2.下载源码编译apt-get install libgmp-dev
wget http://download.strongswan.org/strongswan.tar.gz && tar zxvf strongswan*
cd strongswan-5.5.1/
第二步:配置ipsec./configure --sysconfdir=/etc \
--disable-sql \
--disable-mysql \
--disable-ldap \
--enable-dhcp \
--enable-eap-identity \
--enable-eap-mschapv2 \
--enable-md4 \
--enable-xauth-eap \
--enable-eap-peap \
--enable-eap-md5 \
--enable-openssl \
--enable-shared \
--enable-unity \
--enable-eap-tls \
--enable-eap-ttls \
--enable-eap-tnc \
--enable-eap-dynamic \
--enable-addrblock \
--enable-radattr \
--enable-nat-transport \
--enable-kernel-netlink \
--enable-kernel-libipsec
make && make install
vim /etc/ipsec.conf
编辑
config setup
# strictcrlpolicy=yes
uniqueids = no #允许多设备登陆
conn IPsec_xauth_psk
keyexchange=ikev1
left=xxx.xxx.xxx.xxx #这里换成你登录 VPN 用的域名或 IP
leftauth=psk
leftsubnet=0.0.0.0/0
right=%any
rightauth=psk
rightauth2=xauth
rightsourceip=10.84.1.0/24 #配置成你的vps分配的内网ip
auto=add
conn %default
keyexchange=ikev1
dpdaction=hold
dpddelay=600s
dpdtimeout=5s
lifetime=24h
ikelifetime=240h
rekey=no
left=xxx.xxx.xxx.xxx #这里换成你登录 VPN 用的域名或 IP,与生成证书时相同
leftsubnet=0.0.0.0/0
leftcert=vpnHostCert.pem
leftsendcert=always
right=%any
rightdns=4.2.2.1 #配置成你喜欢的dns服务器地址
rightsourceip=10.84.1.0/24#配置成你的vps分配的内网ip
设置账号(懒得再iOS上上传证书,用口令认证方式)
vim /etc/ipsec.secrets
编辑
: PSK "密钥"
账户 : XAUTH "密码"
第三步:启动
ipsec start
其他科学上网见