From 373553001506f80fea2f8d33a636c2842f677506 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Mon, 16 Jan 2017 17:27:08 -0600 Subject: [PATCH] Update docs [ci skip] --- docs/ikev2-howto-zh.md | 11 ++++++++++- docs/ikev2-howto.md | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index a0cbe83..66f41bf 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -58,12 +58,21 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来 ikev2=insist rekey=no fragmentation=yes - forceencaps=yes ike=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256 phase2alg=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256 EOF ``` + 还需要在该文件中添加一行,根据 Libreswan 的版本而不同。请运行以下命令: + + ```bash + $ if /usr/local/sbin/ipsec --version | grep -qs -F "3.19"; then + echo " encapsulation=yes" >> /etc/ipsec.conf + else + echo " forceencaps=yes" >> /etc/ipsec.conf + fi + ``` + 1. 生成 Certificate Authority (CA) 和 VPN 服务器证书: 注: 使用 "-v" 参数指定证书的有效期(单位:月),例如 "-v 36"。 diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 4237303..e68a65b 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -58,12 +58,21 @@ Before continuing, make sure you have successfully > /etc/ipsec.conf + else + echo " forceencaps=yes" >> /etc/ipsec.conf + fi + ``` + 1. Generate Certificate Authority (CA) and VPN server certificates: Note: Specify the certificate validity period (in months) using "-v". e.g. "-v 36".