Update docs
This commit is contained in:
parent
025387df91
commit
4b15a5d2f9
@ -74,7 +74,13 @@ VPN 连接成功后,你会在 VPN Connect 状态窗口中看到 **tunnel enabl
|
|||||||
|
|
||||||
## Android
|
## Android
|
||||||
|
|
||||||
> 你也可以使用 [IKEv2](ikev2-howto-zh.md)(推荐)或者 [IPsec/L2TP](clients-zh.md) 模式连接。Android 12 仅支持 [IKEv2](ikev2-howto-zh.md) 模式。
|
**重要:** Android 用户应该使用更安全的 [IKEv2 模式](ikev2-howto-zh.md) 连接(推荐)。Android 12+ 仅支持 IKEv2 模式。Android 系统自带的 VPN 客户端对 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式使用安全性较低的 `modp1024` (DH group 2)。
|
||||||
|
|
||||||
|
如果你仍然想用 IPsec/XAuth 模式连接,你必须首先编辑 VPN 服务器上的 `/etc/ipsec.conf` 并在 `ike=...` 一行的末尾加上 `,aes256-sha2;modp1024,aes128-sha1;modp1024` 字样。保存文件并运行 `sudo service ipsec restart`。
|
||||||
|
|
||||||
|
Docker 用户:在 [你的 env 文件](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#如何使用本镜像) 中添加 `VPN_ENABLE_MODP1024=yes`,然后重新创建 Docker 容器。
|
||||||
|
|
||||||
|
然后在你的 Android 设备上进行以下步骤:
|
||||||
|
|
||||||
1. 启动 **设置** 应用程序。
|
1. 启动 **设置** 应用程序。
|
||||||
1. 单击 **网络和互联网**。或者,如果你使用 Android 7 或更早版本,在 **无线和网络** 部分单击 **更多...**。
|
1. 单击 **网络和互联网**。或者,如果你使用 Android 7 或更早版本,在 **无线和网络** 部分单击 **更多...**。
|
||||||
|
@ -74,7 +74,13 @@ If you get an error when trying to connect, see [Troubleshooting](clients.md#tro
|
|||||||
|
|
||||||
## Android
|
## Android
|
||||||
|
|
||||||
> You may also connect using [IKEv2](ikev2-howto.md) (recommended) or [IPsec/L2TP](clients.md) mode. Android 12 only supports [IKEv2](ikev2-howto.md) mode.
|
**Important:** Android users should instead connect using [IKEv2 mode](ikev2-howto.md) (recommended), which is more secure. Android 12+ only supports IKEv2 mode. The native VPN client in Android uses the less secure `modp1024` (DH group 2) for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
|
||||||
|
|
||||||
|
If you still want to connect using IPsec/XAuth mode, you must first edit `/etc/ipsec.conf` on the VPN server. Find the line `ike=...` and append `,aes256-sha2;modp1024,aes128-sha1;modp1024` at the end. Save the file and run `sudo service ipsec restart`.
|
||||||
|
|
||||||
|
Docker users: Add `VPN_ENABLE_MODP1024=yes` to [your env file](https://github.com/hwdsl2/docker-ipsec-vpn-server#how-to-use-this-image), then re-create the Docker container.
|
||||||
|
|
||||||
|
After that, follow the steps below on your Android device:
|
||||||
|
|
||||||
1. Launch the **Settings** application.
|
1. Launch the **Settings** application.
|
||||||
1. Tap "Network & internet". Or, if using Android 7 or earlier, tap **More...** in the **Wireless & networks** section.
|
1. Tap "Network & internet". Or, if using Android 7 or earlier, tap **More...** in the **Wireless & networks** section.
|
||||||
|
@ -145,7 +145,13 @@ Add-VpnConnection -Name 'My IPsec VPN' -ServerAddress '你的 VPN 服务器 IP'
|
|||||||
|
|
||||||
## Android
|
## Android
|
||||||
|
|
||||||
> 你也可以使用 [IKEv2](ikev2-howto-zh.md)(推荐)或者 [IPsec/XAuth](clients-xauth-zh.md) 模式连接。Android 12 仅支持 [IKEv2](ikev2-howto-zh.md) 模式。
|
**重要:** Android 用户应该使用更安全的 [IKEv2 模式](ikev2-howto-zh.md) 连接(推荐)。Android 12+ 仅支持 IKEv2 模式。Android 系统自带的 VPN 客户端对 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式使用安全性较低的 `modp1024` (DH group 2)。
|
||||||
|
|
||||||
|
如果你仍然想用 IPsec/L2TP 模式连接,你必须首先编辑 VPN 服务器上的 `/etc/ipsec.conf` 并在 `ike=...` 一行的末尾加上 `,aes256-sha2;modp1024,aes128-sha1;modp1024` 字样。保存文件并运行 `sudo service ipsec restart`。
|
||||||
|
|
||||||
|
Docker 用户:在 [你的 env 文件](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#如何使用本镜像) 中添加 `VPN_ENABLE_MODP1024=yes`,然后重新创建 Docker 容器。
|
||||||
|
|
||||||
|
然后在你的 Android 设备上进行以下步骤:
|
||||||
|
|
||||||
1. 启动 **设置** 应用程序。
|
1. 启动 **设置** 应用程序。
|
||||||
1. 单击 **网络和互联网**。或者,如果你使用 Android 7 或更早版本,在 **无线和网络** 部分单击 **更多...**。
|
1. 单击 **网络和互联网**。或者,如果你使用 Android 7 或更早版本,在 **无线和网络** 部分单击 **更多...**。
|
||||||
|
@ -144,7 +144,13 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti
|
|||||||
|
|
||||||
## Android
|
## Android
|
||||||
|
|
||||||
> You may also connect using [IKEv2](ikev2-howto.md) (recommended) or [IPsec/XAuth](clients-xauth.md) mode. Android 12 only supports [IKEv2](ikev2-howto.md) mode.
|
**Important:** Android users should instead connect using [IKEv2 mode](ikev2-howto.md) (recommended), which is more secure. Android 12+ only supports IKEv2 mode. The native VPN client in Android uses the less secure `modp1024` (DH group 2) for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
|
||||||
|
|
||||||
|
If you still want to connect using IPsec/L2TP mode, you must first edit `/etc/ipsec.conf` on the VPN server. Find the line `ike=...` and append `,aes256-sha2;modp1024,aes128-sha1;modp1024` at the end. Save the file and run `sudo service ipsec restart`.
|
||||||
|
|
||||||
|
Docker users: Add `VPN_ENABLE_MODP1024=yes` to [your env file](https://github.com/hwdsl2/docker-ipsec-vpn-server#how-to-use-this-image), then re-create the Docker container.
|
||||||
|
|
||||||
|
After that, follow the steps below on your Android device:
|
||||||
|
|
||||||
1. Launch the **Settings** application.
|
1. Launch the **Settings** application.
|
||||||
1. Tap "Network & internet". Or, if using Android 7 or earlier, tap **More...** in the **Wireless & networks** section.
|
1. Tap "Network & internet". Or, if using Android 7 or earlier, tap **More...** in the **Wireless & networks** section.
|
||||||
|
Loading…
Reference in New Issue
Block a user