root@Openwrt:/etc/config# cat /etc/swanctl/conf.d/20.acme.conf
connections {
acme {
local_addrs = %any
remote_addrs = %any
vips = 0.0.0.0,::
fragmentation = yes
pools = ipv4addr
send_cert = always
unique = never
local {
auth = pubkey
id = "xyz.wuruxu.cn"
certs = xyz.wuruxu.cn.cer
}
remote {
auth = eap-mschapv2
eap_id=%any
}
children {
sstun {
local_ts = 0.0.0.0/0,::/0
remote_ts = dynamic,224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
if_id_in = 666
if_id_out = 666
esp_proposals = chacha20poly1305-x25519,aes256gcm-modp2048,aes256-sha256,aes256-modp2048,aes256-sha1
mode = tunnel
life_time = 2h
rekey_time = 6h
dpd_action = clear
start_action = trap|start
updown = sh /etc/config/updown.sh
}
}
version = 2
mobike = yes
rekey_time = 6h
over_time = 36m
proposals = chacha20poly1305-prfsha512-curve25519,aes256gcm16-prfsha512-curve25519,aes256gcm16-prfsha256-ecp256,aes256-sha256-prfsha256-modp2048,aes256gcm16-prfsha256-modp1024
keyingtries = 3
}
}
pools {
ipv4addr {
addrs = 192.168.166.50-192.168.166.200
dns = 192.168.228.1
}
}
root@Openwrt:/etc/config# cat /etc/swanctl/conf.d/10.EAP_MSCHAPv2.users.conf
secrets {
eap-user1 {
id = username
secret = "password"
}
}
6 条回复
 |
1
yhcghjj 7 天前 via Android
用了 wireguard 就不想折腾这些东西了。。普通家用建议可以试试
|
 |
3
MacsedProtoss 6 天前 via iPhone
@wuruxu 有点文艺复兴了 其实考虑到家里的宽带上行速率 以及现在的跨网问题 这样真的不是劣化使用体验吗
|
 |
4
Zimong 6 天前 via iPhone
Android 自带的能不能配啊?
|
 |
5
wuruxu OP @MacsedProtoss 对家宽有顾虑 可以部署在阿里云上
|
Select Language