1
0
mirror of synced 2024-11-22 04:56:03 +03:00

Update README.md

This commit is contained in:
hwdsl2 2016-05-16 13:56:48 -05:00
parent ff8dd58749
commit 1190f608d4
2 changed files with 12 additions and 10 deletions

View File

@ -24,6 +24,7 @@
## 功能特性 ## 功能特性
- :tada: **新特性:**`IPsec/L2TP` 的基础上[新增](#下一步)对 `IPsec/XAUTH` 的支持
- 全自动的 IPsec/L2TP VPN 服务器配置,无需用户输入 - 全自动的 IPsec/L2TP VPN 服务器配置,无需用户输入
- 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持 - 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持
- 可直接作为 Amazon EC2 实例创建时的用户数据使用 - 可直接作为 Amazon EC2 实例创建时的用户数据使用
@ -93,6 +94,8 @@ sudo sh vpnsetup_centos.sh
配置你的计算机或其它设备使用 VPN 。请参见: <a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a> 配置你的计算机或其它设备使用 VPN 。请参见: <a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
**新特性:** 在 `IPsec/L2TP` 的基础上,现在新增对 `IPsec/XAUTH` 的支持!它能够更快和更高效地传输数据。该模式在 Android 上被称为 `Xauth PSK`,在 iOS/OSX 上被称为 `(Cisco) IPSec`。Windows 用户可以使用免费的 <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft 客户端</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles: 开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
## 重要提示 ## 重要提示
@ -101,13 +104,11 @@ sudo sh vpnsetup_centos.sh
**Android 6 (Marshmallow) 用户**: 请编辑 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 。另外<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">增加一行</a> `sha2-truncbug=yes` 。每行开头必须空两格。保存修改并运行 `service ipsec restart` **Android 6 (Marshmallow) 用户**: 请编辑 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 。另外<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">增加一行</a> `sha2-truncbug=yes` 。每行开头必须空两格。保存修改并运行 `service ipsec restart`
**iPhone/iPad 用户**: 在 iOS 的设置菜单请选择 `L2TP` (而不是 `IPSec`) 作为 VPN 类型 如果要为 `IPsec/L2TP` 创建具有不同凭据的多个 VPN 用户,只需要<a href="docs/enable-multiple-users.txt" target="_blank">修改这几行的脚本</a>
如果要创建具有不同凭据的多个 VPN 用户,只需要<a href="docs/enable-multiple-users.txt" target="_blank">修改这几行的脚本</a> 在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。此设置可通过编辑文件 `options.xl2tpd``ipsec.conf` 来更改
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。此设置可在 `options.xl2tpd` 文件的 `ms-dns` 项更改。 如果服务器配置了自定义 SSH 端口(不是 22或其他服务请在运行脚本前编辑 <a href="vpnsetup.sh#L323" target="_blank">IPTables 防火墙规则</a>
如果服务器配置了自定义 SSH 端口(不是 22或其他服务请在运行脚本前编辑 <a href="vpnsetup.sh#L298" target="_blank">IPTables 防火墙规则</a>
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。 这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。

View File

@ -24,6 +24,7 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
## Features ## Features
- :tada: **NEW:** `IPsec/XAUTH` is [now supported](#next-steps) in addition to `IPsec/L2TP`
- Fully automated IPsec/L2TP VPN server setup, no user input needed - Fully automated IPsec/L2TP VPN server setup, no user input needed
- Encapsulates all VPN traffic in UDP - does not need ESP protocol - Encapsulates all VPN traffic in UDP - does not need ESP protocol
- Can be directly used as "user-data" for a new Amazon EC2 instance - Can be directly used as "user-data" for a new Amazon EC2 instance
@ -93,6 +94,8 @@ If unable to download via `wget`, you may alternatively open <a href="vpnsetup.s
Get your computer or device to use the VPN. Please see: <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>. Get your computer or device to use the VPN. Please see: <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
**NEW:** `IPsec/XAUTH` is now supported in addition to `IPsec/L2TP`! This new mode is faster with less overhead. On Android, this mode is called `Xauth PSK`. On iOS/OSX it is called `(Cisco) IPSec`. Windows users can use the free <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft client</a>.
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important Notes ## Important Notes
@ -101,13 +104,11 @@ For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_V
**Android 6 (Marshmallow) users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=`. Then <a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">add a new line</a> `sha2-truncbug=yes`. Indent lines with two spaces. Finally, run `service ipsec restart`. **Android 6 (Marshmallow) users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=`. Then <a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">add a new line</a> `sha2-truncbug=yes`. Indent lines with two spaces. Finally, run `service ipsec restart`.
**iPhone/iPad users**: In iOS settings, choose `L2TP` (instead of `IPSec`) as the VPN type. To create multiple VPN users with different credentials for `IPsec/L2TP`, just <a href="docs/enable-multiple-users.txt" target="_blank">edit a few lines</a> in the scripts.
To enable multiple VPN users with different credentials, just <a href="docs/enable-multiple-users.txt" target="_blank">edit a few lines</a> in the scripts. Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. To change, edit `options.xl2tpd` and `ipsec.conf`.
Clients are configured to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. To change, set `ms-dns` in `options.xl2tpd`. For servers with a custom SSH port (not 22) or other services, edit the <a href="vpnsetup.sh#L323" target="_blank">IPTables rules</a> before using.
For servers with a custom SSH port (not 22) or other services, edit the <a href="vpnsetup.sh#L298" target="_blank">IPTables rules</a> before using.
The scripts will backup existing config files before making changes, with `.old-date-time` suffix. The scripts will backup existing config files before making changes, with `.old-date-time` suffix.