From 5d73f845fe1c5725457b39bfae3c204a79bfd6b3 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sat, 9 Oct 2021 23:44:25 -0500 Subject: [PATCH] Update docs --- README-zh.md | 7 ++++--- README.md | 7 ++++--- docs/advanced-usage-zh.md | 4 ++-- docs/advanced-usage.md | 4 ++-- docs/ikev2-howto-zh.md | 24 ++++++++++++------------ docs/ikev2-howto.md | 24 ++++++++++++------------ docs/uninstall-zh.md | 4 +++- docs/uninstall.md | 4 +++- 8 files changed, 42 insertions(+), 36 deletions(-) diff --git a/README-zh.md b/README-zh.md index 4689e63..f8d4548 100644 --- a/README-zh.md +++ b/README-zh.md @@ -159,7 +159,7 @@ sh vpn.sh **Android 用户** 如果遇到连接问题,请尝试 [这些步骤](docs/clients-zh.md#android-mtumss-问题)。 -同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT(比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 [IKEv2](docs/ikev2-howto-zh.md) 或者 [IPsec/XAuth](docs/clients-xauth-zh.md) 模式。 +同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT(比如家用路由器)后面的多个设备到 VPN 服务器,你必须使用 [IKEv2](docs/ikev2-howto-zh.md) 或者 [IPsec/XAuth](docs/clients-xauth-zh.md) 模式。 要查看或更改 VPN 用户账户,请参见 [管理 VPN 用户](docs/manage-users-zh.md)。该文档包含辅助脚本,以方便管理 VPN 用户。 @@ -173,13 +173,14 @@ sh vpn.sh ## 升级Libreswan -使用以下命令更新你的 VPN 服务器上的 [Libreswan](https://libreswan.org)([更新日志](https://github.com/libreswan/libreswan/blob/master/CHANGES) | [通知列表](https://lists.libreswan.org/mailman/listinfo/swan-announce))。 -目前支持的最新版本是 `4.5`。查看已安装版本:`ipsec --version`。 +使用以下命令更新你的 VPN 服务器上的 [Libreswan](https://libreswan.org)([更新日志](https://github.com/libreswan/libreswan/blob/master/CHANGES) | [通知列表](https://lists.libreswan.org/mailman/listinfo/swan-announce))。目前支持的最新版本是 `4.5`。查看已安装版本:`ipsec --version`。 ```bash wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh ``` +**注:** `xl2tpd` 可以使用系统的软件包管理器进行更新,例如 Ubuntu/Debian 上的 `apt-get`。 + ## 管理 VPN 用户 请参见 [管理 VPN 用户](docs/manage-users-zh.md)。 diff --git a/README.md b/README.md index 1332579..9925159 100644 --- a/README.md +++ b/README.md @@ -159,7 +159,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: **Android users**: If you encounter connection issues, try [these steps](docs/clients.md#android-mtumss-issues). -The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only [IKEv2](docs/ikev2-howto.md) or [IPsec/XAuth](docs/clients-xauth.md) mode. +The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use [IKEv2](docs/ikev2-howto.md) or [IPsec/XAuth](docs/clients-xauth.md) mode. To view or update VPN user accounts, see [Manage VPN users](docs/manage-users.md). Helper scripts are included for convenience. @@ -173,13 +173,14 @@ The scripts will backup existing config files before making changes, with `.old- ## Upgrade Libreswan -Use this one-liner to update [Libreswan](https://libreswan.org) ([changelog](https://github.com/libreswan/libreswan/blob/master/CHANGES) | [announce](https://lists.libreswan.org/mailman/listinfo/swan-announce)) on your VPN server. -The latest supported version is `4.5`. Check installed version: `ipsec --version`. +Use this one-liner to update [Libreswan](https://libreswan.org) ([changelog](https://github.com/libreswan/libreswan/blob/master/CHANGES) | [announce](https://lists.libreswan.org/mailman/listinfo/swan-announce)) on your VPN server. The latest supported version is `4.5`. Check installed version: `ipsec --version`. ```bash wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh ``` +**Note:** `xl2tpd` can be updated using your system's package manager, such as `apt-get` on Ubuntu/Debian. + ## Manage VPN users See [Manage VPN users](docs/manage-users.md). diff --git a/docs/advanced-usage-zh.md b/docs/advanced-usage-zh.md index 3fe7dfe..e29af17 100644 --- a/docs/advanced-usage-zh.md +++ b/docs/advanced-usage-zh.md @@ -15,7 +15,7 @@ 在 VPN 已连接时,客户端配置为使用 [Google Public DNS](https://developers.google.com/speed/public-dns/)。如果偏好其它的域名解析服务,你可以编辑以下文件:`/etc/ppp/options.xl2tpd`, `/etc/ipsec.conf` 和 `/etc/ipsec.d/ikev2.conf`(如果存在),并替换 `8.8.8.8` 和 `8.8.4.4`。然后运行 `service ipsec restart` 和 `service xl2tpd restart`。 -高级用户可以在运行 VPN 安装脚本和 [IKEv2 辅助脚本](ikev2-howto-zh.md#使用辅助脚本) 时定义 `VPN_DNS_SRV1` 和 `VPN_DNS_SRV2`(可选)。比如你想使用 [Cloudflare 的 DNS 服务](https://1.1.1.1/dns/): +高级用户可以在运行 VPN 安装脚本和 [IKEv2 辅助脚本](ikev2-howto-zh.md#使用辅助脚本配置-ikev2) 时定义 `VPN_DNS_SRV1` 和 `VPN_DNS_SRV2`(可选)。比如你想使用 [Cloudflare 的 DNS 服务](https://1.1.1.1/dns/): ``` sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 sh vpn.sh @@ -34,7 +34,7 @@ sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 ikev2.sh --auto sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto ``` -另外,你也可以自定义 IKEv2 安装选项,通过在运行 [辅助脚本](ikev2-howto-zh.md#使用辅助脚本) 时去掉 `--auto` 参数来实现。 +另外,你也可以自定义 IKEv2 安装选项,通过在运行 [辅助脚本](ikev2-howto-zh.md#使用辅助脚本配置-ikev2) 时去掉 `--auto` 参数来实现。 ## VPN 内网 IP 和流量 diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index d7f8f62..b032fb2 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -15,7 +15,7 @@ Clients are set to use [Google Public DNS](https://developers.google.com/speed/public-dns/) when the VPN is active. If another DNS provider is preferred, you may replace `8.8.8.8` and `8.8.4.4` in these files: `/etc/ppp/options.xl2tpd`, `/etc/ipsec.conf` and `/etc/ipsec.d/ikev2.conf` (if exists). Then run `service ipsec restart` and `service xl2tpd restart`. -Advanced users can define `VPN_DNS_SRV1` and optionally `VPN_DNS_SRV2` when running the VPN setup script and the [IKEv2 helper script](ikev2-howto.md#using-helper-scripts). For example, if you want to use [Cloudflare's DNS service](https://1.1.1.1/dns/): +Advanced users can define `VPN_DNS_SRV1` and optionally `VPN_DNS_SRV2` when running the VPN setup script and the [IKEv2 helper script](ikev2-howto.md#set-up-ikev2-using-helper-script). For example, if you want to use [Cloudflare's DNS service](https://1.1.1.1/dns/): ``` sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 sh vpn.sh @@ -34,7 +34,7 @@ For [IKEv2](ikev2-howto.md) mode, if you want the VPN to continue to work after sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto ``` -Alternatively, you may customize IKEv2 setup options by running the [helper script](ikev2-howto.md#using-helper-scripts) without the `--auto` parameter. +Alternatively, you may customize IKEv2 setup options by running the [helper script](ikev2-howto.md#set-up-ikev2-using-helper-script) without the `--auto` parameter. ## Internal VPN IPs and traffic diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index dd20a1a..df274e9 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -5,7 +5,7 @@ **注:** 你也可以使用 [IPsec/L2TP](clients-zh.md) 或者 [IPsec/XAuth](clients-xauth-zh.md) 模式连接。 * [导言](#导言) -* [使用辅助脚本](#使用辅助脚本) +* [使用辅助脚本配置 IKEv2](#使用辅助脚本配置-ikev2) * [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端) * [管理客户端证书](#管理客户端证书) * [手动在 VPN 服务器上配置 IKEv2](#手动在-vpn-服务器上配置-ikev2) @@ -27,7 +27,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来 在按照本指南操作之后,你将可以选择三种模式中的任意一种连接到 VPN:IKEv2,以及已有的 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式。 -## 使用辅助脚本 +## 使用辅助脚本配置 IKEv2 **重要:** 在继续之前,你应该已经成功地 [搭建自己的 VPN 服务器](../README-zh.md),并且(可选但推荐)[升级 Libreswan](../README-zh.md#升级libreswan)。**Docker 用户请看 [这里](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#配置并使用-ikev2-vpn)**。 @@ -54,7 +54,7 @@ wget https://git.io/ikev2setup -O ~/ikev2.sh sudo bash ~/ikev2.sh --auto ``` -**注:** 该辅助脚本必须使用 `bash` 而不是 `sh` 运行。 +**注:** 该脚本必须使用 `bash` 而不是 `sh` 运行。
@@ -104,7 +104,7 @@ To customize IKEv2 or client options, run this script without arguments. *其他语言版本: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端).* -**注:** 客户端配置文件的密码可以在 IKEv2 辅助脚本的输出中找到。如果你想要添加或者导出 IKEv2 客户端,只需重新运行[辅助脚本](#使用辅助脚本)。使用参数 `-h` 显示使用信息。 +**注:** 客户端配置文件的密码可以在 IKEv2 辅助脚本的输出中找到。如果你想要添加或者导出 IKEv2 客户端,只需重新运行[辅助脚本](#使用辅助脚本配置-ikev2)。使用参数 `-h` 显示使用信息。 * [Windows 7, 8.x 和 10](#windows-7-8x-和-10) * [OS X (macOS)](#os-x-macos) @@ -246,7 +246,7 @@ To customize IKEv2 or client options, run this script without arguments. ### Android 1. 将生成的 `.sswan` 文件安全地传送到你的 Android 设备。 -1. 从 [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android),[**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) 或 [**strongSwan 官方下载网站**](https://download.strongswan.org/Android/)下载并安装 strongSwan VPN 客户端。 +1. 从 [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android),[**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) 或 [**strongSwan 下载网站**](https://download.strongswan.org/Android/)下载并安装 strongSwan VPN 客户端。 1. 启动 strongSwan VPN 客户端。 1. 单击右上角的 "更多选项" 菜单,然后单击 **导入VPN配置**。 1. 选择你从服务器传送过来的 `.sswan` 文件。 @@ -274,7 +274,7 @@ To customize IKEv2 or client options, run this script without arguments. **Android 10 和更新版本:** 1. 将生成的 `.p12` 文件安全地传送到你的 Android 设备。 -1. 从 [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android),[**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) 或 [**strongSwan 官方下载网站**](https://download.strongswan.org/Android/)下载并安装 strongSwan VPN 客户端。 +1. 从 [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android),[**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) 或 [**strongSwan 下载网站**](https://download.strongswan.org/Android/)下载并安装 strongSwan VPN 客户端。 1. 启动 **设置** 应用程序。 1. 进入 安全 -> 高级 -> 加密与凭据。 1. 单击 **从存储设备(或 SD 卡)安装证书**。 @@ -291,7 +291,7 @@ To customize IKEv2 or client options, run this script without arguments. **Android 4 to 9:** 1. 将生成的 `.p12` 文件安全地传送到你的 Android 设备。 -1. 从 [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android),[**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) 或 [**strongSwan 官方下载网站**](https://download.strongswan.org/Android/)下载并安装 strongSwan VPN 客户端。 +1. 从 [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android),[**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) 或 [**strongSwan 下载网站**](https://download.strongswan.org/Android/)下载并安装 strongSwan VPN 客户端。 1. 启动 strongSwan VPN 客户端,然后单击 **添加VPN配置**。 1. 在 **服务器地址** 字段中输入 `你的 VPN 服务器 IP` (或者域名)。 **注:** 如果你在配置 IKEv2 时指定了服务器的域名(而不是 IP 地址),则必须在 **服务器地址** 字段中输入该域名。 @@ -378,7 +378,7 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key ### 列出已有的客户端 -如果要列出已有的 IKEv2 客户端的名称,运行 [辅助脚本](#使用辅助脚本) 并添加 `--listclients` 选项。使用参数 `-h` 显示使用信息。 +如果要列出已有的 IKEv2 客户端的名称,运行 [辅助脚本](#使用辅助脚本配置-ikev2) 并添加 `--listclients` 选项。使用参数 `-h` 显示使用信息。 ``` sudo ikev2.sh --listclients @@ -386,7 +386,7 @@ sudo ikev2.sh --listclients ### 添加客户端证书 -如果要为更多的 IKEv2 客户端生成证书,只需重新运行 [辅助脚本](#使用辅助脚本)。或者你可以看 [这一小节](#手动在-vpn-服务器上配置-ikev2) 的第 4 步。 +如果要为更多的 IKEv2 客户端生成证书,只需重新运行 [辅助脚本](#使用辅助脚本配置-ikev2)。或者你可以看 [这一小节](#手动在-vpn-服务器上配置-ikev2) 的第 4 步。 ``` sudo ikev2.sh --addclient [client name] @@ -394,7 +394,7 @@ sudo ikev2.sh --addclient [client name] ### 导出已有的客户端的配置 -在默认情况下,[IKEv2 辅助脚本](#使用辅助脚本) 在运行后会导出客户端配置。如果之后你想要为一个已有的客户端导出配置,可以运行: +在默认情况下,IKEv2 [辅助脚本](#使用辅助脚本配置-ikev2) 在运行后会导出客户端配置。如果之后你想要为一个已有的客户端导出配置,可以运行: ``` sudo ikev2.sh --exportclient [client name] @@ -530,7 +530,7 @@ sudo ikev2.sh --exportclient [client name] ## 手动在 VPN 服务器上配置 IKEv2 -除了使用 [辅助脚本](#使用辅助脚本) 之外,高级用户也可以手动配置 IKEv2。在继续之前,推荐 [升级 Libreswan](../README-zh.md#升级libreswan) 到最新版本。 +除了使用 [辅助脚本](#使用辅助脚本配置-ikev2) 之外,高级用户也可以手动配置 IKEv2。在继续之前,推荐 [升级 Libreswan](../README-zh.md#升级libreswan) 到最新版本。 下面举例说明如何手动在 Libreswan 上配置 IKEv2。以下命令必须用 `root` 账户运行。 @@ -795,7 +795,7 @@ apt-get -y install "./libnss3_3.49.1-1ubuntu1.5_amd64.deb" \ ## 移除 IKEv2 -如果你想要从 VPN 服务器移除 IKEv2,但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式(如果已安装),请重新运行 [辅助脚本](#使用辅助脚本) 并选择 "Remove IKEv2" 选项。**警告:** 这将**永久删除**所有的 IKEv2 配置(包括证书和密钥),并且**不可撤销**! +如果你想要从 VPN 服务器移除 IKEv2,但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式(如果已安装),请重新运行 [辅助脚本](#使用辅助脚本配置-ikev2) 并选择 "Remove IKEv2" 选项。**警告:** 这将**永久删除**所有的 IKEv2 配置(包括证书和密钥),并且**不可撤销**!
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 8d487fb..80c783d 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -5,7 +5,7 @@ **Note:** You may also connect using [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode. * [Introduction](#introduction) -* [Using helper scripts](#using-helper-scripts) +* [Set up IKEv2 using helper script](#set-up-ikev2-using-helper-script) * [Configure IKEv2 VPN clients](#configure-ikev2-vpn-clients) * [Manage client certificates](#manage-client-certificates) * [Manually set up IKEv2 on the VPN server](#manually-set-up-ikev2-on-the-vpn-server) @@ -27,7 +27,7 @@ Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certifica After following this guide, you will be able to connect to the VPN using IKEv2 in addition to the existing [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes. -## Using helper scripts +## Set up IKEv2 using helper script **Important:** Before continuing, you should have successfully [set up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn), and (optional but recommended) [updated Libreswan](../README.md#upgrade-libreswan). **Docker users, see [here](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#configure-and-use-ikev2-vpn)**. @@ -54,7 +54,7 @@ wget https://git.io/ikev2setup -O ~/ikev2.sh sudo bash ~/ikev2.sh --auto ``` -**Note:** The helper script must be run using `bash`, not `sh`. +**Note:** The script must be run using `bash`, not `sh`.
@@ -104,7 +104,7 @@ To customize IKEv2 or client options, run this script without arguments. *Read this in other languages: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端).* -**Note:** The password for client configuration files can be found in the output of the IKEv2 helper script. If you want to add or export IKEv2 client(s), just run the [helper script](#using-helper-scripts) again. Use option `-h` to show usage information. +**Note:** The password for client configuration files can be found in the output of the IKEv2 helper script. If you want to add or export IKEv2 client(s), just run the [helper script](#set-up-ikev2-using-helper-script) again. Use option `-h` to show usage information. * [Windows 7, 8.x and 10](#windows-7-8x-and-10) * [OS X (macOS)](#os-x-macos) @@ -246,7 +246,7 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti ### Android 1. Securely transfer the generated `.sswan` file to your Android device. -1. Install strongSwan VPN Client from [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android), [**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) or [**its download server**](https://download.strongswan.org/Android/). +1. Install strongSwan VPN Client from [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android), [**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) or [**strongSwan download server**](https://download.strongswan.org/Android/). 1. Launch the strongSwan VPN client. 1. Tap the "more options" menu on top right, then tap **Import VPN profile**. 1. Choose the `.sswan` file you transferred from the VPN server. @@ -274,7 +274,7 @@ If you manually set up IKEv2 without using the helper script, click here for ins **Android 10 and newer:** 1. Securely transfer the generated `.p12` file to your Android device. -1. Install strongSwan VPN Client from [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android), [**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) or [**its download server**](https://download.strongswan.org/Android/). +1. Install strongSwan VPN Client from [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android), [**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) or [**strongSwan download server**](https://download.strongswan.org/Android/). 1. Launch the **Settings** application. 1. Go to Security -> Advanced -> Encryption & credentials. 1. Tap **Install certificates from storage (or SD card)**. @@ -291,7 +291,7 @@ If you manually set up IKEv2 without using the helper script, click here for ins **Android 4 to 9:** 1. Securely transfer the generated `.p12` file to your Android device. -1. Install strongSwan VPN Client from [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android), [**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) or [**its download server**](https://download.strongswan.org/Android/). +1. Install strongSwan VPN Client from [**Google Play**](https://play.google.com/store/apps/details?id=org.strongswan.android), [**F-Droid**](https://f-droid.org/en/packages/org.strongswan.android/) or [**strongSwan download server**](https://download.strongswan.org/Android/). 1. Launch the strongSwan VPN client and tap **Add VPN Profile**. 1. Enter `Your VPN Server IP` (or DNS name) in the **Server** field. **Note:** If you specified the server's DNS name (instead of its IP address) during IKEv2 setup, you must enter the DNS name in the **Server** field. @@ -380,7 +380,7 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti ### List existing clients -If you want to list the names of existing IKEv2 clients, run the [helper script](#using-helper-scripts) with the `--listclients` option. Use option `-h` to show usage information. +If you want to list the names of existing IKEv2 clients, run the [helper script](#set-up-ikev2-using-helper-script) with the `--listclients` option. Use option `-h` to show usage information. ``` sudo ikev2.sh --listclients @@ -388,7 +388,7 @@ sudo ikev2.sh --listclients ### Add a client certificate -To generate certificates for additional IKEv2 clients, just run the [helper script](#using-helper-scripts) again. Or you may refer to step 4 in [this section](#manually-set-up-ikev2-on-the-vpn-server). +To generate certificates for additional IKEv2 clients, just run the [helper script](#set-up-ikev2-using-helper-script) again. Or you may refer to step 4 in [this section](#manually-set-up-ikev2-on-the-vpn-server). ``` sudo ikev2.sh --addclient [client name] @@ -396,7 +396,7 @@ sudo ikev2.sh --addclient [client name] ### Export configuration for an existing client -By default, the [IKEv2 helper script](#using-helper-scripts) exports client configuration after running. If later you want to export configuration for an existing client, you may use: +By default, the IKEv2 [helper script](#set-up-ikev2-using-helper-script) exports client configuration after running. If later you want to export configuration for an existing client, you may use: ``` sudo ikev2.sh --exportclient [client name] @@ -532,7 +532,7 @@ Alternatively, you may manually revoke a client certificate. This can be done us ## Manually set up IKEv2 on the VPN server -As an alternative to using the [helper script](#using-helper-scripts), advanced users can manually set up IKEv2. Before continuing, it is recommended to [update Libreswan](../README.md#upgrade-libreswan) to the latest version. +As an alternative to using the [helper script](#set-up-ikev2-using-helper-script), advanced users can manually set up IKEv2. Before continuing, it is recommended to [update Libreswan](../README.md#upgrade-libreswan) to the latest version. The following example shows how to manually configure IKEv2 with Libreswan. Commands below must be run as `root`. @@ -797,7 +797,7 @@ If you are unable to connect multiple IKEv2 clients simultaneously from behind t ## Remove IKEv2 -If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes (if installed), run the [helper script](#using-helper-scripts) again and select the "Remove IKEv2" option. **Warning:** All IKEv2 configuration including certificates and keys will be **permanently deleted**. This **cannot be undone**! +If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes (if installed), run the [helper script](#set-up-ikev2-using-helper-script) again and select the "Remove IKEv2" option. **Warning:** All IKEv2 configuration including certificates and keys will be **permanently deleted**. This **cannot be undone**!
diff --git a/docs/uninstall-zh.md b/docs/uninstall-zh.md index c3028b7..7cd86ee 100644 --- a/docs/uninstall-zh.md +++ b/docs/uninstall-zh.md @@ -7,7 +7,7 @@ ## 使用辅助脚本卸载 VPN -**警告:** 此脚本将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销**! +**警告:** 此[辅助脚本](../extras/vpnuninstall.sh)将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销**! ```bash wget https://git.io/vpnuninstall -O vpnunst.sh @@ -20,6 +20,8 @@ sudo bash vpnunst.sh 另外,你也可以手动卸载 VPN。按照以下步骤操作。这些命令需要用 `root` 账户运行,或者使用 `sudo`。 +**警告:** 以下步骤将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销**! + ### 步骤 * [第一步](#第一步) diff --git a/docs/uninstall.md b/docs/uninstall.md index 1ab7649..4b2689a 100644 --- a/docs/uninstall.md +++ b/docs/uninstall.md @@ -7,7 +7,7 @@ ## Uninstall using helper script -**Warning:** This script will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**! +**Warning:** This [helper script](../extras/vpnuninstall.sh) will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**! ```bash wget https://git.io/vpnuninstall -O vpnunst.sh @@ -20,6 +20,8 @@ When finished, reboot your server. Alternatively, you may manually uninstall the VPN by following these steps. Commands must be run as `root`, or with `sudo`. +**Warning:** These steps will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**! + ### Steps * [First step](#first-step)