在Ubuntu 16.04上通过Docker运行IPsec / L2TP VPN服务器和SSR服务器

1环境设置

1.1。添加用户

#1. Use the adduser command to add a new user to your system.
[email protected]$ sudo adduser dev

#2. Use the usermod command to add the user to the sudo group
[email protected]$ sudo usermod -aG sudo dev

#3. Test sudo access on new user account
[email protected]$ su - dev

1.2。安装Docker

# install docker
# see: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-14-04
# The quickest way to install Docker is to download and install their installation script (you'll be prompted for a sudo password).
[email protected]$ sudo wget -qO- https://get.docker.com/ | sh
# The above command downloads and executes a small installation script written by the Docker team.

#Working with Docker is a pain if your user is not configured correctly, so add your user to the docker group with the following command.
[email protected]$ sudo usermod -aG docker dev  # add dev user to docker group

# install Docker-compose
# see: https://docs.docker.com/compose/install/#install-compose
#1. Run this command to download the latest version of Docker Compose:
#[email protected]$ sudo curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#2. Apply executable permissions to the binary:
#[email protected]$ sudo chmod +x /usr/local/bin/docker-compose

# we should re-login to activate the `docker` daemon

2.运行IPsec / L2TP VPN服务器

2.1创建vpn/vpn.env用于保存凭据的文件

# Define your own values for these variables
# - DO NOT put "" or '' around values, or add space around =
# - DO NOT use these special characters within values: \ " '
VPN_IPSEC_PSK=your_ipsec_pre_shared_key
VPN_USER=your_vpn_username
VPN_PASSWORD=your_vpn_password

# (Optional) Define additional VPN users
# - Uncomment and replace with your own values
# - Usernames and passwords must be separated by spaces
# VPN_ADDL_USERS=additional_username_1 additional_username_2
# VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2

# (Optional) Use alternative DNS servers
# - By default, clients are set to use Google Public DNS
# - Example below shows using Cloudflare's DNS service
# VPN_DNS_SRV1=1.1.1.1
# VPN_DNS_SRV2=1.0.0.1

2.2启动VPN服务器

[email protected]$ mkdir vpn
[email protected]$ cd vpn

[email protected]$ docker run \
    --name ipsec-vpn-server \
    --env-file ./vpn.env \
    --restart=always \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -v /lib/modules:/lib/modules:ro \
    -d --privileged \
    hwdsl2/ipsec-vpn-server

而已。

3.运行SSR服务器

$ mkdir shadowsocksr
$ cd shadowsocksr/
$ wget https://github.com/cndaqiang/shadowsocksr/archive/manyuser.zip
$ sudo apt-get install unzip
$ unzip manyuser.zip 
$ cd shadowsocksr-manyuser/

自定义配置文件shadowsocksr-manyuser/config.json

sudo  python ./shadowsocks/server.py -c config.json -d start
sudo  python ./shadowsocks/server.py -c config.json -d stop

4.启用BBR

$ sudo -i

# enable bbr
$ echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
$ echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf

# save
$ sysctl -p

# verify if enabled
$ sysctl net.ipv4.tcp_available_congestion_control
$ sysctl net.ipv4.tcp_congestion_control