mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-02-07 07:49:25 +03:00
Code Issues Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
hwdsl2 2021-01-19 01:42:29 -06:00
parent f5abf8493c
commit 27dc3d25f2
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/ikev2-howto-zh.md
View File

@ -499,7 +499,14 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
## 移除 IKEv2
如果你想要从 VPN 服务器移除 IKEv2但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,按照以下步骤操作。这些命令必须用 `root` 账户运行。请注意,这将删除所有的 IKEv2 配置,并且**不可撤销**
如果你想要从 VPN 服务器移除 IKEv2但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,请重新运行 [辅助脚本](#使用辅助脚本) 并选择 "Remove IKEv2" 选项。请注意,这将删除所有的 IKEv2 配置(包括证书),并且**不可撤销**
<details>
<summary>
另外,你也可以手动移除 IKEv2。点这里查看步骤。
</summary>
要手动从 VPN 服务器移除 IKEv2但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,按照以下步骤操作。这些命令必须用 `root` 账户运行。请注意,这将删除所有的 IKEv2 配置(包括证书),并且**不可撤销**
1. 重命名或者删除IKEv2 配置文件:
@ -507,6 +514,8 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
mv /etc/ipsec.d/ikev2.conf /etc/ipsec.d/ikev2.conf.bak
```
**注:** 如果你使用了较旧版本2020-05-31 之前)的 IKEv2 辅助脚本或者配置说明,文件 `/etc/ipsec.d/ikev2.conf` 可能不存在。在该情况下,请移除文件 `/etc/ipsec.conf` 中的 `conn ikev2-cp` 部分。
1. **(重要)重启 IPsec 服务**
```bash
@ -535,6 +544,7 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
```bash
certutil -D -d sql:/etc/ipsec.d -n "Nickname"
```
</details>
## 参考链接

16
docs/ikev2-howto.md
View File

@ -88,7 +88,7 @@ First, securely transfer the generated `.mobileconfig` file to your Mac, then do
<details>
<summary>
If you manually set up IKEv2 without using the helper script, click here to see instructions.
If you manually set up IKEv2 without using the helper script, click here for instructions.
</summary>
First, securely transfer the generated `.p12` file to your Mac, then double-click to import into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. Close the dialog using the red "X" on the top-left corner. When prompted, use Touch ID or enter your password and click "Update Settings".
@ -134,7 +134,7 @@ When finished, check to make sure "IKEv2 VPN configuration" is listed under Sett
<details>
<summary>
If you manually set up IKEv2 without using the helper script, click here to see instructions.
If you manually set up IKEv2 without using the helper script, click here for instructions.
</summary>
First, securely transfer the generated `ikev2vpnca.cer` and `.p12` files to your iOS device, then import them one by one as iOS profiles. To transfer the files, you may use:
@ -499,7 +499,14 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th
## Remove IKEv2
If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration and **cannot be undone**!
If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, run the [helper script](#using-helper-scripts) again and select the "Remove IKEv2" option. Note that this will delete all IKEv2 configuration including certificates, and **cannot be undone**!
<details>
<summary>
Alternatively, you can manually remove IKEv2. Click here for instructions.
</summary>
To manually remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration including certificates, and **cannot be undone**!
1. Rename (or delete) the IKEv2 config file:
@ -507,6 +514,8 @@ If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clien
mv /etc/ipsec.d/ikev2.conf /etc/ipsec.d/ikev2.conf.bak
```
**Note:** If you used an older version (before 2020-05-31) of the IKEv2 helper script or instructions, file `/etc/ipsec.d/ikev2.conf` may not exist. In this case, please instead remove the `conn ikev2-cp` section from file `/etc/ipsec.conf`.
1. **(Important) Restart the IPsec service**:
```bash
@ -535,6 +544,7 @@ If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clien
```bash
certutil -D -d sql:/etc/ipsec.d -n "Nickname"
```
</details>
## References