1
0
mirror of synced 2024-11-22 13:06:02 +03:00

Update docs

- Update split tunneling instructions in advanced usage.
- Ref: #1218
This commit is contained in:
hwdsl2 2022-08-27 00:09:14 -05:00
parent 5d469239a0
commit 5525c407c5
2 changed files with 3 additions and 23 deletions

View File

@ -252,14 +252,9 @@ IPsec/XAuth ("Cisco IPsec") 模式:启用 VPN 分流 (split tunneling)
下面的示例 **仅适用于** IPsec/XAuth ("Cisco IPsec") 模式。这些命令必须用 `root` 账户运行。 下面的示例 **仅适用于** IPsec/XAuth ("Cisco IPsec") 模式。这些命令必须用 `root` 账户运行。
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `conn xauth-psk` 小节中,将 `leftsubnet=0.0.0.0/0` 替换为你想要 VPN 客户端通过 VPN 隧道发送流量的子网。例如: 1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `conn xauth-psk` 小节中,将 `leftsubnet=0.0.0.0/0` 替换为你想要 VPN 客户端通过 VPN 隧道发送流量的子网。例如:
对于单个子网:
``` ```
leftsubnet=10.123.123.0/24 leftsubnet=10.123.123.0/24
``` ```
对于多个子网(使用 `leftsubnets`
```
leftsubnets="10.123.123.0/24,10.100.0.0/16"
```
1. **(重要)** 重启 IPsec 服务: 1. **(重要)** 重启 IPsec 服务:
``` ```
service ipsec restart service ipsec restart
@ -274,14 +269,9 @@ IKEv2 模式:启用 VPN 分流 (split tunneling)
下面的示例 **仅适用于** IKEv2 模式。这些命令必须用 `root` 账户运行。 下面的示例 **仅适用于** IKEv2 模式。这些命令必须用 `root` 账户运行。
1. 编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`。在 `conn ikev2-cp` 小节中,将 `leftsubnet=0.0.0.0/0` 替换为你想要 VPN 客户端通过 VPN 隧道发送流量的子网。例如: 1. 编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`。在 `conn ikev2-cp` 小节中,将 `leftsubnet=0.0.0.0/0` 替换为你想要 VPN 客户端通过 VPN 隧道发送流量的子网。例如:
对于单个子网:
``` ```
leftsubnet=10.123.123.0/24 leftsubnet=10.123.123.0/24
``` ```
对于多个子网(使用 `leftsubnets`
```
leftsubnets="10.123.123.0/24,10.100.0.0/16"
```
1. **(重要)** 重启 IPsec 服务: 1. **(重要)** 重启 IPsec 服务:
``` ```
service ipsec restart service ipsec restart

View File

@ -240,7 +240,7 @@ If you want the rules to persist after reboot, you may add these commands to `/e
## Split tunneling ## Split tunneling
With split tunneling, VPN clients will only send traffic for specific destination subnet(s) through the VPN tunnel. Other traffic will NOT go through the VPN tunnel. Split tunneling has some limitations, and is not supported by all VPN clients. With split tunneling, VPN clients will only send traffic for a specific destination subnet through the VPN tunnel. Other traffic will NOT go through the VPN tunnel. Split tunneling has some limitations, and is not supported by all VPN clients.
Advanced users can optionally enable split tunneling for the [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) and/or [IKEv2](ikev2-howto.md) modes. Expand for details. IPsec/L2TP mode does NOT support this feature. Advanced users can optionally enable split tunneling for the [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) and/or [IKEv2](ikev2-howto.md) modes. Expand for details. IPsec/L2TP mode does NOT support this feature.
@ -251,15 +251,10 @@ IPsec/XAuth ("Cisco IPsec") mode: Enable split tunneling
The example below **ONLY** applies to IPsec/XAuth ("Cisco IPsec") mode. Commands must be run as `root`. The example below **ONLY** applies to IPsec/XAuth ("Cisco IPsec") mode. Commands must be run as `root`.
1. Edit `/etc/ipsec.conf` on the VPN server. In the section `conn xauth-psk`, replace `leftsubnet=0.0.0.0/0` with the subnet(s) you want VPN clients to send traffic through the VPN tunnel. For example: 1. Edit `/etc/ipsec.conf` on the VPN server. In the section `conn xauth-psk`, replace `leftsubnet=0.0.0.0/0` with the subnet you want VPN clients to send traffic through the VPN tunnel. For example:
For a single subnet:
``` ```
leftsubnet=10.123.123.0/24 leftsubnet=10.123.123.0/24
``` ```
For multiple subnets (use `leftsubnets` instead):
```
leftsubnets="10.123.123.0/24,10.100.0.0/16"
```
1. **(Important)** Restart the IPsec service: 1. **(Important)** Restart the IPsec service:
``` ```
service ipsec restart service ipsec restart
@ -273,15 +268,10 @@ IKEv2 mode: Enable split tunneling
The example below **ONLY** applies to IKEv2 mode. Commands must be run as `root`. The example below **ONLY** applies to IKEv2 mode. Commands must be run as `root`.
1. Edit `/etc/ipsec.d/ikev2.conf` on the VPN server. In the section `conn ikev2-cp`, replace `leftsubnet=0.0.0.0/0` with the subnet(s) you want VPN clients to send traffic through the VPN tunnel. For example: 1. Edit `/etc/ipsec.d/ikev2.conf` on the VPN server. In the section `conn ikev2-cp`, replace `leftsubnet=0.0.0.0/0` with the subnet you want VPN clients to send traffic through the VPN tunnel. For example:
For a single subnet:
``` ```
leftsubnet=10.123.123.0/24 leftsubnet=10.123.123.0/24
``` ```
For multiple subnets (use `leftsubnets` instead):
```
leftsubnets="10.123.123.0/24,10.100.0.0/16"
```
1. **(Important)** Restart the IPsec service: 1. **(Important)** Restart the IPsec service:
``` ```
service ipsec restart service ipsec restart