使用开源VPN搭建个人虚拟专用网络_开源虚拟组网

1、引言

        想必大多数人都遇见过这个问题：在下载某些项目依赖，或者某些编程相关的工具时网速极慢，只有可怜的几十k的网速，甚至有时候只有几k,当时真有一种把电脑砸了的冲动。而造成这个问题的主要原因就是这些站点的服务器在国外，我们访问时自然要受到限制，那有没有解决办法呢？当然有，今天我就教你使用开源应用实现虚拟专用网络，突破访问限制，以后妈妈再也不用担心我网络限速了。

2、开源应用选择

        开源VPN很多，但是比较著名的就那么几个，比如大多数人熟知的Open VPN,但是我并不推荐使用它，因为这个应用不同版本配置都有差别，网上也充斥着很多相关的使用教程，但怎一个混乱了得，几乎都是东拼西凑，而且操作极其复杂，说实话，我也没搭建成功过，因此我选择了它——ipsec-vpn，关于这个VPN的使用可谓是简单到了极点，完全是傻瓜式安装，接下来，我就带你去安装配置这个VPN。

3、服务器配置

        首先你需要准备一台linux服务器，Ubuntu、Debian 或 CentOS都行，但必须是服务器，本地虚拟机中无法安装成功，而且有个问题，这个应用和服务器防火墙冲突，一旦安装，服务器防火墙就会被强行关闭，傻瓜式安装就有这个问题，除非是自定义配置，安装方法也很简单，直接复制下方代码块中的命令，在服务器root用户下执行，然后遇见y/n选择就输入y回车就行，其它都不用管，很快就安装好。

wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh

4、客户端搭建

        只要使用上方命令配置好服务器端后，就会自动生成一套相关的配置文件，然后使用宝塔面板或者WinSCP等下载工具将其下载到本地就能配置使用，这一套配置文件代表一个连接入口，如果需要添加或删除也可以自行操作，配置文件在root目录下，如下图所示：

4.1、Windows客户端配置

        Windows 8、10、11配置使用本方式，其它版本不支持，把.p12后缀结尾的文件保存到本地，单独放在一个文件夹里，然后生成一个纯文本文件，更改名字为：ikev2_config_import.cmd，记住一定要把整个名字修改，包括后缀都要保持一致，然后用文本编辑器打开文件，复制下面的shell脚本命令到该文件中保存退出，将其放在.p12结尾的文件的相同文件夹下。然后右键单击保存的脚本，选择 属性。单击对话框下方的 解除锁定，然后单击 确定，当然不需要解除锁定的就不用管。接着选中cmd脚本文件，右键管理员模式运行，然后按照提示输入.p12文件的文件名，不输入后缀，如果出错再输入后缀，输入服务器ip地址，并为连接取个名字，完成后退出，就会在电脑网络那里多出一个选项，点击就能连接VPN，再点击就断开。

@echo off
:: IKEv2 Configuration Import Helper Script for Windows 8, 10 and 11
:: Copyright (C) 2022 Lin Song <linsongui@gmail.com>
:: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
:: Unported License: http://creativecommons.org/licenses/by-sa/3.0/
:: Attribution required: please include my name in any derivative and let me
:: know how you have improved it!
 
setlocal DisableDelayedExpansion
set "SPath=%SystemRoot%\System32"
if exist "%SystemRoot%\Sysnative\reg.exe" (set "SPath=%SystemRoot%\Sysnative")
set "Path=%SPath%;%SystemRoot%;%SPath%\Wbem;%SPath%\WindowsPowerShell\v1.0\"
set "_err====== ERROR ====="
set "_work=%~dp0"
if "%_work:~-1%"=="\" set "_work=%_work:~0,-1%"
for /f "tokens=4-5 delims=. " %%i in ('ver') do set version=%%i.%%j
if "%version%" == "10.0" goto :Check_Admin
if "%version%" == "6.3" goto :Check_Admin
if "%version%" == "6.2" goto :Check_Admin
goto :E_Win
:Check_Admin
reg query HKU\S-1-5-19 >nul 2>&1 || goto :E_Admin
where certutil >nul 2>&1
if %errorlevel% neq 0 goto :E_Cu
where powershell >nul 2>&1
if %errorlevel% neq 0 goto :E_Ps
title IKEv2 Configuration Import Helper Script
setlocal EnableDelayedExpansion
cd /d "!_work!"
@cls
echo ===================================================================
echo Welcome^^! Use this helper script to import an IKEv2 configuration
echo into a PC running Windows 8, 10 or 11.
echo For more details, see https://vpnsetup.net/ikev2
echo.
echo Before continuing, you must put the .p12 file you transferred from
echo the VPN server in the *same folder* as this script.
echo ===================================================================
set client_name_gen=
for /F "eol=| delims=" %%f in ('dir "*.p12" /A-D /B /O-D /TW 2^>nul') do (
  set "p12_latest=%%f"
  set "client_name_gen=!p12_latest:.p12=!"
  goto :Enter_Client_Name
)
:Enter_Client_Name
echo.
echo Enter the name of the IKEv2 VPN client to import.
echo Note: This is the same as the .p12 filename without extension.
set client_name=
set p12_file=
if defined client_name_gen (
  echo To accept the suggested client name, press Enter.
  set /p client_name="VPN client name: [%client_name_gen%] "
  if not defined client_name set "client_name=%client_name_gen%"
) else (
  set /p client_name="VPN client name: "
  if not defined client_name goto :Abort
)
set "client_name=%client_name:"=%"
set "client_name=%client_name: =%"
set "p12_file=%_work%\%client_name%.p12"
if not exist "!p12_file!" (
  echo.
  echo ERROR: File "!p12_file!" not found.
  echo You must put the .p12 file you transferred from the VPN server
  echo in the *same folder* as this script.
  goto :Enter_Client_Name
)
 
echo.
echo Enter the IP address (or DNS name) of the VPN server.
echo Note: This must exactly match the VPN server address in the output
echo of the IKEv2 helper script on your server.
set server_addr=
set /p server_addr="VPN server address: "
if not defined server_addr goto :Abort
set "server_addr=%server_addr:"=%"
set "server_addr=%server_addr: =%"
set "conn_name_gen=IKEv2 VPN %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! neq 0 (
  goto :Enter_Conn_Name
)
set "conn_name_gen=IKEv2 VPN 2 %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! neq 0 (
  goto :Enter_Conn_Name
)
set "conn_name_gen=IKEv2 VPN 3 %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! equ 0 (
  set conn_name_gen=
)
:Enter_Conn_Name
echo.
echo Provide a name for the new IKEv2 connection.
set conn_name=
if defined conn_name_gen (
  echo To accept the suggested connection name, press Enter.
  set /p conn_name="IKEv2 connection name: [%conn_name_gen%] "
  if not defined conn_name set "conn_name=%conn_name_gen%"
) else (
  set /p conn_name="IKEv2 connection name: "
  if not defined conn_name goto :Abort
)
set "conn_name=%conn_name:"=%"
powershell -command "Get-VpnConnection -Name '%conn_name%'" >nul 2>&1
if !errorlevel! equ 0 (
  echo.
  echo ERROR: A connection with this name already exists.
  goto :Enter_Conn_Name
)
 
echo.
echo Importing .p12 file...
certutil -f -p "" -importpfx "%p12_file%" NoExport >nul 2>&1
if !errorlevel! equ 0 goto :Create_Conn
echo When prompted, enter the password for client config files, which can be found
echo in the output of the IKEv2 helper script on your server.
:Import_P12
certutil -f -importpfx "%p12_file%" NoExport
if !errorlevel! neq 0 goto :Import_P12
 
:Create_Conn
echo.
echo Creating VPN connection...
powershell -command "Add-VpnConnection -ServerAddress '%server_addr%' -Name '%conn_name%' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
if !errorlevel! neq 0 (
  echo ERROR: Could not create the IKEv2 VPN connection.
  goto :Done
)
 
echo Setting IPsec configuration...
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName '%conn_name%' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
if !errorlevel! neq 0 (
  echo ERROR: Could not set IPsec configuration for the IKEv2 VPN connection.
  goto :Done
)
 
echo IKEv2 configuration successfully imported^^!
echo To connect to the VPN, click on the wireless/network icon in your system tray,
echo select the "%conn_name%" VPN entry, and click Connect.
goto :Done
 
:E_Admin
echo %_err%
echo This script requires administrator privileges.
echo Right-click on the script and select 'Run as administrator'.
goto :Done
 
:E_Win
echo %_err%
echo This script requires Windows 8, 10 or 11.
echo Windows 7 users can manually import IKEv2 configuration. See https://vpnsetup.net/ikev2
goto :Done
 
:E_Cu
echo %_err%
echo This script requires 'certutil', which is not detected.
goto :Done
 
:E_Ps
echo %_err%
echo This script requires 'powershell', which is not detected.
goto :Done
 
:Abort
echo.
echo Abort. No changes were made.
 
:Done
echo.
echo Press any key to exit.
pause >nul
goto :eof

4.2、安卓客户端配置

        将.sswan结尾的文件保存到本地，然后前往下方代码块中的下载地址下载安卓开源客户端最新版本，打开应用后，单击右上角的三个点，单机导入VPN配置，在文件夹中找到.sswan结尾的文件，选中，然后点击从VPN配置中导入证书，按照提示操作，在VPN选项中一定要选择VPN，操作完就会返回界面，你就会发现界面中多了一个连接节点，点击就能连接，初次使用会有权限使用，都要同意。

https://download.strongswan.org/Android/

4.3、其它操作系统客户端配置

        关于使用苹果或linux等其它操作系统的客户端配置我就不一一列出了，如果需要，请访问下方网址获取我的联系方式联系我，备注网络我就知道了。

http://code.drjtrtj.xyz/