diff --git a/README-zh.md b/README-zh.md index 6e0f00b..677b073 100644 --- a/README-zh.md +++ b/README-zh.md @@ -40,7 +40,7 @@ wget https://git.io/vpnstart -qO vpn.sh && sudo sh vpn.sh
-或者,你也可以使用 curl 下载并运行脚本。 +或者,你也可以使用 curl 下载。 ```bash @@ -50,7 +50,7 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
-单击查看 VPN 脚本的示例输出(终端记录)。 +查看 VPN 脚本的示例输出(终端记录)。 **注:** 此终端记录仅用于演示目的。该记录中的 VPN 凭据 **无效**。 @@ -74,8 +74,8 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh 一个专用服务器或者虚拟专用服务器 (VPS),全新安装以下操作系统之一: -- Ubuntu 20.04 (Focal) 或者 18.04 (Bionic) -- Debian 11 (Bullseye)[\*](#debian-10-note), 10 (Buster)[\*](#debian-10-note) 或者 9 (Stretch) +- Ubuntu 20.04 或者 18.04 +- Debian 11[\*](#debian-10-note), 10[\*](#debian-10-note) 或者 9 - CentOS 7, Rocky Linux 8 或者 AlmaLinux 8[\*\*](#centos-8-note) - Red Hat Enterprise Linux (RHEL) 8 或者 7 - Amazon Linux 2 @@ -90,9 +90,9 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh 另外,你也可以使用预构建的 [Docker 镜像](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md)。高级用户可以在 [Raspberry Pi](https://www.raspberrypi.org) 上安装。[[1]](https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/) [[2]](https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/) -\* Debian 11/10 用户需要[使用标准的 Linux 内核](docs/clients-zh.md#debian-10-内核)。 +\* Debian 11/10 用户需要 [使用标准的 Linux 内核](docs/clients-zh.md#debian-10-内核)。 -\*\* 对 CentOS Linux 8 的支持[已经结束](https://www.centos.org/centos-linux-eol/)。你可以另外使用比如 Rocky Linux 或者 AlmaLinux。 +\*\* 对 CentOS Linux 8 的支持 [已经结束](https://www.centos.org/centos-linux-eol/)。你可以另外使用比如 Rocky Linux 或者 AlmaLinux。 :warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上! @@ -175,14 +175,14 @@ sudo ikev2.sh 如果无法通过 wget 下载,点这里查看解决方案。 -你也可以使用 curl 下载。例如: +你也可以使用 `curl` 下载。例如: ```bash curl -fsSL https://git.io/vpnsetup -o vpn.sh sudo sh vpn.sh ``` -或者,你也可以打开 [vpnsetup.sh](vpnsetup.sh),然后点击右方的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。 +或者,打开 [vpnsetup.sh](vpnsetup.sh) 并点击右方的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。
## 下一步 @@ -205,7 +205,7 @@ sudo sh vpn.sh **Windows 用户** 对于 IPsec/L2TP 模式,在首次连接之前需要 [修改注册表](docs/clients-zh.md#windows-错误-809),以解决 VPN 服务器或客户端与 NAT(比如家用路由器)的兼容问题。 -同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT(比如家用路由器)后面的多个设备到 VPN 服务器,你必须使用 [IKEv2](docs/ikev2-howto-zh.md) 或者 [IPsec/XAuth](docs/clients-xauth-zh.md) 模式。 +同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要连接在同一个 NAT(比如家用路由器)后面的多个设备,你必须使用 [IKEv2](docs/ikev2-howto-zh.md) 或者 [IPsec/XAuth](docs/clients-xauth-zh.md) 模式。 要查看或更改 VPN 用户账户,请参见 [管理 VPN 用户](docs/manage-users-zh.md)。该文档包含辅助脚本,以方便管理 VPN 用户。 @@ -262,7 +262,7 @@ wget https://git.io/vpnupgrade -qO vpnup.sh && sudo sh vpnup.sh ## 问题和反馈 - 如果你对文档或 VPN 脚本有改进建议,请提交一个 [改进建议](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose),或者欢迎提交 [Pull request](https://github.com/hwdsl2/setup-ipsec-vpn/pulls)。 -- 如果你发现了一个可重复的程序漏洞,请提交一个 [错误报告](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose)。 +- 如果你发现了一个可重复的程序漏洞,请为 [IPsec VPN](https://github.com/libreswan/libreswan/issues?q=is%3Aissue) 或者 [VPN 脚本](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose) 提交一个错误报告。 - 有问题需要提问?请先搜索 [已有的 issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) 以及在 [这个 Gist](https://gist.github.com/hwdsl2/9030462#comments) 和 [我的博客](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread) 上已有的留言。 - VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 邮件列表提问,或者参考这些网站:[[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup)。 diff --git a/README.md b/README.md index be6be2d..ff76e67 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ Your VPN login details will be randomly generated, and displayed on the screen w
-Alternative one-liner using curl instead of wget. +Alternative one-liner using curl. ```bash @@ -50,7 +50,7 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
-Click to see the VPN script in action (terminal recording). +See the VPN script in action (terminal recording). **Note:** This recording is for demo purposes only. VPN credentials in this recording are **NOT** valid. @@ -74,8 +74,8 @@ A pre-built [Docker image](https://github.com/hwdsl2/docker-ipsec-vpn-server) is A dedicated server or virtual private server (VPS), freshly installed with one of the following OS: -- Ubuntu 20.04 (Focal) or 18.04 (Bionic) -- Debian 11 (Bullseye)[\*](#debian-10-note), 10 (Buster)[\*](#debian-10-note) or 9 (Stretch) +- Ubuntu 20.04 or 18.04 +- Debian 11[\*](#debian-10-note), 10[\*](#debian-10-note) or 9 - CentOS 7, Rocky Linux 8 or AlmaLinux 8[\*\*](#centos-8-note) - Red Hat Enterprise Linux (RHEL) 8 or 7 - Amazon Linux 2 @@ -175,14 +175,14 @@ sudo ikev2.sh Click here if you are unable to download using wget. -You may also use curl to download. For example: +You may also use `curl` to download. For example: ```bash curl -fsSL https://git.io/vpnsetup -o vpn.sh sudo sh vpn.sh ``` -Alternatively, you may open [vpnsetup.sh](vpnsetup.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor. +Alternatively, open [vpnsetup.sh](vpnsetup.sh) and click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
## Next steps @@ -205,7 +205,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: **Windows users**: For IPsec/L2TP mode, a [one-time registry change](docs/clients.md#windows-error-809) is required if the VPN server or client is behind NAT (e.g. home router). -The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use [IKEv2](docs/ikev2-howto.md) or [IPsec/XAuth](docs/clients-xauth.md) mode. +The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices from behind the same NAT (e.g. home router), you must use [IKEv2](docs/ikev2-howto.md) or [IPsec/XAuth](docs/clients-xauth.md) mode. To view or update VPN user accounts, see [Manage VPN users](docs/manage-users.md). Helper scripts are included for convenience. @@ -262,7 +262,7 @@ See [Uninstall the VPN](docs/uninstall.md). ## Feedback & Questions - Have an improvement suggestion for documentation or VPN scripts? Open an [Enhancement request](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). [Pull requests](https://github.com/hwdsl2/setup-ipsec-vpn/pulls) are also welcome. -- If you found a reproducible bug, please file a [Bug report](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). +- If you found a reproducible bug, open a bug report for the [IPsec VPN](https://github.com/libreswan/libreswan/issues?q=is%3Aissue) or for the [VPN scripts](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). - Got a question? Please first search [existing issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) and comments [in this Gist](https://gist.github.com/hwdsl2/9030462#comments) and [on my blog](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread). - Ask VPN related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or read these wikis: [[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup). diff --git a/docs/bbr-zh.md b/docs/bbr-zh.md index 3ceb6bf..1312595 100644 --- a/docs/bbr-zh.md +++ b/docs/bbr-zh.md @@ -107,6 +107,6 @@ Amazon Linux 2提供过经过验证的新版Linux内核,并可以通过启用 # tcp_bbr 16384 0 ``` -## 作者 +## 文档作者 版权所有 (C) 2022 [Leo Liu](https://github.com/optimusleobear) diff --git a/docs/bbr.md b/docs/bbr.md index 3ed620f..40bb221 100644 --- a/docs/bbr.md +++ b/docs/bbr.md @@ -107,7 +107,7 @@ In this section, we will start Google BBR by modifying the configuration file. # tcp_bbr 16384 0 ``` -## Author +## Document author Copyright (C) 2022 [Leo Liu](https://github.com/optimusleobear) Translated by [Lin Song](https://github.com/hwdsl2) diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 697cb8a..b1fa63a 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -706,7 +706,7 @@ sudo ikev2.sh --revokeclient [client name] 1. 生成客户端证书,然后导出 `.p12` 文件,该文件包含客户端证书,私钥以及 CA 证书。 - **注:** 你可以重复本步骤来为更多的客户端生成证书,但必须将所有的 `vpnclient` 换成比如 `vpnclient2`,等等。如需同时连接多个客户端,则必须为每个客户端生成唯一的证书。 + **注:** 你可以重复本步骤来为更多的客户端生成证书,但必须将所有的 `vpnclient` 换成比如 `vpnclient2`,等等。如需连接多个客户端,则必须为每个客户端生成唯一的证书。 生成客户端证书: @@ -792,9 +792,9 @@ sudo ikev2.sh --revokeclient [client name] ### 无法同时连接多个 IKEv2 客户端 -如果要同时连接多个客户端,则必须为每个客户端 [生成唯一的证书](#添加客户端证书)。 +如果要连接多个客户端,则必须为每个客户端 [生成唯一的证书](#添加客户端证书)。 -如果你无法同时连接同一个 NAT (比如家用路由器)后面的多个 IKEv2 客户端,可以这样解决:编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`,找到这一行 `leftid=@` 并去掉 `@`,也就是说将它替换为 `leftid=`。保存修改并运行 `service ipsec restart`。如果 `leftid` 是一个域名则不受影响,不要应用这个解决方案。该解决方案已在 2021-02-01 添加到辅助脚本。 +如果你无法连接同一个 NAT(比如家用路由器)后面的多个 IKEv2 客户端,可以这样解决:编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`,找到这一行 `leftid=@` 并去掉 `@`,也就是说将它替换为 `leftid=`。保存修改并运行 `service ipsec restart`。如果 `leftid` 是一个域名则不受影响,不要应用这个解决方案。该解决方案已在 2021-02-01 添加到辅助脚本。 ### 其它已知问题 diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 6d7394b..e5dbdd3 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -708,7 +708,7 @@ The following example shows how to manually configure IKEv2 with Libreswan. Comm 1. Generate client certificate(s), then export the `.p12` file that contains the client certificate, private key, and CA certificate. - **Note:** You may repeat this step to generate certificates for additional VPN clients, but make sure to replace every `vpnclient` with `vpnclient2`, etc. To connect multiple VPN clients simultaneously, you must generate a unique certificate for each. + **Note:** You may repeat this step to generate certificates for additional VPN clients, but make sure to replace every `vpnclient` with `vpnclient2`, etc. To connect multiple VPN clients, you must generate a unique certificate for each. Generate client certificate: @@ -794,9 +794,9 @@ Save the file and run `service ipsec restart`. As of 2021-01-20, the IKEv2 helpe ### Unable to connect multiple IKEv2 clients -To connect multiple IKEv2 clients simultaneously, you must [generate a unique certificate](#add-a-client-certificate) for each. +To connect multiple IKEv2 clients, you must [generate a unique certificate](#add-a-client-certificate) for each. -If you are unable to connect multiple IKEv2 clients simultaneously from behind the same NAT (e.g. home router), apply this fix: Edit `/etc/ipsec.d/ikev2.conf` on the VPN server, find the line `leftid=@` and remove the `@`, i.e. replace it with `leftid=`. Save the file and run `service ipsec restart`. Do not apply this fix if `leftid` is a DNS name, which is not affected. As of 2021-02-01, the IKEv2 helper script was updated to include this fix. +If you are unable to connect multiple IKEv2 clients from behind the same NAT (e.g. home router), apply this fix: Edit `/etc/ipsec.d/ikev2.conf` on the VPN server, find the line `leftid=@` and remove the `@`, i.e. replace it with `leftid=`. Save the file and run `service ipsec restart`. Do not apply this fix if `leftid` is a DNS name, which is not affected. As of 2021-02-01, the IKEv2 helper script was updated to include this fix. ### Other known issues