搭建廉价的网游加速器CentOS.7

阅读：评论：0

搭建廉价的网游加速器CentOS.7

系统CentOS.7x

PPTP 脚本下载/安装

wget .sh
chmod +x ./CentOS7-pptp-host1plus.sh
./CentOS7-pptp-host1plus.sh -u username -p password

注意检查CentOS7-pptp-host1plus.sh的地址是否还有效。
username、password是自己的登录用户名和密码。但密码长度必须大于8个 ASCII字符，否则为了安全，脚本将会随机生成密码。
CentOS7-pptp-host1plus.sh 源码

#!/bin/bash
#    Setup Simple PPTP VPN server for CentOS 7 on Host1plus
#    Copyright (C) 2015-2016 Danyl Zhang <1475811550@qq> and contributors
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.printhelp() {echo "
Usage: ./CentOS7-pptp-host1plus.sh [OPTION]
If you are using custom password , Make sure its more than 8 characters. Otherwise it will generate random password for you. 
If you trying set password only. It will generate Default user with Random password. 
example: ./CentOS7-pptp-host1plus.sh -u myusr -p mypass
Use without parameter [ ./CentOS7-pptp-host1plus.sh ] to use default username and Random password-u,    --username             Enter the Username-p,    --password             Enter the Password
"
}while [ "$1" != "" ]; docase "$1" in-u    | --username )             NAME=$2; shift 2 ;;-p    | --password )             PASS=$2; shift 2 ;;-h    | --help )            echo "$(printhelp)"; exit; shift; break ;;esac
done# Check if user is root
[ $(id -u) != "0" ] && { echo -e "33[31mError: You must be root to run this script33[0m"; exit 1; } export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
clearyum -y update
yum -y install epel-release
yum -y install firewalld net-tools curl ppp pptpdecho 'net.ipv4.ip_forward = 1' >> /f
sysctl -p#no liI10oO chars in passwordLEN=$(echo ${#PASS})if [ -z "$PASS" ] || [ $LEN -lt 8 ] || [ -z "$NAME"]
thenP1=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`P2=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`P3=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`PASS="$P1-$P2-$P3"
fiif [ -z "$NAME" ]
thenNAME="vpn"
ficat >> /etc/ppp/chap-secrets <<END
$NAME pptpd $PASS *
ENDcat >/f <<END
option /etc/ppp/options.pptpd
#logwtmp
localip 192.168.2.1
remoteip 192.168.2.10-100
ENDcat >/etc/ppp/options.pptpd <<END
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 209.244.0.3
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ENDETH=`route | grep default | awk '{print $NF}'`systemctl restart firewalld.service
systemctl enable firewalld.service
firewall-cmd --set-default-zone=public
firewall-cmd --add-interface=$ETH
firewall-cmd --add-port=22/tcp --permanent
firewall-cmd --add-port=1723/tcp --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i $ETH -p gre -j ACCEPT
firewall-cmd --reloadcat > /etc/ppp/ip-up.local << END
/sbin/ifconfig $1 mtu 1400
END
chmod +x /etc/ppp/ip-up.local
systemctl restart pptpd.service
systemctl enable pptpd.serviceVPN_IP=`curl ipv4.icanhazip`
clear
echo -e "You can now connect to your VPN via your external IP 33[32m${VPN_IP}33[0m"
echo -e "Username: 33[32m${NAME}33[0m"
echo -e "Password: 33[32m${PASS}33[0m"

配置

设置账号密码

vim /etc/ppp/chap-secrets

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
账号 pptpd 密码 *

vim /etc/ppp/options.pptpd

修改ms-dns（DNS）与添加 logfile /var/log/pptpd.log（日志）

配置文件

vim /f

localip 192.168.1.11 # 修改为你服务器的内网IP
remoteip 192.168.1.10-98,192.168.1.101 # 自定义分配给客户端的网段和地址池

vim /etc/ppp/ip-up

在 exit 0 前写入 ifconfig $1 mtu 1500

增加转发规则

“aaa.bbbc.ddd” 请填写自己的内网ip。“eee” 请填写你服务器的网卡名

iptables -t nat -A POSTROUTING -s aaa.bbbc.ddd/24 -o eee -j MASQUERADE
service iptables save		# 保存规则
systemctl restart iptables		#重启服务

端口开放重启服务

重启pptpd服务

systemctl restart pptpd

服务器开放1723 端口

登陆

选择点对点隧道协议(PPTP) ,其他正常设置。

测试

csgo国际服（香港）

平均延迟在55ms上下，只能说还行吧。（每个地区延迟会有差异以实际结果为准）

L2TP 脚本下载/安装

使用 “setup-ipsec-vpn” 快速部署

wget  -O vpn.sh && sudo sh vpn.sh

管理客户端证书

如果要列出已有的 IKEv2 客户端的名称，运行辅助脚本并添加 --listclients 选项。使用参数 -h 显示使用信息。

 sudo ikev2.sh --listclients

添加证书

sudo ikev2.sh --addclient [证书名]

导出已有的证书配置

sudo ikev2.sh --exportclient [证书名]

吊销端证书

sudo ikev2.sh --revokeclient [证书名]

端口开放重启服务

需要开放500， 4500， 1701端口，协议选择udp

systemctl restart ipsec xl2tpd	#可用于重启IPsec和xl2tpd服务

使用指南

在新增或完成安装后会显示证书路径

可以使用 “WinSCP” 工具连接到你的服务器，下载对应路径的下证书文件。

Windows 7, 8, 10 和 11

以管理员身份运行 ikev2_d 并确保这个辅助脚本与证书.p12 在同一个文件夹下。
ikev2_d源码如下：

@echo off
:: IKEv2 Configuration Import Helper Script for Windows 8, 10 and 11
:: Copyright (C) 2022 Lin Song <linsongui@gmail>
:: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
:: Unported License: .0/
:: Attribution required: please include my name in any derivative and let me
:: know how you have improved it!setlocal DisableDelayedExpansion
set "SPath=%SystemRoot%System32"
if exist "%SystemRoot%" (set "SPath=%SystemRoot%Sysnative")
set "Path=%SPath%;%SystemRoot%;%SPath%Wbem;%SPath%WindowsPowerShellv1.0"
set "_err====== ERROR ====="
set "_work=%~dp0"
if "%_work:~-1%"=="" set "_work=%_work:~0,-1%"for /f "tokens=4-5 delims=. " %%i in ('ver') do set version=%%i.%%j
if "%version%" == "10.0" goto :Check_Admin
if "%version%" == "6.3" goto :Check_Admin
if "%version%" == "6.2" goto :Check_Admin
goto :E_Win:Check_Admin
reg query HKUS-1-5-19 >nul 2>&1 || goto :E_Adminwhere certutil >nul 2>&1
if %errorlevel% neq 0 goto :E_Cu
where powershell >nul 2>&1
if %errorlevel% neq 0 goto :E_Pstitle IKEv2 Configuration Import Helper Script
setlocal EnableDelayedExpansion
cd /d "!_work!"
@cls
echo ===================================================================
echo Welcome^^! Use this helper script to import an IKEv2 configuration
echo into a PC running Windows 8, 10 or 11.
echo For more details, see 
echo.
echo Before continuing, you must put the .p12 file you transferred from
echo the VPN server in the *same folder* as this script.
echo ===================================================================set client_name_gen=
for /F "eol=| delims=" %%f in ('dir "*.p12" /A-D /B /O-D /TW 2^>nul') do (set "p12_latest=%%f"set "client_name_gen=!p12_latest:.p12=!"goto :Enter_Client_Name
):Enter_Client_Name
echo.
echo Enter the name of the IKEv2 VPN client to import.
echo Note: This is the same as the .p12 filename without extension.
set client_name=
set p12_file=
if defined client_name_gen (echo To accept the suggested client name, press Enter.set /p client_name="VPN client name: [%client_name_gen%] "if not defined client_name set "client_name=%client_name_gen%"
) else (set /p client_name="VPN client name: "if not defined client_name goto :Abort
)
set "client_name=%client_name:"=%"
set "client_name=%client_name: =%"
set "p12_file=%_work%%client_name%.p12"
if not exist "!p12_file!" (ho ERROR: File "!p12_file!" ho You must put the .p12 file you transferred from the VPN serverecho in the *same folder* as  :Enter_Client_Name
)echo.
echo Enter the IP address (or DNS name) of the VPN server.
echo Note: This must exactly match the VPN server address in the output
echo of the IKEv2 helper script on your server.
set server_addr=
set /p server_addr="VPN server address: "
if not defined server_addr goto :Abort
set "server_addr=%server_addr:"=%"
set "server_addr=%server_addr: =%"set "conn_name_gen=IKEv2 VPN %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! neq 0 (goto :Enter_Conn_Name
)
set "conn_name_gen=IKEv2 VPN 2 %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! neq 0 (goto :Enter_Conn_Name
)
set "conn_name_gen=IKEv2 VPN 3 %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! equ 0 (set conn_name_gen=
):Enter_Conn_Name
echo.
echo Provide a name for the new IKEv2 connection.
set conn_name=
if defined conn_name_gen (echo To accept the suggested connection name, press Enter.set /p conn_name="IKEv2 connection name: [%conn_name_gen%] "if not defined conn_name set "conn_name=%conn_name_gen%"
) else (set /p conn_name="IKEv2 connection name: "if not defined conn_name goto :Abort
)
set "conn_name=%conn_name:"=%"
powershell -command "Get-VpnConnection -Name '%conn_name%'" >nul 2>&1
if !errorlevel! equ 0 (ho ERROR: A connection with this name  :Enter_Conn_Name
)echo.
echo Importing .
certutil -f -p "" -importpfx "%p12_file%" NoExport >nul 2>&1
if !errorlevel! equ 0 goto :Create_Conn
echo When prompted, enter the password for client config files, which can be found
echo in the output of the IKEv2 helper script on your server.
:Import_P12
certutil -f -importpfx "%p12_file%" NoExport
if !errorlevel! neq 0 goto :Import_P12:Create_Conn
echo.
echo Creating 
powershell -command "Add-VpnConnection -ServerAddress '%server_addr%' -Name '%conn_name%' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
if !errorlevel! neq 0 (echo ERROR: Could not create the IKEv2  :Done
)echo Setting 
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName '%conn_name%' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
if !errorlevel! neq 0 (echo ERROR: Could not set IPsec configuration for the IKEv2  :Done
)echo IKEv2 configuration successfully imported^^!
echo To connect to the VPN, click on the wireless/network icon in your system tray,
echo select the "%conn_name%" VPN entry, and click Connect.
goto :Done:E_Admin
echo %_err%
echo This script requires administrator privileges.
echo Right-click on the script and select 'Run as administrator'.
goto :Done:E_Win
echo %_err%
echo This script requires Windows 8, 10 or 11.
echo Windows 7 users can manually import IKEv2 configuration. See 
goto :Done:E_Cu
echo %_err%
echo This script requires 'certutil', which is not detected.
goto :Done:E_Ps
echo %_err%
echo This script requires 'powershell', which is not detected.
goto :Done:Abort
echo.
echo Abort. No changes were made.:Done
echo.
echo Press any key to exit.
pause >nul
goto :eof