mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-02-07 15:59:25 +03:00
Code Issues Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
hwdsl2 2019-04-24 22:09:23 -05:00
parent e61efe242e
commit 4c55131587
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docs/clients-zh.md
View File

@ -207,6 +207,7 @@ Fedora 28 (和更新版本)和 CentOS 7 用户可以使用更高效的 [IPse
* [iOS/Android 睡眠模式](#iosandroid-睡眠模式)
* [Android 6 及以上版本](#android-6-及以上版本)
* [Chromebook 连接问题](#chromebook-连接问题)
* [访问 VPN 服务器的网段](#访问-vpn-服务器的网段)
* [其它错误](#其它错误)
* [额外的步骤](#额外的步骤)
@ -286,6 +287,22 @@ Android 设备在进入睡眠模式不久后也会断开 Wi-Fi 连接,如果
Chromebook 用户: 如果你无法连接,请尝试以下步骤:编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到这一行 `phase2alg=...` 并在结尾加上 `,aes_gcm-null` 。保存修改并运行 `service ipsec restart`
### 访问 VPN 服务器的网段
如果要允许 VPN 客户端访问 VPN 服务器所在的网段,你需要在搭建 VPN 服务器之后手动添加 IPTables 规则。例如,如果网段是 `192.168.0.0/24`
```
# For IPsec/L2TP
iptables -I FORWARD 2 -i ppp+ -d 192.168.0.0/24 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.0.0/24 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# For IPsec/XAuth ("Cisco IPsec")
iptables -I FORWARD 2 -s 192.168.43.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.0.0/24 -d 192.168.43.0/24 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
```
为了让这些 IPTables 规则在重启后继续有效,你可以将它们添加到文件 `/etc/iptables.rules` 和/或 `/etc/iptables/rules.v4` (Ubuntu/Debian),或者 `/etc/sysconfig/iptables` (CentOS/RHEL)。
### 其它错误
如果你遇到其它错误,请参见以下链接:

17
docs/clients.md
View File

@ -207,6 +207,7 @@ First check <a href="https://github.com/nm-l2tp/network-manager-l2tp/wiki/Prebui
* [iOS/Android sleep mode](#iosandroid-sleep-mode)
* [Android 6 and above](#android-6-and-above)
* [Chromebook issues](#chromebook-issues)
* [Access VPN server's subnet](#access-vpn-servers-subnet)
* [Other errors](#other-errors)
* [Additional steps](#additional-steps)
@ -282,6 +283,22 @@ If you are unable to connect using Android 6 or above:
![Android VPN workaround](images/vpn-profile-Android.png)
### Access VPN server's subnet
If you wish to allow VPN clients to access the VPN server's subnet, you'll need to manually add IPTables rules after setting up the VPN server. For example, if the subnet is `192.168.0.0/24`:
```
# For IPsec/L2TP
iptables -I FORWARD 2 -i ppp+ -d 192.168.0.0/24 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.0.0/24 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# For IPsec/XAuth ("Cisco IPsec")
iptables -I FORWARD 2 -s 192.168.43.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.0.0/24 -d 192.168.43.0/24 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
```
To make these IPTables rules persist after reboot, you may add them to file `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS/RHEL).
### Chromebook issues
Chromebook users: If you are unable to connect, try these steps: Edit `/etc/ipsec.conf` on the VPN server. Find the line `phase2alg=...` and append `,aes_gcm-null` at the end. Save the file and run `service ipsec restart`.