Move README section to new docs
This commit is contained in:
parent
c8f0d7e7e7
commit
455f659c59
40
README-zh.md
40
README-zh.md
@ -17,7 +17,6 @@
|
|||||||
- [CentOS & RHEL](#centos--rhel)
|
- [CentOS & RHEL](#centos--rhel)
|
||||||
- [下一步](#下一步)
|
- [下一步](#下一步)
|
||||||
- [重要提示](#重要提示)
|
- [重要提示](#重要提示)
|
||||||
- [管理 VPN 用户](#管理-vpn-用户)
|
|
||||||
- [关于升级Libreswan](#关于升级libreswan)
|
- [关于升级Libreswan](#关于升级libreswan)
|
||||||
- [问题和反馈](#问题和反馈)
|
- [问题和反馈](#问题和反馈)
|
||||||
- [另见](#另见)
|
- [另见](#另见)
|
||||||
@ -107,49 +106,14 @@ sudo sh vpnsetup_centos.sh
|
|||||||
|
|
||||||
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>。
|
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>。
|
||||||
|
|
||||||
|
如果你需要添加,编辑或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。
|
||||||
|
|
||||||
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果要使用另外的 DNS 服务商,可以编辑文件 `options.xl2tpd` 和 `ipsec.conf` 并用新的服务器替换 `8.8.8.8` 和 `8.8.4.4`。然后重新启动系统。
|
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果要使用另外的 DNS 服务商,可以编辑文件 `options.xl2tpd` 和 `ipsec.conf` 并用新的服务器替换 `8.8.8.8` 和 `8.8.4.4`。然后重新启动系统。
|
||||||
|
|
||||||
如果你为服务器配置了自定义 SSH 端口(不是 22)或其他服务,请在使用前编辑脚本中的 IPTables 防火墙规则。
|
如果你为服务器配置了自定义 SSH 端口(不是 22)或其他服务,请在使用前编辑脚本中的 IPTables 防火墙规则。
|
||||||
|
|
||||||
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
|
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
|
||||||
|
|
||||||
## 管理 VPN 用户
|
|
||||||
|
|
||||||
在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要添加,编辑或者删除用户,请阅读本节。
|
|
||||||
|
|
||||||
首先,IPsec PSK (预共享密钥) 保存在文件 `/etc/ipsec.secrets`。如果要更换一个新的 PSK,可以编辑此文件。
|
|
||||||
|
|
||||||
```bash
|
|
||||||
<VPN Server IP> %any : PSK "<VPN IPsec PSK>"
|
|
||||||
```
|
|
||||||
|
|
||||||
对于 `IPsec/L2TP`,VPN 用户账户信息保存在文件 `/etc/ppp/chap-secrets`。该文件的格式如下:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
"<VPN User 1>" l2tpd "<VPN Password 1>" *
|
|
||||||
"<VPN User 2>" l2tpd "<VPN Password 2>" *
|
|
||||||
... ...
|
|
||||||
```
|
|
||||||
|
|
||||||
你可以添加更多用户,每个用户对应文件中的一行。**不要**在用户名,密码或 PSK 中使用这些字符:`\ " '`
|
|
||||||
|
|
||||||
对于 `IPsec/XAuth ("Cisco IPsec")`, VPN 用户账户信息保存在文件 `/etc/ipsec.d/passwd`。该文件的格式如下:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
<VPN User 1>:<VPN Password 1 (hashed)>:xauth-psk
|
|
||||||
<VPN User 2>:<VPN Password 2 (hashed)>:xauth-psk
|
|
||||||
... ...
|
|
||||||
```
|
|
||||||
|
|
||||||
这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# The output will be <VPN Password 1 (hashed)>
|
|
||||||
openssl passwd -1 "<VPN Password 1>"
|
|
||||||
```
|
|
||||||
|
|
||||||
在完成修改之后,需要重启服务器。
|
|
||||||
|
|
||||||
## 关于升级Libreswan
|
## 关于升级Libreswan
|
||||||
|
|
||||||
提供两个额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> 和 <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于升级 Libreswan。请关注<a href="https://libreswan.org" target="_blank">官方网站</a>,并在运行前根据需要更新 `swan_ver` 变量。
|
提供两个额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> 和 <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于升级 Libreswan。请关注<a href="https://libreswan.org" target="_blank">官方网站</a>,并在运行前根据需要更新 `swan_ver` 变量。
|
||||||
|
40
README.md
40
README.md
@ -17,7 +17,6 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
|
|||||||
- [CentOS & RHEL](#centos--rhel)
|
- [CentOS & RHEL](#centos--rhel)
|
||||||
- [Next Steps](#next-steps)
|
- [Next Steps](#next-steps)
|
||||||
- [Important Notes](#important-notes)
|
- [Important Notes](#important-notes)
|
||||||
- [Manage VPN Users](#manage-vpn-users)
|
|
||||||
- [Upgrading Libreswan](#upgrading-libreswan)
|
- [Upgrading Libreswan](#upgrading-libreswan)
|
||||||
- [Bugs & Questions](#bugs--questions)
|
- [Bugs & Questions](#bugs--questions)
|
||||||
- [See Also](#see-also)
|
- [See Also](#see-also)
|
||||||
@ -107,49 +106,14 @@ For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_V
|
|||||||
|
|
||||||
**Android 6 (Marshmallow) users**: Please see notes in <a href="docs/clients.md#android" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
|
**Android 6 (Marshmallow) users**: Please see notes in <a href="docs/clients.md#android" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
|
||||||
|
|
||||||
|
If you wish to add, edit or remove VPN user accounts, refer to <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.
|
||||||
|
|
||||||
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `options.xl2tpd` and `ipsec.conf` with new ones. Then reboot your server.
|
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `options.xl2tpd` and `ipsec.conf` with new ones. Then reboot your server.
|
||||||
|
|
||||||
For servers with a custom SSH port (not 22) or other services, edit IPTables rules in the script before using.
|
For servers with a custom SSH port (not 22) or other services, edit IPTables rules in the script before using.
|
||||||
|
|
||||||
The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
|
The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
|
||||||
|
|
||||||
## Manage VPN Users
|
|
||||||
|
|
||||||
By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this section.
|
|
||||||
|
|
||||||
First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
<VPN Server IP> %any : PSK "<VPN IPsec PSK>"
|
|
||||||
```
|
|
||||||
|
|
||||||
For `IPsec/L2TP`, VPN users are specified in `/etc/ppp/chap-secrets`. The format of this file is:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
"<VPN User 1>" l2tpd "<VPN Password 1>" *
|
|
||||||
"<VPN User 2>" l2tpd "<VPN Password 2>" *
|
|
||||||
... ...
|
|
||||||
```
|
|
||||||
|
|
||||||
You can add more users, use one line for each user. DO NOT use these characters within values: `\ " '`
|
|
||||||
|
|
||||||
For `IPsec/XAuth ("Cisco IPsec")`, VPN users are specified in `/etc/ipsec.d/passwd`. The format of this file is:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
<VPN User 1>:<VPN Password 1 (hashed)>:xauth-psk
|
|
||||||
<VPN User 2>:<VPN Password 2 (hashed)>:xauth-psk
|
|
||||||
... ...
|
|
||||||
```
|
|
||||||
|
|
||||||
Passwords in this file are salted and hashed. This step can be done using e.g. the `openssl` utility:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# The output will be <VPN Password 1 (hashed)>
|
|
||||||
openssl passwd -1 "<VPN Password 1>"
|
|
||||||
```
|
|
||||||
|
|
||||||
When finished making changes, reboot your server.
|
|
||||||
|
|
||||||
## Upgrading Libreswan
|
## Upgrading Libreswan
|
||||||
|
|
||||||
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to upgrade Libreswan. Check the <a href="https://libreswan.org" target="_blank">official website</a> and update the `swan_ver` variable as necessary.
|
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to upgrade Libreswan. Check the <a href="https://libreswan.org" target="_blank">official website</a> and update the `swan_ver` variable as necessary.
|
||||||
|
38
docs/manage-users-zh.md
Normal file
38
docs/manage-users-zh.md
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
## 管理 VPN 用户
|
||||||
|
|
||||||
|
*其他语言版本: [English](manage-users.md), [简体中文](manage-users-zh.md).*
|
||||||
|
|
||||||
|
在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要添加,编辑或者删除用户,请阅读本文档。
|
||||||
|
|
||||||
|
首先,IPsec PSK (预共享密钥) 保存在文件 `/etc/ipsec.secrets`。如果要更换一个新的 PSK,可以编辑此文件。
|
||||||
|
|
||||||
|
```bash
|
||||||
|
<VPN Server IP> %any : PSK "<VPN IPsec PSK>"
|
||||||
|
```
|
||||||
|
|
||||||
|
对于 `IPsec/L2TP`,VPN 用户账户信息保存在文件 `/etc/ppp/chap-secrets`。该文件的格式如下:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
"<VPN User 1>" l2tpd "<VPN Password 1>" *
|
||||||
|
"<VPN User 2>" l2tpd "<VPN Password 2>" *
|
||||||
|
... ...
|
||||||
|
```
|
||||||
|
|
||||||
|
你可以添加更多用户,每个用户对应文件中的一行。**不要**在用户名,密码或 PSK 中使用这些字符:`\ " '`
|
||||||
|
|
||||||
|
对于 `IPsec/XAuth ("Cisco IPsec")`, VPN 用户账户信息保存在文件 `/etc/ipsec.d/passwd`。该文件的格式如下:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
<VPN User 1>:<VPN Password 1 (hashed)>:xauth-psk
|
||||||
|
<VPN User 2>:<VPN Password 2 (hashed)>:xauth-psk
|
||||||
|
... ...
|
||||||
|
```
|
||||||
|
|
||||||
|
这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# The output will be <VPN Password 1 (hashed)>
|
||||||
|
openssl passwd -1 "<VPN Password 1>"
|
||||||
|
```
|
||||||
|
|
||||||
|
在完成修改之后,需要重启服务器。
|
38
docs/manage-users.md
Normal file
38
docs/manage-users.md
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
## Manage VPN Users
|
||||||
|
|
||||||
|
*Read this in other languages: [English](manage-users.md), [简体中文](manage-users-zh.md).*
|
||||||
|
|
||||||
|
By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document.
|
||||||
|
|
||||||
|
First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
<VPN Server IP> %any : PSK "<VPN IPsec PSK>"
|
||||||
|
```
|
||||||
|
|
||||||
|
For `IPsec/L2TP`, VPN users are specified in `/etc/ppp/chap-secrets`. The format of this file is:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
"<VPN User 1>" l2tpd "<VPN Password 1>" *
|
||||||
|
"<VPN User 2>" l2tpd "<VPN Password 2>" *
|
||||||
|
... ...
|
||||||
|
```
|
||||||
|
|
||||||
|
You can add more users, use one line for each user. DO NOT use these characters within values: `\ " '`
|
||||||
|
|
||||||
|
For `IPsec/XAuth ("Cisco IPsec")`, VPN users are specified in `/etc/ipsec.d/passwd`. The format of this file is:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
<VPN User 1>:<VPN Password 1 (hashed)>:xauth-psk
|
||||||
|
<VPN User 2>:<VPN Password 2 (hashed)>:xauth-psk
|
||||||
|
... ...
|
||||||
|
```
|
||||||
|
|
||||||
|
Passwords in this file are salted and hashed. This step can be done using e.g. the `openssl` utility:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# The output will be <VPN Password 1 (hashed)>
|
||||||
|
openssl passwd -1 "<VPN Password 1>"
|
||||||
|
```
|
||||||
|
|
||||||
|
When finished making changes, reboot your server.
|
Loading…
Reference in New Issue
Block a user