diff --git a/README-zh.md b/README-zh.md index 097f848..73b483e 100644 --- a/README-zh.md +++ b/README-zh.md @@ -345,7 +345,7 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnupgrade.sh 如果无法下载,打开 [vpnupgrade.sh](extras/vpnupgrade.sh),然后点击右边的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。 -当前支持的 Libreswan 最新版本是 `4.15`。查看已安装版本:`ipsec --version`。 +当前支持的 Libreswan 最新版本是 `5.0`。查看已安装版本:`ipsec --version`。 **注:** `xl2tpd` 可以使用系统的软件包管理器进行更新,例如 Ubuntu/Debian 上的 `apt-get`。 diff --git a/README.md b/README.md index 337a30b..08991ef 100644 --- a/README.md +++ b/README.md @@ -345,7 +345,7 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnupgrade.sh If you are unable to download, open [vpnupgrade.sh](extras/vpnupgrade.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor. -The latest supported Libreswan version is `4.15`. Check installed version: `ipsec --version`. +The latest supported Libreswan version is `5.0`. Check installed version: `ipsec --version`. **Note:** `xl2tpd` can be updated using your system's package manager, such as `apt-get` on Ubuntu/Debian. diff --git a/docs/advanced-usage-zh.md b/docs/advanced-usage-zh.md index 100d986..8d2f387 100644 --- a/docs/advanced-usage-zh.md +++ b/docs/advanced-usage-zh.md @@ -65,7 +65,7 @@ sudo bash ikev2only.sh 另外,你也可以手动启用仅限 IKEv2 模式。 -另外,你也可以手动启用仅限 IKEv2 模式。首先使用 `ipsec --version` 命令检查 Libreswan 版本,并 [更新 Libreswan](../README-zh.md#升级libreswan)(如果需要)。然后编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `config setup` 小节的末尾添加 `ikev1-policy=drop`,开头必须空两格。保存文件并运行 `service ipsec restart`。在完成后,你可以使用 `ipsec status` 命令来验证仅启用了 `ikev2-cp` 连接。 +另外,你也可以手动启用仅限 IKEv2 模式。首先使用 `ipsec --version` 命令检查 Libreswan 版本,并 [更新 Libreswan](../README-zh.md#升级libreswan)(如果需要)。然后编辑 VPN 服务器上的 `/etc/ipsec.conf`。将 `ikev1-policy=accept` 替换为 `ikev1-policy=drop`。如果该行不存在,则在 `config setup` 小节的末尾添加 `ikev1-policy=drop`,开头必须空两格。保存文件并运行 `service ipsec restart`。在完成后,你可以使用 `ipsec status` 命令来验证仅启用了 `ikev2-cp` 连接。 ## VPN 内网 IP 和流量 diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 1dbb8eb..99a818b 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -65,7 +65,7 @@ To disable IKEv2-only mode, run the helper script again and select the appropria Alternatively, you may manually enable IKEv2-only mode. -Alternatively, you may manually enable IKEv2-only mode. First check Libreswan version using `ipsec --version`, and [update Libreswan](../README.md#upgrade-libreswan) if needed. Then edit `/etc/ipsec.conf` on the VPN server. Append `ikev1-policy=drop` to the end of the `config setup` section, indented by two spaces. Save the file and run `service ipsec restart`. When finished, you can run `ipsec status` to verify that only the `ikev2-cp` connection is enabled. +Alternatively, you may manually enable IKEv2-only mode. First check Libreswan version using `ipsec --version`, and [update Libreswan](../README.md#upgrade-libreswan) if needed. Then edit `/etc/ipsec.conf` on the VPN server. Replace `ikev1-policy=accept` with `ikev1-policy=drop`. If the line does not exist, append `ikev1-policy=drop` to the end of the `config setup` section, indented by two spaces. Save the file and run `service ipsec restart`. When finished, you can run `ipsec status` to verify that only the `ikev2-cp` connection is enabled. ## Internal VPN IPs and traffic