CENTOS7搭建L2TP OVER IPSEC https://zhuanlan.zhihu.com/p/654603620在国际上搭建信道是犯法的！！！一、这是检测服务器支不支持搭建的方法 modprobe ppp-compress-18 && echo yes先看看你的主机是否支持pptp，返回结果为yes就表示通过。 cat /dev/net/tun是否开启了TUN，有的虚拟机主机需要开启，返回结果为cat: /dev/net/tun: File descriptor in bad state,就表示通过。二、正式搭建命令1.首先一台全新的服务器记得换源2.安装必要程序3.编辑pppoptfile文件4.修改L2tp的配置文件5.添加账号密码6.创建预共享密钥7.修改内核参数8.建立ipsec 与 l2tp 服务关联的配置文件9.iptables安装配置10.启动1.首先一台全新的服务器记得换源 yum install -y epel-release2.安装这一堆花里胡哨的必要程序 yum install -y make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced man xl2tpd libreswan nano3.编辑pppoptfile文件nano /etc/ppp/options.xl2tpd require-mschap-v2 #加上这个 ipcp-accept-local ipcp-accept-remote ms-dns 8.8.8.8 ms-dns 1.1.1.1 # ms-dns 192.168.1.1 # ms-dns 192.168.1.3 # ms-wins 192.168.1.2 # ms-wins 192.168.1.4 noccp auth #obsolete: crtscts idle 1800 mtu 1410 mru 1410 nodefaultroute debug #obsolete: lock proxyarp connect-delay 5000 # To allow authentication against a Windows domain EXAMPLE, and require the # user to be in a group "VPN Users". Requires the samba-winbind package # require-mschap-v2 # plugin winbind.so # ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"' # You need to join the domain on the server, for example using samba: # http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html修改完成后按Ctrl+X保存文件 按Y保存并退出4.修改L2tp的配置文件 nano /etc/xl2tpd/xl2tpd.conf ; ; This is a minimal sample xl2tpd configuration file for use ; with L2TP over IPsec. ; ; The idea is to provide an L2TP daemon to which remote Windows L2TP/IPsec ; clients connect. In this example, the internal (protected) network ; is 192.168.1.0/24. A special IP range within this network is reserved ; for the remote clients: 192.168.1.128/25 ; (i.e. 192.168.1.128 ... 192.168.1.254) ; ; The listen-addr parameter can be used if you want to bind the L2TP daemon ; to a specific IP address instead of to all interfaces. For instance, ; you could bind it to the interface of the internal LAN (e.g. 192.168.1.98 ; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99) ; will be used by xl2tpd as its address on pppX interfaces.` [global] listen-addr = 192.168.5.243 #改成自己的外网IP` ; ; requires openswan-2.5.18 or higher - Also does not yet work in combination ; with kernel mode l2tp as present in linux 2.6.23+ ipsec saref = yes #去掉；注释号 ; Use refinfo of 22 if using an SAref kernel patch based on openswan 2.6.35 or ; when using any of the SAref kernel patches for kernels up to 2.6.35.` ; saref refinfo = 30 ; ; force userspace = yes ; ; debug tunnel = yes [lns default] ip range = 192.168.1.100-192.168.1.200 #分配给VPN客户端的IP，这个可以随便用，但是后面对应的要改 local ip = 192.168.1.99 #本地的IP网段一致不要被分配就行 require chap = yes refuse pap = yes require authentication = yes name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes5.添加账号密码 nano /etc/ppp/chap-secrets# Secrets for authentication using CHAP #client server secret IP addresses test1 * 123456 * test2 * 123456 *6.创建预共享密钥 nano /etc/ipsec.d/ipsec.secrets#include /etc/ipsec.d/*.secrets %any %any: PSK "123456"7.修改内核参数（不做修改） nano /etc/sysctl.confnet.ipv4.ip_forward = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 #每三句对应一个网卡 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.lo.send_redirects = 0 sysctl -p8.建立ipsec 与 l2tp 服务关联的配置文件 nano /etc/ipsec.d/l2tp_psk.confconn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 dpddelay=30 dpdtimeout=120 dpdaction=clear rekey=no ikelifetime=8h keylife=1h type=transport left=10.20.120.2 #也是网卡IP leftprotoport=17/1701 right=%any rightprotoport=17/%any9.iptables安装配置yum install -y iptables yum install -y iptables-servicessystemctl stop firewalld systemctl mask firewalldiptables -L -niptables -P INPUT ACCEPT iptables -F iptables -X iptables -Ziptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT iptables -I FORWARD -d 192.168.1.0/24 -j ACCEPT iptables -A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 1701 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 4500 -j ACCEPT iptables -A INPUT -p esp -j ACCEPT iptables -A INPUT -m policy --dir in --pol ipsec -j ACCEPT iptables -A FORWARD -i ppp+ -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT service iptables save /bin/systemctl restart iptables.service10.启动，分开执行，看看有没有错 systemctl start ipsec systemctl enable ipsec ipsec verifysystemctl start xl2tpd systemctl enable xl2tpd systemctl status xl2tpd使用预共享密钥的L2TP/IPsec 服务器地址： 预共享密钥：123456 账号一：test 密码：123456

群晖7.X 用Web station 部署 Typecho网站教程 首先需要安装的套件1、phpmyadmin2、Apache HTTP Server2.43、mariaDB104、Web station一、首先phpmyadmin新建数据库Typecho二、然后Typecho的文件上传至根目录三、给Typecho的目录权限http账户获取所有读取写入权限。四、Web station下一步，新增，确定五、脚本语言设置-php8.0-编辑全选保存六、网络门户--新增--网页服务门户然后正常安装即可。

感悟 别人平静的冷漠的对你交流是正常的。但凡有人对你微笑的沟通都值得感恩。

tomorrow never comes tomorrow never comes珍惜好当下吧，少年。去干自己不想干的事情才能提升自己。

解决Video Station支持DTS和eac3 完成Video Station的索引问题以后，还会碰到“不支持当前所选音频的文件格式”的问题。如果下载的4K片源无法正常播放的话，着实令人讨厌。在试过网上的几个方法后，最后总结出以下办法。其中后面的代码部分看似复杂，其实不过是一个复制粘贴的过程，不到1分钟就可以搞定。首先打开【套件中心】，并点击右上角的【设备】。找到【常规】菜单，在“信任层级”一项中勾选“任何发行者”，点击确点。然后再点击【新增】。名称处随意填写，在“位置”处添加引三方源处输入ffmpeg 安装4.4.3版本即可在群辉的“终端机和SNMP”选择中，勾选【开启SSH功能】。然后运行PuTTY，在Host Name处输入NAS的IP地址，端口使用22，方式为SSH。在弹出的命令行窗口中，输入当前NAS的用户名和登录密码并回车。输入密码时屏幕上不会有任何显示哦。输入"sudo -i"命令，然后回车，再次输入登录密码，进到root用户状态。（注意“”引号不必输入，-i前有个空格）修改文件权限。（代码需要逐行输入）chmod +s /var/packages/ffmpeg/target/bin/ffmpeg chmod +s /var/packages/ffmpeg/target/bin/ffprobe chmod +s /var/packages/ffmpeg/target/bin/vainfo 备份内置ffmpeg。（代码需要逐行输入）sed -i'-old' -e 's/eac3/ZAAP/' -e 's/dts/ZAP/' -e 's/truehd/ZAPZAP/' /var/packages/VideoStation/target/lib/libsynovte.so mv /var/packages/VideoStation/target/bin/ffmpeg /var/packages/VideoStation/target/bin/ffmpeg-old mv /var/packages/VideoStation/target/bin/ffprobe /var/packages/VideoStation/target/bin/ffprobe-oldmv /var/packages/VideoStation/target/bin/vainfo /var/packages/VideoStation/target/bin/vainfo-old调用ffmpeg脚本。（代码需要逐行输入）echo "H4sICEoigl4AA2ZmbXBlZwCtU8tOwzAQvO9XLEmkPlAwrRCHVokqBOILOEUVctN1YtE8FFumEvDvOA9KSQInfEhsZ2ZnPN64F2wnc7bjKgWws8ChI8XIDK9YyeMXnpBiQmQlJUzzKiHd4NsdB8DF+4e7p0egOC3Q8TYOhiEynZUd5OpQJACWqILpDF5TeSCMIvRc9BON17jdwr6AmCuy7IWDMge0wzdlVQgLnjVLO1Qqhf5a1PUug6njH5e3Nx3SaQqc8Ot1V0iMl3CNCLxpZ9sKv6OiPfqEE3veosq4DnKzWF7NVcwP9Gw4LyU7nyeTDu2x1RmBTU56jUyXT7cciGoi9Hk/sf9zAz/ttNJGrDDyjNiO3lY/YyPqaO1zkK0cjzYrjKSgPuCgluzdUi+e1l7Lj7zm/afHzsh81hfqdQIpHkPrcV/kBKBIo+9bL281I9psP/q97Nk2/7WhG8TI/jdpGYaDv8A9fYZPjqtrMXcDAAA=" | base64 -d | gunzip > /var/packages/VideoStation/target/bin/ffmpegln -s /var/packages/ffmpeg/target/bin/ffprobe /var/packages/VideoStation/target/bin/ffprobeln -s /var/packages/ffmpeg/target/bin/ffprobe /var/packages/VideoStation/target/bin/ffprobe重新调整权限。（代码需要逐行输入）sed -i'-old' -e 's/eac3/ZAAP/' -e 's/dts/ZAP/' -e 's/truehd/ZAPZAP/' /var/packages/VideoStation/target/lib/libsynovte.sochmod +x /var/packages/VideoStation/target/bin/ffmpegchmod +s /var/packages/VideoStation/target/bin/ffmpegchown root:VideoStation /var/packages/VideoStation/target/bin/ffmpeg以上代码输入完成后，关闭PuTTY，并重启一次Video Station。