1
0
mirror of synced 2024-11-28 23:56:04 +03:00

Update docs

This commit is contained in:
hwdsl2 2022-03-22 21:24:31 -05:00
parent 7b5d7a3738
commit 5bdf03a39c
6 changed files with 11 additions and 11 deletions

View File

@ -155,7 +155,7 @@ sudo VPN_CLIENT_NAME='your_client_name' sh vpn.sh
sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 sh vpn.sh
```
默认情况下,导入 IKEv2 客户端配置时不需要密码。你可以选择使用随机密码保护客户端配置文件。示例如下:
默认情况下,导入 IKEv2 客户端配置时不需要密码。你可以选择使用随机密码保护客户端配置文件。
```bash
sudo VPN_PROTECT_CONFIG=yes sh vpn.sh

View File

@ -155,7 +155,7 @@ By default, clients are set to use [Google Public DNS](https://developers.google
sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 sh vpn.sh
```
By default, no password is required when importing IKEv2 client configuration. You can choose to protect client config files using a random password. Example:
By default, no password is required when importing IKEv2 client configuration. You can choose to protect client config files using a random password.
```bash
sudo VPN_PROTECT_CONFIG=yes sh vpn.sh

View File

@ -53,7 +53,7 @@ sudo bash ikev2onlymode.sh
<details>
<summary>
另外,你也可以手动启用仅限 IKEv2 模式。点这里查看详情。
另外,你也可以手动启用仅限 IKEv2 模式。
</summary>
另外,你也可以手动启用仅限 IKEv2 模式。首先使用 `ipsec --version` 命令检查 Libreswan 版本,并 [更新 Libreswan](../README-zh.md#升级libreswan)(如果需要)。然后编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `config setup` 小节的末尾添加 `ikev1-policy=drop`,开头必须空两格。保存文件并运行 `service ipsec restart`。在完成后,你可以使用 `ipsec status` 命令来验证仅启用了 `ikev2-cp` 连接。

View File

@ -53,7 +53,7 @@ To disable IKEv2-only mode, run the helper script again and select the appropria
<details>
<summary>
Alternatively, you may manually enable IKEv2-only mode. Click here for details.
Alternatively, you may manually enable IKEv2-only mode.
</summary>
Alternatively, you may manually enable IKEv2-only mode. First check Libreswan version using `ipsec --version`, and [update Libreswan](../README.md#upgrade-libreswan) if needed. Then edit `/etc/ipsec.conf` on the VPN server. Append `ikev1-policy=drop` to the end of the `config setup` section, indented by two spaces. Save the file and run `service ipsec restart`. When finished, you can run `ipsec status` to verify that only the `ikev2-cp` connection is enabled.

View File

@ -84,7 +84,7 @@ sudo VPN_CLIENT_NAME='your_client_name' ikev2.sh --auto
sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 ikev2.sh --auto
```
默认情况下,导入 IKEv2 客户端配置时不需要密码。你可以选择使用随机密码保护客户端配置文件。示例如下:
默认情况下,导入 IKEv2 客户端配置时不需要密码。你可以选择使用随机密码保护客户端配置文件。
```bash
sudo VPN_PROTECT_CONFIG=yes ikev2.sh --auto
@ -595,7 +595,7 @@ sudo ikev2.sh --revokeclient [client name]
<details>
<summary>
另外,你也可以手动吊销客户端证书。点这里查看步骤。
另外,你也可以手动吊销客户端证书。
</summary>
另外,你也可以手动吊销客户端证书。这可以通过 `crlutil` 实现。下面举例说明,这些命令必须用 `root` 账户运行。
@ -996,7 +996,7 @@ sudo ikev2.sh --removeikev2
<details>
<summary>
另外,你也可以手动移除 IKEv2。点这里查看步骤。
另外,你也可以手动移除 IKEv2。
</summary>
要手动从 VPN 服务器移除 IKEv2但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,按照以下步骤操作。这些命令必须用 `root` 账户运行。

View File

@ -84,7 +84,7 @@ By default, IKEv2 clients are set to use [Google Public DNS](https://developers.
sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 ikev2.sh --auto
```
By default, no password is required when importing IKEv2 client configuration. You can choose to protect client config files using a random password. Example:
By default, no password is required when importing IKEv2 client configuration. You can choose to protect client config files using a random password.
```bash
sudo VPN_PROTECT_CONFIG=yes ikev2.sh --auto
@ -597,10 +597,10 @@ sudo ikev2.sh --revokeclient [client name]
<details>
<summary>
Alternatively, you may manually revoke a client certificate. Click here for instructions.
Alternatively, you can manually revoke a client certificate.
</summary>
Alternatively, you may manually revoke a client certificate. This can be done using `crlutil`. See example steps below, commands must be run as `root`.
Alternatively, you can manually revoke a client certificate. This can be done using `crlutil`. See example steps below, commands must be run as `root`.
1. Check the database, and identify the nickname of the client certificate you want to revoke.
@ -998,7 +998,7 @@ After removing IKEv2, if you want to set it up again, refer to [this section](#s
<details>
<summary>
Alternatively, you can manually remove IKEv2. Click here for instructions.
Alternatively, you can manually remove IKEv2.
</summary>
To manually remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`.