置，安装方法也很简单，直接复制下方代码块中的命令，在服务器root用户下执行，然后遇见y/n选择就输入y回车就行，其它都不用管，很快就安装好。

wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh

4、客户端搭建

        只要使用上方命令配置好服务器端后，就会自动生成一套相关的配置文件，然后使用宝塔面板或者WinSCP等下载工具将其下载到本地就能配置使用，这一套配置文件代表一个连接入口，如果需要添加或删除也可以自行操作，配置文件在root目录下，如下图所示：

4.1、Windows客户端配置

        Windows 8、10、11配置使用本方式，其它版本不支持，把.p12后缀结尾的文件保存到本地，单独放在一个文件夹里，然后生成一个纯文本文件，更改名字为：ikev2_config_import.cmd，记住一定要把整个名字修改，包括后缀都要保持一致，然后用文本编辑器打开文件，复制下面的shell脚本命令到该文件中保存退出，将其放在.p12结尾的文件的相同文件夹下。然后右键单击保存的脚本，选择 属性。单击对话框下方的 解除锁定，然后单击 确定，当然不需要解除锁定的就不用管。接着选中cmd脚本文件，右键管理员模式运行，然后按照提示输入.p12文件的文件名，不输入后缀，如果出错再输入后缀，输入服务器ip地址，并为连接取个名字，完成后退出，就会在电脑网络那里多出一个选项，点击就能连接VPN，再点击就断开。

@echo off:: IKEv2 Configuration Import Helper Script for Windows 8, 10 and 11:: Copyright (C) 2022 Lin Song <linsongui@gmail.com>:: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0:: Unported License: http://creativecommons.org/licenses/by-sa/3.0/:: Attribution required: please include my name in any derivative and let me:: know how you have improved it!setlocal DisableDelayedExpansionset "SPath=%SystemRoot%/System32"if exist "%SystemRoot%/Sysnative/reg.exe" (set "SPath=%SystemRoot%/Sysnative")set "Path=%SPath%;%SystemRoot%;%SPath%/Wbem;%SPath%/WindowsPowerShell/v1.0/"set "_err====== ERROR ====="set "_work=%~dp0"if "%_work:~-1%"=="/" set "_work=%_work:~0,-1%"for /f "tokens=4-5 delims=. " %%i in ('ver') do set version=%%i.%%jif "%version%" == "10.0" goto :Check_Adminif "%version%" == "6.3" goto :Check_Adminif "%version%" == "6.2" goto :Check_Admingoto :E_Win:Check_Adminreg query HKU/S-1-5-19 >nul 2>&1 || goto :E_Adminwhere certutil >nul 2>&1if %errorlevel% neq 0 goto :E_Cuwhere powershell >nul 2>&1if %errorlevel% neq 0 goto :E_Pstitle IKEv2 Configuration Import Helper Scriptsetlocal EnableDelayedExpansioncd /d "!_work!"@clsecho ===================================================================echo Welcome^^! Use this helper script to import an IKEv2 configurationecho into a PC running Windows 8, 10 or 11.echo For more details, see https://vpnsetup.net/ikev2echo.echo Before continuing, you must put the .p12 file you transferred fromecho the VPN server in the *same folder* as this script.echo ===================================================================set client_name_gen=for /F "eol=| delims=" %%f in ('dir "*.p12" /A-D /B /O-D /TW 2^>nul') do (  set "p12_latest=%%f"  set "client_name_gen=!p12_latest:.p12=!"  goto :Enter_Client_Name):Enter_Client_Nameecho.echo Enter the name of the IKEv2 VPN client to import.echo Note: This is the same as the .p12 filename without extension.set client_name=set p12_file=if defined client_name_gen (  echo To accept the suggested client name, press Enter.  set /p client_name="VPN client name: [%client_name_gen%] "  if not defined client_name set "client_name=%client_name_gen%") else (  set /p client_name="VPN client name: "  if not defined client_name goto :Abort)set "client_name=%client_name:"=%"set "client_name=%client_name: =%"set "p12_file=%_work%/%client_name%.p12"if not exist "!p12_file!" (  echo.  echo ERROR: File "!p12_file!" not found.  echo You must put the .p12 file you transferred from the VPN server  echo in the *same folder* as this script.  goto :Enter_Client_Name)echo.echo Enter the IP address (or DNS name) of the VPN server.echo Note: This must exactly match the VPN server address in the outputecho of the IKEv2 helper script on your server.set server_addr=set /p server_addr="VPN server address: "if not defined server_addr goto :Abortset "server_addr=%server_addr:"=%"set "server_addr=%server_addr: =%"set "conn_name_gen=IKEv2 VPN %server_addr%"powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1if !errorlevel! neq 0 (  goto :Enter_Conn_Name)set "conn_name_gen=IKEv2 VPN 2 %server_addr%"powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1if !errorlevel! neq 0 (  goto :Enter_Conn_Name)set "conn_name_gen=IKEv2 VPN 3 %server_addr%"powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1if !errorlevel! equ 0 (  set conn_name_gen=):Enter_Conn_Nameecho.echo Provide a name for the new IKEv2 connection.set conn_name=if defined conn_name_gen (  echo To accept the suggested connection name, press Enter.  set /p conn_name="IKEv2 connection name: [%conn_name_gen%] "  if not defined conn_name set "conn_name=%conn_name_gen%") else (  set /p conn_name="IKEv2 connection name: "  if not defined conn_name goto :Abort)set "conn_name=%conn_name:"=%"powershell -command "Get-VpnConnection -Name '%conn_name%'" >nul 2>&1if !errorlevel! equ 0 (  echo.  echo ERROR: A connection with this name already exists.  goto :Enter_Conn_Name)echo.echo Importing .p12 file...certutil -f -p "" -importpfx "%p12_file%" NoExport >nul 2>&1if !errorlevel! equ 0 goto :Create_Connecho When prompted, enter the password for client config files, which can be foundecho in the output of the IKEv2 helper script on your server.:Import_P12certutil -f -importpfx "%p12_file%" NoExportif !errorlevel! neq 0 goto :Import_P12:Create_Connecho.echo Creating VPN connection...powershell -command "Add-VpnConnection -ServerAddress '%server_addr%' -Name '%conn_name%' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"if !errorlevel! neq 0 (  echo ERROR: Could not create the IKEv2 VPN connection.  goto :Done)echo Setting IPsec configuration...powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName '%conn_name%' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"if !errorlevel! neq 0 (  echo ERROR: Could not set IPsec configuration for the IKEv2 VPN connection.  goto :Done)echo IKEv2 configuration successfully imported^^!echo To connect to the VPN, click on the wireless/network icon in your system tray,echo select the "%conn_name%" VPN entry, and click Connect.goto :Done:E_Adminecho %_err%echo This script requires administrator privileges.echo Right-click on the script and select 'Run as administrator'.goto :Done:E_Winecho %_err%echo This script requires Windows 8, 10 or 11.echo Windows 7 users can manually import IKEv2 configuration. See https://vpnsetup.net/ikev2goto :Done:E_Cuecho %_err%echo This script requires 'certutil', which is not detected.goto :Done:E_Psecho %_err%echo This script requires 'powershell', which is not detected.goto :Done:Abortecho.echo Abort. No changes were made.:Doneecho.echo Press any key to exit.pause >nulgoto :eof

4.2、安卓客户端配置

        将.sswan结尾的文件保存到本地，然后前往下方代码块中的下载地址下载安卓开源客户端最新版本，打开应用后，单击右上角的三个点，单机导入VPN配置，在文件夹中找到.sswan结尾的文件，选中，然后点击从VPN配置中导入证书，按照提示操作，在VPN选项中一定要选择VPN，操作完就会返回界面，你就会发现界面中多了一个连接节点，点击就能连接，初次使用会有权限使用，都要同意。

https://download.strongswan.org/Android/

4.3、其它操作系统客户端配置

        关于使用苹果或linux等其它操作系统的客户端配置我就不一一列出了，如果需要，请访问下方网址获取我的联系方式联系我，备注网络我就知道了。

http://code.drjtrtj.xyz/