vpn升级了
以前手机安卓都支持简单vpn,现在必须是ipsec了,可是单位的路由器太旧,也不换新,只好自己想办法了,尝试了好多,最后发现还是docker比较香
docker-compose
源码如下
version: '3'
2 services:
3 ipsec-vpn-server:
4 container_name: ipsec-vpn-server
5 image: hwdsl2/ipsec-vpn-server
6 restart: unless-stopped
7 volumes:
8 - ./ikev2-vpn-data:/etc/ipsec.d
9 - /lib/modules:/lib/modules:ro
10 ports:
11 - "500:500/udp"
12 - "4500:4500/udp"
13 privileged: true
然后去配置ikev.conf文件,wanIP为你的外网地址
conn ikev2-cp
left=%defaultroute
leftcert=wanIP
leftsendcert=always
leftsubnet=0.0.0.0/0
leftrsasigkey=%cert
right=%any
rightid=%fromcert
#分配地址
rightaddresspool=192.168.43.10-192.168.43.250
rightca=%same
rightrsasigkey=%cert
narrowing=yes
dpddelay=30
retransmit-timeout=300s
dpdaction=clear
auto=add
ikev2=insist
rekey=no
pfs=no
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
ikelifetime=24h
salifetime=24h
encapsulation=yes
leftid=wanIP
modecfgdns="223.5.5.5 180.76.76.76"
mobike=yes
编写一个env文件,设置用户名和密码
touch vp-gen.env
内容如下:
#可以在线生成一个64位
VPN_IPSEC_PSK=your_ipsec_pre_shared_key
VPN_USER=your_vpn_username
VPN_PASSWORD=your_vpn_password
更加具体设置阅览这里