mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 13:06:02 +03:00
Code Issues Projects Releases Wiki Activity

Update docs

Browse Source 
[ci skip]
This commit is contained in:
hwdsl2 2016-09-30 11:53:33 -05:00
parent 1f7d9f1687
commit 65f1bcd726
9 changed files with 52 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README-zh.md
View File

@ -20,8 +20,6 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
- [功能特性](#功能特性) - [功能特性](#功能特性)
- [系统要求](#系统要求) - [系统要求](#系统要求)
- [安装说明](#安装说明) - [安装说明](#安装说明)
- [Ubuntu & Debian](#ubuntu--debian)
- [CentOS & RHEL](#centos--rhel)
- [下一步](#下一步) - [下一步](#下一步)
- [重要提示](#重要提示) - [重要提示](#重要提示)
- [升级Libreswan](#升级libreswan) - [升级Libreswan](#升级libreswan)
@ -117,16 +115,18 @@ DigitalOcean 用户可以参考这个<a href="https://usefulpcguide.com/17318/cr
<a href="docs/ikev2-howto-zh.md" target="_blank">如何配置 IKEv2 VPN: Windows 7 和更新版本</a> <a href="docs/ikev2-howto-zh.md" target="_blank">如何配置 IKEv2 VPN: Windows 7 和更新版本</a>
如果在连接过程中遇到错误,请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles: 开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
## 重要提示 ## 重要提示
**Windows 和 Android 6.0/7.0 用户** 如果在连接过程中遇到错误,请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a> **Windows 和 Android 用户** 如果在连接过程中遇到错误,请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a>
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec 协议的局限性,如果这些设备在同一个 NAT 后面(比如家用路由器),它们无法同时连接到 VPN 服务器。
如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a> 如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec 协议的局限性,如果上述设备属于同一个 NAT 网络(比如家用路由器),它们无法同时连接到 VPN 服务器。
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,请编辑 `/etc/ppp/options.xl2tpd``/etc/ipsec.conf` 并替换 `8.8.8.8``8.8.4.4`。然后重启服务器。 在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,请编辑 `/etc/ppp/options.xl2tpd``/etc/ipsec.conf` 并替换 `8.8.8.8``8.8.4.4`。然后重启服务器。
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500以及 TCP 端口 22 (用于 SSH 对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500以及 TCP 端口 22 (用于 SSH

10
README.md
View File

@ -20,8 +20,6 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
- [Features](#features) - [Features](#features)
- [Requirements](#requirements) - [Requirements](#requirements)
- [Installation](#installation) - [Installation](#installation)
- [Ubuntu & Debian](#ubuntu--debian)
- [CentOS & RHEL](#centos--rhel)
- [Next steps](#next-steps) - [Next steps](#next-steps)
- [Important notes](#important-notes) - [Important notes](#important-notes)
- [Upgrade Libreswan](#upgrade-libreswan) - [Upgrade Libreswan](#upgrade-libreswan)
@ -117,16 +115,18 @@ Get your computer or device to use the VPN. Please refer to:
<a href="docs/ikev2-howto.md" target="_blank">How To: IKEv2 VPN for Windows 7 and newer</a> <a href="docs/ikev2-howto.md" target="_blank">How To: IKEv2 VPN for Windows 7 and newer</a>
If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>.
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important notes ## Important notes
**Windows and Android 6.0/7.0 users**: If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>. **Windows and Android users**: If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>.
If you wish to add, edit or remove VPN user accounts, refer to <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.
The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server. The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server.
If you wish to add, edit or remove VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`. Then reboot your server. Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`. Then reboot your server.
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH). For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH).

2
docs/clients-xauth.md
View File

@ -97,7 +97,7 @@ Once connected, you will see a VPN icon in the status bar. You can verify that y
## Credits ## Credits
This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project by Joshua Lund and contributors. This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project, maintained by Joshua Lund and contributors.
## License ## License

20
docs/clients-zh.md
View File

@ -17,6 +17,11 @@
* [Chromebook](#chromebook) * [Chromebook](#chromebook)
* [Windows Phone](#windows-phone) * [Windows Phone](#windows-phone)
* [Linux](#linux) * [Linux](#linux)
* [故障排除](#故障排除)
* [Windows 错误 809](#windows-错误-809)
* [Windows 错误 628](#windows-错误-628)
* [Android 6.0 and 7.0](#android-60-and-70)
* [其它错误](#其它错误)
## Windows ## Windows
@ -32,7 +37,7 @@
1. 返回 **网络与共享中心**。单击左侧的 **更改适配器设置** 1. 返回 **网络与共享中心**。单击左侧的 **更改适配器设置**
1. 右键单击新创建的 VPN 连接,并选择 **属性** 1. 右键单击新创建的 VPN 连接,并选择 **属性**
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。 1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项 1. 单击 **允许使用这些协议**确保选中 "质询握手身份验证协议 (CHAP)" 复选框。
1. 单击 **高级设置** 按钮。 1. 单击 **高级设置** 按钮。
1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。 1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。
1. 单击 **确定** 关闭 **高级设置** 1. 单击 **确定** 关闭 **高级设置**
@ -58,7 +63,7 @@
1. 右键单击新创建的 VPN 连接,并选择 **属性** 1. 右键单击新创建的 VPN 连接,并选择 **属性**
1. 单击 **选项** 选项卡,取消选中 **包括Windows登录域** 复选框。 1. 单击 **选项** 选项卡,取消选中 **包括Windows登录域** 复选框。
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。 1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项 1. 单击 **允许使用这些协议**确保选中 "质询握手身份验证协议 (CHAP)" 复选框。
1. 单击 **高级设置** 按钮。 1. 单击 **高级设置** 按钮。
1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。 1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。
1. 单击 **确定** 关闭 **高级设置** 1. 单击 **确定** 关闭 **高级设置**
@ -220,7 +225,10 @@ sudo route del default dev ppp0
1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心** 1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**
1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性** 1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性**
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。 1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。 1. 单击 **允许使用这些协议**。确保选中 "质询握手身份验证协议 (CHAP)" 复选框。
1. 单击 **高级设置** 按钮。
1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。
1. 单击 **确定** 关闭 **高级设置**
1. 单击 **确定** 保存 VPN 连接的详细信息。 1. 单击 **确定** 保存 VPN 连接的详细信息。
![Select CHAP in VPN connection properties](images/vpn-properties-zh.png) ![Select CHAP in VPN connection properties](images/vpn-properties-zh.png)
@ -236,9 +244,9 @@ sudo route del default dev ppp0
更多的故障排除信息请参见以下链接: 更多的故障排除信息请参见以下链接:
https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues * https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues
https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/ * https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/
http://www.tp-link.com/en/faq-1029.html * http://www.tp-link.com/en/faq-1029.html
## 致谢 ## 致谢

22
docs/clients.md
View File

@ -17,6 +17,11 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
* [Chromebook](#chromebook) * [Chromebook](#chromebook)
* [Windows Phone](#windows-phone) * [Windows Phone](#windows-phone)
* [Linux](#linux) * [Linux](#linux)
* [Troubleshooting](#troubleshooting)
* [Windows Error 809](#windows-error-809)
* [Windows Error 628](#windows-error-628)
* [Android 6.0 and 7.0](#android-60-and-70)
* [Other Errors](#other-errors)
## Windows ## Windows
@ -32,7 +37,7 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
1. Return to **Network and Sharing Center**. On the left, click **Change adapter settings**. 1. Return to **Network and Sharing Center**. On the left, click **Change adapter settings**.
1. Right-click on the new VPN entry and choose **Properties**. 1. Right-click on the new VPN entry and choose **Properties**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**. 1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**.
1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others. 1. Click **Allow these protocols**. Be sure to select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox.
1. Click the **Advanced settings** button. 1. Click the **Advanced settings** button.
1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**. 1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
1. Click **OK** to close the **Advanced settings**. 1. Click **OK** to close the **Advanced settings**.
@ -58,7 +63,7 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
1. Right-click on the new VPN entry and choose **Properties**. 1. Right-click on the new VPN entry and choose **Properties**.
1. Click the **Options** tab and uncheck **Include Windows logon domain**. 1. Click the **Options** tab and uncheck **Include Windows logon domain**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**. 1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**.
1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others. 1. Click **Allow these protocols**. Be sure to select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox.
1. Click the **Advanced settings** button. 1. Click the **Advanced settings** button.
1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**. 1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
1. Click **OK** to close the **Advanced settings**. 1. Click **OK** to close the **Advanced settings**.
@ -220,7 +225,10 @@ To fix this error, please follow these steps:
1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**. 1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**. 1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**. 1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**.
1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others. 1. Click **Allow these protocols**. Be sure to select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox.
1. Click the **Advanced settings** button.
1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
1. Click **OK** to close the **Advanced settings**.
1. Click **OK** to save the VPN connection details. 1. Click **OK** to save the VPN connection details.
![Select CHAP in VPN connection properties](images/vpn-properties.png) ![Select CHAP in VPN connection properties](images/vpn-properties.png)
@ -236,13 +244,13 @@ If you are unable to connect using Android 6.0 (Marshmallow) or 7.0 (Nougat), tr
Refer to the links below for more troubleshooting tips: Refer to the links below for more troubleshooting tips:
https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues * https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues
https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/ * https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/
http://www.tp-link.com/en/faq-1029.html * http://www.tp-link.com/en/faq-1029.html
## Credits ## Credits
This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project by Joshua Lund and contributors. This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project, maintained by Joshua Lund and contributors.
## License ## License

7
docs/ikev2-howto-zh.md
View File

@ -154,7 +154,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
N N
``` ```
1. 生成客户端证书,并且导出 p12 文件。该文件包含客户端证书,私钥以及 CA 证书: 1. 生成客户端证书,并且导出 `.p12` 文件。该文件包含客户端证书,私钥以及 CA 证书:
```bash ```bash
$ certutil -S -c "Example CA" -n "vpnclient" -s "O=Example,CN=vpnclient" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t ",," -1 -6 -8 "vpnclient" $ certutil -S -c "Example CA" -n "vpnclient" -s "O=Example,CN=vpnclient" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t ",," -1 -6 -8 "vpnclient"
@ -196,7 +196,10 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
详细的操作步骤: 详细的操作步骤:
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
Windows Phone 8.1 及以上版本用户: 首先导入 .p12 文件,然后参照 <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">这些说明</a> 配置一个基于证书的 IKEv2 VPN。 Windows Phone 8.1 及以上版本用户: 首先导入 `.p12` 文件,然后参照 <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">这些说明</a> 配置一个基于证书的 IKEv2 VPN。
Android 4+ 用户请参见:
https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接。 1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接。

7
docs/ikev2-howto.md
View File

@ -154,7 +154,7 @@ First, make sure you have successfully <a href="https://github.com/hwdsl2/setup-
N N
``` ```
1. Generate client certificate(s), and export the p12 file that contains the client certificate, private key, and CA certificate: 1. Generate client certificate(s), and export the `.p12` file that contains the client certificate, private key, and CA certificate:
```bash ```bash
$ certutil -S -c "Example CA" -n "vpnclient" -s "O=Example,CN=vpnclient" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t ",," -1 -6 -8 "vpnclient" $ certutil -S -c "Example CA" -n "vpnclient" -s "O=Example,CN=vpnclient" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t ",," -1 -6 -8 "vpnclient"
@ -196,7 +196,10 @@ First, make sure you have successfully <a href="https://github.com/hwdsl2/setup-
Detailed instructions: Detailed instructions:
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
Users with Windows Phone 8.1 and above: First import the .p12 file, then follow <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">these instructions</a> to configure a certificate-based IKEv2 VPN. Users with Windows Phone 8.1 and above: First import the `.p12` file, then follow <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">these instructions</a> to configure a certificate-based IKEv2 VPN.
Android 4+ users please refer to:
https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
1. On the Windows computer, add a new IKEv2 VPN connection. 1. On the Windows computer, add a new IKEv2 VPN connection.

2
docs/manage-users-zh.md
View File

@ -4,7 +4,7 @@
在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要添加,修改或者删除用户,请阅读本文档。 在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要添加,修改或者删除用户,请阅读本文档。
**注:** 同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec 协议的局限性,如果上述设备属于同一个 NAT 网络(比如家用路由器),它们无法同时连接到 VPN 服务器。即使你创建多个用户也是如此 **注:** 同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec 协议的局限性,如果这些设备在同一个 NAT 后面(比如家用路由器),它们无法同时连接到 VPN 服务器,即使你创建多个用户也是如此。对于上述情形,你可以尝试使用 [Shadowsocks](https://github.com/shadowsocks/shadowsocks-libev) / [ShadowsocksR](https://github.com/breakwa11/shadowsocks-rss) 或者 [OpenVPN](https://github.com/Nyr/openvpn-install)
首先IPsec PSK (预共享密钥) 保存在文件 `/etc/ipsec.secrets`。如果要更换一个新的 PSK可以编辑此文件。 首先IPsec PSK (预共享密钥) 保存在文件 `/etc/ipsec.secrets`。如果要更换一个新的 PSK可以编辑此文件。

2
docs/manage-users.md
View File

@ -4,7 +4,7 @@
By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document. By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document.
**Note:** The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server. This applies even if you create multiple users. **Note:** The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server. This applies even if you create multiple users. For the above use case, try [OpenVPN](https://github.com/Nyr/openvpn-install).
First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file. First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file.