科技、技术、VLOG、NBA

0%

分享自建SS/SSR/VPN节点

发表于 更新于 分类于
本文字数: 2.8k 阅读时长 ≈ 3 分钟

Centos7 64位

搬瓦工注册链接:https://bwh88.net/aff.php?aff=24655

Vultr注册链接:https://www.vultr.com/?ref=8049244-4F

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
iptables -F
yum install firewalld firewall-config
vi /usr/lib/firewalld/services/ssh.xml
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload
systemctl start firewalld

yum install wget
wget -N --no-check-certificate https://raw.githubusercontent.com/zuoshouzz/zuoshouzz.github.io/master/doc/ssr.sh && chmod +x ssr.sh && bash ssr.sh

vi /usr/lib/firewalld/services/ss.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SS</short>
  <description>Shadowsocks port
  </description>
  <port protocol="tcp" port="443"/>
</service>

firewall-cmd --permanent --add-service=ss
firewall-cmd --reload

wget --no-check-certificate https://raw.githubusercontent.com/tcp-nanqinlang/general/master/General/CentOS/bash/tcp_nanqinlang-1.3.2.sh && bash tcp_nanqinlang-1.3.2.sh

wget http://download.strongswan.org/strongswan.tar.gz && tar zxvf strongswan* 
cd strongswan*
yum install -y make gcc gmp-devel openssl openssl-devel
./configure --sysconfdir=/etc --disable-sql --disable-mysql --disable-ldap --enable-dhcp --enable-eap-identity --enable-eap-mschapv2 --enable-md4 --enable-xauth-eap --enable-eap-peap --enable-eap-md5 --enable-openssl --enable-shared --enable-unity --enable-eap-tls   --enable-eap-ttls --enable-eap-tnc --enable-eap-dynamic --enable-addrblock --enable-radattr --enable-nat-transport --enable-kernel-netlink --enable-kernel-libipsec
make && sudo make install

vi /etc/ipsec.conf

config setup
    uniqueids=never
conn IPsec_xauth_psk
    keyexchange=ikev1
    left=SERVER
    leftauth=psk
    leftsubnet=0.0.0.0/0
    right=%any
    rightauth=psk
    rightauth2=xauth
    rightsourceip=10.0.0.0/24
    auto=add

conn %default
    keyexchange=ikev1
    dpdaction=hold
    dpddelay=600s
    dpdtimeout=5s
    lifetime=24h
    ikelifetime=240h
    rekey=no
    left=SERVER
    leftsubnet=0.0.0.0/0
    leftcert=vpnHostCert.pem
    leftsendcert=always
    right=%any
    rightdns=8.8.8.8
    rightsourceip=10.0.0.0/24
    
vi /etc/ipsec.secrets

: PSK "zuoshou" # 这里 SECRET 可随意替换成你想要的密钥
zuoshou : XAUTH "zuoshouzz.github.io"

ipsec start
vi /usr/lib/firewalld/services/ipsec.xml

firewall-cmd --permanent --add-service=ipsec
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
vi /etc/rc.local

ipsec start

chmod +x /etc/rc.local
赞赏是一种力量,感谢支持!