1
0
mirror of synced 2024-11-26 06:46:06 +03:00

Update README.md

This commit is contained in:
hwdsl2 2016-05-11 23:39:23 -05:00
parent 018309a328
commit 49aa56d0c4
2 changed files with 45 additions and 18 deletions

View File

@ -9,6 +9,19 @@
#### <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/" target="_blank">详细的 VPN 教程请参见我的博客文章</a> #### <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/" target="_blank">详细的 VPN 教程请参见我的博客文章</a>
## 目录
- [功能特性](#功能特性)
- [系统要求](#系统要求)
- [安装说明](#安装说明)
- [Ubuntu & Debian](#ubuntu--debian)
- [CentOS & RHEL](#centos--rhel)
- [下一步](#下一步)
- [重要提示](#重要提示)
- [关于升级Libreswan](#关于升级libreswan)
- [问题和反馈](#问题和反馈)
- [授权协议](#授权协议)
## 功能特性 ## 功能特性
- 全自动的 IPsec/L2TP VPN 服务器配置,无需用户输入 - 全自动的 IPsec/L2TP VPN 服务器配置,无需用户输入
@ -49,7 +62,7 @@ OpenVZ VPS 用户请使用其它的 VPN 软件,比如 <a href="https://github.
```bash ```bash
wget https://git.io/vpnsetup -O vpnsetup.sh wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh nano -w vpnsetup.sh
[修改这些参数为你自己的值: IPSEC_PSK, VPN_USER 和 VPN_PASSWORD] [修改为你自己的值: IPSEC_PSK, VPN_USER 和 VPN_PASSWORD]
sudo sh vpnsetup.sh sudo sh vpnsetup.sh
``` ```
@ -61,12 +74,18 @@ sudo sh vpnsetup.sh
yum -y install wget nano yum -y install wget nano
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh nano -w vpnsetup_centos.sh
[修改这些参数为你自己的值: IPSEC_PSK, VPN_USER 和 VPN_PASSWORD] [修改为你自己的值: IPSEC_PSK, VPN_USER 和 VPN_PASSWORD]
sudo sh vpnsetup_centos.sh sudo sh vpnsetup_centos.sh
``` ```
如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
## 下一步
配置你的计算机或其它设备使用 VPN 。请参见: <a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
## 重要提示 ## 重要提示
**Windows 用户** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到`Error 628`,请打开 VPN 连接属性的<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">"安全"选项卡</a>,启用 `CHAP` 选项并禁用 `MS-CHAP v2` **Windows 用户** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到`Error 628`,请打开 VPN 连接属性的<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">"安全"选项卡</a>,启用 `CHAP` 选项并禁用 `MS-CHAP v2`
@ -79,16 +98,10 @@ sudo sh vpnsetup_centos.sh
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。此设置可在 `options.xl2tpd` 文件的 `ms-dns` 项更改。 在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。此设置可在 `options.xl2tpd` 文件的 `ms-dns` 项更改。
如果服务器配置了自定义 SSH 端口(不是 22或其他服务请在运行脚本前编辑 <a href="vpnsetup.sh#L279" target="_blank">IPTables 防火墙规则</a> 如果服务器配置了自定义 SSH 端口(不是 22或其他服务请在运行脚本前编辑 <a href="vpnsetup.sh#L291" target="_blank">IPTables 防火墙规则</a>
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。 这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
## 下一步
配置你的计算机或其它设备使用 VPN 。请参见: <a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
## 关于升级Libreswan ## 关于升级Libreswan
提供两个额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a><a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于将已安装的 Libreswan 不定期升级至最新版本。请关注<a href="https://libreswan.org" target="_blank">官方网站</a>,并在运行前根据需要更新 `SWAN_VER` 变量。 提供两个额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a><a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于将已安装的 Libreswan 不定期升级至最新版本。请关注<a href="https://libreswan.org" target="_blank">官方网站</a>,并在运行前根据需要更新 `SWAN_VER` 变量。

View File

@ -8,6 +8,20 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
#### <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/" target="_blank">Link to my VPN tutorial with detailed instructions</a> #### <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/" target="_blank">Link to my VPN tutorial with detailed instructions</a>
## Table of Contents
- [Features](#features)
- [Requirements](#requirements)
- [Installation](#installation)
- [Ubuntu & Debian](#ubuntu--debian)
- [CentOS & RHEL](#centos--rhel)
- [Next Steps](#next-steps)
- [Important Notes](#important-notes)
- [Upgrading Libreswan](#upgrading-libreswan)
- [Bugs & Questions](#bugs--questions)
- [Author](#author)
- [License](#license)
## Features ## Features
- Fully automated IPsec/L2TP VPN server setup, no user input needed - Fully automated IPsec/L2TP VPN server setup, no user input needed
@ -48,7 +62,7 @@ First, update your system with `apt-get update && apt-get dist-upgrade` and rebo
```bash ```bash
wget https://git.io/vpnsetup -O vpnsetup.sh wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh nano -w vpnsetup.sh
[Edit and replace IPSEC_PSK, VPN_USER and VPN_PASSWORD with your own values] [Replace with your own values: IPSEC_PSK, VPN_USER and VPN_PASSWORD]
sudo sh vpnsetup.sh sudo sh vpnsetup.sh
``` ```
@ -60,12 +74,18 @@ First, update your system with `yum update` and reboot. This is optional, but re
yum -y install wget nano yum -y install wget nano
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh nano -w vpnsetup_centos.sh
[Edit and replace IPSEC_PSK, VPN_USER and VPN_PASSWORD with your own values] [Replace with your own values: IPSEC_PSK, VPN_USER and VPN_PASSWORD]
sudo sh vpnsetup_centos.sh sudo sh vpnsetup_centos.sh
``` ```
If unable to download via `wget`, you may alternatively open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor. If unable to download via `wget`, you may alternatively open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
## Next Steps
Get your computer or device to use the VPN. Please see: <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important Notes ## Important Notes
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). In case you see `Error 628`, go to <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">the "Security" tab</a> of VPN connection properties, enable `CHAP` and disable `MS-CHAP v2`. For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). In case you see `Error 628`, go to <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">the "Security" tab</a> of VPN connection properties, enable `CHAP` and disable `MS-CHAP v2`.
@ -78,16 +98,10 @@ To enable multiple VPN users with different credentials, just <a href="docs/enab
Clients are configured to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. To change, set `ms-dns` in `options.xl2tpd`. Clients are configured to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. To change, set `ms-dns` in `options.xl2tpd`.
For servers with a custom SSH port (not 22) or other services, edit the <a href="vpnsetup.sh#L279" target="_blank">IPTables rules</a> before using. For servers with a custom SSH port (not 22) or other services, edit the <a href="vpnsetup.sh#L291" target="_blank">IPTables rules</a> before using.
The scripts will backup existing config files before making changes, with `.old-date-time` suffix. The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
## Next Steps
Get your computer or device to use the VPN. Please see: <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Upgrading Libreswan ## Upgrading Libreswan
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to periodically upgrade Libreswan to the latest version. Check the <a href="https://libreswan.org" target="_blank">official website</a> and update the `SWAN_VER` variable as necessary. The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to periodically upgrade Libreswan to the latest version. Check the <a href="https://libreswan.org" target="_blank">official website</a> and update the `SWAN_VER` variable as necessary.