aws上创建一个低配置的云主机搭建vpn服务器
1.选择的是美国西部俄勒冈t2.micro https://aws.amazon.com/cn/ec2/pricing/on-demand/
按需定价
Linux
vCPU ECU 内存 (GiB) 实例存储 (GB) Linux/UNIX 使用量
t2.micro 1 变量 1 GiB 仅限 EBS 每小时 0.0116 USD
数据传输:
数据自 Amazon EC2 传出至 Internet
最多 1 GB /月 每 GB 0.00 USD
之后 9.999 TB /月 每 GB 0.09 USD
弹性 IP 地址
0.005 USD(按比例每小时与正在运行的实例相关联的额外 IP 地址)
0.005 USD(按比例每小时与正在运行的实例无关联的弹性 IP 地址)
aws实例先配置允许所有tcp,udp流量,vpn帐号登录正常后修改为udp500和4500两个端口开放.修改ssh 22端口仅允许指定IP访问
2.一键安装l2tp:https://blog.csdn.net/dlmmu/article/details/79049155
Stopping xl2tpd: [FAILED]
Starting xl2tpd: [ OK ]
================================================
IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: 18.237.xx.xx
IPsec PSK: 9pAJeM84YPbYpSgETXkt
Username: vpnuser
Password: xxxxxxxxxxxxxxxx
Write these down. You’ll need them to connect!
Important notes: https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients
================================================
setenforce 0
yum install vim net-tools wget unzip -y
cd /opt
wget -O StackScript.zip http://files.cnblogs.com/files/think8848/StackScript.zip
unzip StackScript.zip
chmod +x StackScript
./StackScript
netstat -ulnpa
cat /etc/ppp/chap-secrets
cat /etc/ipsec.secrets
/etc/init.d/xl2tpd restart
tail -f /var/log/messages
增加一个账户限制脚本(每帐号同时只能登录一个客户端)
# cat /etc/ppp/auth-up
#!/bin/sh
# get the username/ppp line number from the parameters
REALDEVICE=$1
USER=$2
# create the directory to keep pid files per user
mkdir -p /var/run/l2tp-users
# if there is a session already for this user, terminate the old one
if [ -f /var/run/l2tp-users/$USER ]; then
kill -HUP `cat /var/run/l2tp-users/$USER`
rm /var/run/l2tp-users/$USER
fi
# copy the pid file of current user to /var/run/l2tp-users
cp “/var/run/$REALDEVICE.pid” /var/run/l2tp-users/$USER
分配固定IP
cat /etc/ppp/chap-secrets
“vpnuser1” l2tpd “password1” 192.168.42.10
“vpnuser2” l2tpd “password2” 192.168.42.11
“vpnuser3” l2tpd “password3” 192.168.42.12
“vpnuser4” l2tpd “password4” 192.168.42.13
“vpnuser5” l2tpd “password5” 192.168.42.14
