1
0
mirror of synced 2024-11-22 04:56:03 +03:00

Update docs

This commit is contained in:
hwdsl2 2022-02-13 10:38:49 -06:00
parent a168770482
commit 34ece8bdc4
6 changed files with 26 additions and 26 deletions

View File

@ -40,7 +40,7 @@ wget https://git.io/vpnstart -qO vpn.sh && sudo sh vpn.sh
<details> <details>
<summary> <summary>
或者,你也可以使用 curl 下载并运行脚本 或者,你也可以使用 curl 下载。
</summary> </summary>
```bash ```bash
@ -50,7 +50,7 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
<details> <details>
<summary> <summary>
单击查看 VPN 脚本的示例输出(终端记录)。 查看 VPN 脚本的示例输出(终端记录)。
</summary> </summary>
**注:** 此终端记录仅用于演示目的。该记录中的 VPN 凭据 **无效** **注:** 此终端记录仅用于演示目的。该记录中的 VPN 凭据 **无效**
@ -74,8 +74,8 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
一个专用服务器或者虚拟专用服务器 (VPS),全新安装以下操作系统之一: 一个专用服务器或者虚拟专用服务器 (VPS),全新安装以下操作系统之一:
- Ubuntu 20.04 (Focal) 或者 18.04 (Bionic) - Ubuntu 20.04 或者 18.04
- Debian 11 (Bullseye)[\*](#debian-10-note), 10 (Buster)[\*](#debian-10-note) 或者 9 (Stretch) - Debian 11[\*](#debian-10-note), 10[\*](#debian-10-note) 或者 9
- CentOS 7, Rocky Linux 8 或者 AlmaLinux 8[\*\*](#centos-8-note) - CentOS 7, Rocky Linux 8 或者 AlmaLinux 8[\*\*](#centos-8-note)
- Red Hat Enterprise Linux (RHEL) 8 或者 7 - Red Hat Enterprise Linux (RHEL) 8 或者 7
- Amazon Linux 2 - Amazon Linux 2
@ -90,9 +90,9 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
另外,你也可以使用预构建的 [Docker 镜像](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md)。高级用户可以在 [Raspberry Pi](https://www.raspberrypi.org) 上安装。[[1]](https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/) [[2]](https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/) 另外,你也可以使用预构建的 [Docker 镜像](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md)。高级用户可以在 [Raspberry Pi](https://www.raspberrypi.org) 上安装。[[1]](https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/) [[2]](https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/)
<a name="debian-10-note"></a> <a name="debian-10-note"></a>
\* Debian 11/10 用户需要[使用标准的 Linux 内核](docs/clients-zh.md#debian-10-内核)。 \* Debian 11/10 用户需要 [使用标准的 Linux 内核](docs/clients-zh.md#debian-10-内核)。
<a name="centos-8-note"></a> <a name="centos-8-note"></a>
\*\* 对 CentOS Linux 8 的支持[已经结束](https://www.centos.org/centos-linux-eol/)。你可以另外使用比如 Rocky Linux 或者 AlmaLinux。 \*\* 对 CentOS Linux 8 的支持 [已经结束](https://www.centos.org/centos-linux-eol/)。你可以另外使用比如 Rocky Linux 或者 AlmaLinux。
:warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上! :warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上!
@ -175,14 +175,14 @@ sudo ikev2.sh
如果无法通过 wget 下载,点这里查看解决方案。 如果无法通过 wget 下载,点这里查看解决方案。
</summary> </summary>
你也可以使用 curl 下载。例如: 你也可以使用 `curl` 下载。例如:
```bash ```bash
curl -fsSL https://git.io/vpnsetup -o vpn.sh curl -fsSL https://git.io/vpnsetup -o vpn.sh
sudo sh vpn.sh sudo sh vpn.sh
``` ```
或者,你也可以打开 [vpnsetup.sh](vpnsetup.sh),然后点击右方的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。 或者,打开 [vpnsetup.sh](vpnsetup.sh) 并点击右方的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。
</details> </details>
## 下一步 ## 下一步
@ -205,7 +205,7 @@ sudo sh vpn.sh
**Windows 用户** 对于 IPsec/L2TP 模式,在首次连接之前需要 [修改注册表](docs/clients-zh.md#windows-错误-809),以解决 VPN 服务器或客户端与 NAT比如家用路由器的兼容问题。 **Windows 用户** 对于 IPsec/L2TP 模式,在首次连接之前需要 [修改注册表](docs/clients-zh.md#windows-错误-809),以解决 VPN 服务器或客户端与 NAT比如家用路由器的兼容问题。
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT比如家用路由器后面的多个设备到 VPN 服务器,你必须使用 [IKEv2](docs/ikev2-howto-zh.md) 或者 [IPsec/XAuth](docs/clients-xauth-zh.md) 模式。 同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要连接在同一个 NAT比如家用路由器后面的多个设备你必须使用 [IKEv2](docs/ikev2-howto-zh.md) 或者 [IPsec/XAuth](docs/clients-xauth-zh.md) 模式。
要查看或更改 VPN 用户账户,请参见 [管理 VPN 用户](docs/manage-users-zh.md)。该文档包含辅助脚本,以方便管理 VPN 用户。 要查看或更改 VPN 用户账户,请参见 [管理 VPN 用户](docs/manage-users-zh.md)。该文档包含辅助脚本,以方便管理 VPN 用户。
@ -262,7 +262,7 @@ wget https://git.io/vpnupgrade -qO vpnup.sh && sudo sh vpnup.sh
## 问题和反馈 ## 问题和反馈
- 如果你对文档或 VPN 脚本有改进建议,请提交一个 [改进建议](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose),或者欢迎提交 [Pull request](https://github.com/hwdsl2/setup-ipsec-vpn/pulls)。 - 如果你对文档或 VPN 脚本有改进建议,请提交一个 [改进建议](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose),或者欢迎提交 [Pull request](https://github.com/hwdsl2/setup-ipsec-vpn/pulls)。
- 如果你发现了一个可重复的程序漏洞,请提交一个 [错误报告](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose)。 - 如果你发现了一个可重复的程序漏洞,请为 [IPsec VPN](https://github.com/libreswan/libreswan/issues?q=is%3Aissue) 或者 [VPN 脚本](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose) 提交一个错误报告
- 有问题需要提问?请先搜索 [已有的 issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) 以及在 [这个 Gist](https://gist.github.com/hwdsl2/9030462#comments) 和 [我的博客](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread) 上已有的留言。 - 有问题需要提问?请先搜索 [已有的 issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) 以及在 [这个 Gist](https://gist.github.com/hwdsl2/9030462#comments) 和 [我的博客](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread) 上已有的留言。
- VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 邮件列表提问,或者参考这些网站:[[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup)。 - VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 邮件列表提问,或者参考这些网站:[[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup)。

View File

@ -40,7 +40,7 @@ Your VPN login details will be randomly generated, and displayed on the screen w
<details> <details>
<summary> <summary>
Alternative one-liner using curl instead of wget. Alternative one-liner using curl.
</summary> </summary>
```bash ```bash
@ -50,7 +50,7 @@ curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
<details> <details>
<summary> <summary>
Click to see the VPN script in action (terminal recording). See the VPN script in action (terminal recording).
</summary> </summary>
**Note:** This recording is for demo purposes only. VPN credentials in this recording are **NOT** valid. **Note:** This recording is for demo purposes only. VPN credentials in this recording are **NOT** valid.
@ -74,8 +74,8 @@ A pre-built [Docker image](https://github.com/hwdsl2/docker-ipsec-vpn-server) is
A dedicated server or virtual private server (VPS), freshly installed with one of the following OS: A dedicated server or virtual private server (VPS), freshly installed with one of the following OS:
- Ubuntu 20.04 (Focal) or 18.04 (Bionic) - Ubuntu 20.04 or 18.04
- Debian 11 (Bullseye)[\*](#debian-10-note), 10 (Buster)[\*](#debian-10-note) or 9 (Stretch) - Debian 11[\*](#debian-10-note), 10[\*](#debian-10-note) or 9
- CentOS 7, Rocky Linux 8 or AlmaLinux 8[\*\*](#centos-8-note) - CentOS 7, Rocky Linux 8 or AlmaLinux 8[\*\*](#centos-8-note)
- Red Hat Enterprise Linux (RHEL) 8 or 7 - Red Hat Enterprise Linux (RHEL) 8 or 7
- Amazon Linux 2 - Amazon Linux 2
@ -175,14 +175,14 @@ sudo ikev2.sh
Click here if you are unable to download using wget. Click here if you are unable to download using wget.
</summary> </summary>
You may also use curl to download. For example: You may also use `curl` to download. For example:
```bash ```bash
curl -fsSL https://git.io/vpnsetup -o vpn.sh curl -fsSL https://git.io/vpnsetup -o vpn.sh
sudo sh vpn.sh sudo sh vpn.sh
``` ```
Alternatively, you may open [vpnsetup.sh](vpnsetup.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor. Alternatively, open [vpnsetup.sh](vpnsetup.sh) and click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
</details> </details>
## Next steps ## Next steps
@ -205,7 +205,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
**Windows users**: For IPsec/L2TP mode, a [one-time registry change](docs/clients.md#windows-error-809) is required if the VPN server or client is behind NAT (e.g. home router). **Windows users**: For IPsec/L2TP mode, a [one-time registry change](docs/clients.md#windows-error-809) is required if the VPN server or client is behind NAT (e.g. home router).
The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use [IKEv2](docs/ikev2-howto.md) or [IPsec/XAuth](docs/clients-xauth.md) mode. The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices from behind the same NAT (e.g. home router), you must use [IKEv2](docs/ikev2-howto.md) or [IPsec/XAuth](docs/clients-xauth.md) mode.
To view or update VPN user accounts, see [Manage VPN users](docs/manage-users.md). Helper scripts are included for convenience. To view or update VPN user accounts, see [Manage VPN users](docs/manage-users.md). Helper scripts are included for convenience.
@ -262,7 +262,7 @@ See [Uninstall the VPN](docs/uninstall.md).
## Feedback & Questions ## Feedback & Questions
- Have an improvement suggestion for documentation or VPN scripts? Open an [Enhancement request](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). [Pull requests](https://github.com/hwdsl2/setup-ipsec-vpn/pulls) are also welcome. - Have an improvement suggestion for documentation or VPN scripts? Open an [Enhancement request](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). [Pull requests](https://github.com/hwdsl2/setup-ipsec-vpn/pulls) are also welcome.
- If you found a reproducible bug, please file a [Bug report](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). - If you found a reproducible bug, open a bug report for the [IPsec VPN](https://github.com/libreswan/libreswan/issues?q=is%3Aissue) or for the [VPN scripts](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose).
- Got a question? Please first search [existing issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) and comments [in this Gist](https://gist.github.com/hwdsl2/9030462#comments) and [on my blog](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread). - Got a question? Please first search [existing issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) and comments [in this Gist](https://gist.github.com/hwdsl2/9030462#comments) and [on my blog](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread).
- Ask VPN related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or read these wikis: [[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup). - Ask VPN related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or read these wikis: [[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup).

View File

@ -107,6 +107,6 @@ Amazon Linux 2提供过经过验证的新版Linux内核并可以通过启用
# tcp_bbr 16384 0 # tcp_bbr 16384 0
``` ```
## 作者 ## 文档作者
版权所有 (C) 2022 [Leo Liu](https://github.com/optimusleobear) 版权所有 (C) 2022 [Leo Liu](https://github.com/optimusleobear)

View File

@ -107,7 +107,7 @@ In this section, we will start Google BBR by modifying the configuration file.
# tcp_bbr 16384 0 # tcp_bbr 16384 0
``` ```
## Author ## Document author
Copyright (C) 2022 [Leo Liu](https://github.com/optimusleobear) Copyright (C) 2022 [Leo Liu](https://github.com/optimusleobear)
Translated by [Lin Song](https://github.com/hwdsl2) Translated by [Lin Song](https://github.com/hwdsl2)

View File

@ -706,7 +706,7 @@ sudo ikev2.sh --revokeclient [client name]
1. 生成客户端证书,然后导出 `.p12` 文件,该文件包含客户端证书,私钥以及 CA 证书。 1. 生成客户端证书,然后导出 `.p12` 文件,该文件包含客户端证书,私钥以及 CA 证书。
**注:** 你可以重复本步骤来为更多的客户端生成证书,但必须将所有的 `vpnclient` 换成比如 `vpnclient2`,等等。如需同时连接多个客户端,则必须为每个客户端生成唯一的证书。 **注:** 你可以重复本步骤来为更多的客户端生成证书,但必须将所有的 `vpnclient` 换成比如 `vpnclient2`,等等。如需连接多个客户端,则必须为每个客户端生成唯一的证书。
生成客户端证书: 生成客户端证书:
@ -792,9 +792,9 @@ sudo ikev2.sh --revokeclient [client name]
### 无法同时连接多个 IKEv2 客户端 ### 无法同时连接多个 IKEv2 客户端
如果要同时连接多个客户端,则必须为每个客户端 [生成唯一的证书](#添加客户端证书)。 如果要连接多个客户端,则必须为每个客户端 [生成唯一的证书](#添加客户端证书)。
如果你无法同时连接同一个 NAT (比如家用路由器)后面的多个 IKEv2 客户端,可以这样解决:编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`,找到这一行 `leftid=@<your_server_ip>` 并去掉 `@`,也就是说将它替换为 `leftid=<your_server_ip>`。保存修改并运行 `service ipsec restart`。如果 `leftid` 是一个域名则不受影响,不要应用这个解决方案。该解决方案已在 2021-02-01 添加到辅助脚本。 如果你无法连接同一个 NAT比如家用路由器后面的多个 IKEv2 客户端,可以这样解决:编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`,找到这一行 `leftid=@<your_server_ip>` 并去掉 `@`,也就是说将它替换为 `leftid=<your_server_ip>`。保存修改并运行 `service ipsec restart`。如果 `leftid` 是一个域名则不受影响,不要应用这个解决方案。该解决方案已在 2021-02-01 添加到辅助脚本。
### 其它已知问题 ### 其它已知问题

View File

@ -708,7 +708,7 @@ The following example shows how to manually configure IKEv2 with Libreswan. Comm
1. Generate client certificate(s), then export the `.p12` file that contains the client certificate, private key, and CA certificate. 1. Generate client certificate(s), then export the `.p12` file that contains the client certificate, private key, and CA certificate.
**Note:** You may repeat this step to generate certificates for additional VPN clients, but make sure to replace every `vpnclient` with `vpnclient2`, etc. To connect multiple VPN clients simultaneously, you must generate a unique certificate for each. **Note:** You may repeat this step to generate certificates for additional VPN clients, but make sure to replace every `vpnclient` with `vpnclient2`, etc. To connect multiple VPN clients, you must generate a unique certificate for each.
Generate client certificate: Generate client certificate:
@ -794,9 +794,9 @@ Save the file and run `service ipsec restart`. As of 2021-01-20, the IKEv2 helpe
### Unable to connect multiple IKEv2 clients ### Unable to connect multiple IKEv2 clients
To connect multiple IKEv2 clients simultaneously, you must [generate a unique certificate](#add-a-client-certificate) for each. To connect multiple IKEv2 clients, you must [generate a unique certificate](#add-a-client-certificate) for each.
If you are unable to connect multiple IKEv2 clients simultaneously from behind the same NAT (e.g. home router), apply this fix: Edit `/etc/ipsec.d/ikev2.conf` on the VPN server, find the line `leftid=@<your_server_ip>` and remove the `@`, i.e. replace it with `leftid=<your_server_ip>`. Save the file and run `service ipsec restart`. Do not apply this fix if `leftid` is a DNS name, which is not affected. As of 2021-02-01, the IKEv2 helper script was updated to include this fix. If you are unable to connect multiple IKEv2 clients from behind the same NAT (e.g. home router), apply this fix: Edit `/etc/ipsec.d/ikev2.conf` on the VPN server, find the line `leftid=@<your_server_ip>` and remove the `@`, i.e. replace it with `leftid=<your_server_ip>`. Save the file and run `service ipsec restart`. Do not apply this fix if `leftid` is a DNS name, which is not affected. As of 2021-02-01, the IKEv2 helper script was updated to include this fix.
### Other known issues ### Other known issues