root@Openwrt:/etc/config# cat /etc/swanctl/conf.d/20.acme.conf
connections {
acme {
local_addrs = %any
remote_addrs = %any
vips = 0.0.0.0,::
fragmentation = yes
pools = ipv4addr
send_cert = always
unique = never
local {
auth = pubkey
id = "xyz.wuruxu.cn"
certs = xyz.wuruxu.cn.cer
}
remote {
auth = eap-mschapv2
eap_id=%any
}
children {
sstun {
local_ts = 0.0.0.0/0,::/0
remote_ts = dynamic,224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
if_id_in = 666
if_id_out = 666
esp_proposals = chacha20poly1305-x25519,aes256gcm-modp2048,aes256-sha256,aes256-modp2048,aes256-sha1
mode = tunnel
life_time = 2h
rekey_time = 6h
dpd_action = clear
start_action = trap|start
updown = sh /etc/config/updown.sh
}
}
version = 2
mobike = yes
rekey_time = 6h
over_time = 36m
proposals = chacha20poly1305-prfsha512-curve25519,aes256gcm16-prfsha512-curve25519,aes256gcm16-prfsha256-ecp256,aes256-sha256-prfsha256-modp2048,aes256gcm16-prfsha256-modp1024
keyingtries = 3
}
}
pools {
ipv4addr {
addrs = 192.168.166.50-192.168.166.200
dns = 192.168.228.1
}
}
root@Openwrt:/etc/config# cat /etc/swanctl/conf.d/10.EAP_MSCHAPv2.users.conf
secrets {
eap-user1 {
id = username
secret = "password"
}
}
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.