1
0
mirror of synced 2024-11-25 22:36:04 +03:00

Update docs

This commit is contained in:
hwdsl2 2020-05-30 02:52:49 -05:00
parent 9a9496b41b
commit 60d89c7181
2 changed files with 10 additions and 2 deletions

View File

@ -303,6 +303,8 @@ iptables -t mangle -A FORWARD -m policy --pol ipsec --dir out \
echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
``` ```
**Docker 用户:** 要修复这个问题,不需要运行以上命令。你可以在<a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#如何使用本镜像" target="_blank">你的 env 文件</a>中添加 `VPN_ANDROID_MTU_FIX=yes`,然后重新创建 Docker 容器。
参考链接:<a href="https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues" target="_blank">[1]</a> <a href="https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/" target="_blank">[2]</a> 参考链接:<a href="https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues" target="_blank">[1]</a> <a href="https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/" target="_blank">[2]</a>
### Android 6 和 7 ### Android 6 和 7
@ -312,6 +314,8 @@ echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在(看下图),请启用它并重试连接。如果不存在,请尝试下一步。 1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在(看下图),请启用它并重试连接。如果不存在,请尝试下一步。
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug` 一行并切换它的值。也就是说,将 `sha2-truncbug=no` 替换为 `sha2-truncbug=yes`,或者将 `sha2-truncbug=yes` 替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。然后重新连接 VPN。 1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug` 一行并切换它的值。也就是说,将 `sha2-truncbug=no` 替换为 `sha2-truncbug=yes`,或者将 `sha2-truncbug=yes` 替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。然后重新连接 VPN。
**Docker 用户:** 如需在 `/etc/ipsec.conf` 中设置 `sha2-truncbug=yes`(默认为 `no`),你可以在<a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#如何使用本镜像" target="_blank">你的 env 文件</a>中添加 `VPN_SHA2_TRUNCBUG=yes`,然后重新创建 Docker 容器。
![Android VPN workaround](images/vpn-profile-Android.png) ![Android VPN workaround](images/vpn-profile-Android.png)
### iOS 13 和 macOS 10.15 ### iOS 13 和 macOS 10.15
@ -354,7 +358,7 @@ service ipsec restart
service xl2tpd restart service xl2tpd restart
``` ```
如果你使用 Docker运行 `docker restart ipsec-vpn-server` **Docker 用户:** 运行 `docker restart ipsec-vpn-server`
然后重启你的 VPN 客户端设备,并重试连接。如果仍然无法连接,可以尝试删除并重新创建 VPN 连接,按照本文档中的步骤操作。请确保输入了正确的 VPN 登录凭证。 然后重启你的 VPN 客户端设备,并重试连接。如果仍然无法连接,可以尝试删除并重新创建 VPN 连接,按照本文档中的步骤操作。请确保输入了正确的 VPN 登录凭证。

View File

@ -303,6 +303,8 @@ iptables -t mangle -A FORWARD -m policy --pol ipsec --dir out \
echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
``` ```
**Docker users:** Instead of running the commands above, you may apply this fix by adding `VPN_ANDROID_MTU_FIX=yes` to <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server#how-to-use-this-image" target="_blank">your env file</a>, then re-create the Docker container.
References: <a href="https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues" target="_blank">[1]</a> <a href="https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/" target="_blank">[2]</a>. References: <a href="https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues" target="_blank">[1]</a> <a href="https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/" target="_blank">[2]</a>.
### Android 6 and 7 ### Android 6 and 7
@ -312,6 +314,8 @@ If your Android 6.x or 7.x device cannot connect, try these steps:
1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists (see image below), enable it and reconnect the VPN. If not, try the next step. 1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists (see image below), enable it and reconnect the VPN. If not, try the next step.
1. Edit `/etc/ipsec.conf` on the VPN server. Find the line `sha2-truncbug` and toggle its value. i.e. Replace `sha2-truncbug=no` with `sha2-truncbug=yes`, or replace `sha2-truncbug=yes` with `sha2-truncbug=no`. Save the file and run `service ipsec restart`. Then reconnect the VPN. 1. Edit `/etc/ipsec.conf` on the VPN server. Find the line `sha2-truncbug` and toggle its value. i.e. Replace `sha2-truncbug=no` with `sha2-truncbug=yes`, or replace `sha2-truncbug=yes` with `sha2-truncbug=no`. Save the file and run `service ipsec restart`. Then reconnect the VPN.
**Docker users:** You may set `sha2-truncbug=yes` (default is `no`) in `/etc/ipsec.conf` by adding `VPN_SHA2_TRUNCBUG=yes` to <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server#how-to-use-this-image" target="_blank">your env file</a>, then re-create the Docker container.
![Android VPN workaround](images/vpn-profile-Android.png) ![Android VPN workaround](images/vpn-profile-Android.png)
### iOS 13 and macOS 10.15 ### iOS 13 and macOS 10.15
@ -354,7 +358,7 @@ service ipsec restart
service xl2tpd restart service xl2tpd restart
``` ```
If using Docker, run `docker restart ipsec-vpn-server`. **Docker users:** Run `docker restart ipsec-vpn-server`.
Then reboot your VPN client device, and retry the connection. If still unable to connect, try removing and recreating the VPN connection, by following the instructions in this document. Make sure that the VPN credentials are entered correctly. Then reboot your VPN client device, and retry the connection. If still unable to connect, try removing and recreating the VPN connection, by following the instructions in this document. Make sure that the VPN credentials are entered correctly.