1
0
mirror of synced 2024-11-28 23:56:04 +03:00

Update docs

This commit is contained in:
hwdsl2 2017-05-30 15:01:26 -05:00
parent f403dbeaf7
commit 654ddcdfa4
6 changed files with 32 additions and 24 deletions

View File

@ -68,7 +68,7 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
一个专用服务器或者虚拟专用服务器 (VPS),全新安装以上操作系统之一。另外也可使用 Debian 7 (Wheezy),但是必须首先运行<a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">另一个脚本</a>。 OpenVZ VPS 不受支持,用户可以尝试使用 <a href="https://shadowsocks.org" target="_blank">Shadowsocks</a> 或者 <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a> 一个专用服务器或者虚拟专用服务器 (VPS),全新安装以上操作系统之一。另外也可使用 Debian 7 (Wheezy),但是必须首先运行<a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">另一个脚本</a>。 OpenVZ VPS 不受支持,用户可以尝试使用 <a href="https://shadowsocks.org" target="_blank">Shadowsocks</a> 或者 <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>
这也包括各种公共云服务中的 Linux 虚拟机,比如 <a href="https://blog.ls20.com/digitalocean" target="_blank">DigitalOcean</a>, <a href="https://blog.ls20.com/vultr" target="_blank">Vultr</a>, <a href="https://blog.ls20.com/linode" target="_blank">Linode</a>, <a href="https://cloud.google.com/compute/" target="_blank">Google Compute Engine</a>, <a href="https://amazonlightsail.com" target="_blank">Amazon Lightsail</a>, <a href="https://azure.microsoft.com" target="_blank">Microsoft Azure</a>, <a href="http://www.softlayer.com/" target="_blank">IBM SoftLayer</a><a href="https://www.rackspace.com" target="_blank">Rackspace</a> 这也包括各种公共云服务中的 Linux 虚拟机,比如 <a href="https://blog.ls20.com/digitalocean" target="_blank">DigitalOcean</a>, <a href="https://blog.ls20.com/vultr" target="_blank">Vultr</a>, <a href="https://blog.ls20.com/linode" target="_blank">Linode</a>, <a href="https://cloud.google.com/compute/" target="_blank">Google Compute Engine</a>, <a href="https://amazonlightsail.com" target="_blank">Amazon Lightsail</a>, <a href="https://azure.microsoft.com" target="_blank">Microsoft Azure</a>, <a href="http://www.softlayer.com/" target="_blank">IBM SoftLayer</a>, <a href="https://www.ovh.com/us/vps/" target="_blank">OVH</a><a href="https://www.rackspace.com" target="_blank">Rackspace</a>
<a href="azure/README-zh.md" target="_blank"><img src="docs/images/azure-deploy-button.png" alt="Deploy to Azure" /></a> <a href="http://dovpn.carlfriess.com/" target="_blank"><img src="docs/images/do-install-button.png" alt="Install on DigitalOcean" /></a> <a href="https://www.linode.com/stackscripts/view/37239" target="_blank"><img src="docs/images/linode-deploy-button.png" alt="Deploy to Linode" /></a> <a href="azure/README-zh.md" target="_blank"><img src="docs/images/azure-deploy-button.png" alt="Deploy to Azure" /></a> <a href="http://dovpn.carlfriess.com/" target="_blank"><img src="docs/images/do-install-button.png" alt="Install on DigitalOcean" /></a> <a href="https://www.linode.com/stackscripts/view/37239" target="_blank"><img src="docs/images/linode-deploy-button.png" alt="Deploy to Linode" /></a>
@ -141,7 +141,7 @@ VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT (比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 <a href="docs/clients-xauth-zh.md" target="_blank">IPsec/XAuth 模式</a>。另外,你的服务器必须运行 [Libreswan 3.19](#升级libreswan) 或以上版本。 同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT (比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 <a href="docs/clients-xauth-zh.md" target="_blank">IPsec/XAuth 模式</a>。另外,你的服务器必须运行 [Libreswan 3.19](#升级libreswan) 或以上版本。
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请为 VPN 打开 UDP 端口 500 和 4500。 对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/vpc/firewalls" target="_blank">GCE</a>),请为 VPN 打开 UDP 端口 500 和 4500。
如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a> 如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>

View File

@ -68,7 +68,7 @@ Please see <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-1
A dedicated server or Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS is NOT supported, users could instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>. A dedicated server or Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS is NOT supported, users could instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>.
This also includes Linux VMs in public clouds, such as <a href="https://blog.ls20.com/digitalocean" target="_blank">DigitalOcean</a>, <a href="https://blog.ls20.com/vultr" target="_blank">Vultr</a>, <a href="https://blog.ls20.com/linode" target="_blank">Linode</a>, <a href="https://cloud.google.com/compute/" target="_blank">Google Compute Engine</a>, <a href="https://amazonlightsail.com" target="_blank">Amazon Lightsail</a>, <a href="https://azure.microsoft.com" target="_blank">Microsoft Azure</a>, <a href="http://www.softlayer.com/" target="_blank">IBM SoftLayer</a> and <a href="https://www.rackspace.com" target="_blank">Rackspace</a>. This also includes Linux VMs in public clouds, such as <a href="https://blog.ls20.com/digitalocean" target="_blank">DigitalOcean</a>, <a href="https://blog.ls20.com/vultr" target="_blank">Vultr</a>, <a href="https://blog.ls20.com/linode" target="_blank">Linode</a>, <a href="https://cloud.google.com/compute/" target="_blank">Google Compute Engine</a>, <a href="https://amazonlightsail.com" target="_blank">Amazon Lightsail</a>, <a href="https://azure.microsoft.com" target="_blank">Microsoft Azure</a>, <a href="http://www.softlayer.com/" target="_blank">IBM SoftLayer</a>, <a href="https://www.ovh.com/us/vps/" target="_blank">OVH</a> and <a href="https://www.rackspace.com" target="_blank">Rackspace</a>.
<a href="azure/README.md" target="_blank"><img src="docs/images/azure-deploy-button.png" alt="Deploy to Azure" /></a> <a href="http://dovpn.carlfriess.com/" target="_blank"><img src="docs/images/do-install-button.png" alt="Install on DigitalOcean" /></a> <a href="https://www.linode.com/stackscripts/view/37239" target="_blank"><img src="docs/images/linode-deploy-button.png" alt="Deploy to Linode" /></a> <a href="azure/README.md" target="_blank"><img src="docs/images/azure-deploy-button.png" alt="Deploy to Azure" /></a> <a href="http://dovpn.carlfriess.com/" target="_blank"><img src="docs/images/do-install-button.png" alt="Install on DigitalOcean" /></a> <a href="https://www.linode.com/stackscripts/view/37239" target="_blank"><img src="docs/images/linode-deploy-button.png" alt="Deploy to Linode" /></a>
@ -139,9 +139,9 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
For **Windows users**, this <a href="docs/clients.md#windows-error-809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). For **Windows users**, this <a href="docs/clients.md#windows-error-809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>. Also, your server must be running [Libreswan 3.19](#upgrade-libreswan) or above. The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>. Also, your server must run [Libreswan 3.19](#upgrade-libreswan) or a newer version.
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN. For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/vpc/firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN.
If you wish to add, edit or remove VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>. If you wish to add, edit or remove VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.

View File

@ -154,13 +154,15 @@ VPN 连接成功后,会在通知栏显示图标。最后你可以到 <a href="
VPN 连接成功后,网络状态图标上会出现 VPN 指示。最后你可以到 <a href="https://www.ipchicken.com" target="_blank">这里</a> 检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 VPN 连接成功后,网络状态图标上会出现 VPN 指示。最后你可以到 <a href="https://www.ipchicken.com" target="_blank">这里</a> 检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
如果在连接过程中遇到错误,请参见 <a href="#故障排除">故障排除</a>
## Windows Phone ## Windows Phone
Windows Phone 8.1 及以上版本用户可以尝试按照 <a href="http://forums.windowscentral.com/windows-phone-8-1-preview-developers/301521-tutorials-windows-phone-8-1-support-l2tp-ipsec-vpn-now.html" target="_blank">这个教程</a> 的步骤操作。最后你可以到 <a href="https://www.ipchicken.com" target="_blank">这里</a> 检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 Windows Phone 8.1 及以上版本用户可以尝试按照 <a href="http://forums.windowscentral.com/windows-phone-8-1-preview-developers/301521-tutorials-windows-phone-8-1-support-l2tp-ipsec-vpn-now.html" target="_blank">这个教程</a> 的步骤操作。最后你可以到 <a href="https://www.ipchicken.com" target="_blank">这里</a> 检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
## Linux ## Linux
注: 以下步骤是在 [Peter Sanford 的工作](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c) 基础上修改。这些命令必须在你的 VPN 客户端上使用 `root` 账户运行。 以下步骤是基于 [Peter Sanford 的工作](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c)。这些命令必须在你的 VPN 客户端上使用 `root` 账户运行。
要配置 VPN 客户端,首先安装以下软件包: 要配置 VPN 客户端,首先安装以下软件包:
@ -269,6 +271,8 @@ chmod 600 /etc/ppp/options.l2tpd.client
至此 VPN 客户端配置已完成。按照下面的步骤进行连接。 至此 VPN 客户端配置已完成。按照下面的步骤进行连接。
**注:** 当你每次尝试连接到 VPN 时,必须重复下面的所有步骤。
创建 xl2tpd 控制文件: 创建 xl2tpd 控制文件:
```bash ```bash

View File

@ -154,13 +154,15 @@ Once connected, you will see a VPN icon in the status bar. You can verify that y
Once connected, you will see a VPN icon overlay on the network status icon. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`". Once connected, you will see a VPN icon overlay on the network status icon. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
If you get an error when trying to connect, see <a href="#troubleshooting">Troubleshooting</a>.
## Windows Phone ## Windows Phone
Users with Windows Phone 8.1 and above, try <a href="http://forums.windowscentral.com/windows-phone-8-1-preview-developers/301521-tutorials-windows-phone-8-1-support-l2tp-ipsec-vpn-now.html" target="_blank">this tutorial</a>. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`". Users with Windows Phone 8.1 and above, try <a href="http://forums.windowscentral.com/windows-phone-8-1-preview-developers/301521-tutorials-windows-phone-8-1-support-l2tp-ipsec-vpn-now.html" target="_blank">this tutorial</a>. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
## Linux ## Linux
Note: Instructions below are adapted from [the work of Peter Sanford](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c). Commands must be run as `root` on your VPN client. Instructions below are based on [the work of Peter Sanford](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c). Commands must be run as `root` on your VPN client.
To set up the VPN client, first install the following packages: To set up the VPN client, first install the following packages:
@ -269,6 +271,8 @@ chmod 600 /etc/ppp/options.l2tpd.client
The VPN client setup is now complete. Follow the steps below to connect. The VPN client setup is now complete. Follow the steps below to connect.
**Note:** You must repeat all steps below every time you try to connect to the VPN.
Create xl2tpd control file: Create xl2tpd control file:
```bash ```bash

View File

@ -4,17 +4,17 @@
在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要添加,修改或者删除用户,请阅读本文档。 在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要添加,修改或者删除用户,请阅读本文档。
首先IPsec PSK (预共享密钥) 保存在文件 `/etc/ipsec.secrets`。如果要更换一个新的 PSK可以编辑此文件。 首先IPsec PSK (预共享密钥) 保存在文件 `/etc/ipsec.secrets`。如果要更换一个新的 PSK可以编辑此文件。所有的 VPN 用户将共享同一个 IPsec PSK。
```bash ```bash
%any %any : PSK "<VPN IPsec PSK>" %any %any : PSK "your_ipsec_pre_shared_key"
``` ```
对于 `IPsec/L2TP`VPN 用户账户信息保存在文件 `/etc/ppp/chap-secrets`。该文件的格式如下: 对于 `IPsec/L2TP`VPN 用户账户信息保存在文件 `/etc/ppp/chap-secrets`。该文件的格式如下:
```bash ```bash
"<VPN User 1>" l2tpd "<VPN Password 1>" * "your_vpn_username_1" l2tpd "your_vpn_password_1" *
"<VPN User 2>" l2tpd "<VPN Password 2>" * "your_vpn_username_2" l2tpd "your_vpn_password_2" *
... ... ... ...
``` ```
@ -23,19 +23,19 @@
对于 `IPsec/XAuth ("Cisco IPsec")` VPN 用户账户信息保存在文件 `/etc/ipsec.d/passwd`。该文件的格式如下: 对于 `IPsec/XAuth ("Cisco IPsec")` VPN 用户账户信息保存在文件 `/etc/ipsec.d/passwd`。该文件的格式如下:
```bash ```bash
<VPN User 1>:<VPN Password 1 (hashed)>:xauth-psk your_vpn_username_1:your_vpn_password_1_hashed:xauth-psk
<VPN User 2>:<VPN Password 2 (hashed)>:xauth-psk your_vpn_username_2:your_vpn_password_2_hashed:xauth-psk
... ... ... ...
``` ```
这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成: 这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成:
```bash ```bash
# 以下命令的输出为 <VPN Password 1 (hashed)> # 以下命令的输出为 your_vpn_password_1_hashed
openssl passwd -1 "<VPN Password 1>" openssl passwd -1 'your_vpn_password_1'
``` ```
在完成后,需要重启服务: 在完成后重启服务:
```bash ```bash
service ipsec restart service ipsec restart

View File

@ -4,17 +4,17 @@
By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document. By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document.
First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file. First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file. All VPN users will share the same IPsec PSK.
```bash ```bash
%any %any : PSK "<VPN IPsec PSK>" %any %any : PSK "your_ipsec_pre_shared_key"
``` ```
For `IPsec/L2TP`, VPN users are specified in `/etc/ppp/chap-secrets`. The format of this file is: For `IPsec/L2TP`, VPN users are specified in `/etc/ppp/chap-secrets`. The format of this file is:
```bash ```bash
"<VPN User 1>" l2tpd "<VPN Password 1>" * "your_vpn_username_1" l2tpd "your_vpn_password_1" *
"<VPN User 2>" l2tpd "<VPN Password 2>" * "your_vpn_username_2" l2tpd "your_vpn_password_2" *
... ... ... ...
``` ```
@ -23,16 +23,16 @@ You can add more users, use one line for each user. DO NOT use these characters
For `IPsec/XAuth ("Cisco IPsec")`, VPN users are specified in `/etc/ipsec.d/passwd`. The format of this file is: For `IPsec/XAuth ("Cisco IPsec")`, VPN users are specified in `/etc/ipsec.d/passwd`. The format of this file is:
```bash ```bash
<VPN User 1>:<VPN Password 1 (hashed)>:xauth-psk your_vpn_username_1:your_vpn_password_1_hashed:xauth-psk
<VPN User 2>:<VPN Password 2 (hashed)>:xauth-psk your_vpn_username_2:your_vpn_password_2_hashed:xauth-psk
... ... ... ...
``` ```
Passwords in this file are salted and hashed. This step can be done using e.g. the `openssl` utility: Passwords in this file are salted and hashed. This step can be done using e.g. the `openssl` utility:
```bash ```bash
# The output will be <VPN Password 1 (hashed)> # The output will be your_vpn_password_1_hashed
openssl passwd -1 "<VPN Password 1>" openssl passwd -1 'your_vpn_password_1'
``` ```
When finished, restart services: When finished, restart services: