楼主我和你一样的毛病，甚至身高体重都差不多（175 65），吃得再撑，4点多就饿了，不过是一阵一阵的，就是这状态会持续一段时间，然后好一段时间这样。没去检查过，如果你去检查了，请update一下，感谢
~

看到安卓我毫不犹豫给你推荐Nexus 6. 不过鉴于楼主是移动,只能退而求其次换Moto X Pro了,性价比还是可以的.

有多少人知道-- [西交利物浦大学](http://www.xjtlu.edu.cn/)

@subpo 看标题: "首页" 节点

这位考官,有没有想过这位应聘者是墙外学成回来报效祖国的呢?

原谅我读书少,能不能举个浅显易懂的例子告诉我:
"Google 撤销所有产品对 CNNIC 的证书信任",会发生什么事情?

感谢分享!
执行`LD_LIBRARY_PATH=/opt/local/lib ./sbin/ocserv -c etc/config -f -d 1`的时候报错:
`ocserv error 2 (No such file or directory) calling stat for 'etc/config'`
请问这个/etc/config是什么文件/文件夹?里面放什么内容?

目前我安装的是0.9x版本的ocserv,要用上0.10x的话,需要删除之前的版本吗?
如果需要的话怎么操作呢?

请问,目前我安装的是0.9x版本的ocserv,要用上0.10x的话,需要删除之前的版本吗?如果需要的话怎么操作呢?

@chinni 谢谢..我就是按照那个来的..我觉得问题出在iptables规则上,我新手,不太理解,都是照copy..

@chinni 感谢..抱歉又来打扰你,因为实在很想搞定.
能不能把你的配置文件发一份给我研究一下?racoon.conf, psk.txt, 还有对应的iptables的设置?
我的邮箱ghovik#gmail.com
非常感谢!

@RoyLaw 这位大哥你好,打扰了,能不能看一下我最近发的贴,有关racoon建vpn的..我实在是搞不定,如果可以的话求指点,谢谢~~

@chinni 感谢回复!
是的,日志上面显示用户'vpn'登陆成功,可是就是手机端还一直显示正在连接.然后过一会就提示说协议失败..我设置有没有问题?

iptables设置以及端口转发:
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
/sbin/iptables -A INPUT -p udp --dport 500 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 4500 -j ACCEPT
/sbin/iptables -A FORWARD -s 10.100.0.0/24 -j ACCEPT
iptables --table nat --append POSTROUTING -o eth0 --jump MASQUERADE

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

@chinni 感谢!
能不能帮忙看一下log?我实在是有点捉急,搞不定:
`
Foreground mode.
2015-03-26 18:19:48: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
2015-03-26 18:19:48: INFO: @(#)This product linked OpenSSL 1.0.1f 6 Jan 2014 (http://www.openssl.org/)
2015-03-26 18:19:48: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2015-03-26 18:19:48: INFO: Resize address pool from 0 to 100
2015-03-26 18:19:48: INFO: [VPS IP][4500] used for NAT-T
2015-03-26 18:19:48: INFO: [VPS IP][4500] used as isakmp port (fd=7)
2015-03-26 18:19:48: INFO: [VPS IP][500] used for NAT-T
2015-03-26 18:19:48: INFO: [VPS IP][500] used as isakmp port (fd=8)
2015-03-26 18:19:58: INFO: respond new phase 1 negotiation: [VPS IP][500]<=>[家里的 IP][9950]
2015-03-26 18:19:58: INFO: begin Aggressive mode.
2015-03-26 18:19:58: INFO: received broken Microsoft ID: FRAGMENTATION
2015-03-26 18:19:58: INFO: received Vendor ID: RFC 3947
2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2015-03-26 18:19:58: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
2015-03-26 18:19:58: INFO: received Vendor ID: CISCO-UNITY
2015-03-26 18:19:58: INFO: received Vendor ID: DPD
2015-03-26 18:19:58: [[家里的 IP]] INFO: Selected NAT-T version: RFC 3947
2015-03-26 18:19:58: INFO: Adding remote and local NAT-D payloads.
2015-03-26 18:19:58: [[家里的 IP]] INFO: Hashing [家里的 IP][9950] with algo #2 (NAT-T forced)
2015-03-26 18:19:58: [[VPS IP]] INFO: Hashing [VPS IP][500] with algo #2 (NAT-T forced)
2015-03-26 18:19:58: INFO: Adding xauth VID payload.
2015-03-26 18:19:58: INFO: NAT-T: ports changed to: [家里的 IP][31334]<->[VPS IP][4500]
2015-03-26 18:19:58: INFO: NAT-D payload #0 doesn't match
2015-03-26 18:19:58: INFO: NAT-D payload #1 doesn't match
2015-03-26 18:19:58: [[家里的 IP]] ERROR: notification INITIAL-CONTACT received in aggressive exchange.
2015-03-26 18:19:58: INFO: NAT detected: ME PEER
2015-03-26 18:19:58: INFO: Sending Xauth request
2015-03-26 18:19:58: INFO: ISAKMP-SA established [VPS IP][4500]-[家里的 IP][31334] spi:2214689180cd369e:af93ce0f86f5d50e
2015-03-26 18:19:58: INFO: Using port 0
2015-03-26 18:19:58: INFO: login succeeded for user "vpn"

大概过了不到半分钟,iPhone上面显示: 与VPN服务器协议失败

然后又过了一小段时间,出现下面的信息:

2015-03-26 18:20:53: [[家里的 IP]] INFO: DPD: remote (ISAKMP-SA spi=2214689180cd369e:af93ce0f86f5d50e) seems to be dead.
2015-03-26 18:20:53: INFO: purging ISAKMP-SA spi=2214689180cd369e:af93ce0f86f5d50e.
2015-03-26 18:20:53: INFO: purged ISAKMP-SA spi=2214689180cd369e:af93ce0f86f5d50e.
2015-03-26 18:20:53: INFO: ISAKMP-SA deleted [VPS IP][4500]-[家里的 IP][31334] spi:2214689180cd369e:af93ce0f86f5d50e
2015-03-26 18:20:53: INFO: Released port 0
`
贴一下我的配置.
/etc/racoon/racoon.conf
`
log info;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
listen {
isakmp 服务器IP地址 [500];
isakmp_natt 服务器IP地址 [4500];
}

remote anonymous {
exchange_mode main,aggressive;
mode_cfg on;
proposal_check claim; #替换掉客户端的比如lifetime的配置。
nat_traversal force;
generate_policy unique;
ike_frag on;
passive off;
dpd_delay 30;

proposal {
lifetime time 12 hour; ## 设置一个比较长的时间，避免OSX每小时断一次
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group modp1024;
}
}

sainfo anonymous {
encryption_algorithm aes, 3des, blowfish;
authentication_algorithm hmac_sha1, hmac_md5;
pfs_group 2;
lifetime time 100 hour;
compression_algorithm deflate;
}

mode_cfg {
auth_source system;
dns4 8.8.4.4,8.8.8.8;
save_passwd on;
banner "/etc/racoon/motd";
network4 10.100.0.10;
netmask4 255.255.255.0;
pool_size 100;
pfs_group 2;
}
`
/etc/racoon/psk.txt:
`
group group_password
`

非常感谢!

@chinni 感谢!可惜链接失效了,可否其它方式分享一下?ghovik#gmail