mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-25 22:36:04 +03:00
Code Issues Projects Releases Wiki Activity

Improve Linux instructions

Browse Source 
- Add option "noipdefault" to fix Linux clients behind NAT
- Specify VPN username and password in the config file
- Combine the Ubuntu/Debian and CentOS/Fedora sections
- [ci skip]
This commit is contained in:
hwdsl2 2016-10-25 14:44:45 -05:00
parent 44eb55f9f3
commit 13db1d4a7f
2 changed files with 76 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
docs/clients-zh.md
View File

@ -154,23 +154,30 @@ Windows Phone 8.1 及以上版本用户可以尝试按照 <a href="http://forums
## Linux ## Linux
### Ubuntu & Debian 注: 以下步骤是在 [Peter Sanford 的工作](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c) 基础上修改。这些命令必须在你的 VPN 客户端上使用 `root` 账户运行。
注: 以下步骤是在 [Peter Sanford 的工作](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c) 基础上修改。
这些命令必须在你的 VPN 客户端电脑上使用 `root` 账户运行。
要配置 VPN 客户端,首先安装以下软件包: 要配置 VPN 客户端,首先安装以下软件包:
``` ```
# Ubuntu & Debian
apt-get update apt-get update
apt-get install strongswan xl2tpd apt-get -y install strongswan xl2tpd
# CentOS & RHEL
yum -y install epel-release
yum -y install strongswan xl2tpd
# Fedora
yum -y install strongswan xl2tpd
``` ```
创建 VPN 变量 (替换为你自己的值): 创建 VPN 变量 (替换为你自己的值):
``` ```
VPN_SERVER_IP='YOUR_VPN_SERVER_IP' VPN_SERVER_IP='your_vpn_server_ip'
VPN_IPSEC_PSK='YOUR_IPSEC_PSK' VPN_IPSEC_PSK='your_ipsec_pre_shared_key'
VPN_USERNAME='your_vpn_username'
VPN_PASSWORD='your_vpn_password'
``` ```
配置 strongSwan 配置 strongSwan
@ -214,6 +221,12 @@ cat > /etc/ipsec.secrets <<EOF
EOF EOF
chmod 600 /etc/ipsec.secrets chmod 600 /etc/ipsec.secrets
# For CentOS/RHEL & Fedora ONLY
mv /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.old 2>/dev/null
mv /etc/strongswan/ipsec.secrets /etc/strongswan/ipsec.secrets.old 2>/dev/null
ln -s /etc/ipsec.conf /etc/strongswan/ipsec.conf
ln -s /etc/ipsec.secrets /etc/strongswan/ipsec.secrets
``` ```
配置 xl2tpd 配置 xl2tpd
@ -233,15 +246,19 @@ refuse-eap
require-chap require-chap
noccp noccp
noauth noauth
idle 1800 mtu 1280
mtu 1410 mru 1280
mru 1410 noipdefault
defaultroute defaultroute
usepeerdns usepeerdns
debug debug
lock lock
connect-delay 5000 connect-delay 5000
name $VPN_USERNAME
password $VPN_PASSWORD
EOF EOF
chmod 600 /etc/ppp/options.l2tpd.client
``` ```
至此 VPN 客户端配置已完成。按照下面的步骤进行连接。 至此 VPN 客户端配置已完成。按照下面的步骤进行连接。
@ -260,12 +277,16 @@ service xl2tpd restart
开始 IPsec 连接: 开始 IPsec 连接:
``` ```
# Ubuntu & Debian
ipsec up myvpn ipsec up myvpn
# CentOS/RHEL & Fedora
strongswan up myvpn
``` ```
开始 L2TP 连接 (替换为你自己的 VPN 用户名和密码): 开始 L2TP 连接:
``` ```
echo "c myvpn YOUR_USERNAME YOUR_PASSWORD" > /var/run/xl2tpd/l2tp-control echo "c myvpn" > /var/run/xl2tpd/l2tp-control
``` ```
运行 `ifconfig` 并且检查输出。现在你应该看到一个新的网络接口 `ppp0` 运行 `ifconfig` 并且检查输出。现在你应该看到一个新的网络接口 `ppp0`
@ -307,22 +328,15 @@ route del default dev ppp0
要断开连接: 要断开连接:
``` ```
# Ubuntu & Debian
echo "d myvpn" > /var/run/xl2tpd/l2tp-control echo "d myvpn" > /var/run/xl2tpd/l2tp-control
ipsec down myvpn ipsec down myvpn
# CentOS/RHEL & Fedora
echo "d myvpn" > /var/run/xl2tpd/l2tp-control
strongswan down myvpn
``` ```
### CentOS & Fedora
参照上面的 Ubuntu/Debian 部分,并进行以下改动:
1. 使用 `yum` 而不是 `apt-get` 命令来安装软件包。
1. 将 `ipsec up``ipsec down` 命令分别替换为 `strongswan up``strongswan down`
1. 文件 `ipsec.conf``ipsec.secrets` 应该保存在 `/etc/strongswan` 目录中。
### Other Linux
如果你的系统提供 `strongswan` 软件包,请参见上面的两个部分。
## 故障排除 ## 故障排除
*其他语言版本: [English](clients.md#troubleshooting), [简体中文](clients-zh.md#故障排除).* *其他语言版本: [English](clients.md#troubleshooting), [简体中文](clients-zh.md#故障排除).*

62
docs/clients.md
View File

@ -154,23 +154,30 @@ Users with Windows Phone 8.1 and above, try <a href="http://forums.windowscentra
## Linux ## Linux
### Ubuntu & Debian Note: Instructions below are adapted from [the work of Peter Sanford](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c). Commands must be run as `root` on your VPN client.
Note: Instructions below are adapted from [the work of Peter Sanford](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c).
Commands must be run as `root` on your VPN client computer.
To set up the VPN client, first install the following packages: To set up the VPN client, first install the following packages:
``` ```
# Ubuntu & Debian
apt-get update apt-get update
apt-get install strongswan xl2tpd apt-get -y install strongswan xl2tpd
# CentOS & RHEL
yum -y install epel-release
yum -y install strongswan xl2tpd
# Fedora
yum -y install strongswan xl2tpd
``` ```
Create VPN variables (replace with actual values): Create VPN variables (replace with actual values):
``` ```
VPN_SERVER_IP='YOUR_VPN_SERVER_IP' VPN_SERVER_IP='your_vpn_server_ip'
VPN_IPSEC_PSK='YOUR_IPSEC_PSK' VPN_IPSEC_PSK='your_ipsec_pre_shared_key'
VPN_USERNAME='your_vpn_username'
VPN_PASSWORD='your_vpn_password'
``` ```
Configure strongSwan: Configure strongSwan:
@ -214,6 +221,12 @@ cat > /etc/ipsec.secrets <<EOF
EOF EOF
chmod 600 /etc/ipsec.secrets chmod 600 /etc/ipsec.secrets
# For CentOS/RHEL & Fedora ONLY
mv /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.old 2>/dev/null
mv /etc/strongswan/ipsec.secrets /etc/strongswan/ipsec.secrets.old 2>/dev/null
ln -s /etc/ipsec.conf /etc/strongswan/ipsec.conf
ln -s /etc/ipsec.secrets /etc/strongswan/ipsec.secrets
``` ```
Configure xl2tpd: Configure xl2tpd:
@ -233,15 +246,19 @@ refuse-eap
require-chap require-chap
noccp noccp
noauth noauth
idle 1800 mtu 1280
mtu 1410 mru 1280
mru 1410 noipdefault
defaultroute defaultroute
usepeerdns usepeerdns
debug debug
lock lock
connect-delay 5000 connect-delay 5000
name $VPN_USERNAME
password $VPN_PASSWORD
EOF EOF
chmod 600 /etc/ppp/options.l2tpd.client
``` ```
The VPN client setup is now complete. Follow the steps below to connect. The VPN client setup is now complete. Follow the steps below to connect.
@ -260,12 +277,16 @@ service xl2tpd restart
Start the IPsec connection: Start the IPsec connection:
``` ```
# Ubuntu & Debian
ipsec up myvpn ipsec up myvpn
# CentOS/RHEL & Fedora
strongswan up myvpn
``` ```
Start the L2TP connection (replace with your actual VPN username and password): Start the L2TP connection:
``` ```
echo "c myvpn YOUR_USERNAME YOUR_PASSWORD" > /var/run/xl2tpd/l2tp-control echo "c myvpn" > /var/run/xl2tpd/l2tp-control
``` ```
Run `ifconfig` and check the output. You should now see a new interface `ppp0`. Run `ifconfig` and check the output. You should now see a new interface `ppp0`.
@ -306,22 +327,15 @@ route del default dev ppp0
To disconnect: To disconnect:
``` ```
# Ubuntu & Debian
echo "d myvpn" > /var/run/xl2tpd/l2tp-control echo "d myvpn" > /var/run/xl2tpd/l2tp-control
ipsec down myvpn ipsec down myvpn
# CentOS/RHEL & Fedora
echo "d myvpn" > /var/run/xl2tpd/l2tp-control
strongswan down myvpn
``` ```
### CentOS & Fedora
Refer to the Ubuntu/Debian section above, with these changes:
1. Use `yum` instead of `apt-get` to install packages.
1. Replace `ipsec up` and `ipsec down` with `strongswan up` and `strongswan down`, respectively.
1. The files `ipsec.conf` and `ipsec.secrets` should be saved under `/etc/strongswan`.
### Other Linux
If your system provides the `strongswan` package, refer to the two sections above.
## Troubleshooting ## Troubleshooting
*Read this in other languages: [English](clients.md#troubleshooting), [简体中文](clients-zh.md#故障排除).* *Read this in other languages: [English](clients.md#troubleshooting), [简体中文](clients-zh.md#故障排除).*