From 5525c407c503b5b1a15cdd1721697e9e9bae9851 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sat, 27 Aug 2022 00:09:14 -0500 Subject: [PATCH] Update docs - Update split tunneling instructions in advanced usage. - Ref: #1218 --- docs/advanced-usage-zh.md | 10 ---------- docs/advanced-usage.md | 16 +++------------- 2 files changed, 3 insertions(+), 23 deletions(-) diff --git a/docs/advanced-usage-zh.md b/docs/advanced-usage-zh.md index a018886..8884481 100644 --- a/docs/advanced-usage-zh.md +++ b/docs/advanced-usage-zh.md @@ -252,14 +252,9 @@ IPsec/XAuth ("Cisco IPsec") 模式:启用 VPN 分流 (split tunneling) 下面的示例 **仅适用于** IPsec/XAuth ("Cisco IPsec") 模式。这些命令必须用 `root` 账户运行。 1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `conn xauth-psk` 小节中,将 `leftsubnet=0.0.0.0/0` 替换为你想要 VPN 客户端通过 VPN 隧道发送流量的子网。例如: - 对于单个子网: ``` leftsubnet=10.123.123.0/24 ``` - 对于多个子网(使用 `leftsubnets`): - ``` - leftsubnets="10.123.123.0/24,10.100.0.0/16" - ``` 1. **(重要)** 重启 IPsec 服务: ``` service ipsec restart @@ -274,14 +269,9 @@ IKEv2 模式:启用 VPN 分流 (split tunneling) 下面的示例 **仅适用于** IKEv2 模式。这些命令必须用 `root` 账户运行。 1. 编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`。在 `conn ikev2-cp` 小节中,将 `leftsubnet=0.0.0.0/0` 替换为你想要 VPN 客户端通过 VPN 隧道发送流量的子网。例如: - 对于单个子网: ``` leftsubnet=10.123.123.0/24 ``` - 对于多个子网(使用 `leftsubnets`): - ``` - leftsubnets="10.123.123.0/24,10.100.0.0/16" - ``` 1. **(重要)** 重启 IPsec 服务: ``` service ipsec restart diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 687767d..f176a0b 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -240,7 +240,7 @@ If you want the rules to persist after reboot, you may add these commands to `/e ## Split tunneling -With split tunneling, VPN clients will only send traffic for specific destination subnet(s) through the VPN tunnel. Other traffic will NOT go through the VPN tunnel. Split tunneling has some limitations, and is not supported by all VPN clients. +With split tunneling, VPN clients will only send traffic for a specific destination subnet through the VPN tunnel. Other traffic will NOT go through the VPN tunnel. Split tunneling has some limitations, and is not supported by all VPN clients. Advanced users can optionally enable split tunneling for the [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) and/or [IKEv2](ikev2-howto.md) modes. Expand for details. IPsec/L2TP mode does NOT support this feature. @@ -251,15 +251,10 @@ IPsec/XAuth ("Cisco IPsec") mode: Enable split tunneling The example below **ONLY** applies to IPsec/XAuth ("Cisco IPsec") mode. Commands must be run as `root`. -1. Edit `/etc/ipsec.conf` on the VPN server. In the section `conn xauth-psk`, replace `leftsubnet=0.0.0.0/0` with the subnet(s) you want VPN clients to send traffic through the VPN tunnel. For example: - For a single subnet: +1. Edit `/etc/ipsec.conf` on the VPN server. In the section `conn xauth-psk`, replace `leftsubnet=0.0.0.0/0` with the subnet you want VPN clients to send traffic through the VPN tunnel. For example: ``` leftsubnet=10.123.123.0/24 ``` - For multiple subnets (use `leftsubnets` instead): - ``` - leftsubnets="10.123.123.0/24,10.100.0.0/16" - ``` 1. **(Important)** Restart the IPsec service: ``` service ipsec restart @@ -273,15 +268,10 @@ IKEv2 mode: Enable split tunneling The example below **ONLY** applies to IKEv2 mode. Commands must be run as `root`. -1. Edit `/etc/ipsec.d/ikev2.conf` on the VPN server. In the section `conn ikev2-cp`, replace `leftsubnet=0.0.0.0/0` with the subnet(s) you want VPN clients to send traffic through the VPN tunnel. For example: - For a single subnet: +1. Edit `/etc/ipsec.d/ikev2.conf` on the VPN server. In the section `conn ikev2-cp`, replace `leftsubnet=0.0.0.0/0` with the subnet you want VPN clients to send traffic through the VPN tunnel. For example: ``` leftsubnet=10.123.123.0/24 ``` - For multiple subnets (use `leftsubnets` instead): - ``` - leftsubnets="10.123.123.0/24,10.100.0.0/16" - ``` 1. **(Important)** Restart the IPsec service: ``` service ipsec restart