diff --git a/README-zh.md b/README-zh.md index dc7d059..928d832 100644 --- a/README-zh.md +++ b/README-zh.md @@ -58,7 +58,7 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh ## 系统要求 一个新创建的 Amazon EC2 实例,使用这些映像 (AMIs): -- Ubuntu 16.04 (Xenial) or 14.04 (Trusty) +- Ubuntu 16.04 (Xenial) or 14.04 (Trusty)[*](#ubuntu-1804-note) - Debian 9 (Stretch) or 8 (Jessie) - CentOS 7 (x86_64) with Updates - CentOS 6 (x86_64) with Updates @@ -77,7 +77,8 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh 高级用户可以在 $35 Raspberry Pi 3 上搭建 VPN 服务器。 -**注:** 目前脚本还不支持 Ubuntu 18.04,因为一个 xl2tpd 与 Linux 4.15 内核兼容性的 问题。 + +\***注:** 目前脚本还不支持 Ubuntu 18.04,因为一个 xl2tpd 与 Linux 内核 4.15 兼容性的 问题。 :warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上! diff --git a/README.md b/README.md index e653e3e..f8c0d46 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ For other installation options and how to set up VPN clients, read the sections ## Requirements A newly created Amazon EC2 instance, from these images (AMIs): -- Ubuntu 16.04 (Xenial) or 14.04 (Trusty) +- Ubuntu 16.04 (Xenial) or 14.04 (Trusty)[*](#ubuntu-1804-note) - Debian 9 (Stretch) or 8 (Jessie) - CentOS 7 (x86_64) with Updates - CentOS 6 (x86_64) with Updates @@ -77,7 +77,8 @@ This also includes Linux VMs in public clouds, such as Raspberry Pi 3. -**Note:** Ubuntu 18.04 is not yet supported due to an xl2tpd issue with Linux 4.15 kernels. + +\***Note:** Ubuntu 18.04 is not yet supported due to an xl2tpd issue with Linux kernel 4.15. :warning: **DO NOT** run these scripts on your PC or Mac! They should only be used on a server! diff --git a/docs/clients-zh.md b/docs/clients-zh.md index 3850a22..3b75b82 100644 --- a/docs/clients-zh.md +++ b/docs/clients-zh.md @@ -406,14 +406,14 @@ REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v ProhibitIpSe 如果你无法使用 Android 6 或以上版本连接: 1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在,请启用它并重试连接。如果不存在,请尝试下一步。 -1. (适用于 Android 7.1.2 及以上版本) 编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `ike=` 和 `phase2alg=` 两行的末尾添加 `,aes256-sha2_512` 字样。保存修改并运行 `service ipsec restart`。(参见) 注:最新版本的 VPN 脚本已经包含这个更改。 -1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`,开头必须空两格。保存修改并运行 `service ipsec restart`。(参见) +1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=no` 并将它替换为 `sha2-truncbug=yes`。保存修改并运行 `service ipsec restart`。(参见) 如果仍然无法连接,请尝试下一步。 +1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `ike=` 和 `phase2alg=` 两行的末尾添加 `,aes256-sha2_512` 字样。保存修改并运行 `service ipsec restart`。(参见) ![Android VPN workaround](images/vpn-profile-Android.png) ### Chromebook -Chromebook 用户: 如果你无法连接,请尝试 这个解决方案。或者你也可以尝试编辑 VPN 服务器上的 `/etc/ipsec.conf`,找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。 +Chromebook 用户: 如果你无法连接,请尝试 这个解决方案。 ### 其它错误 diff --git a/docs/clients.md b/docs/clients.md index 42fcfd1..b368cda 100644 --- a/docs/clients.md +++ b/docs/clients.md @@ -405,14 +405,14 @@ To fix this error, please follow these steps: If you are unable to connect using Android 6 or above: 1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists, enable it and reconnect the VPN. If not, try the next step. -1. (For Android 7.1.2 and newer) Edit `/etc/ipsec.conf` on the VPN server. Append `,aes256-sha2_512` to the end of both `ike=` and `phase2alg=` lines. Save the file and run `service ipsec restart`. (Ref) Note that the latest version of VPN scripts already includes this change. -1. Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`, indented with two spaces. Save the file and run `service ipsec restart`. (Ref) +1. Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=no` and replace it with `sha2-truncbug=yes`. Save the file and run `service ipsec restart`. (Ref) If still unable to connect, try the next step. +1. Edit `/etc/ipsec.conf` on the VPN server. Append `,aes256-sha2_512` to the end of both `ike=` and `phase2alg=` lines. Save the file and run `service ipsec restart`. (Ref) ![Android VPN workaround](images/vpn-profile-Android.png) ### Chromebook -Chromebook users: If you are unable to connect, try this workaround. Alternatively, edit `/etc/ipsec.conf` on the VPN server, find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`. Save the file and run `service ipsec restart`. +Chromebook users: If you are unable to connect, try this workaround. ### Other errors diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 7d5e92c..9ca4310 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -55,8 +55,8 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来 ikev2=insist rekey=no fragmentation=yes - ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512 - phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512 + ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024 + phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2 EOF ``` diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 6d6a173..2d9dd21 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -55,8 +55,8 @@ Before continuing, make sure you have successfully