1
0
mirror of synced 2024-11-28 23:56:04 +03:00

Update docs

This commit is contained in:
hwdsl2 2018-05-05 19:37:33 -05:00
parent 102ccbc17d
commit 17ca2ee87f
6 changed files with 16 additions and 14 deletions

View File

@ -58,7 +58,7 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
## 系统要求
一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例,使用这些映像 (AMIs):
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>[*](#ubuntu-1804-note)
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 9 (Stretch) or 8 (Jessie)</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
@ -77,7 +77,8 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
高级用户可以在 $35 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">Raspberry Pi 3</a> 上搭建 VPN 服务器。
**注:** 目前脚本还不支持 Ubuntu 18.04,因为一个 xl2tpd 与 Linux 4.15 内核兼容性的 <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">问题</a>
<a name="ubuntu-1804-note"></a>
\***注:** 目前脚本还不支持 Ubuntu 18.04,因为一个 xl2tpd 与 Linux 内核 4.15 兼容性的 <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">问题</a>
:warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上!

View File

@ -58,7 +58,7 @@ For other installation options and how to set up VPN clients, read the sections
## Requirements
A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> instance, from these images (AMIs):
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>[*](#ubuntu-1804-note)
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 9 (Stretch) or 8 (Jessie)</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
@ -77,7 +77,8 @@ This also includes Linux VMs in public clouds, such as <a href="https://blog.ls2
Advanced users can set up the VPN server on a $35 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">Raspberry Pi 3</a>.
**Note:** Ubuntu 18.04 is not yet supported due to an xl2tpd <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">issue</a> with Linux 4.15 kernels.
<a name="ubuntu-1804-note"></a>
\***Note:** Ubuntu 18.04 is not yet supported due to an xl2tpd <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">issue</a> with Linux kernel 4.15.
:warning: **DO NOT** run these scripts on your PC or Mac! They should only be used on a server!

View File

@ -406,14 +406,14 @@ REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v ProhibitIpSe
如果你无法使用 Android 6 或以上版本连接:
1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在,请启用它并重试连接。如果不存在,请尝试下一步。
1. (适用于 Android 7.1.2 及以上版本) 编辑 VPN 服务器上的 `/etc/ipsec.conf``ike=``phase2alg=` 两行的末尾添加 `,aes256-sha2_512` 字样。保存修改并运行 `service ipsec restart`。(<a href="https://github.com/hwdsl2/setup-ipsec-vpn/commit/f58afbc84ba421216ca2615d3e3654902e9a1852" target="_blank">参见</a>) 注:最新版本的 VPN 脚本已经包含这个更改
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`,开头必须空两格。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">参见</a>)
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`找到 `sha2-truncbug=no` 并将它替换为 `sha2-truncbug=yes`。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">参见</a>) 如果仍然无法连接,请尝试下一步
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf``ike=``phase2alg=` 两行的末尾添加 `,aes256-sha2_512` 字样。保存修改并运行 `service ipsec restart`。(<a href="https://github.com/hwdsl2/setup-ipsec-vpn/commit/f58afbc84ba421216ca2615d3e3654902e9a1852" target="_blank">参见</a>)
![Android VPN workaround](images/vpn-profile-Android.png)
### Chromebook
Chromebook 用户: 如果你无法连接,请尝试 <a href="https://bugs.chromium.org/p/chromium/issues/detail?id=707139#c58" target="_blank">这个解决方案</a>或者你也可以尝试编辑 VPN 服务器上的 `/etc/ipsec.conf`,找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`
Chromebook 用户: 如果你无法连接,请尝试 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/265" target="_blank">这个解决方案</a>
### 其它错误

View File

@ -405,14 +405,14 @@ To fix this error, please follow these steps:
If you are unable to connect using Android 6 or above:
1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists, enable it and reconnect the VPN. If not, try the next step.
1. (For Android 7.1.2 and newer) Edit `/etc/ipsec.conf` on the VPN server. Append `,aes256-sha2_512` to the end of both `ike=` and `phase2alg=` lines. Save the file and run `service ipsec restart`. (<a href="https://github.com/hwdsl2/setup-ipsec-vpn/commit/f58afbc84ba421216ca2615d3e3654902e9a1852" target="_blank">Ref</a>) Note that the latest version of VPN scripts already includes this change.
1. Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`, indented with two spaces. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">Ref</a>)
1. Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=no` and replace it with `sha2-truncbug=yes`. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">Ref</a>) If still unable to connect, try the next step.
1. Edit `/etc/ipsec.conf` on the VPN server. Append `,aes256-sha2_512` to the end of both `ike=` and `phase2alg=` lines. Save the file and run `service ipsec restart`. (<a href="https://github.com/hwdsl2/setup-ipsec-vpn/commit/f58afbc84ba421216ca2615d3e3654902e9a1852" target="_blank">Ref</a>)
![Android VPN workaround](images/vpn-profile-Android.png)
### Chromebook
Chromebook users: If you are unable to connect, try <a href="https://bugs.chromium.org/p/chromium/issues/detail?id=707139#c58" target="_blank">this workaround</a>. Alternatively, edit `/etc/ipsec.conf` on the VPN server, find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`. Save the file and run `service ipsec restart`.
Chromebook users: If you are unable to connect, try <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/265" target="_blank">this workaround</a>.
### Other errors

View File

@ -55,8 +55,8 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
ikev2=insist
rekey=no
fragmentation=yes
ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024
phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2
EOF
```

View File

@ -55,8 +55,8 @@ Before continuing, make sure you have successfully <a href="https://github.com/h
ikev2=insist
rekey=no
fragmentation=yes
ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024
phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2
EOF
```