{"id":2167,"date":"2023-03-29T09:37:32","date_gmt":"2023-03-29T01:37:32","guid":{"rendered":"https:\/\/blog.kingsbestone.com\/?p=2167"},"modified":"2023-12-05T15:31:44","modified_gmt":"2023-12-05T07:31:44","slug":"centos7%e9%83%a8%e7%bd%b2ikev2-ipsec-vpn-server","status":"publish","type":"post","link":"https:\/\/blog.kingsbestone.com\/?p=2167","title":{"rendered":"Centos7\u90e8\u7f72IKEv2\/IPSec VPN Server"},"content":{"rendered":"<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u4e3b\u6d41\u7684\u6807\u51c6VPN\u534f\u8bae\u6709\uff1a<\/span><\/p>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">PPTP<\/span><\/li>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">L2TP\/IPSec<\/span><\/li>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">IPsec\/XAuth (&#8220;Cisco IPsec&#8221;) (&#8220;IKEv1&#8221;)<\/span><\/li>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">IKEv2\/IPSec<\/span><\/li>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">WireGuard<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u4ece\u4e0a\u5230\u4e0b\u534f\u8bae\u9010\u6e10\u5148\u8fdb\uff0cPPTP\u6700\u8001\u65e7\uff0cWireGuard\u6700\u65b0\u3002\u672c\u6559\u7a0b\u4e3b\u8981\u7814\u7a76\u7684\u5bf9\u8c61\u662fIKEv2\/IPSec VPN\uff0c\u7531\u4e8e\u5b83\u7684\u5ba2\u6237\u7aef\u65e9\u5c31\u88ab\u96c6\u6210\u8fdb\u5927\u591a\u6570\u64cd\u4f5c\u7cfb\u7edf\u5f53\u4e2d\u4e86\uff0c\u6240\u4ee5\u65e0\u9700\u518d\u53bb\u627e\u5ba2\u6237\u7aef\u4e0b\u8f7d\u5b89\u88c5\u4f7f\u7528\uff0c\u4fbf\u5229\u6027\u62c9\u6ee1\uff0c\u540c\u65f6\u4e5f\u662f\u8f83\u5148\u8fdb\u534f\u8bae\uff0c\u6240\u4ee5\u9009\u62e9IKEv2\/IPSec.<\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u672c\u6559\u7a0b\u4f7f\u7528Github\u5f00\u6e90\u9879\u76ee\u6784\u5efa\uff1a<a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn<\/a><\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u672c\u6559\u7a0b\u4f7f\u7528\u811a\u672c\u81ea\u52a8\u642d\u5efa\uff0c\u624b\u52a8\u592a\u8fc7\u4e8e\u9ebb\u70e6\uff0c\u5f97\u4e0d\u507f\u5931\uff0c\u5403\u529b\u4e0d\u8ba8\u597d\u3002<\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u9605\u8bfb\u672c\u6559\u7a0b\u65f6\uff0c\u9700\u8981\u81ea\u884c\u4fee\u6539\u5fc5\u8981\u53c2\u6570\uff01<\/span><\/p>\n<hr \/>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">1.\u51c6\u5907\u90e8\u7f72\u73af\u5883<\/span><\/p>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">\u7cfb\u7edf\uff1acentos7.9-2009<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">2.\u5b89\u88c5\u5fc5\u5907\u8f6f\u4ef6<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">yum update -y<\/pre>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">yum install -y bash-completion wget<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">Tip\uff1a\u6267\u884c\u5b8c\u6bd5\u540e\u9700\u8981\u65ad\u5f00SSH\u8fde\u63a5\u91cd\u65b0\u767b\u5f55<\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">3.\u642d\u5efaIKEv2\/IPSec<\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">3-1.\u81ea\u52a8\u90e8\u7f72\u811a\u672c\uff1a<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">wget https:\/\/get.vpnsetup.net -O vpn.sh &amp;&amp; sudo VPN_DNS_NAME='vpn.example.com' VPN_DNS_SRV1=1.1.1.1 VPN_CLIENT_NAME='YOUR_NAME' sh vpn.sh<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">3-2.\u5f00\u542fIKEv2-only\u6a21\u5f0f\uff1a<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">wget https:\/\/get.vpnsetup.net\/ikev2only -O ikev2only.sh &amp;&amp; sudo bash ikev2only.sh<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">4.\u7ba1\u7406\u7528\u6237\uff1a<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">\u67e5\u770b\u6240\u6709\u7528\u6237\uff1a\r\nsudo ikev2.sh --listclients\r\n\r\n\u6dfb\u52a0\u4e00\u4e2a\u7528\u6237\uff1a\r\nsudo ikev2.sh --addclient [client name]\r\n\r\n\u540a\u9500\u4e00\u4e2a\u7528\u6237\uff1a\r\nsudo ikev2.sh --revokeclient [client name]\r\n\r\n\u5220\u9664\u540a\u9500\u7528\u6237\uff1a\r\nsudo ikev2.sh --deleteclient [client name]\r\n\r\n\u67e5\u770b\u5f53\u524d\u5728\u7ebf\u7528\u6237\uff1a\r\nipsec trafficstatus\r\n\r\n\u67e5\u770b\u72b6\u6001\uff1a\r\nipsec status<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">5.\u5176\u4ed6\u53c2\u6570\uff1a<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">\u5347\u7ea7Libreswan\r\nwget https:\/\/get.vpnsetup.net\/upg -O vpnup.sh &amp;&amp; sudo sh vpnup.sh\r\n\r\n\u5378\u8f7d VPN\r\nwget https:\/\/get.vpnsetup.net\/unst -O unst.sh &amp;&amp; sudo bash unst.sh\r\n\r\n&lt;\u67e5\u770bIPSec\u7248\u672c&gt;\r\nipsec --version<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">6.\u5b89\u88c5Google BBR\u52a0\u901f<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">wget -N --no-check-certificate https:\/\/github.com\/teddysun\/across\/raw\/master\/bbr.sh &amp;&amp; chmod +x bbr.sh &amp;&amp; bash bbr.sh<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">Tip:\u6267\u884c\u5b8c\u6210\u540e\u9700\u8981\u91cd\u542f\u670d\u52a1\u5668<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">lsmod | grep bbr<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">Tip\uff1a\u5982\u679c\u6709\u8fd4\u56de\u503c\uff0c\u5219\u8bc1\u660e\u5b89\u88c5\u6210\u529f\u3002<\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">7.IKEv2\/IPSec VPN\u65e5\u5fd7\uff1a<\/span><\/p>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">Libreswan\u670d\u52a1\u7684\u65e5\u5fd7\u6587\u4ef6\u8def\u5f84\uff1a\/var\/log\/secure<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">Libreswan\u670d\u52a1\u7684\u5f53\u524d\u8f93\u51fa\u65e5\u5fd7\uff1a<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">tail -f \/var\/log\/secure<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u65e5\u5fd7\u5173\u952e\u8bcd\u5206\u6790\uff1a<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">\u5efa\u7acb\u8fde\u63a5\uff1aauthenticated peer\r\n\u65ad\u5f00\u8fde\u63a5\uff1adeleting connection<\/pre>\n<hr \/>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">7.IKEv2\/IPSec\u5ba2\u6237\u7aef\u8bbf\u95ee\u914d\u7f6e\u53c2\u8003\u7f51\u5740\uff1a<\/span><\/p>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\"><a href=\"https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/hwdsl2\/setup-ipsec-vpn\/blob\/master\/docs\/ikev2-howto-zh.md<\/a><\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u4e3b\u6d41\u7684\u6807\u51c6VPN\u534f\u8bae\u6709\uff1a PPTP L2TP\/IPSec IPsec\/XAuth (&#8220;Cisco IPsec&#8221;) (&#8220;IKEv1&#8221;) IKEv2\/IPSec WireGuard \u4ece\u4e0a\u5230\u4e0b\u534f\u8bae\u9010\u6e10\u5148\u8fdb\uff0cPPTP\u6700\u8001\u65e7\uff0cWireGuard\u6700\u65b0\u3002\u672c\u6559\u7a0b\u4e3b\u8981\u7814\u7a76\u7684\u5bf9\u8c61\u662fIKEv2 &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"Centos7\u90e8\u7f72IKEv2\/IPSec VPN Server\" class=\"read-more button\" href=\"https:\/\/blog.kingsbestone.com\/?p=2167#more-2167\" aria-label=\"\u66f4\u591a Centos7\u90e8\u7f72IKEv2\/IPSec VPN Server\">\u67e5\u770b\u66f4\u591a<\/a><\/p>\n","protected":false},"author":1,"featured_media":212,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[59,4],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/posts\/2167"}],"collection":[{"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2167"}],"version-history":[{"count":9,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/posts\/2167\/revisions"}],"predecessor-version":[{"id":2470,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/posts\/2167\/revisions\/2470"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/media\/212"}],"wp:attachment":[{"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}