\u8fd9\u662f\u300c\u5f00\u6e90VPN\u5b9e\u6218\u300d\u7cfb\u5217\u7684\u7b2c\u56db\u7bc7\u3002\u524d\u4e09\u7bc7\u6211\u4eec\u4ecb\u7ecd\u4e86 Pritunl \u7684\u5b89\u88c5\u90e8\u7f72\u3001\u5b89\u5168\u52a0\u56fa\u548c SSO \u96c6\u6210\uff0c\u672c\u7bc7\u5c06\u6df1\u5165\u8bb2\u89e3\u5982\u4f55\u4f7f\u7528 Pritunl Link \u5b9e\u73b0\u591a\u4e91\u73af\u5883\u7684\u7ad9\u70b9\u5230\u7ad9\u70b9\u4e92\u8054\u3002<\/p>\n
\u7cfb\u5217\u6587\u7ae0<\/strong>\uff1a<\/p>\n \u5728\u4f01\u4e1a\u591a\u4e91\u67b6\u6784\u4e2d\uff0c\u4e0d\u540c\u4e91\u5e73\u53f0\u3001\u4e0d\u540c\u533a\u57df\u7684\u7f51\u7edc\u9700\u8981\u4e92\u901a\uff1a<\/p>\n <\/p>\n Pritunl Link \u5ba2\u6237\u7aef<\/strong>\uff1a<\/p>\n Pritunl \u670d\u52a1\u5668\u96c6\u7fa4<\/strong>\uff1a<\/p>\n \u5728\u6bcf\u4e2a\u9700\u8981\u4e92\u8054\u7684\u7f51\u7edc\u4e2d\u5b89\u88c5 pritunl-link\uff1a<\/p>\n # AlmaLinux\/Rocky Linux<\/p>\n sudo tee \/etc\/yum.repos.d\/pritunl.repo << EOF<\/p>\n [pritunl]<\/p>\n name=Pritunl Repository<\/p>\n baseurl=https:\/\/repo.pritunl.com\/stable\/yum\/almalinux\/9\/<\/p>\n gpgcheck=1<\/p>\n enabled=1<\/p>\n gpgkey=https:\/\/raw.githubusercontent.com\/pritunl\/pgp\/master\/pritunl_repo_pub.asc<\/p>\n EOF<\/p>\n sudo dnf -y install pritunl-link<\/p>\n sudo systemctl enable pritunl-link<\/p>\n # Ubuntu 24.04<\/p>\n sudo tee \/etc\/apt\/sources.list.d\/pritunl.list << EOF<\/p>\n deb [ signed-by=\/usr\/share\/keyrings\/pritunl.gpg ] https:\/\/repo.pritunl.com\/stable\/apt noble main<\/p>\n EOF<\/p>\n curl -fsSL https:\/\/raw.githubusercontent.com\/pritunl\/pgp\/master\/pritunl_repo_pub.asc | sudo gpg -o \/usr\/share\/keyrings\/pritunl.gpg –dearmor –yes<\/p>\n sudo apt update<\/p>\n sudo apt -y install pritunl-link<\/p>\n sudo systemctl enable pritunl-link<\/p>\n \u5728 Pritunl Web \u63a7\u5236\u53f0\uff1a<\/p>\n # AES 128 GCM\uff08\u63a8\u8350\uff0c\u6027\u80fd\u6700\u4f73\uff09<\/p>\n IKE=aes128-sha256-x25519 ESP=aes128gcm128-x25519<\/p>\n # AES 256 GCM\uff08\u66f4\u9ad8\u5b89\u5168\u6027\uff09<\/p>\n IKE=aes256-sha256-x25519 ESP=aes256gcm128-x25519<\/p>\n # ChaCha20\uff08\u65e0 AES \u786c\u4ef6\u52a0\u901f\u65f6\u63a8\u8350\uff09<\/p>\n IKE=chacha20poly1305-prfsha256-x25519 ESP=chacha20poly1305-x25519<\/p>\n \u5728\u670d\u52a1\u5668\u8bbe\u7f6e\u4e2d\u542f\u7528 “Force Preferred Cipher” \u5f3a\u5236\u4f7f\u7528\u63a8\u8350\u7b97\u6cd5\u3002<\/p>\n \u5047\u8bbe\u6709\u4e24\u4e2a VPC \u9700\u8981\u4e92\u8054\uff1a<\/p>\n \u521b\u5efa\u5177\u6709 VPC \u8def\u7531\u8868\u4fee\u6539\u6743\u9650\u7684 IAM \u89d2\u8272\uff1a<\/p>\n {<\/p>\n “Version”: “2012-10-17”,<\/p>\n “Statement”: [<\/p>\n {<\/p>\n “Effect”: “Allow”,<\/p>\n “Action”: [<\/p>\n “ec2:DescribeRouteTables”,<\/p>\n “ec2:CreateRoute”,<\/p>\n “ec2:ReplaceRoute”,<\/p>\n “ec2:DeleteRoute”<\/p>\n ],<\/p>\n “Resource”: “*”<\/p>\n }<\/p>\n ]<\/p>\n }<\/p>\n \u5f00\u653e\u4ee5\u4e0b\u7aef\u53e3\uff1a<\/p>\n \u5728 VPC-A \u4e2d\u542f\u52a8 Amazon Linux 2023 \u5b9e\u4f8b\uff1a<\/p>\n #!\/bin\/bash<\/p>\n # \u7981\u7528 SSL \u8bc1\u4e66\u9a8c\u8bc1\uff08\u5982\u679c Pritunl \u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\uff09<\/p>\n sudo pritunl-link verify-off<\/p>\n # \u8bbe\u7f6e\u4e91\u63d0\u4f9b\u5546<\/p>\n sudo pritunl-link set-provider aws<\/p>\n # \u6dfb\u52a0 Link URI\uff08\u4ece Pritunl Web \u63a7\u5236\u53f0\u83b7\u53d6\uff09<\/p>\n sudo pritunl-link add-uri PRLINK_URI<\/p>\n # \u68c0\u67e5 pritunl-link \u72b6\u6001<\/p>\n sudo systemctl status pritunl-link<\/p>\n # \u67e5\u770b\u65e5\u5fd7<\/p>\n sudo journalctl -u pritunl-link -f<\/p>\n # \u9a8c\u8bc1\u8def\u7531\u8868\u66f4\u65b0<\/p>\n aws ec2 describe-route-tables –filters “Name=vpc-id,Values=vpc-xxxxxxxx”<\/p>\n \u4ece VPC-A \u7684\u5b9e\u4f8b ping VPC-B \u7684\u5b9e\u4f8b\uff1a<\/p>\n # \u5047\u8bbe VPC-B \u4e2d\u6709\u5b9e\u4f8b 10.1.0.100<\/p>\n ping 10.1.0.100<\/p>\n \u5f00\u653e\u7aef\u53e3\uff1a<\/p>\n \u5728 Azure \u95e8\u6237\uff1a<\/p>\n \u6216\u4f7f\u7528 Azure CLI\uff1a<\/p>\n az network nic update <\/p>\n –resource-group myResourceGroup <\/p>\n –name myNic <\/p>\n –ip-forwarding true<\/p>\n # \u521b\u5efa\u8def\u7531\u8868<\/p>\n az network route-table create <\/p>\n –resource-group myResourceGroup <\/p>\n –name myRouteTable<\/p>\n # \u6dfb\u52a0\u5230 AWS VPC \u7684\u8def\u7531<\/p>\n az network route-table route create <\/p>\n –resource-group myResourceGroup <\/p>\n –route-table-name myRouteTable <\/p>\n –name route-to-aws <\/p>\n –address-prefix 10.1.0.0\/16 <\/p>\n –next-hop-type VirtualAppliance <\/p>\n –next-hop-ip-address 10.0.0.100<\/p>\n # \u5173\u8054\u5230\u5b50\u7f51<\/p>\n az network vnet subnet update <\/p>\n –resource-group myResourceGroup <\/p>\n –vnet-name myVNet <\/p>\n –name mySubnet <\/p>\n –route-table myRouteTable<\/p>\n # \u5b89\u88c5 pritunl-link<\/p>\n sudo apt update<\/p>\n sudo apt -y install pritunl-link<\/p>\n # \u7981\u7528 SSL \u9a8c\u8bc1<\/p>\n sudo pritunl-link verify-off<\/p>\n # \u8bbe\u7f6e\u63d0\u4f9b\u5546<\/p>\n sudo pritunl-link set-provider azure<\/p>\n # \u6dfb\u52a0 Link URI<\/p>\n sudo pritunl-link add-uri PRLINK_URI<\/p>\n # \u5141\u8bb8 IPsec \u6d41\u91cf<\/p>\n gcloud compute firewall-rules create allow-ipsec <\/p>\n –network my-vpc <\/p>\n –allow udp:500,udp:4500 <\/p>\n –source-ranges 0.0.0.0\/0<\/p>\n # \u5141\u8bb8\u4e3b\u673a\u68c0\u67e5\uff08\u53ef\u9009\uff09<\/p>\n gcloud compute firewall-rules create allow-link-check <\/p>\n –network my-vpc <\/p>\n –allow tcp:9790 <\/p>\n –source-ranges 10.0.0.0\/8<\/p>\n # \u521b\u5efa\u5b9e\u4f8b\u65f6\u542f\u7528 IP \u8f6c\u53d1<\/p>\n gcloud compute instances create link-client <\/p>\n –zone us-central1-a <\/p>\n –machine-type e2-medium <\/p>\n –image-family ubuntu-2204-lts <\/p>\n –image-project ubuntu-os-cloud <\/p>\n –can-ip-forward <\/p>\n –network my-vpc <\/p>\n –subnet my-subnet<\/p>\n # \u521b\u5efa\u8def\u7531\u5230 AWS VPC<\/p>\n gcloud compute routes create route-to-aws <\/p>\n –network my-vpc <\/p>\n –destination-range 10.1.0.0\/16 <\/p>\n –next-hop-instance link-client <\/p>\n –next-hop-instance-zone us-central1-a<\/p>\n # SSH \u5230\u5b9e\u4f8b<\/p>\n gcloud compute ssh link-client –zone us-central1-a<\/p>\n # \u5b89\u88c5 pritunl-link<\/p>\n sudo apt update<\/p>\n sudo apt -y install pritunl-link<\/p>\n # \u7981\u7528 SSL \u9a8c\u8bc1<\/p>\n sudo pritunl-link verify-off<\/p>\n # \u8bbe\u7f6e\u63d0\u4f9b\u5546<\/p>\n sudo pritunl-link set-provider google<\/p>\n # \u6dfb\u52a0 Link URI<\/p>\n sudo pritunl-link add-uri PRLINK_URI<\/p>\n \u5728 OCI \u63a7\u5236\u53f0\uff1a<\/p>\n # \u7981\u7528 VNIC \u6e90\/\u76ee\u6807\u68c0\u67e5<\/p>\n oci network vnic update <\/p>\n –vnic-id ocid1.vnic.oc1… <\/p>\n –skip-source-dest-check true<\/p>\n # \u521b\u5efa\u8def\u7531\u8868<\/p>\n oci network route-table create <\/p>\n –compartment-id ocid1.compartment.oc1… <\/p>\n –vcn-id ocid1.vcn.oc1… <\/p>\n –route-rules ‘[{<\/p>\n “destination”: “10.1.0.0\/16”,<\/p>\n “destinationType”: “CIDR_BLOCK”,<\/p>\n “networkEntityId”: “ocid1.privateip.oc1…”<\/p>\n }]’<\/p>\n # \u5173\u8054\u5230\u5b50\u7f51<\/p>\n oci network subnet update <\/p>\n –subnet-id ocid1.subnet.oc1… <\/p>\n –route-table-id ocid1.routetable.oc1…<\/p>\n # SSH \u5230\u5b9e\u4f8b<\/p>\n ssh -i key.pem ubuntu@<\/p>\n # \u5b89\u88c5 pritunl-link<\/p>\n sudo apt update<\/p>\n sudo apt -y install pritunl-link<\/p>\n # \u7981\u7528 SSL \u9a8c\u8bc1<\/p>\n sudo pritunl-link verify-off<\/p>\n # \u8bbe\u7f6e\u63d0\u4f9b\u5546<\/p>\n sudo pritunl-link set-provider oracle<\/p>\n # \u6dfb\u52a0 Link URI<\/p>\n sudo pritunl-link add-uri PRLINK_URI<\/p>\n \u5c06 Ubiquiti EdgeRouter \u9632\u706b\u5899\u8fde\u63a5\u5230\u4e91\u4e0a Pritunl Link\u3002<\/p>\n # \u8fdb\u5165\u914d\u7f6e\u6a21\u5f0f<\/p>\n configure<\/p>\n # \u914d\u7f6e IPsec<\/p>\n set vpn ipsec esp-group Pritunl compression ‘disable’<\/p>\n set vpn ipsec esp-group Pritunl lifetime ‘3600’<\/p>\n set vpn ipsec esp-group Pritunl mode ‘tunnel’<\/p>\n set vpn ipsec esp-group Pritunl pfs ‘enable’<\/p>\n set vpn ipsec esp-group Pritunl proposal 1 encryption ‘aes128gcm128’<\/p>\n set vpn ipsec esp-group Pritunl proposal 1 hash ‘sha256’<\/p>\n set vpn ipsec ike-group Pritunl ikev2-reauth ‘no’<\/p>\n set vpn ipsec ike-group Pritunl key-exchange ‘ikev2’<\/p>\n set vpn ipsec ike-group Pritunl lifetime ‘28800’<\/p>\n set vpn ipsec ike-group Pritunl proposal 1 dh-group ’25’<\/p>\n set vpn ipsec ike-group Pritunl proposal 1 encryption ‘aes128’<\/p>\n set vpn ipsec ike-group Pritunl proposal 1 hash ‘sha256’<\/p>\n # \u914d\u7f6e site-to-site peer<\/p>\n set vpn ipsec site-to-site peer authentication id ”<\/p>\n set vpn ipsec site-to-site peer authentication mode ‘pre-shared-secret’<\/p>\n set vpn ipsec site-to-site peer authentication pre-shared-secret ”<\/p>\n set vpn ipsec site-to-site peer connection-type ‘initiate’<\/p>\n set vpn ipsec site-to-site peer ike-group ‘Pritunl’<\/p>\n set vpn ipsec site-to-site peer local-address ”<\/p>\n # \u6dfb\u52a0\u96a7\u9053<\/p>\n set vpn ipsec site-to-site peer tunnel 1 allow-nat-networks ‘disable’<\/p>\n set vpn ipsec site-to-site peer tunnel 1 allow-public-networks ‘disable’<\/p>\n set vpn ipsec site-to-site peer tunnel 1 esp-group ‘Pritunl’<\/p>\n set vpn ipsec site-to-site peer tunnel 1 local prefix ‘10.0.0.0\/16’<\/p>\n set vpn ipsec site-to-site peer tunnel 1 remote prefix ‘10.1.0.0\/16’<\/p>\n # \u63d0\u4ea4\u5e76\u4fdd\u5b58<\/p>\n commit<\/p>\n save<\/p>\n \u4e3b\u673a\u68c0\u67e5\u7528\u4e8e\u68c0\u6d4b\u7f51\u7edc\u5206\u533a\u548c\u9009\u62e9\u6700\u4f73\u6fc0\u6d3b\u94fe\u8def\uff1a<\/p>\n # \u5728\u6240\u6709 Link \u5ba2\u6237\u7aef\u4e0a<\/p>\n # \u786e\u4fdd TCP \u7aef\u53e3 9790 \u53ef\u8bbf\u95ee<\/p>\n # \u68c0\u67e5\u4e3b\u673a\u68c0\u67e5\u72b6\u6001<\/p>\n sudo pritunl-link status<\/p>\n \u81ea\u52a8\u914d\u7f6e iptables \u4ec5\u5141\u8bb8\u5176\u4ed6 Link \u4e3b\u673a\u8bbf\u95ee IPsec \u7aef\u53e3\uff1a<\/p>\n # \u542f\u7528\u81ea\u52a8\u9632\u706b\u5899<\/p>\n sudo pritunl-link firewall-on<\/p>\n # \u5916\u90e8\u9632\u706b\u5899\u4ecd\u9700\u5f00\u653e UDP 500\/4500<\/p>\n # \u4f46 iptables \u4f1a\u8fdb\u4e00\u6b65\u9650\u5236\u6e90 IP<\/p>\n \u9ed8\u8ba4\u4e0d\u81ea\u52a8\u79fb\u9664\u8def\u7531\uff0c\u53ef\u624b\u52a8\u542f\u7528\uff1a<\/p>\n # \u542f\u7528\u81ea\u52a8\u8def\u7531\u79fb\u9664<\/p>\n sudo pritunl-link remove-routes-on<\/p>\n \u5728 Web \u63a7\u5236\u53f0\u8bbe\u7f6e\u4e3b\u673a\u4f18\u5148\u7ea7\uff1a<\/p>\n \u914d\u7f6e\u6545\u969c\u8f6c\u79fb\u8d85\u65f6\uff1a<\/p>\n |——|——|——–|———-|<\/p>\n \u652f\u6301 Mellanox ConnectX-6 DX \u7b49\u7f51\u5361\u7684\u786c\u4ef6\u5378\u8f7d\uff1a<\/p>\n # \u68c0\u67e5\u8def\u5f84 MTU<\/p>\n ping -M do -s 1400 <\/p>\n # \u8c03\u6574 Link MTU\uff08\u5982\u9700\u8981\uff09<\/p>\n sudo pritunl-link set-mtu 1400<\/p>\n \u68c0\u67e5<\/strong>\uff1a<\/p>\n \u8bca\u65ad<\/strong>\uff1a<\/p>\n sudo systemctl status pritunl-link<\/p>\n sudo journalctl -u pritunl-link -f<\/p>\n \u68c0\u67e5<\/strong>\uff1a<\/p>\n \u68c0\u67e5<\/strong>\uff1a<\/p>\n \u8bca\u65ad<\/strong>\uff1a<\/p>\n # \u68c0\u67e5\u8def\u7531<\/p>\n ip route show<\/p>\n # \u68c0\u67e5 IPsec \u72b6\u6001<\/p>\n sudo ipsec status<\/p>\n # \u68c0\u67e5\u8fde\u63a5<\/p>\n sudo ipsec statusall<\/p>\n \u68c0\u67e5<\/strong>\uff1a<\/p>\n\n
\u4e3a\u4ec0\u4e48\u9700\u8981\u7ad9\u70b9\u5230\u7ad9\u70b9\u4e92\u8054\uff1f<\/h2>\n
\n
Pritunl Link \u67b6\u6784<\/h2>\n
\u6838\u5fc3\u7ec4\u4ef6<\/h3>\n
\n
\n
\u5de5\u4f5c\u539f\u7406<\/h3>\n
\n
\u5173\u952e\u7279\u6027<\/h3>\n
\n
\u914d\u7f6e\u524d\u51c6\u5907<\/h2>\n
1. \u5b89\u88c5 Pritunl Link \u5ba2\u6237\u7aef<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n`<\/code>bash<\/p>\n`<\/code><\/p>\n2. \u521b\u5efa Link \u914d\u7f6e<\/h3>\n
\n
3. \u6dfb\u52a0 Host<\/h3>\n
\n
4. \u63a8\u8350\u52a0\u5bc6\u7b97\u6cd5<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\nAWS \u7ad9\u70b9\u5230\u7ad9\u70b9\u914d\u7f6e<\/h2>\n
\u573a\u666f\u793a\u4f8b<\/h3>\n
\n
10.0.0.0\/16<\/code>\uff08us-east-1\uff09<\/li>\n10.1.0.0\/16<\/code>\uff08us-west-2\uff09<\/li>\n<\/ul>\n\u6b65\u9aa4 1\uff1a\u521b\u5efa IAM \u89d2\u8272<\/h3>\n
`<\/code>json<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 2\uff1a\u521b\u5efa\u5b89\u5168\u7ec4<\/h3>\n
\n
\u6b65\u9aa4 3\uff1a\u542f\u52a8 Link \u5ba2\u6237\u7aef\u5b9e\u4f8b<\/h3>\n
\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 4\uff1a\u9a8c\u8bc1\u8fde\u63a5<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 5\uff1a\u6d4b\u8bd5\u8fde\u901a\u6027<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\nAzure \u7ad9\u70b9\u5230\u7ad9\u70b9\u914d\u7f6e<\/h2>\n
\u573a\u666f\u793a\u4f8b<\/h3>\n
\n
10.0.0.0\/16<\/code>\uff08East US\uff09<\/li>\n10.1.0.0\/16<\/code>\uff08us-west-2\uff09<\/li>\n<\/ul>\n\u6b65\u9aa4 1\uff1a\u521b\u5efa Azure \u865a\u62df\u673a<\/h3>\n
\n
\u6b65\u9aa4 2\uff1a\u914d\u7f6e\u7f51\u7edc\u5b89\u5168\u7ec4<\/h3>\n
\n
\u6b65\u9aa4 3\uff1a\u542f\u7528 IP \u8f6c\u53d1<\/h3>\n
\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 4\uff1a\u914d\u7f6e\u8def\u7531\u8868<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 5\uff1a\u5b89\u88c5\u5e76\u914d\u7f6e Link<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\nGoogle Cloud \u7ad9\u70b9\u5230\u7ad9\u70b9\u914d\u7f6e<\/h2>\n
\u573a\u666f\u793a\u4f8b<\/h3>\n
\n
10.0.0.0\/16<\/code>\uff08us-central1\uff09<\/li>\n10.1.0.0\/16<\/code>\uff08us-west-2\uff09<\/li>\n<\/ul>\n\u6b65\u9aa4 1\uff1a\u521b\u5efa\u9632\u706b\u5899\u89c4\u5219<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 2\uff1a\u521b\u5efa\u5b9e\u4f8b\u5e76\u542f\u7528 IP \u8f6c\u53d1<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 3\uff1a\u914d\u7f6e\u8def\u7531<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 4\uff1a\u5b89\u88c5\u5e76\u914d\u7f6e Link<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\nOracle Cloud \u7ad9\u70b9\u5230\u7ad9\u70b9\u914d\u7f6e<\/h2>\n
\u573a\u666f\u793a\u4f8b<\/h3>\n
\n
10.0.0.0\/16<\/code>\uff08us-phoenix-1\uff09<\/li>\n10.1.0.0\/16<\/code>\uff08us-west-2\uff09<\/li>\n<\/ul>\n\u6b65\u9aa4 1\uff1a\u914d\u7f6e\u5b89\u5168\u5217\u8868<\/h3>\n
\n
\n
0.0.0.0\/0<\/code><\/li>\n0.0.0.0\/0<\/code><\/li>\n<\/ul>\n\u6b65\u9aa4 2\uff1a\u521b\u5efa\u5b9e\u4f8b<\/h3>\n
\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 3\uff1a\u914d\u7f6e\u8def\u7531<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6b65\u9aa4 4\uff1a\u5b89\u88c5\u5e76\u914d\u7f6e Link<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\nUbiquiti EdgeRouter \u914d\u7f6e<\/h2>\n
\u9002\u7528\u573a\u666f<\/h3>\n
\u914d\u7f6e\u6b65\u9aa4<\/h3>\n
\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u9ad8\u7ea7\u914d\u7f6e<\/h2>\n
\u4e3b\u673a\u68c0\u67e5<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u81ea\u52a8\u9632\u706b\u5899<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u8def\u7531\u79fb\u9664<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u4e3b\u673a\u4f18\u5148\u7ea7<\/h3>\n
\n
\u4e3b\u673a\u8d85\u65f6<\/h3>\n
\n
\u6027\u80fd\u4f18\u5316<\/h2>\n
\u52a0\u5bc6\u7b97\u6cd5\u9009\u62e9<\/h3>\n
\n
\n \u7b97\u6cd5<\/th>\n \u6027\u80fd<\/th>\n \u5b89\u5168\u6027<\/th>\n \u63a8\u8350\u573a\u666f<\/th>\n<\/tr>\n<\/table>\n \n
\n AES-128-GCM<\/th>\n \u2b50\u2b50\u2b50\u2b50\u2b50<\/th>\n \u2b50\u2b50\u2b50\u2b50<\/th>\n \u9ed8\u8ba4\u63a8\u8350<\/th>\n<\/tr>\n \n AES-256-GCM<\/td>\n \u2b50\u2b50\u2b50\u2b50<\/td>\n \u2b50\u2b50\u2b50\u2b50\u2b50<\/td>\n \u9ad8\u5b89\u5168\u9700\u6c42<\/td>\n<\/tr>\n \n ChaCha20<\/td>\n \u2b50\u2b50\u2b50\u2b50<\/td>\n \u2b50\u2b50\u2b50\u2b50<\/td>\n \u65e0 AES \u786c\u4ef6<\/td>\n<\/tr>\n<\/table>\n \u786c\u4ef6\u52a0\u901f<\/h3>\n
\n
MTU \u4f18\u5316<\/h3>\n
`<\/code>bash<\/p>\n`<\/code><\/p>\n\u6545\u969c\u6392\u9664<\/h2>\n
Q1: Link \u72b6\u6001\u663e\u793a\u79bb\u7ebf<\/h3>\n
\n
`<\/code>bash<\/p>\n`<\/code><\/p>\nQ2: \u8def\u7531\u672a\u81ea\u52a8\u66f4\u65b0<\/h3>\n
\n
Q3: \u7f51\u7edc\u4e0d\u901a<\/h3>\n
\n
`<\/code>bash<\/p>\n`<\/code><\/p>\nQ4: \u6545\u969c\u8f6c\u79fb\u4e0d\u5de5\u4f5c<\/h3>\n
\n
\u6700\u4f73\u5b9e\u8df5<\/h2>\n
1. \u9ad8\u53ef\u7528\u8bbe\u8ba1<\/h3>\n
\n