Update docs
This commit is contained in:
parent
a168770482
commit
34ece8bdc4
16
README-zh.md
16
README-zh.md
@ -40,7 +40,7 @@ wget https://git.io/vpnstart -qO vpn.sh && sudo sh vpn.sh
|
|||||||
|
|
||||||
<details>
|
<details>
|
||||||
<summary>
|
<summary>
|
||||||
或者,你也可以使用 curl 下载并运行脚本。
|
或者,你也可以使用 curl 下载。
|
||||||
</summary>
|
</summary>
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -50,7 +50,7 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
|
|||||||
|
|
||||||
<details>
|
<details>
|
||||||
<summary>
|
<summary>
|
||||||
单击查看 VPN 脚本的示例输出(终端记录)。
|
查看 VPN 脚本的示例输出(终端记录)。
|
||||||
</summary>
|
</summary>
|
||||||
|
|
||||||
**注:** 此终端记录仅用于演示目的。该记录中的 VPN 凭据 **无效**。
|
**注:** 此终端记录仅用于演示目的。该记录中的 VPN 凭据 **无效**。
|
||||||
@ -74,8 +74,8 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
|
|||||||
|
|
||||||
一个专用服务器或者虚拟专用服务器 (VPS),全新安装以下操作系统之一:
|
一个专用服务器或者虚拟专用服务器 (VPS),全新安装以下操作系统之一:
|
||||||
|
|
||||||
- Ubuntu 20.04 (Focal) 或者 18.04 (Bionic)
|
- Ubuntu 20.04 或者 18.04
|
||||||
- Debian 11 (Bullseye)[\*](#debian-10-note), 10 (Buster)[\*](#debian-10-note) 或者 9 (Stretch)
|
- Debian 11[\*](#debian-10-note), 10[\*](#debian-10-note) 或者 9
|
||||||
- CentOS 7, Rocky Linux 8 或者 AlmaLinux 8[\*\*](#centos-8-note)
|
- CentOS 7, Rocky Linux 8 或者 AlmaLinux 8[\*\*](#centos-8-note)
|
||||||
- Red Hat Enterprise Linux (RHEL) 8 或者 7
|
- Red Hat Enterprise Linux (RHEL) 8 或者 7
|
||||||
- Amazon Linux 2
|
- Amazon Linux 2
|
||||||
@ -175,14 +175,14 @@ sudo ikev2.sh
|
|||||||
如果无法通过 wget 下载,点这里查看解决方案。
|
如果无法通过 wget 下载,点这里查看解决方案。
|
||||||
</summary>
|
</summary>
|
||||||
|
|
||||||
你也可以使用 curl 下载。例如:
|
你也可以使用 `curl` 下载。例如:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
curl -fsSL https://git.io/vpnsetup -o vpn.sh
|
curl -fsSL https://git.io/vpnsetup -o vpn.sh
|
||||||
sudo sh vpn.sh
|
sudo sh vpn.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
或者,你也可以打开 [vpnsetup.sh](vpnsetup.sh),然后点击右方的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。
|
或者,打开 [vpnsetup.sh](vpnsetup.sh) 并点击右方的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## 下一步
|
## 下一步
|
||||||
@ -205,7 +205,7 @@ sudo sh vpn.sh
|
|||||||
|
|
||||||
**Windows 用户** 对于 IPsec/L2TP 模式,在首次连接之前需要 [修改注册表](docs/clients-zh.md#windows-错误-809),以解决 VPN 服务器或客户端与 NAT(比如家用路由器)的兼容问题。
|
**Windows 用户** 对于 IPsec/L2TP 模式,在首次连接之前需要 [修改注册表](docs/clients-zh.md#windows-错误-809),以解决 VPN 服务器或客户端与 NAT(比如家用路由器)的兼容问题。
|
||||||
|
|
||||||
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT(比如家用路由器)后面的多个设备到 VPN 服务器,你必须使用 [IKEv2](docs/ikev2-howto-zh.md) 或者 [IPsec/XAuth](docs/clients-xauth-zh.md) 模式。
|
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要连接在同一个 NAT(比如家用路由器)后面的多个设备,你必须使用 [IKEv2](docs/ikev2-howto-zh.md) 或者 [IPsec/XAuth](docs/clients-xauth-zh.md) 模式。
|
||||||
|
|
||||||
要查看或更改 VPN 用户账户,请参见 [管理 VPN 用户](docs/manage-users-zh.md)。该文档包含辅助脚本,以方便管理 VPN 用户。
|
要查看或更改 VPN 用户账户,请参见 [管理 VPN 用户](docs/manage-users-zh.md)。该文档包含辅助脚本,以方便管理 VPN 用户。
|
||||||
|
|
||||||
@ -262,7 +262,7 @@ wget https://git.io/vpnupgrade -qO vpnup.sh && sudo sh vpnup.sh
|
|||||||
## 问题和反馈
|
## 问题和反馈
|
||||||
|
|
||||||
- 如果你对文档或 VPN 脚本有改进建议,请提交一个 [改进建议](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose),或者欢迎提交 [Pull request](https://github.com/hwdsl2/setup-ipsec-vpn/pulls)。
|
- 如果你对文档或 VPN 脚本有改进建议,请提交一个 [改进建议](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose),或者欢迎提交 [Pull request](https://github.com/hwdsl2/setup-ipsec-vpn/pulls)。
|
||||||
- 如果你发现了一个可重复的程序漏洞,请提交一个 [错误报告](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose)。
|
- 如果你发现了一个可重复的程序漏洞,请为 [IPsec VPN](https://github.com/libreswan/libreswan/issues?q=is%3Aissue) 或者 [VPN 脚本](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose) 提交一个错误报告。
|
||||||
- 有问题需要提问?请先搜索 [已有的 issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) 以及在 [这个 Gist](https://gist.github.com/hwdsl2/9030462#comments) 和 [我的博客](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread) 上已有的留言。
|
- 有问题需要提问?请先搜索 [已有的 issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) 以及在 [这个 Gist](https://gist.github.com/hwdsl2/9030462#comments) 和 [我的博客](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread) 上已有的留言。
|
||||||
- VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 邮件列表提问,或者参考这些网站:[[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup)。
|
- VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 邮件列表提问,或者参考这些网站:[[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup)。
|
||||||
|
|
||||||
|
16
README.md
16
README.md
@ -40,7 +40,7 @@ Your VPN login details will be randomly generated, and displayed on the screen w
|
|||||||
|
|
||||||
<details>
|
<details>
|
||||||
<summary>
|
<summary>
|
||||||
Alternative one-liner using curl instead of wget.
|
Alternative one-liner using curl.
|
||||||
</summary>
|
</summary>
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -50,7 +50,7 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
|
|||||||
|
|
||||||
<details>
|
<details>
|
||||||
<summary>
|
<summary>
|
||||||
Click to see the VPN script in action (terminal recording).
|
See the VPN script in action (terminal recording).
|
||||||
</summary>
|
</summary>
|
||||||
|
|
||||||
**Note:** This recording is for demo purposes only. VPN credentials in this recording are **NOT** valid.
|
**Note:** This recording is for demo purposes only. VPN credentials in this recording are **NOT** valid.
|
||||||
@ -74,8 +74,8 @@ A pre-built [Docker image](https://github.com/hwdsl2/docker-ipsec-vpn-server) is
|
|||||||
|
|
||||||
A dedicated server or virtual private server (VPS), freshly installed with one of the following OS:
|
A dedicated server or virtual private server (VPS), freshly installed with one of the following OS:
|
||||||
|
|
||||||
- Ubuntu 20.04 (Focal) or 18.04 (Bionic)
|
- Ubuntu 20.04 or 18.04
|
||||||
- Debian 11 (Bullseye)[\*](#debian-10-note), 10 (Buster)[\*](#debian-10-note) or 9 (Stretch)
|
- Debian 11[\*](#debian-10-note), 10[\*](#debian-10-note) or 9
|
||||||
- CentOS 7, Rocky Linux 8 or AlmaLinux 8[\*\*](#centos-8-note)
|
- CentOS 7, Rocky Linux 8 or AlmaLinux 8[\*\*](#centos-8-note)
|
||||||
- Red Hat Enterprise Linux (RHEL) 8 or 7
|
- Red Hat Enterprise Linux (RHEL) 8 or 7
|
||||||
- Amazon Linux 2
|
- Amazon Linux 2
|
||||||
@ -175,14 +175,14 @@ sudo ikev2.sh
|
|||||||
Click here if you are unable to download using wget.
|
Click here if you are unable to download using wget.
|
||||||
</summary>
|
</summary>
|
||||||
|
|
||||||
You may also use curl to download. For example:
|
You may also use `curl` to download. For example:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
curl -fsSL https://git.io/vpnsetup -o vpn.sh
|
curl -fsSL https://git.io/vpnsetup -o vpn.sh
|
||||||
sudo sh vpn.sh
|
sudo sh vpn.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
Alternatively, you may open [vpnsetup.sh](vpnsetup.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
|
Alternatively, open [vpnsetup.sh](vpnsetup.sh) and click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## Next steps
|
## Next steps
|
||||||
@ -205,7 +205,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
|
|||||||
|
|
||||||
**Windows users**: For IPsec/L2TP mode, a [one-time registry change](docs/clients.md#windows-error-809) is required if the VPN server or client is behind NAT (e.g. home router).
|
**Windows users**: For IPsec/L2TP mode, a [one-time registry change](docs/clients.md#windows-error-809) is required if the VPN server or client is behind NAT (e.g. home router).
|
||||||
|
|
||||||
The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use [IKEv2](docs/ikev2-howto.md) or [IPsec/XAuth](docs/clients-xauth.md) mode.
|
The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices from behind the same NAT (e.g. home router), you must use [IKEv2](docs/ikev2-howto.md) or [IPsec/XAuth](docs/clients-xauth.md) mode.
|
||||||
|
|
||||||
To view or update VPN user accounts, see [Manage VPN users](docs/manage-users.md). Helper scripts are included for convenience.
|
To view or update VPN user accounts, see [Manage VPN users](docs/manage-users.md). Helper scripts are included for convenience.
|
||||||
|
|
||||||
@ -262,7 +262,7 @@ See [Uninstall the VPN](docs/uninstall.md).
|
|||||||
## Feedback & Questions
|
## Feedback & Questions
|
||||||
|
|
||||||
- Have an improvement suggestion for documentation or VPN scripts? Open an [Enhancement request](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). [Pull requests](https://github.com/hwdsl2/setup-ipsec-vpn/pulls) are also welcome.
|
- Have an improvement suggestion for documentation or VPN scripts? Open an [Enhancement request](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). [Pull requests](https://github.com/hwdsl2/setup-ipsec-vpn/pulls) are also welcome.
|
||||||
- If you found a reproducible bug, please file a [Bug report](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose).
|
- If you found a reproducible bug, open a bug report for the [IPsec VPN](https://github.com/libreswan/libreswan/issues?q=is%3Aissue) or for the [VPN scripts](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose).
|
||||||
- Got a question? Please first search [existing issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) and comments [in this Gist](https://gist.github.com/hwdsl2/9030462#comments) and [on my blog](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread).
|
- Got a question? Please first search [existing issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) and comments [in this Gist](https://gist.github.com/hwdsl2/9030462#comments) and [on my blog](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread).
|
||||||
- Ask VPN related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or read these wikis: [[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup).
|
- Ask VPN related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or read these wikis: [[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup).
|
||||||
|
|
||||||
|
@ -107,6 +107,6 @@ Amazon Linux 2提供过经过验证的新版Linux内核,并可以通过启用
|
|||||||
# tcp_bbr 16384 0
|
# tcp_bbr 16384 0
|
||||||
```
|
```
|
||||||
|
|
||||||
## 作者
|
## 文档作者
|
||||||
|
|
||||||
版权所有 (C) 2022 [Leo Liu](https://github.com/optimusleobear)
|
版权所有 (C) 2022 [Leo Liu](https://github.com/optimusleobear)
|
||||||
|
@ -107,7 +107,7 @@ In this section, we will start Google BBR by modifying the configuration file.
|
|||||||
# tcp_bbr 16384 0
|
# tcp_bbr 16384 0
|
||||||
```
|
```
|
||||||
|
|
||||||
## Author
|
## Document author
|
||||||
|
|
||||||
Copyright (C) 2022 [Leo Liu](https://github.com/optimusleobear)
|
Copyright (C) 2022 [Leo Liu](https://github.com/optimusleobear)
|
||||||
Translated by [Lin Song](https://github.com/hwdsl2)
|
Translated by [Lin Song](https://github.com/hwdsl2)
|
||||||
|
@ -706,7 +706,7 @@ sudo ikev2.sh --revokeclient [client name]
|
|||||||
|
|
||||||
1. 生成客户端证书,然后导出 `.p12` 文件,该文件包含客户端证书,私钥以及 CA 证书。
|
1. 生成客户端证书,然后导出 `.p12` 文件,该文件包含客户端证书,私钥以及 CA 证书。
|
||||||
|
|
||||||
**注:** 你可以重复本步骤来为更多的客户端生成证书,但必须将所有的 `vpnclient` 换成比如 `vpnclient2`,等等。如需同时连接多个客户端,则必须为每个客户端生成唯一的证书。
|
**注:** 你可以重复本步骤来为更多的客户端生成证书,但必须将所有的 `vpnclient` 换成比如 `vpnclient2`,等等。如需连接多个客户端,则必须为每个客户端生成唯一的证书。
|
||||||
|
|
||||||
生成客户端证书:
|
生成客户端证书:
|
||||||
|
|
||||||
@ -792,9 +792,9 @@ sudo ikev2.sh --revokeclient [client name]
|
|||||||
|
|
||||||
### 无法同时连接多个 IKEv2 客户端
|
### 无法同时连接多个 IKEv2 客户端
|
||||||
|
|
||||||
如果要同时连接多个客户端,则必须为每个客户端 [生成唯一的证书](#添加客户端证书)。
|
如果要连接多个客户端,则必须为每个客户端 [生成唯一的证书](#添加客户端证书)。
|
||||||
|
|
||||||
如果你无法同时连接同一个 NAT (比如家用路由器)后面的多个 IKEv2 客户端,可以这样解决:编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`,找到这一行 `leftid=@<your_server_ip>` 并去掉 `@`,也就是说将它替换为 `leftid=<your_server_ip>`。保存修改并运行 `service ipsec restart`。如果 `leftid` 是一个域名则不受影响,不要应用这个解决方案。该解决方案已在 2021-02-01 添加到辅助脚本。
|
如果你无法连接同一个 NAT(比如家用路由器)后面的多个 IKEv2 客户端,可以这样解决:编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`,找到这一行 `leftid=@<your_server_ip>` 并去掉 `@`,也就是说将它替换为 `leftid=<your_server_ip>`。保存修改并运行 `service ipsec restart`。如果 `leftid` 是一个域名则不受影响,不要应用这个解决方案。该解决方案已在 2021-02-01 添加到辅助脚本。
|
||||||
|
|
||||||
### 其它已知问题
|
### 其它已知问题
|
||||||
|
|
||||||
|
@ -708,7 +708,7 @@ The following example shows how to manually configure IKEv2 with Libreswan. Comm
|
|||||||
|
|
||||||
1. Generate client certificate(s), then export the `.p12` file that contains the client certificate, private key, and CA certificate.
|
1. Generate client certificate(s), then export the `.p12` file that contains the client certificate, private key, and CA certificate.
|
||||||
|
|
||||||
**Note:** You may repeat this step to generate certificates for additional VPN clients, but make sure to replace every `vpnclient` with `vpnclient2`, etc. To connect multiple VPN clients simultaneously, you must generate a unique certificate for each.
|
**Note:** You may repeat this step to generate certificates for additional VPN clients, but make sure to replace every `vpnclient` with `vpnclient2`, etc. To connect multiple VPN clients, you must generate a unique certificate for each.
|
||||||
|
|
||||||
Generate client certificate:
|
Generate client certificate:
|
||||||
|
|
||||||
@ -794,9 +794,9 @@ Save the file and run `service ipsec restart`. As of 2021-01-20, the IKEv2 helpe
|
|||||||
|
|
||||||
### Unable to connect multiple IKEv2 clients
|
### Unable to connect multiple IKEv2 clients
|
||||||
|
|
||||||
To connect multiple IKEv2 clients simultaneously, you must [generate a unique certificate](#add-a-client-certificate) for each.
|
To connect multiple IKEv2 clients, you must [generate a unique certificate](#add-a-client-certificate) for each.
|
||||||
|
|
||||||
If you are unable to connect multiple IKEv2 clients simultaneously from behind the same NAT (e.g. home router), apply this fix: Edit `/etc/ipsec.d/ikev2.conf` on the VPN server, find the line `leftid=@<your_server_ip>` and remove the `@`, i.e. replace it with `leftid=<your_server_ip>`. Save the file and run `service ipsec restart`. Do not apply this fix if `leftid` is a DNS name, which is not affected. As of 2021-02-01, the IKEv2 helper script was updated to include this fix.
|
If you are unable to connect multiple IKEv2 clients from behind the same NAT (e.g. home router), apply this fix: Edit `/etc/ipsec.d/ikev2.conf` on the VPN server, find the line `leftid=@<your_server_ip>` and remove the `@`, i.e. replace it with `leftid=<your_server_ip>`. Save the file and run `service ipsec restart`. Do not apply this fix if `leftid` is a DNS name, which is not affected. As of 2021-02-01, the IKEv2 helper script was updated to include this fix.
|
||||||
|
|
||||||
### Other known issues
|
### Other known issues
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user