搭建廉价的网游加速器CentOS.7-PPTP-L2TP

系统CentOS.7x

PPTP 脚本下载/安装

wget https://files-cdn.cnblogs.com/files/wangbin/CentOS7-pptp-host1plus.sh
chmod +x ./CentOS7-pptp-host1plus.sh
./CentOS7-pptp-host1plus.sh -u username -p password  

注意检查CentOS7-pptp-host1plus.sh的地址是否还有效。
username、password是自己的登录用户名和密码。但密码长度必须大于8个 ASCII字符，否则为了安全，脚本将会随机生成密码。
CentOS7-pptp-host1plus.sh 源码

#!/bin/bash
#    Setup Simple PPTP VPN server for CentOS 7 on Host1plus
#    Copyright (C) 2015-2016 Danyl Zhang <1475811550@qq.com> and contributors
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.

printhelp() {

echo "
Usage: ./CentOS7-pptp-host1plus.sh [OPTION]
If you are using custom password , Make sure its more than 8 characters. Otherwise it will generate random password for you. 
If you trying set password only. It will generate Default user with Random password. 
example: ./CentOS7-pptp-host1plus.sh -u myusr -p mypass
Use without parameter [ ./CentOS7-pptp-host1plus.sh ] to use default username and Random password
  -u,    --username             Enter the Username
  -p,    --password             Enter the Password
"
}

while [ "$1" != "" ]; do
  case "$1" in
    -u    | --username )             NAME=$2; shift 2 ;;
    -p    | --password )             PASS=$2; shift 2 ;;
    -h    | --help )            echo "$(printhelp)"; exit; shift; break ;;
  esac
done

# Check if user is root
[ $(id -u) != "0" ] && { echo -e "\033[31mError: You must be root to run this script\033[0m"; exit 1; } 

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
clear

yum -y update
yum -y install epel-release
yum -y install firewalld net-tools curl ppp pptpd

echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p

#no liI10oO chars in password

LEN=$(echo ${#PASS})

if [ -z "$PASS" ] || [ $LEN -lt 8 ] || [ -z "$NAME"]
then
   P1=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   P2=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   P3=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   PASS="$P1-$P2-$P3"
fi

if [ -z "$NAME" ]
then
   NAME="vpn"
fi

cat >> /etc/ppp/chap-secrets <<END
$NAME pptpd $PASS *
END

cat >/etc/pptpd.conf <<END
option /etc/ppp/options.pptpd
#logwtmp
localip 192.168.2.1
remoteip 192.168.2.10-100
END

cat >/etc/ppp/options.pptpd <<END
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 209.244.0.3
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
END

ETH=`route | grep default | awk '{print $NF}'`

systemctl restart firewalld.service
systemctl enable firewalld.service
firewall-cmd --set-default-zone=public
firewall-cmd --add-interface=$ETH
firewall-cmd --add-port=22/tcp --permanent
firewall-cmd --add-port=1723/tcp --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i $ETH -p gre -j ACCEPT
firewall-cmd --reload

cat > /etc/ppp/ip-up.local << END
/sbin/ifconfig $1 mtu 1400
END
chmod +x /etc/ppp/ip-up.local
systemctl restart pptpd.service
systemctl enable pptpd.service

VPN_IP=`curl ipv4.icanhazip.com`
clear
echo -e "You can now connect to your VPN via your external IP \033[32m${VPN_IP}\033[0m"
echo -e "Username: \033[32m${NAME}\033[0m"
echo -e "Password: \033[32m${PASS}\033[0m"

配置

设置账号密码

vim /etc/ppp/chap-secrets

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
账号 pptpd 密码 *

vim /etc/ppp/options.pptpd

修改ms-dns（DNS）与添加 logfile /var/log/pptpd.log（日志）

配置文件

vim /etc/pptpd.conf

localip 192.168.1.11 # 修改为你服务器的内网IP
remoteip 192.168.1.10-98,192.168.1.101 # 自定义分配给客户端的网段和地址池

vim /etc/ppp/ip-up

在 exit 0 前写入 ifconfig $1 mtu 1500

增加转发规则

“aaa.bbb.ccc.ddd” 请填写自己的内网ip。“eee” 请填写你服务器的网卡名

iptables -t nat -A POSTROUTING -s aaa.bbb.ccc.ddd/24 -o eee -j MASQUERADE
service iptables save		# 保存规则
systemctl restart iptables		#重启服务

端口开放\重启服务

重启pptpd服务

systemctl restart pptpd

服务器开放1723 端口

登陆

选择点对点隧道协议(PPTP) ,其他正常设置。

测试

csgo国际服（香港）

平均延迟在55ms上下，只能说还行吧。（每个地区延迟会有差异以实际结果为准）

L2TP 脚本下载/安装

使用 “setup-ipsec-vpn” 快速部署

wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh

管理客户端证书

如果要列出已有的 IKEv2 客户端的名称，运行 辅助脚本 并添加 --listclients 选项。使用参数 -h 显示使用信息。

 sudo ikev2.sh --listclients

添加证书

sudo ikev2.sh --addclient [证书名]

导出已有的证书配置

sudo ikev2.sh --exportclient [证书名]

吊销端证书

sudo ikev2.sh --revokeclient [证书名]

端口开放\重启服务

需要开放500， 4500， 1701端口，协议选择udp

systemctl restart ipsec xl2tpd	#可用于重启IPsec和xl2tpd服务

使用指南

在新增或完成安装后会显示证书路径

可以使用 “WinSCP” 工具连接到你的服务器，下载对应路径的下证书文件。

Windows 7, 8, 10 和 11

以管理员身份运行 ikev2_config_import.cmd 并确保这个辅助脚本与 证书.p12 在同一个文件夹下。
ikev2_config_import.cmd源码如下：

@echo off
:: IKEv2 Configuration Import Helper Script for Windows 8, 10 and 11
:: Copyright (C) 2022 Lin Song <linsongui@gmail.com>
:: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
:: Unported License: http://creativecommons.org/licenses/by-sa/3.0/
:: Attribution required: please include my name in any derivative and let me
:: know how you have improved it!

setlocal DisableDelayedExpansion
set "SPath=%SystemRoot%\System32"
if exist "%SystemRoot%\Sysnative\reg.exe" (set "SPath=%SystemRoot%\Sysnative")
set "Path=%SPath%;%SystemRoot%;%SPath%\Wbem;%SPath%\WindowsPowerShell\v1.0\"
set "_err====== ERROR ====="
set "_work=%~dp0"
if "%_work:~-1%"=="\" set "_work=%_work:~0,-1%"

for /f "tokens=4-5 delims=. " %%i in ('ver') do set version=%%i.%%j
if "%version%" == "10.0" goto :Check_Admin
if "%version%" == "6.3" goto :Check_Admin
if "%version%" == "6.2" goto :Check_Admin
goto :E_Win

:Check_Admin
reg query HKU\S-1-5-19 >nul 2>&1 || goto :E_Admin

where certutil >nul 2>&1
if %errorlevel% neq 0 goto :E_Cu
where powershell >nul 2>&1
if %errorlevel% neq 0 goto :E_Ps

title IKEv2 Configuration Import Helper Script
setlocal EnableDelayedExpansion
cd /d "!_work!"
@cls
echo ===================================================================
echo Welcome^^! Use this helper script to import an IKEv2 configuration
echo into a PC running Windows 8, 10 or 11.
echo For more details, see https://vpnsetup.net/ikev2
echo.
echo Before continuing, you must put the .p12 file you transferred from
echo the VPN server in the *same folder* as this script.
echo ===================================================================

set client_name_gen=
for /F "eol=| delims=" %%f in ('dir "*.p12" /A-D /B /O-D /TW 2^>nul') do (
  set "p12_latest=%%f"
  set "client_name_gen=!p12_latest:.p12=!"
  goto :Enter_Client_Name
)

:Enter_Client_Name
echo.
echo Enter the name of the IKEv2 VPN client to import.
echo Note: This is the same as the .p12 filename without extension.
set client_name=
set p12_file=
if defined client_name_gen (
  echo To accept the suggested client name, press Enter.
  set /p client_name="VPN client name: [%client_name_gen%] "
  if not defined client_name set "client_name=%client_name_gen%"
) else (
  set /p client_name="VPN client name: "
  if not defined client_name goto :Abort
)
set "client_name=%client_name:"=%"
set "client_name=%client_name: =%"
set "p12_file=%_work%\%client_name%.p12"
if not exist "!p12_file!" (
  echo.
  echo ERROR: File "!p12_file!" not found.
  echo You must put the .p12 file you transferred from the VPN server
  echo in the *same folder* as this script.
  goto :Enter_Client_Name
)

echo.
echo Enter the IP address (or DNS name) of the VPN server.
echo Note: This must exactly match the VPN server address in the output
echo of the IKEv2 helper script on your server.
set server_addr=
set /p server_addr="VPN server address: "
if not defined server_addr goto :Abort
set "server_addr=%server_addr:"=%"
set "server_addr=%server_addr: =%"

set "conn_name_gen=IKEv2 VPN %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! neq 0 (
  goto :Enter_Conn_Name
)
set "conn_name_gen=IKEv2 VPN 2 %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! neq 0 (
  goto :Enter_Conn_Name
)
set "conn_name_gen=IKEv2 VPN 3 %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! equ 0 (
  set conn_name_gen=
)

:Enter_Conn_Name
echo.
echo Provide a name for the new IKEv2 connection.
set conn_name=
if defined conn_name_gen (
  echo To accept the suggested connection name, press Enter.
  set /p conn_name="IKEv2 connection name: [%conn_name_gen%] "
  if not defined conn_name set "conn_name=%conn_name_gen%"
) else (
  set /p conn_name="IKEv2 connection name: "
  if not defined conn_name goto :Abort
)
set "conn_name=%conn_name:"=%"
powershell -command "Get-VpnConnection -Name '%conn_name%'" >nul 2>&1
if !errorlevel! equ 0 (
  echo.
  echo ERROR: A connection with this name already exists.
  goto :Enter_Conn_Name
)

echo.
echo Importing .p12 file...
certutil -f -p "" -importpfx "%p12_file%" NoExport >nul 2>&1
if !errorlevel! equ 0 goto :Create_Conn
echo When prompted, enter the password for client config files, which can be found
echo in the output of the IKEv2 helper script on your server.
:Import_P12
certutil -f -importpfx "%p12_file%" NoExport
if !errorlevel! neq 0 goto :Import_P12

:Create_Conn
echo.
echo Creating VPN connection...
powershell -command "Add-VpnConnection -ServerAddress '%server_addr%' -Name '%conn_name%' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
if !errorlevel! neq 0 (
  echo ERROR: Could not create the IKEv2 VPN connection.
  goto :Done
)

echo Setting IPsec configuration...
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName '%conn_name%' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
if !errorlevel! neq 0 (
  echo ERROR: Could not set IPsec configuration for the IKEv2 VPN connection.
  goto :Done
)

echo IKEv2 configuration successfully imported^^!
echo To connect to the VPN, click on the wireless/network icon in your system tray,
echo select the "%conn_name%" VPN entry, and click Connect.
goto :Done

:E_Admin
echo %_err%
echo This script requires administrator privileges.
echo Right-click on the script and select 'Run as administrator'.
goto :Done

:E_Win
echo %_err%
echo This script requires Windows 8, 10 or 11.
echo Windows 7 users can manually import IKEv2 configuration. See https://vpnsetup.net/ikev2
goto :Done

:E_Cu
echo %_err%
echo This script requires 'certutil', which is not detected.
goto :Done

:E_Ps
echo %_err%
echo This script requires 'powershell', which is not detected.
goto :Done

:Abort
echo.
echo Abort. No changes were made.

:Done
echo.
echo Press any key to exit.
pause >nul
goto :eof

iOS

将生成的 证书.mobileconfig 文件发送到 iOS 设备，并且导入为 iOS 配置描述文件。

结论

实际使用中发现PPTP下游戏，网络会出现波动丢包，L2TP并无明显卡顿感且延迟偏低。
从安全与稳定度上都推荐首选L2TP。
最后是价格：
一年的价格是251￥平均每月20.91￥

五年的价格是570￥平均每月9.5￥

(流量1￥/G。打了一局短时赛用了大概76m)
总的来说，如果你有几个小伙伴一起拼服务器，价格还是比加速器香的。