1
0
mirror of synced 2024-11-25 14:26:09 +03:00

Minor corrections to docs

This commit is contained in:
hwdsl2 2016-05-17 21:54:51 -05:00
parent d5f4a1ecaa
commit 3afa732b6d
6 changed files with 14 additions and 10 deletions

View File

@ -2,7 +2,7 @@
*其他语言版本: [English](README.md), [简体中文](README-zh.md).*
使用这些 Linux Shell 脚本一键快速搭建 IPsec/L2TP VPN 服务器。支持 UbuntuDebian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证(或者可以自动生成),然后运行脚本自动完成安装。
使用这些 Linux Shell 脚本一键快速搭建 IPsec/L2TP VPN 服务器。支持 UbuntuDebian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,或者选择随机生成凭证。然后运行脚本自动完成安装。
我们将使用 <a href="https://libreswan.org/" target="_blank">Libreswan</a> 作为 IPsec 服务器,以及 <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> 作为 L2TP 提供者。
@ -24,7 +24,7 @@
## 功能特性
- :tada: **新特性:** 在 `IPsec/L2TP` 的基础上新增对 `IPsec/XAUTH` 的支持
- :tada: **NEW** 新增支持更高效的 `IPsec/XAUTH` (也称为 `Cisco IPsec` 模式
- 全自动的 IPsec/L2TP VPN 服务器配置,无需用户输入
- 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持
- 可直接作为 Amazon EC2 实例创建时的用户数据使用
@ -94,7 +94,7 @@ sudo sh vpnsetup_centos.sh
配置你的计算机或其它设备使用 VPN 。请参见: <a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
**新特性:** 在 `IPsec/L2TP` 的基础上,现在新增对 `IPsec/XAUTH` 的支持。请参见: <a href="docs/clients-xauth-zh.md" target="_blank">配置 IPsec/XAUTH VPN 客户端</a>
**NEW** 新增支持更高效的 `IPsec/XAUTH` (也称为 `Cisco IPsec` 模式。请参考 <a href="docs/clients-xauth-zh.md" target="_blank">配置 IPsec/XAUTH VPN 客户端</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
@ -102,7 +102,7 @@ sudo sh vpnsetup_centos.sh
**Windows 用户** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到`Error 628`,请打开 VPN 连接属性的<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">"安全"选项卡</a>,启用 `CHAP` 选项并禁用 `MS-CHAP v2`
**Android 6 (Marshmallow) 用户**: 请编辑 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 。另外<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">增加一行</a> `sha2-truncbug=yes` 。每行开头必须空两格。保存修改并运行 `service ipsec restart`
**Android 6 (Marshmallow) 用户** 请参见此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
如果要创建具有不同凭据的多个 VPN 用户,只需要<a href="docs/enable-multiple-users.txt" target="_blank">修改这几行的脚本</a>

View File

@ -2,7 +2,7 @@
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
With these scripts, you can set up your own IPsec/L2TP VPN server in just a few minutes on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials (or auto-generate them). The scripts will handle the rest.
These scripts will let you set up your own IPsec/L2TP VPN server in no more than a minute on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, or auto-generate them. The scripts will handle the rest.
We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as the IPsec server, and <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> as the L2TP provider.
@ -24,7 +24,7 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
## Features
- :tada: **NEW:** `IPsec/XAUTH` is now supported in addition to `IPsec/L2TP`
- :tada: **NEW:** The faster `IPsec/XAUTH` (a.k.a. `Cisco IPsec`) mode is now supported
- Fully automated IPsec/L2TP VPN server setup, no user input needed
- Encapsulates all VPN traffic in UDP - does not need ESP protocol
- Can be directly used as "user-data" for a new Amazon EC2 instance
@ -94,7 +94,7 @@ If unable to download via `wget`, you may alternatively open <a href="vpnsetup.s
Get your computer or device to use the VPN. Please see: <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
**NEW:** `IPsec/XAUTH` is now supported in addition to `IPsec/L2TP`. See: <a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAUTH VPN Clients</a>.
**NEW:** The faster `IPsec/XAUTH` (a.k.a. `Cisco IPsec`) mode is now supported. See: <a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAUTH VPN Clients</a>.
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
@ -102,7 +102,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). In case you see `Error 628`, go to <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">the "Security" tab</a> of VPN connection properties, enable `CHAP` and disable `MS-CHAP v2`.
**Android 6 (Marshmallow) users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=`. Then <a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">add a new line</a> `sha2-truncbug=yes`. Indent lines with two spaces. Finally, run `service ipsec restart`.
**Android 6 (Marshmallow) users** Please see notes in <a href="docs/clients.md#android" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
To create multiple VPN users with different credentials, just <a href="docs/enable-multiple-users.txt" target="_blank">edit a few lines</a> in the scripts.

View File

@ -72,6 +72,8 @@ VPN 连接成功后,会在 VPN Connect 状态窗口中显示 **tunnel enabled*
1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接**
注: Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 。然后在 `conn shared` 部分增加一行 `sha2-truncbug=yes` (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">参见这里</a>)。每行开头必须空两格。保存修改并运行 `service ipsec restart`
VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
### iOS ###

View File

@ -72,6 +72,8 @@ You can connect to the VPN using the VPN icon in the menu bar, or by selecting t
1. Check the **Save account information** checkbox.
1. Tap **Connect**.
Note for Android 6 (Marshmallow) users: On the VPN server, edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` under section `conn shared` (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Reference</a>). Indent lines with two spaces. When finished, run `service ipsec restart`.
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
### iOS ###

View File

@ -78,7 +78,7 @@
1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接**
注: Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256`另外<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">增加一行</a> `sha2-truncbug=yes` 。每行开头必须空两格。保存修改并运行 `service ipsec restart`
注: Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256`然后在 `conn shared` 部分增加一行 `sha2-truncbug=yes` (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">参见这里</a>)。每行开头必须空两格。保存修改并运行 `service ipsec restart`
VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。

View File

@ -78,7 +78,7 @@ You can connect to the VPN using the VPN icon in the menu bar, or by selecting t
1. Check the **Save account information** checkbox.
1. Tap **Connect**.
Note for Android 6 (Marshmallow) users: On the VPN server, edit the file `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then <a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">add a new line</a> `sha2-truncbug=yes` after those. Indent lines with two spaces. When finished, save the file and run `service ipsec restart`.
Note for Android 6 (Marshmallow) users: On the VPN server, edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` under section `conn shared` (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Reference</a>). Indent lines with two spaces. When finished, run `service ipsec restart`.
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".