mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-23 21:36:09 +03:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: mirror:92a68aa4f5165ce16c20d85686c4a759de69ff11
Branches Tags
mirror:master
...
compare: mirror:1fb560c226e8d617e65927e9a110d5143da8b963
Branches Tags
mirror:master

2 Commits
92a68aa4f5 ... 1fb560c226

Author SHA1 Message Date
hwdsl2
1fb560c226 Update docs 
- Ref: #1191
 2022-07-03 01:47:22 -05:00
hwdsl2
2aa313593d Update docs 2022-07-03 01:22:30 -05:00
10 changed files with 70 additions and 45 deletions
Show Stats Expand all files Collapse all files

8
README-zh.md
View File

@ -186,6 +186,10 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
*其他语言版本: [English](README.md#next-steps), [中文](README-zh.md#下一步)。*
> 如果你喜欢这个项目,可以表达你的支持或感谢。
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="docs/images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="docs/images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
配置你的计算机或其它设备使用 VPN。请参见
**[配置 IKEv2 VPN 客户端(推荐)](docs/ikev2-howto-zh.md)**
@ -196,10 +200,6 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
开始使用自己的专属 VPN! :sparkles::tada::rocket::sparkles:
如果你喜欢这个项目,可以表达你的支持或感谢。
<a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" src="docs/images/kofi1.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="docs/images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## 重要提示
**Windows 用户** 对于 IPsec/L2TP 模式,在首次连接之前需要 [修改注册表](docs/clients-zh.md#windows-错误-809),以解决 VPN 服务器或客户端与 NAT比如家用路由器的兼容问题。

8
README.md
View File

@ -186,6 +186,10 @@ If you are unable to download, open [vpnsetup.sh](vpnsetup.sh), then click the `
*Read this in other languages: [English](README.md#next-steps), [中文](README-zh.md#下一步).*
> Like this project? You can show your support or appreciation.
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="docs/images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="docs/images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
Get your computer or device to use the VPN. Please refer to:
**[Configure IKEv2 VPN Clients (recommended)](docs/ikev2-howto.md)**
@ -196,10 +200,6 @@ Get your computer or device to use the VPN. Please refer to:
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
Like this project? You can show your support or appreciation.
<a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" src="docs/images/kofi1.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="docs/images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Important notes
**Windows users**: For IPsec/L2TP mode, a [one-time registry change](docs/clients.md#windows-error-809) is required if the VPN server or client is behind NAT (e.g. home router).

4
docs/clients-xauth-zh.md
View File

@ -16,7 +16,9 @@ IPsec/XAuth 模式也称为 "Cisco IPsec"。该模式通常能够比 IPsec/L2TP
* [iOS (iPhone/iPad)](#ios)
* [Linux](#linux)
如果你喜欢这个项目,可以[表达你的支持或感谢](https://coindrop.to/hwdsl2)。
> 如果你喜欢这个项目,可以表达你的支持或感谢。
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Windows

4
docs/clients-xauth.md
View File

@ -16,7 +16,9 @@ IPsec/XAuth mode is also called "Cisco IPsec". This mode is generally **faster t
* [iOS (iPhone/iPad)](#ios)
* [Linux](#linux)
Like this project? You can [show your support or appreciation](https://coindrop.to/hwdsl2).
> Like this project? You can show your support or appreciation.
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Windows

4
docs/clients-zh.md
View File

@ -16,7 +16,9 @@
* [Linux](#linux)
* [故障排除](#故障排除)
如果你喜欢这个项目,可以[表达你的支持或感谢](https://coindrop.to/hwdsl2)。
> 如果你喜欢这个项目,可以表达你的支持或感谢。
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Windows

4
docs/clients.md
View File

@ -16,7 +16,9 @@ After [setting up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn
* [Linux](#linux)
* [Troubleshooting](#troubleshooting)
Like this project? You can [show your support or appreciation](https://coindrop.to/hwdsl2).
> Like this project? You can show your support or appreciation.
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Windows

53
docs/ikev2-howto-zh.md
View File

@ -35,7 +35,9 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
* [Linux](#linux)
* [Mikrotik RouterOS](#routeros)
如果你喜欢这个项目,可以[表达你的支持或感谢](https://coindrop.to/hwdsl2)。
> 如果你喜欢这个项目,可以表达你的支持或感谢。
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
### Windows 7, 8, 10 和 11
@ -364,7 +366,7 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
### RouterOS
**注:** 这些步骤由 [@Unix-User](https://github.com/Unix-User) 提供。
**注:** 这些步骤由 [@Unix-User](https://github.com/Unix-User) 提供。建议通过 SSH 连接运行终端命令,例如通过 Putty。
1. 将生成的 `.p12` 文件安全地传送到你的计算机。
@ -386,6 +388,29 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
![routeros import certificate](images/routeros-import-cert.gif)
</details>
或者,你也可以使用终端命令 (empty passphrase):
```bash
[admin@MikroTik] > /certificate/import file-name=mikrotik.p12
passphrase:
certificates-imported: 2
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
[admin@MikroTik] > /certificate/import file-name=mikrotik.p12
passphrase:
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
```
3. 在 terminal 中运行以下命令。将以下内容替换为你自己的值。
`YOUR_VPN_SERVER_IP_OR_DNS_NAME` 是你的 VPN 服务器 IP 或域名。
`IMPORTED_CERTIFICATE` 是上面第 2 步中的证书名称,例如 `vpnclient.p12_0`
@ -395,23 +420,15 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
来指定整个网络,或者使用 `192.168.0.10` 来指定仅用于一个设备,依此类推。
```bash
/ip firewall address-list
add address=THESE_ADDRESSES_GO_THROUGH_VPN list=local
/ip ipsec mode-config
add name=ike2-rw responder=no src-address-list=local
/ip ipsec policy group
add name=ike2-rw
/ip ipsec profile
add name=ike2-rw
/ip ipsec peer
add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
/ip ipsec proposal
add name=ike2-rw pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \
/ip firewall address-list add address=THESE_ADDRESSES_GO_THROUGH_VPN list=local
/ip ipsec mode-config add name=ike2-rw responder=no src-address-list=local
/ip ipsec policy group add name=ike2-rw
/ip ipsec profile add name=ike2-rw
/ip ipsec peer add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
/ip ipsec proposal add name=ike2-rw pfs-group=none
/ip ipsec identity add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \
peer=ike2-rw-client policy-template-group=ike2-rw
/ip ipsec policy
add group=ike2-rw proposal=ike2-rw template=yes
/ip ipsec policy add group=ike2-rw proposal=ike2-rw template=yes
```
4. 更多信息请参见 [#1112](https://github.com/hwdsl2/setup-ipsec-vpn/issues/1112#issuecomment-1059628623)。

30
docs/ikev2-howto.md
View File

@ -35,7 +35,9 @@ By default, IKEv2 is automatically set up when running the VPN setup script. If
* [Linux](#linux)
* [Mikrotik RouterOS](#routeros)
Like this project? You can [show your support or appreciation](https://coindrop.to/hwdsl2).
> Like this project? You can show your support or appreciation.
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
### Windows 7, 8, 10 and 11
@ -366,9 +368,7 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti
### RouterOS
**Note:** These steps were contributed by [@Unix-User](https://github.com/Unix-User).
It is recommended to use terminal command via SSH connection, eg via Putty.
**Note:** These steps were contributed by [@Unix-User](https://github.com/Unix-User). It is recommended to run terminal commands via an SSH connection, e.g. via Putty.
1. Securely transfer the generated `.p12` file to your computer.
@ -382,11 +382,20 @@ It is recommended to use terminal command via SSH connection, eg via Putty.
2. In WinBox, go to System > certificates > import. Import the `.p12` certificate file twice (yes, import the same file two times!). Verify in your certificates panel. You will see 2 files, the one that is marked KT is the key.
<details>
<summary>
Click to see screencast.
</summary>
![routeros import certificate](images/routeros-import-cert.gif)
</details>
Or you can use terminal instead (empty passphrase):
```bash
[admin@MikroTik] > /certificate/import file-name=mikrotik.p12
passphrase:
certificates-imported: 2
private-keys-imported: 0
files-imported: 1
@ -395,7 +404,7 @@ It is recommended to use terminal command via SSH connection, eg via Putty.
[admin@MikroTik] > /certificate/import file-name=mikrotik.p12
passphrase:
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
@ -403,15 +412,6 @@ It is recommended to use terminal command via SSH connection, eg via Putty.
keys-with-no-certificate: 0
```
<details>
<summary>
Click to see screencast.
</summary>
![routeros import certificate](images/routeros-import-cert.gif)
</details>
3. Run these commands in terminal. Replace the following with your own values.
`YOUR_VPN_SERVER_IP_OR_DNS_NAME` is your VPN server IP or DNS name.

BIN
docs/images/kofi1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.2 KiB

BIN
docs/images/kofi2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB