自己搭建一个游戏加速服务

背景

一个朋友抱怨说他玩游戏的时候延时很高，但是听说上海那边的网延时很低，于是我想到了这个服务：
ipsec-vpn-server：https://github.com/hwdsl2/docker-ipsec-vpn-server
,正好我有一个阿里上海的服务器，在上面部署这个服务的话，他玩游戏也就走的是上海的网络了，唯一担心的是本地到阿里服务的延时。但是不试一试怎么知道行不行呢？

准备

1. 首先要有一个服务器推荐使用阿里云的服务器99一年，可以通过下面的链接购买：
   阿里云服务器
2. 域名（可选）
3. 一定的linux知识

开始部署

1. 登录到服务器：下载docker镜像

   docker pull hwdsl2/ipsec-vpn-server
   

   如果拉取失败可手动上传镜像，文章末尾会提供镜像地址

2. 新建一个目录vpn 并进入目录

   cd /home
   mkdir vpn
   cd vpn
   

3. 新建 vpn.env 文件

   # Note: All the variables to this image are optional.
   # See README for more information.
   # To use, uncomment and replace with your own values.
   
   # Define IPsec PSK, VPN username and password
   # - DO NOT put "" or '' around values, or add space around =
   # - DO NOT use these special characters within values: \ " '
   VPN_IPSEC_PSK=一个随机字符串
   VPN_USER=vpn账号
   VPN_PASSWORD=vpn密码
   
   # Define additional VPN users
   # - DO NOT put "" or '' around values, or add space around =
   # - DO NOT use these special characters within values: \ " '
   # - Usernames and passwords must be separated by spaces
   # VPN_ADDL_USERS=additional_username_1 additional_username_2
   # VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2
   
   # Use a DNS name for the VPN server
   # - The DNS name must be a fully qualified domain name (FQDN)
   VPN_DNS_NAME=服务器地址
   
   # Specify a name for the first IKEv2 client
   # - Use one word only, no special characters except '-' and '_'
   # - The default is 'vpnclient' if not specified
   # VPN_CLIENT_NAME=your_client_name
   
   # Use alternative DNS servers
   # - By default, clients are set to use Google Public DNS
   # - Example below shows Cloudflare's DNS service
   # VPN_DNS_SRV1=1.1.1.1
   # VPN_DNS_SRV2=1.0.0.1
   
   # Protect IKEv2 client config files using a password
   # - By default, no password is required when importing IKEv2 client configuration
   # - Uncomment if you want to protect these files using a random password
   VPN_PROTECT_CONFIG=yes
   

   记得修改下面的参数内容

* VPN_IPSEC_PSK 一个随机字符串，可以在
https://cloud.google.com/network-connectivity/docs/vpn/how-to/generating-pre-shared-key?hl=zh-cn 获取
* VPN_USER和VPN_PASSWORD可以随意设置，后续的配置方案中用不到
* VPN_DNS_NAME 服务器ip，如果有有域名的话，可以填写域名

4. 运行docker

   docker run     --name ipsec-vpn-server     --env-file /home/vpn/vpn.env     --restart=always     -v ikev2-vpn-data:/etc/ipsec.d     -v /lib/modules:/lib/modules:ro     -p 500:500/udp     -p 4500:4500/udp     -d --privileged  hwdsl2/ipsec-vpn-server
   

5. 导出p12文件

   docker cp ipsec-vpn-server:/etc/ipsec.d/vpnclient.p12 ./
   

   导出到当前目录，通过sz命令将文件下载下来

6. 本地配置
   按照官方文档：https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md

需要准备一个cmd脚本ikev2_config_import.cmd

@echo off
:: IKEv2 Configuration Import Helper Script for Windows 8, 10 and 11
:: Copyright (C) 2022 Lin Song <linsongui@gmail.com>
:: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
:: Unported License: http://creativecommons.org/licenses/by-sa/3.0/
:: Attribution required: please include my name in any derivative and let me
:: know how you have improved it!

setlocal DisableDelayedExpansion
set "SPath=%SystemRoot%\System32"
if exist "%SystemRoot%\Sysnative\reg.exe" (set "SPath=%SystemRoot%\Sysnative")
set "Path=%SPath%;%SystemRoot%;%SPath%\Wbem;%SPath%\WindowsPowerShell\v1.0\"
set "_err====== ERROR ====="
set "_work=%~dp0"
if "%_work:~-1%"=="\" set "_work=%_work:~0,-1%"

for /f "tokens=4-5 delims=. " %%i in ('ver') do set version=%%i.%%j
if "%version%" == "10.0" goto :Check_Admin
if "%version%" == "6.3" goto :Check_Admin
if "%version%" == "6.2" goto :Check_Admin
goto :E_Win

:Check_Admin
reg query HKU\S-1-5-19 >nul 2>&1 || goto :E_Admin

where certutil >nul 2>&1
if %errorlevel% neq 0 goto :E_Cu
where powershell >nul 2>&1
if %errorlevel% neq 0 goto :E_Ps

title IKEv2 Configuration Import Helper Script
setlocal EnableDelayedExpansion
cd /d "!_work!"
@cls
echo ===================================================================
echo Welcome^^! Use this helper script to import an IKEv2 configuration
echo into a PC running Windows 8, 10 or 11.
echo For more details, see https://vpnsetup.net/ikev2
echo.
echo Before continuing, you must put the .p12 file you transferred from
echo the VPN server in the *same folder* as this script.
echo ===================================================================

set client_name_gen=
for /F "eol=| delims=" %%f in ('dir "*.p12" /A-D /B /O-D /TW 2^>nul') do (
  set "p12_latest=%%f"
  set "client_name_gen=!p12_latest:.p12=!"
  goto :Enter_Client_Name
)

:Enter_Client_Name
echo.
echo Enter the name of the IKEv2 VPN client to import.
echo Note: This is the same as the .p12 filename without extension.
set client_name=
set p12_file=
if defined client_name_gen (
  echo To accept the suggested client name, press Enter.
  set /p client_name="VPN client name: [%client_name_gen%] "
  if not defined client_name set "client_name=%client_name_gen%"
) else (
  set /p client_name="VPN client name: "
  if not defined client_name goto :Abort
)
set "client_name=%client_name:"=%"
set "client_name=%client_name: =%"
set "p12_file=%_work%\%client_name%.p12"
if not exist "!p12_file!" (
  echo.
  echo ERROR: File "!p12_file!" not found.
  echo You must put the .p12 file you transferred from the VPN server
  echo in the *same folder* as this script.
  goto :Enter_Client_Name
)

echo.
echo Enter the IP address (or DNS name) of the VPN server.
echo Note: This must exactly match the VPN server address in the output
echo of the IKEv2 helper script on your server.
set server_addr=
set /p server_addr="VPN server address: "
if not defined server_addr goto :Abort
set "server_addr=%server_addr:"=%"
set "server_addr=%server_addr: =%"

set "conn_name_gen=IKEv2 VPN %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! neq 0 (
  goto :Enter_Conn_Name
)
set "conn_name_gen=IKEv2 VPN 2 %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! neq 0 (
  goto :Enter_Conn_Name
)
set "conn_name_gen=IKEv2 VPN 3 %server_addr%"
powershell -command "Get-VpnConnection -Name '%conn_name_gen%'" >nul 2>&1
if !errorlevel! equ 0 (
  set conn_name_gen=
)

:Enter_Conn_Name
echo.
echo Provide a name for the new IKEv2 connection.
set conn_name=
if defined conn_name_gen (
  echo To accept the suggested connection name, press Enter.
  set /p conn_name="IKEv2 connection name: [%conn_name_gen%] "
  if not defined conn_name set "conn_name=%conn_name_gen%"
) else (
  set /p conn_name="IKEv2 connection name: "
  if not defined conn_name goto :Abort
)
set "conn_name=%conn_name:"=%"
powershell -command "Get-VpnConnection -Name '%conn_name%'" >nul 2>&1
if !errorlevel! equ 0 (
  echo.
  echo ERROR: A connection with this name already exists.
  goto :Enter_Conn_Name
)

echo.
echo Importing .p12 file...
certutil -f -p "" -importpfx "%p12_file%" NoExport >nul 2>&1
if !errorlevel! equ 0 goto :Create_Conn
echo When prompted, enter the password for client config files, which can be found
echo in the output of the IKEv2 helper script on your server.
:Import_P12
certutil -f -importpfx "%p12_file%" NoExport
if !errorlevel! neq 0 goto :Import_P12

:Create_Conn
echo.
echo Creating VPN connection...
powershell -command "Add-VpnConnection -ServerAddress '%server_addr%' -Name '%conn_name%' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
if !errorlevel! neq 0 (
  echo ERROR: Could not create the IKEv2 VPN connection.
  goto :Done
)

echo Setting IPsec configuration...
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName '%conn_name%' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
if !errorlevel! neq 0 (
  echo ERROR: Could not set IPsec configuration for the IKEv2 VPN connection.
  goto :Done
)

echo IKEv2 configuration successfully imported^^!
echo To connect to the VPN, click on the wireless/network icon in your system tray,
echo select the "%conn_name%" VPN entry, and click Connect.
goto :Done

:E_Admin
echo %_err%
echo This script requires administrator privileges.
echo Right-click on the script and select 'Run as administrator'.
goto :Done

:E_Win
echo %_err%
echo This script requires Windows 8, 10 or 11.
echo Windows 7 users can manually import IKEv2 configuration. See https://vpnsetup.net/ikev2
goto :Done

:E_Cu
echo %_err%
echo This script requires 'certutil', which is not detected.
goto :Done

:E_Ps
echo %_err%
echo This script requires 'powershell', which is not detected.
goto :Done

:Abort
echo.
echo Abort. No changes were made.

:Done
echo.
echo Press any key to exit.
pause >nul
goto :eof

1. 将生成的 .p12 文件安全地传送到你的计算机。
2. 右键单击 ikev2_config_import.cmd 并保存这个辅助脚本到与 .p12 文件 相同的文件夹。
3. 右键单击保存的脚本，选择 属性。单击对话框下方的 解除锁定，然后单击 确定。
4. 右键单击保存的脚本，选择 以管理员身份运行 并按提示操作。

运行到最后会要求提供PFK密码

docker logs ipsec-vpn-server

调用日志会看到密码

7. 运行vpn
   点击连接即可

8. 检查是否成功

   http://ip.fm

可以看到现在已经上海的ip了

docker镜像

下载地址：
夸克网盘
上传至服务器
然后装载镜像

docker load -i ipsec_vpn.tar 
docker images   # 获取镜像id image_id,替换掉下面的image_id
docker tag image_id hwdsl2/ipsec-vpn-server:latest

最后

很遗憾并没有解决朋友的延时问题，最后我觉得他说的问题不在于延时，而是丢包.....

最后的最后

我知道你们看到这个项目后会产生一些其他的想法，提前告诉你们答案，行不通！没必要去尝试！！！