Update docs
This commit is contained in:
parent
4f8a19d337
commit
5943b2a041
@ -425,7 +425,9 @@ service xl2tpd restart
|
|||||||
|
|
||||||
**Docker 用户:** 运行 `docker restart ipsec-vpn-server`。
|
**Docker 用户:** 运行 `docker restart ipsec-vpn-server`。
|
||||||
|
|
||||||
然后重启你的 VPN 客户端设备,并重试连接。如果仍然无法连接,可以尝试删除并重新创建 VPN 连接。请确保输入了正确的 VPN 登录凭证。
|
然后重启你的 VPN 客户端设备,并重试连接。如果仍然无法连接,可以尝试删除并重新创建 VPN 连接。请确保输入了正确的 VPN 服务器地址和 VPN 登录凭证。
|
||||||
|
|
||||||
|
对于有外部防火墙的服务器(比如 [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)/[GCE](https://cloud.google.com/vpc/docs/firewalls)),请为 VPN 打开 UDP 端口 500 和 4500。
|
||||||
|
|
||||||
检查 Libreswan (IPsec) 和 xl2tpd 日志是否有错误:
|
检查 Libreswan (IPsec) 和 xl2tpd 日志是否有错误:
|
||||||
|
|
||||||
|
@ -424,7 +424,9 @@ service xl2tpd restart
|
|||||||
|
|
||||||
**Docker users:** Run `docker restart ipsec-vpn-server`.
|
**Docker users:** Run `docker restart ipsec-vpn-server`.
|
||||||
|
|
||||||
Then reboot your VPN client device, and retry the connection. If still unable to connect, try removing and recreating the VPN connection. Make sure that the VPN credentials are entered correctly.
|
Then reboot your VPN client device, and retry the connection. If still unable to connect, try removing and recreating the VPN connection. Make sure that the VPN server address and VPN credentials are entered correctly.
|
||||||
|
|
||||||
|
For servers with an external firewall (e.g. [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)/[GCE](https://cloud.google.com/vpc/docs/firewalls)), open UDP ports 500 and 4500 for the VPN.
|
||||||
|
|
||||||
Check the Libreswan (IPsec) and xl2tpd logs for errors:
|
Check the Libreswan (IPsec) and xl2tpd logs for errors:
|
||||||
|
|
||||||
|
@ -497,6 +497,7 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
|
|||||||
|
|
||||||
**另见:** [检查日志及 VPN 状态](clients-zh.md#检查日志及-vpn-状态),[IKEv1 故障排除](clients-zh.md#故障排除) 和 [高级用法](advanced-usage-zh.md)。
|
**另见:** [检查日志及 VPN 状态](clients-zh.md#检查日志及-vpn-状态),[IKEv1 故障排除](clients-zh.md#故障排除) 和 [高级用法](advanced-usage-zh.md)。
|
||||||
|
|
||||||
|
* [无法连接到 VPN 服务器](#无法连接到-vpn-服务器)
|
||||||
* [无法连接多个 IKEv2 客户端](#无法连接多个-ikev2-客户端)
|
* [无法连接多个 IKEv2 客户端](#无法连接多个-ikev2-客户端)
|
||||||
* [IKE 身份验证凭证不可接受](#ike-身份验证凭证不可接受)
|
* [IKE 身份验证凭证不可接受](#ike-身份验证凭证不可接受)
|
||||||
* [参数错误 policy match error](#参数错误-policy-match-error)
|
* [参数错误 policy match error](#参数错误-policy-match-error)
|
||||||
@ -504,6 +505,12 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
|
|||||||
* [Windows 10 正在连接](#windows-10-正在连接)
|
* [Windows 10 正在连接](#windows-10-正在连接)
|
||||||
* [其它已知问题](#其它已知问题)
|
* [其它已知问题](#其它已知问题)
|
||||||
|
|
||||||
|
### 无法连接到 VPN 服务器
|
||||||
|
|
||||||
|
首先,请确保你的 VPN 客户端设备上指定的 VPN 服务器地址与 IKEv2 辅助脚本输出中的服务器地址**完全一致**。
|
||||||
|
|
||||||
|
对于有外部防火墙的服务器(比如 [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)/[GCE](https://cloud.google.com/vpc/docs/firewalls)),请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433)。
|
||||||
|
|
||||||
### 无法连接多个 IKEv2 客户端
|
### 无法连接多个 IKEv2 客户端
|
||||||
|
|
||||||
如果要同时连接在同一个 NAT(比如家用路由器)后面的多个 IKEv2 客户端,你需要为每个客户端生成唯一的证书。否则,你可能会遇到稍后连接的客户端影响现有客户端的 VPN 连接,从而导致无法访问 Internet 的问题。
|
如果要同时连接在同一个 NAT(比如家用路由器)后面的多个 IKEv2 客户端,你需要为每个客户端生成唯一的证书。否则,你可能会遇到稍后连接的客户端影响现有客户端的 VPN 连接,从而导致无法访问 Internet 的问题。
|
||||||
|
@ -499,6 +499,7 @@ for the entire network, or use `192.168.0.10` for just one device, and so on.
|
|||||||
|
|
||||||
**See also:** [Check logs and VPN status](clients.md#check-logs-and-vpn-status), [IKEv1 troubleshooting](clients.md#troubleshooting) and [Advanced usage](advanced-usage.md).
|
**See also:** [Check logs and VPN status](clients.md#check-logs-and-vpn-status), [IKEv1 troubleshooting](clients.md#troubleshooting) and [Advanced usage](advanced-usage.md).
|
||||||
|
|
||||||
|
* [Cannot connect to the VPN server](#cannot-connect-to-the-vpn-server)
|
||||||
* [Unable to connect multiple IKEv2 clients](#unable-to-connect-multiple-ikev2-clients)
|
* [Unable to connect multiple IKEv2 clients](#unable-to-connect-multiple-ikev2-clients)
|
||||||
* [IKE authentication credentials are unacceptable](#ike-authentication-credentials-are-unacceptable)
|
* [IKE authentication credentials are unacceptable](#ike-authentication-credentials-are-unacceptable)
|
||||||
* [Policy match error](#policy-match-error)
|
* [Policy match error](#policy-match-error)
|
||||||
@ -506,6 +507,12 @@ for the entire network, or use `192.168.0.10` for just one device, and so on.
|
|||||||
* [Windows 10 connecting](#windows-10-connecting)
|
* [Windows 10 connecting](#windows-10-connecting)
|
||||||
* [Other known issues](#other-known-issues)
|
* [Other known issues](#other-known-issues)
|
||||||
|
|
||||||
|
### Cannot connect to the VPN server
|
||||||
|
|
||||||
|
First, make sure that the VPN server address specified on your VPN client device **exactly matches** the server address in the output of the IKEv2 helper script.
|
||||||
|
|
||||||
|
For servers with an external firewall (e.g. [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)/[GCE](https://cloud.google.com/vpc/docs/firewalls)), open UDP ports 500 and 4500 for the VPN. Aliyun users, see [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433).
|
||||||
|
|
||||||
### Unable to connect multiple IKEv2 clients
|
### Unable to connect multiple IKEv2 clients
|
||||||
|
|
||||||
To connect multiple IKEv2 clients from behind the same NAT (e.g. home router) at the same time, you will need to generate a unique certificate for each client. Otherwise, you could encounter the issue where a later connected client affects the VPN connection of an existing client, which may lose Internet access.
|
To connect multiple IKEv2 clients from behind the same NAT (e.g. home router) at the same time, you will need to generate a unique certificate for each client. Otherwise, you could encounter the issue where a later connected client affects the VPN connection of an existing client, which may lose Internet access.
|
||||||
|
Loading…
Reference in New Issue
Block a user