https://computingforgeeks.com/build-ipsec-vpn-server-with-ipsec-l2tp-and-cisco-ipsec-linux/ ###下一步###下一步###下一步##### Setup IPsec VPN server on Ubuntu 18.04 / Ubuntu 16.04 / Debian You should have updated your system packages before running the deployment script. This is a fully automated IPsec VPN server setup, no user input needed. wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh ###下一步###下一步###下一步##### Your VPN login details will be randomly generated and displayed on the screen when finished. If you would like to define your own VPN credentials, edit vpnsetup.sh before execution. sudo vim vpnsetup.sh Set your values inside single quotes YOUR_IPSEC_PSK='kbtvpn57' YOUR_USERNAME='hckao' YOUR_PASSWORD='kbt236' The run vpnsetup.sh sudo sh vpnsetup.sh Sample output: ************************** WARNING *********************************** The ipsec service is currently disabled. To enable this service issue: systemctl enable ipsec.service ********************************************************************** ../../OBJ.linux.x86_64/testing/enumcheck/enumcheck -> /usr/local/libexec/ipsec/enumcheck ## Creating VPN configuration.. ## Updating sysctl settings.. ## Updating IPTables rules... ## Enabling services on boot... ## Starting services... ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: 220.133.209.15 IPsec PSK: kbtvpn57 Username: hckao Password: kbt236 Write these down. You'll need them to connect! Important notes: https://git.io/vpnnotes Setup VPN clients: https://git.io/vpnclients ================================================ ###下一步###下一步###下一步##### Enable ipsec service to start on boot sudo systemctl enable ipsec This deployment Includes sysctl.conf optimizations for improved performance. # Added by hwdsl2 VPN script kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.ip_forward = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.eth0.rp_filter = 0 net.core.wmem_max = 12582912 net.core.rmem_max = 12582912 net.ipv4.tcp_rmem = 10240 87380 12582912 net.ipv4.tcp_wmem = 10240 87380 12582912 All VPN traffic is encapsulated in UDP – does not need ESP protocol. ###下一步###下一步###下一步##### Manage VPN Users By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read IPSec VPN User management. The IPsec PSK (pre-shared key) is stored in./etc/ipsec.secrets All VPN users share the same IPsec PSK. You can set a new one by changing the line: %any %any : PSK "your_new_ipsec_pre_shared_key" For IPsec/L2TP, VPN users are specified in /etc/ppp/chap-secrets. The format of this file is: "your_vpn_username_1" l2tpd "your_vpn_password_1" * "your_vpn_username_2" l2tpd "your_vpn_password_2" * For IPsec/XAuth ("Cisco IPsec"), VPN users are specified in /etc/ipsec.d/passwd. The format of this file is: your_vpn_username_1:your_vpn_password_1_hashed:xauth-psk your_vpn_username_2:your_vpn_password_2_hashed:xauth-psk ... ... ###下一步###下一步###下一步#####轉換加密的密碼 Passwords in this file are salted and hashed. This step can be done using e.g. the openssl utility: # The output will be your_vpn_password_1_hashed openssl passwd -1 'your_vpn_password_1' Finally, restart services if you changed to a new PSK. For add, edit or remove VPN users, a restart is normally not required. sudo service ipsec restart || sudo systemctl restart ipsec sudo service xl2tpd restart || sudo systemctl restart xl2tpd ###下一步###下一步###下一步##### Connecting your Computer to the VPN The final step is to connect your computer or device to use the VPN. Refer to the following guides for this. Configure IPsec/L2TP VPN Clients Configure IPsec/XAuth (“Cisco IPsec”) VPN Clients How-To: IKEv2 VPN for Windows 7 and above If you get an error when trying to connect, see Troubleshooting. You have installed your very own IPSec VPN server with L2TP and Cisco IPsec on Ubuntu / CentOS / Debian. Enjoy using it. ###下一步###下一步###下一步##### ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: 1.160.17.66 IPsec PSK: kbtvpn57 Username: hckao Password: kbt236 Write these down. You'll need them to connect! Important notes: https://git.io/vpnnotes Setup VPN clients: https://git.io/vpnclients ================================================