1
0
mirror of synced 2024-11-25 22:36:04 +03:00

Clean up docs

[ci skip]
This commit is contained in:
hwdsl2 2016-08-26 01:52:55 -05:00
parent 96a071ebc5
commit 72d0f7ff52
6 changed files with 43 additions and 77 deletions

View File

@ -112,7 +112,7 @@ DigitalOcean 用户可以参考这个<a href="https://usefulpcguide.com/17318/cr
## 重要提示 ## 重要提示
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#regkey" target="_blank">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。如果在连接过程中遇到错误,请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a> **Windows 用户** 如果在连接过程中遇到错误,请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a>
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a> **Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
@ -135,7 +135,7 @@ DigitalOcean 用户可以参考这个<a href="https://usefulpcguide.com/17318/cr
## 问题和反馈 ## 问题和反馈
- 有问题需要提问?请先搜索已有的留言,在 <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">这个 Gist</a> 以及 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">我的博客</a> - 有问题需要提问?请先搜索已有的留言,在 <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">这个 Gist</a> 以及 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">我的博客</a>
- VPN 的相关问题可在这些邮件列表提问: <a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">[1]</a> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">[2]</a>,或者看相关文章: <a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> - VPN 的相关问题可在这些邮件列表提问: <a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">[1]</a> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">[2]</a>,或者看相关文章: <a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation" target="_blank">[4]</a>
- 如果你发现了一个可重复的程序漏洞,请提交一个 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue" target="_blank">GitHub Issue</a> - 如果你发现了一个可重复的程序漏洞,请提交一个 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue" target="_blank">GitHub Issue</a>
## 卸载说明 ## 卸载说明
@ -145,13 +145,11 @@ DigitalOcean 用户可以参考这个<a href="https://usefulpcguide.com/17318/cr
## 另见 ## 另见
- <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">IPsec VPN Server on Docker</a> - <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">IPsec VPN Server on Docker</a>
- <a href="https://github.com/gaomd/docker-ikev2-vpn-server" target="_blank">IKEv2 VPN Server on Docker</a>
- <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> - <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a>
- <a href="https://github.com/SoftEtherVPN/SoftEtherVPN" target="_blank">SoftEther VPN</a> - <a href="https://github.com/SoftEtherVPN/SoftEtherVPN" target="_blank">SoftEther VPN</a>
- <a href="https://github.com/breakwa11/shadowsocks-rss" target="_blank">ShadowsocksR</a> - <a href="https://github.com/breakwa11/shadowsocks-rss" target="_blank">ShadowsocksR</a>
- <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN Install</a> - <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN Install</a>
- <a href="https://github.com/ftao/vpn-deploy-playbook" target="_blank">VPN Deploy Playbook</a>
- <a href="https://github.com/sockeye44/instavpn" target="_blank">Insta VPN</a>
- <a href="https://github.com/quericy/one-key-ikev2-vpn" target="_blank">One Key IKEv2 VPN</a>
- <a href="https://github.com/philpl/setup-strong-strongswan" target="_blank">Setup Strongswan</a> - <a href="https://github.com/philpl/setup-strong-strongswan" target="_blank">Setup Strongswan</a>
## 作者 ## 作者

View File

@ -112,7 +112,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important Notes ## Important Notes
For **Windows users**, this <a href="docs/clients.md#regkey" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>. **Windows users**: If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>.
**Android 6 (Marshmallow) users**: Please see notes in <a href="docs/clients.md#android" target="_blank">Configure IPsec/L2TP VPN Clients</a>. **Android 6 (Marshmallow) users**: Please see notes in <a href="docs/clients.md#android" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
@ -135,7 +135,7 @@ The additional scripts <a href="extras/vpnupgrade.sh" target="_blank">vpnupgrade
## Bugs & Questions ## Bugs & Questions
- Got a question? Please first search other people's comments <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">in this Gist</a> and <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">on my blog</a>. - Got a question? Please first search other people's comments <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">in this Gist</a> and <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">on my blog</a>.
- Ask VPN related questions on these mailing lists: <a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">[1]</a> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">[2]</a>, or read related articles: <a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a>. - Ask VPN related questions on these mailing lists: <a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">[1]</a> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">[2]</a>, or read related articles: <a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation" target="_blank">[4]</a>.
- If you found a reproducible bug, open a <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue" target="_blank">GitHub Issue</a> to submit a bug report. - If you found a reproducible bug, open a <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue" target="_blank">GitHub Issue</a> to submit a bug report.
## Uninstallation ## Uninstallation
@ -145,13 +145,11 @@ Please refer to <a href="docs/uninstall.md" target="_blank">Uninstall the VPN</a
## See Also ## See Also
- <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">IPsec VPN Server on Docker</a> - <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">IPsec VPN Server on Docker</a>
- <a href="https://github.com/gaomd/docker-ikev2-vpn-server" target="_blank">IKEv2 VPN Server on Docker</a>
- <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> - <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a>
- <a href="https://github.com/SoftEtherVPN/SoftEtherVPN" target="_blank">SoftEther VPN</a> - <a href="https://github.com/SoftEtherVPN/SoftEtherVPN" target="_blank">SoftEther VPN</a>
- <a href="https://github.com/breakwa11/shadowsocks-rss" target="_blank">ShadowsocksR</a> - <a href="https://github.com/breakwa11/shadowsocks-rss" target="_blank">ShadowsocksR</a>
- <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN Install</a> - <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN Install</a>
- <a href="https://github.com/ftao/vpn-deploy-playbook" target="_blank">VPN Deploy Playbook</a>
- <a href="https://github.com/sockeye44/instavpn" target="_blank">Insta VPN</a>
- <a href="https://github.com/quericy/one-key-ikev2-vpn" target="_blank">One Key IKEv2 VPN</a>
- <a href="https://github.com/philpl/setup-strong-strongswan" target="_blank">Setup Strongswan</a> - <a href="https://github.com/philpl/setup-strong-strongswan" target="_blank">Setup Strongswan</a>
## Author ## Author

View File

@ -35,17 +35,6 @@
VPN 连接成功后,你会在 VPN Connect 状态窗口中看到 **tunnel enabled** 字样。单击 "Network" 选项卡,并确认 **Established - 1** 显示在 "Security Associations" 下面。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 VPN 连接成功后,你会在 VPN Connect 状态窗口中看到 **tunnel enabled** 字样。单击 "Network" 选项卡,并确认 **Established - 1** 显示在 "Security Associations" 下面。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
**注:** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。请参照链接网页中的说明,或者打开<a href="http://www.cnblogs.com/xxcanghai/p/4610054.html" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重启计算机。
- 适用于 Windows Vista, 7, 8 和 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
- 仅适用于 Windows XP
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
### OS X ### ### OS X ###
1. 打开系统偏好设置并转到网络部分。 1. 打开系统偏好设置并转到网络部分。
1. 在窗口左下角单击 **+** 按钮。 1. 在窗口左下角单击 **+** 按钮。
@ -82,10 +71,10 @@ VPN 连接成功后,你会在 VPN Connect 状态窗口中看到 **tunnel enabl
1. 选中 **保存帐户信息** 复选框。 1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接** 1. 单击 **连接**
**注:** 如果你使用 Android 6 (Marshmallow) 并且无法连接,请尝试以下解决方案: **注:** 如果无法使用 Android 6 (Marshmallow) 连接,请尝试以下解决方案:
1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到下一步。 1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到第二步。
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank"></a>) 1. (注:最新版本的 VPN 脚本已经包含这些更改)编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">考链接</a>)
VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。

View File

@ -35,17 +35,6 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
Once connected, you will see **tunnel enabled** in the VPN Connect status window. Click the "Network" tab, and confirm that **Established - 1** is displayed under "Security Associations". You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`". Once connected, you will see **tunnel enabled** in the VPN Connect status window. Click the "Network" tab, and confirm that **Established - 1** is displayed under "Security Associations". You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
**Note:** This <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an <a href="http://www.winhelponline.com/blog/open-elevated-command-prompt-windows/" target="_blank">elevated command prompt</a>. You must reboot your computer when finished.
- For Windows Vista, 7, 8 and 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
- For Windows XP ONLY
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
### OS X ### ### OS X ###
1. Open System Preferences and go to the Network section. 1. Open System Preferences and go to the Network section.
1. Click the **+** button in the lower-left corner of the window. 1. Click the **+** button in the lower-left corner of the window.
@ -82,10 +71,10 @@ To connect to the VPN: Use the menu bar icon, or go to the Network section of Sy
1. Check the **Save account information** checkbox. 1. Check the **Save account information** checkbox.
1. Tap **Connect**. 1. Tap **Connect**.
**Note:** If you are using Android 6 (Marshmallow) and unable to connect, try these workarounds: **Note:** If unable to connect using Android 6 (Marshmallow), try these workarounds:
1. Click the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to the next step. 1. Tap the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to step 2.
1. Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Ref</a>) 1. (Note: Latest version of the VPN scripts already include these changes) Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Reference</a>)
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`". Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".

View File

@ -37,8 +37,6 @@
1. 单击 **确定** 关闭 **高级设置** 1. 单击 **确定** 关闭 **高级设置**
1. 单击 **确定** 保存 VPN 连接的详细信息。 1. 单击 **确定** 保存 VPN 连接的详细信息。
**注:** 在首次连接之前需要修改一次注册表。请参见下面的说明。
**Windows 7, Vista and XP:** **Windows 7, Vista and XP:**
1. 单击开始菜单,选择控制面板。 1. 单击开始菜单,选择控制面板。
@ -57,7 +55,7 @@
1. 单击 **创建**,然后单击 **关闭** 按钮。 1. 单击 **创建**,然后单击 **关闭** 按钮。
1. 返回 **网络与共享中心**。单击左侧的 **更改适配器设置** 1. 返回 **网络与共享中心**。单击左侧的 **更改适配器设置**
1. 右键单击新创建的 VPN 连接,并选择 **属性** 1. 右键单击新创建的 VPN 连接,并选择 **属性**
1. 单击 **选项** 选项卡,取消选中 **包Windows登录域** 复选框。 1. 单击 **选项** 选项卡,取消选中 **包Windows登录域** 复选框。
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。 1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。 1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
1. 单击 **高级设置** 按钮。 1. 单击 **高级设置** 按钮。
@ -67,20 +65,8 @@
要连接到 VPN 单击系统托盘中的无线/网络图标,选择新的 VPN 连接,然后单击 **连接**。如果出现提示,在登录窗口中输入 `你的 VPN 用户名``密码` ,并单击 **确定**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 要连接到 VPN 单击系统托盘中的无线/网络图标,选择新的 VPN 连接,然后单击 **连接**。如果出现提示,在登录窗口中输入 `你的 VPN 用户名``密码` ,并单击 **确定**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
<a id="regkey"></a>
如果在连接过程中遇到错误,请参见 <a href="#故障排除">故障排除</a> 如果在连接过程中遇到错误,请参见 <a href="#故障排除">故障排除</a>
**注:** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。请参照链接网页中的说明,或者打开<a href="http://www.cnblogs.com/xxcanghai/p/4610054.html" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重启计算机。
- 适用于 Windows Vista, 7, 8 和 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
- 仅适用于 Windows XP
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
### OS X ### ### OS X ###
1. 打开系统偏好设置并转到网络部分。 1. 打开系统偏好设置并转到网络部分。
1. 在窗口左下角单击 **+** 按钮。 1. 在窗口左下角单击 **+** 按钮。
@ -117,10 +103,10 @@
1. 选中 **保存帐户信息** 复选框。 1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接** 1. 单击 **连接**
**注:** 如果你使用 Android 6 (Marshmallow) 并且无法连接,请尝试以下解决方案: **注:** 如果无法使用 Android 6 (Marshmallow) 连接,请尝试以下解决方案:
1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到下一步。 1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到第二步。
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank"></a>) 1. (注:最新版本的 VPN 脚本已经包含这些更改)编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">考链接</a>)
VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。 VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
@ -175,7 +161,7 @@ VPN 连接成功后,网络状态图标上会出现 VPN 指示。最后你可
sudo route add default dev ppp0 sudo route add default dev ppp0
``` ```
如果遇到错误,请检查 `ifconfig` 的输出并将上面的 `ppp0` 换成 `ppp1`,等等。 如果遇到错误,请检查 `ifconfig` 的输出并将上面的 `ppp0` 换成 `ppp1`,等等。
检查 VPN 是否正常工作: 检查 VPN 是否正常工作:
``` ```
@ -207,7 +193,17 @@ sudo route del default dev ppp0
> 无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应。 > 无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应。
要解决此错误,请按照<a href="#regkey">上面的步骤</a>添加注册表键并重启计算机。 要解决此错误,在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。请参照链接网页中的说明,或者打开<a href="http://www.cnblogs.com/xxcanghai/p/4610054.html" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重启计算机。
- 适用于 Windows Vista, 7, 8 和 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
- 仅适用于 Windows XP
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
### Windows 错误 628 ### Windows 错误 628

View File

@ -37,8 +37,6 @@ You may also refer to this alternative <a href="https://usefulpcguide.com/17318/
1. Click **OK** to close the **Advanced settings**. 1. Click **OK** to close the **Advanced settings**.
1. Click **OK** to save the VPN connection details. 1. Click **OK** to save the VPN connection details.
**Note:** A one-time registry change is required before connecting. See notes below.
**Windows 7, Vista and XP:** **Windows 7, Vista and XP:**
1. Click on the Start Menu and go to the Control Panel. 1. Click on the Start Menu and go to the Control Panel.
@ -67,20 +65,8 @@ You may also refer to this alternative <a href="https://usefulpcguide.com/17318/
To connect to the VPN: Click on the wireless/network icon in your system tray, select the new VPN entry, and click **Connect**. If prompted, enter `Your VPN Username` and `Password`, then click **OK**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`". To connect to the VPN: Click on the wireless/network icon in your system tray, select the new VPN entry, and click **Connect**. If prompted, enter `Your VPN Username` and `Password`, then click **OK**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
<a id="regkey"></a>
If you get an error when trying to connect, see <a href="#troubleshooting">Troubleshooting</a>. If you get an error when trying to connect, see <a href="#troubleshooting">Troubleshooting</a>.
**Note:** This <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an <a href="http://www.winhelponline.com/blog/open-elevated-command-prompt-windows/" target="_blank">elevated command prompt</a>. You must reboot your computer when finished.
- For Windows Vista, 7, 8 and 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
- For Windows XP ONLY
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
### OS X ### ### OS X ###
1. Open System Preferences and go to the Network section. 1. Open System Preferences and go to the Network section.
1. Click the **+** button in the lower-left corner of the window. 1. Click the **+** button in the lower-left corner of the window.
@ -117,10 +103,10 @@ To connect to the VPN: Use the menu bar icon, or go to the Network section of Sy
1. Check the **Save account information** checkbox. 1. Check the **Save account information** checkbox.
1. Tap **Connect**. 1. Tap **Connect**.
**Note:** If you are using Android 6 (Marshmallow) and unable to connect, try these workarounds: **Note:** If unable to connect using Android 6 (Marshmallow), try these workarounds:
1. Click the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to the next step. 1. Tap the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to step 2.
1. Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Ref</a>) 1. (Note: Latest version of the VPN scripts already include these changes) Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Reference</a>)
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`". Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
@ -175,7 +161,7 @@ Follow the steps in <a href="http://www.jasonernst.com/2016/06/21/l2tp-ipsec-vpn
sudo route add default dev ppp0 sudo route add default dev ppp0
``` ```
If there is an error, check the output of `ifconfig` and replace `ppp0` above with `ppp1`, etc. If there is an error, check the output of `ifconfig` and replace `ppp0` above with `ppp1`, etc.
Verify that your traffic is being routed properly: Verify that your traffic is being routed properly:
``` ```
@ -207,7 +193,17 @@ If your system provides the `strongswan` package, refer to the two sections abov
> The network connection between your computer and the VPN server could not be established because the remote server is not responding. > The network connection between your computer and the VPN server could not be established because the remote server is not responding.
To fix this error, follow <a href="#regkey">the steps above</a> to add a registry key and reboot your computer. To fix this error, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required because the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an <a href="http://www.winhelponline.com/blog/open-elevated-command-prompt-windows/" target="_blank">elevated command prompt</a>. When finished, reboot your PC.
- For Windows Vista, 7, 8 and 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
- For Windows XP ONLY
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
### Windows Error 628 ### Windows Error 628