From 72d0f7ff521e3f22a7111a73fe0a21b7a336e21e Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Fri, 26 Aug 2016 01:52:55 -0500 Subject: [PATCH] Clean up docs [ci skip] --- README-zh.md | 8 +++----- README.md | 8 +++----- docs/clients-xauth-zh.md | 17 +++-------------- docs/clients-xauth.md | 17 +++-------------- docs/clients-zh.md | 36 ++++++++++++++++-------------------- docs/clients.md | 34 +++++++++++++++------------------- 6 files changed, 43 insertions(+), 77 deletions(-) diff --git a/README-zh.md b/README-zh.md index 7e28b0a..91738d6 100644 --- a/README-zh.md +++ b/README-zh.md @@ -112,7 +112,7 @@ DigitalOcean 用户可以参考这个修改一次注册表,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。如果在连接过程中遇到错误,请参见 故障排除。 +**Windows 用户** 如果在连接过程中遇到错误,请参见 故障排除。 **Android 6 (Marshmallow) 用户** 请参考此文档中的注释: 配置 IPsec/L2TP VPN 客户端。 @@ -135,7 +135,7 @@ DigitalOcean 用户可以参考这个这个 Gist 以及 我的博客。 -- VPN 的相关问题可在这些邮件列表提问: [1] [2],或者看相关文章: [1] [2] [3]。 +- VPN 的相关问题可在这些邮件列表提问: [1] [2],或者看相关文章: [1] [2] [3] [4]。 - 如果你发现了一个可重复的程序漏洞,请提交一个 GitHub Issue。 ## 卸载说明 @@ -145,13 +145,11 @@ DigitalOcean 用户可以参考这个IPsec VPN Server on Docker +- IKEv2 VPN Server on Docker - Streisand - SoftEther VPN - ShadowsocksR - OpenVPN Install -- VPN Deploy Playbook -- Insta VPN -- One Key IKEv2 VPN - Setup Strongswan ## 作者 diff --git a/README.md b/README.md index f4fc670..6065216 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: ## Important Notes -For **Windows users**, this one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). If you get an error when trying to connect, see Troubleshooting. +**Windows users**: If you get an error when trying to connect, see Troubleshooting. **Android 6 (Marshmallow) users**: Please see notes in Configure IPsec/L2TP VPN Clients. @@ -135,7 +135,7 @@ The additional scripts vpnupgrade ## Bugs & Questions - Got a question? Please first search other people's comments in this Gist and on my blog. -- Ask VPN related questions on these mailing lists: [1] [2], or read related articles: [1] [2] [3]. +- Ask VPN related questions on these mailing lists: [1] [2], or read related articles: [1] [2] [3] [4]. - If you found a reproducible bug, open a GitHub Issue to submit a bug report. ## Uninstallation @@ -145,13 +145,11 @@ Please refer to Uninstall the VPNIPsec VPN Server on Docker +- IKEv2 VPN Server on Docker - Streisand - SoftEther VPN - ShadowsocksR - OpenVPN Install -- VPN Deploy Playbook -- Insta VPN -- One Key IKEv2 VPN - Setup Strongswan ## Author diff --git a/docs/clients-xauth-zh.md b/docs/clients-xauth-zh.md index c4592ce..d2ddd30 100644 --- a/docs/clients-xauth-zh.md +++ b/docs/clients-xauth-zh.md @@ -35,17 +35,6 @@ VPN 连接成功后,你会在 VPN Connect 状态窗口中看到 **tunnel enabled** 字样。单击 "Network" 选项卡,并确认 **Established - 1** 显示在 "Security Associations" 下面。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 -**注:** 在首次连接之前需要修改一次注册表,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。请参照链接网页中的说明,或者打开提升权限命令提示符并运行以下命令。完成后必须重启计算机。 -- 适用于 Windows Vista, 7, 8 和 10 - ```console - REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - ``` - -- 仅适用于 Windows XP - ```console - REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - ``` - ### OS X ### 1. 打开系统偏好设置并转到网络部分。 1. 在窗口左下角单击 **+** 按钮。 @@ -82,10 +71,10 @@ VPN 连接成功后,你会在 VPN Connect 状态窗口中看到 **tunnel enabl 1. 选中 **保存帐户信息** 复选框。 1. 单击 **连接**。 -**注:** 如果你使用 Android 6 (Marshmallow) 并且无法连接,请尝试以下解决方案: +**注:** 如果无法使用 Android 6 (Marshmallow) 连接,请尝试以下解决方案: -1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到下一步。 -1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(参见) +1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到第二步。 +1. (注:最新版本的 VPN 脚本已经包含这些更改)编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(参考链接) VPN 连接成功后,会在通知栏显示图标。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 diff --git a/docs/clients-xauth.md b/docs/clients-xauth.md index b728203..70489cf 100644 --- a/docs/clients-xauth.md +++ b/docs/clients-xauth.md @@ -35,17 +35,6 @@ After settin Once connected, you will see **tunnel enabled** in the VPN Connect status window. Click the "Network" tab, and confirm that **Established - 1** is displayed under "Security Associations". You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`". -**Note:** This one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an elevated command prompt. You must reboot your computer when finished. -- For Windows Vista, 7, 8 and 10 - ```console - REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - ``` - -- For Windows XP ONLY - ```console - REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - ``` - ### OS X ### 1. Open System Preferences and go to the Network section. 1. Click the **+** button in the lower-left corner of the window. @@ -82,10 +71,10 @@ To connect to the VPN: Use the menu bar icon, or go to the Network section of Sy 1. Check the **Save account information** checkbox. 1. Tap **Connect**. -**Note:** If you are using Android 6 (Marshmallow) and unable to connect, try these workarounds: +**Note:** If unable to connect using Android 6 (Marshmallow), try these workarounds: -1. Click the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to the next step. -1. Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Save the file and run `service ipsec restart`. (Ref) +1. Tap the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to step 2. +1. (Note: Latest version of the VPN scripts already include these changes) Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. Save the file and run `service ipsec restart`. (Reference) Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`". diff --git a/docs/clients-zh.md b/docs/clients-zh.md index 551f10d..c171269 100644 --- a/docs/clients-zh.md +++ b/docs/clients-zh.md @@ -37,8 +37,6 @@ 1. 单击 **确定** 关闭 **高级设置**。 1. 单击 **确定** 保存 VPN 连接的详细信息。 -**注:** 在首次连接之前需要修改一次注册表。请参见下面的说明。 - **Windows 7, Vista and XP:** 1. 单击开始菜单,选择控制面板。 @@ -57,7 +55,7 @@ 1. 单击 **创建**,然后单击 **关闭** 按钮。 1. 返回 **网络与共享中心**。单击左侧的 **更改适配器设置**。 1. 右键单击新创建的 VPN 连接,并选择 **属性**。 -1. 单击 **选项** 选项卡,取消选中 **包含Windows登录域** 复选框。 +1. 单击 **选项** 选项卡,取消选中 **包括Windows登录域** 复选框。 1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。 1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。 1. 单击 **高级设置** 按钮。 @@ -67,20 +65,8 @@ 要连接到 VPN: 单击系统托盘中的无线/网络图标,选择新的 VPN 连接,然后单击 **连接**。如果出现提示,在登录窗口中输入 `你的 VPN 用户名` 和 `密码` ,并单击 **确定**。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 - 如果在连接过程中遇到错误,请参见 故障排除。 -**注:** 在首次连接之前需要修改一次注册表,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。请参照链接网页中的说明,或者打开提升权限命令提示符并运行以下命令。完成后必须重启计算机。 -- 适用于 Windows Vista, 7, 8 和 10 - ```console - REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - ``` - -- 仅适用于 Windows XP - ```console - REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - ``` - ### OS X ### 1. 打开系统偏好设置并转到网络部分。 1. 在窗口左下角单击 **+** 按钮。 @@ -117,10 +103,10 @@ 1. 选中 **保存帐户信息** 复选框。 1. 单击 **连接**。 -**注:** 如果你使用 Android 6 (Marshmallow) 并且无法连接,请尝试以下解决方案: +**注:** 如果无法使用 Android 6 (Marshmallow) 连接,请尝试以下解决方案: -1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到下一步。 -1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(参见) +1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到第二步。 +1. (注:最新版本的 VPN 脚本已经包含这些更改)编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(参考链接) VPN 连接成功后,会在通知栏显示图标。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 @@ -175,7 +161,7 @@ VPN 连接成功后,网络状态图标上会出现 VPN 指示。最后你可 sudo route add default dev ppp0 ``` -如果遇到错误,请检查 `ifconfig` 的输出并将上面的 `ppp0` 换成 `ppp1`,等等。 + 如果遇到错误,请检查 `ifconfig` 的输出并将上面的 `ppp0` 换成 `ppp1`,等等。 检查 VPN 是否正常工作: ``` @@ -207,7 +193,17 @@ sudo route del default dev ppp0 > 无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应。 -要解决此错误,请按照上面的步骤添加注册表键并重启计算机。 +要解决此错误,在首次连接之前需要修改一次注册表,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。请参照链接网页中的说明,或者打开提升权限命令提示符并运行以下命令。完成后必须重启计算机。 + +- 适用于 Windows Vista, 7, 8 和 10 + ```console + REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f + ``` + +- 仅适用于 Windows XP + ```console + REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f + ``` ### Windows 错误 628 diff --git a/docs/clients.md b/docs/clients.md index 05ec75b..1fb8d63 100644 --- a/docs/clients.md +++ b/docs/clients.md @@ -37,8 +37,6 @@ You may also refer to this alternative looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`". - If you get an error when trying to connect, see Troubleshooting. -**Note:** This one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an elevated command prompt. You must reboot your computer when finished. -- For Windows Vista, 7, 8 and 10 - ```console - REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - ``` - -- For Windows XP ONLY - ```console - REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - ``` - ### OS X ### 1. Open System Preferences and go to the Network section. 1. Click the **+** button in the lower-left corner of the window. @@ -117,10 +103,10 @@ To connect to the VPN: Use the menu bar icon, or go to the Network section of Sy 1. Check the **Save account information** checkbox. 1. Tap **Connect**. -**Note:** If you are using Android 6 (Marshmallow) and unable to connect, try these workarounds: +**Note:** If unable to connect using Android 6 (Marshmallow), try these workarounds: -1. Click the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to the next step. -1. Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Save the file and run `service ipsec restart`. (Ref) +1. Tap the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to step 2. +1. (Note: Latest version of the VPN scripts already include these changes) Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. Save the file and run `service ipsec restart`. (Reference) Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`". @@ -175,7 +161,7 @@ Follow the steps in the steps above to add a registry key and reboot your computer. +To fix this error, a one-time registry change is required because the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an elevated command prompt. When finished, reboot your PC. + +- For Windows Vista, 7, 8 and 10 + ```console + REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f + ``` + +- For Windows XP ONLY + ```console + REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f + ``` ### Windows Error 628