#/etc/haproxy/haproxy.cfg frontend https-in bind *:443 tcp-request inspect-delay 3s tcp-request content accept if { req.ssl_hello_type 1 } acl tls req.ssl_hello_type 1 acl has_sni req.ssl_sni -m found use_backend ocserv if tls { req.ssl_sni -i [ocserv domain] } use_backend https-out if tls { req.ssl_sni -i [domian] } backend ocserv mode tcp option ssl-hello-chk server server-vpn 127.0.0.1:999 send-proxy-v2 # ocserv工作在本地999端口 backend https-out server server-web 127.0.0.1:4443 check #https工作在本地4443端口 #/etc/ocserv/ocserv.conf listen-proxy-proto = true 参考 HAProxy forwarding to HTTPS sites How to share the same port for VPN and HTTP »
编译安装 strongSwan.使用了5.5.1版本,最新是5.6.1不过不知道为什么无法连接 wget https://download.strongswan.org/strongswan-5.5.1.tar.gz tar zxvf strongswan-5.5.1tar.gz cd strongswan-5.5.1 ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --enable-openssl \ --enable-nat-transport \ --disable-mysql \ --disable-ldap \ --disable-static \ --enable-shared \ --enable-md4 \ --enable-eap-mschapv2 \ --enable-eap-aka \ --enable-eap-aka-3gpp2 \ --enable-eap-gtc \ --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-peap \ --enable-eap-radius \ --enable-eap-sim \ --enable-eap-sim-file \ --enable-eap-simaka-pseudonym \ --enable-eap-simaka-reauth \ --enable-eap-simaka-sql \ --enable-eap-tls \ --enable-eap-tnc \ --enable-eap-ttls make make install ==如果提示==confi »
Shadowvpn衍生自libsodium,主要是为低端硬件编写的,比如一些路由器. 但是也能当做vps之间的传输工具(比如国内跳板?) 而Github上的项目更新到2.0后安装说明没有得到及时更新…前几天按照旧的说明始终不行 目前 »
apt-ge install racoon 安装好后编辑/etc/racoon/racoon.conf log info; path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; listen { isakmp 9.9.9.9 [500]; #监听的端口和地址 isakmp_natt 9.9.9.9 [4500]; #监听的端口和地址 } remote anonymous { exchange_mode main,aggressive; doi ipsec_doi; nat_traversal on; proposal_check obey; generate_policy unique; ike_frag on; passive on; dpd_delay = 30; dpd_retry = 30; dpd_maxfail = 800; mode_cfg = on; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method xauth_psk_server; dh_group 2; lifetime time 12 hour; } } timer { natt_keepalive 20 sec; } sainfo anonymous »