From 742161124c0a3d45ce349e1b24466d2ef2206781 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sun, 15 Aug 2021 11:38:27 -0500 Subject: [PATCH] Update docs --- README-zh.md | 11 ++++++++++- README.md | 11 ++++++++++- docs/clients-zh.md | 11 ++++++----- docs/clients.md | 11 ++++++----- docs/ikev2-howto-zh.md | 9 ++++++--- docs/ikev2-howto.md | 9 ++++++--- 6 files changed, 44 insertions(+), 18 deletions(-) diff --git a/README-zh.md b/README-zh.md index 2c753b3..640aadd 100644 --- a/README-zh.md +++ b/README-zh.md @@ -78,7 +78,7 @@ wget https://git.io/vpnquickstart -O vpn.sh && sudo sh vpn.sh [**» 我想建立并使用自己的 VPN ,但是没有可用的服务器**](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps) -另外,你也可以使用预构建的 [Docker 镜像](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md)。高级用户可以在一个 [Raspberry Pi](https://www.raspberrypi.org) 上搭建 VPN 服务器。[[1]](https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/) [[2]](https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/) +另外,你也可以使用预构建的 [Docker 镜像](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md)。高级用户可以在 [Raspberry Pi](https://www.raspberrypi.org) 上安装。[[1]](https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/) [[2]](https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/) \* Debian 11 或者 10 用户需要 [使用标准的 Linux 内核](docs/clients-zh.md#debian-10-内核)。 @@ -102,7 +102,10 @@ wget https://git.io/vpnsetup -O vpn.sh && sudo sh vpn.sh 在安装成功之后,推荐 [配置 IKEv2](docs/ikev2-howto-zh.md): ```bash +# 使用默认选项配置 IKEv2 sudo ikev2.sh --auto +# 或者你也可以自定义 IKEv2 选项 +sudo ikev2.sh ``` **选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证: @@ -119,7 +122,10 @@ sudo sh vpn.sh 在安装成功之后,推荐 [配置 IKEv2](docs/ikev2-howto-zh.md): ```bash +# 使用默认选项配置 IKEv2 sudo ikev2.sh --auto +# 或者你也可以自定义 IKEv2 选项 +sudo ikev2.sh ``` **选项 3:** 将你自己的 VPN 登录凭证定义为环境变量: @@ -137,7 +143,10 @@ sh vpn.sh 在安装成功之后,推荐 [配置 IKEv2](docs/ikev2-howto-zh.md): ```bash +# 使用默认选项配置 IKEv2 sudo ikev2.sh --auto +# 或者你也可以自定义 IKEv2 选项 +sudo ikev2.sh ``` **注:** 如果无法通过 `wget` 下载,你也可以打开 [vpnsetup.sh](vpnsetup.sh),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。 diff --git a/README.md b/README.md index b9b2eea..ed77d44 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ This also includes Linux VMs in public clouds, such as [DigitalOcean](https://bl [**» I want to run my own VPN but don't have a server for that**](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps) -A pre-built [Docker image](https://github.com/hwdsl2/docker-ipsec-vpn-server) is also available. Advanced users can set up the VPN server on a [Raspberry Pi](https://www.raspberrypi.org). [[1]](https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/) [[2]](https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/) +A pre-built [Docker image](https://github.com/hwdsl2/docker-ipsec-vpn-server) is also available. Advanced users can install on a [Raspberry Pi](https://www.raspberrypi.org). [[1]](https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/) [[2]](https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/) \* Debian 11 or 10 users should [use the standard Linux kernel](docs/clients.md#debian-10-kernel). @@ -102,7 +102,10 @@ wget https://git.io/vpnsetup -O vpn.sh && sudo sh vpn.sh After successful installation, it is recommended to [set up IKEv2](docs/ikev2-howto.md): ```bash +# Set up IKEv2 using default options sudo ikev2.sh --auto +# Alternatively, you may customize IKEv2 options +sudo ikev2.sh ``` **Option 2:** Edit the script and provide your own VPN credentials: @@ -119,7 +122,10 @@ sudo sh vpn.sh After successful installation, it is recommended to [set up IKEv2](docs/ikev2-howto.md): ```bash +# Set up IKEv2 using default options sudo ikev2.sh --auto +# Alternatively, you may customize IKEv2 options +sudo ikev2.sh ``` **Option 3:** Define your VPN credentials as environment variables: @@ -137,7 +143,10 @@ sh vpn.sh After successful installation, it is recommended to [set up IKEv2](docs/ikev2-howto.md): ```bash +# Set up IKEv2 using default options sudo ikev2.sh --auto +# Alternatively, you may customize IKEv2 options +sudo ikev2.sh ``` **Note:** If unable to download via `wget`, you may also open [vpnsetup.sh](vpnsetup.sh), then click the **`Raw`** button on the right. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor. diff --git a/docs/clients-zh.md b/docs/clients-zh.md index 8daa21e..91e6913 100644 --- a/docs/clients-zh.md +++ b/docs/clients-zh.md @@ -229,9 +229,9 @@ Fedora 28(和更新版本)和 CentOS 8/7 用户可以使用 [IPsec/XAuth](cl * [Android MTU/MSS 问题](#android-mtumss-问题) * [Android 6 和 7](#android-6-和-7) * [macOS 通过 VPN 发送通信](#macos-通过-vpn-发送通信) -* [iOS 13/14 和 macOS 10.15/11](#ios-1314-和-macos-101511) +* [iOS 13 和 macOS 10.15/11](#ios-13-和-macos-101511) * [iOS/Android 睡眠模式](#iosandroid-睡眠模式) -* [Debian 10 内核](#debian-10-内核) +* [Debian 10/11 内核](#debian-1011-内核) * [其它错误](#其它错误) * [检查日志及 VPN 状态](#检查日志及-vpn-状态) @@ -348,9 +348,9 @@ OS X (macOS) 用户: 如果可以成功地使用 IPsec/L2TP 模式连接,但 如果在尝试上面步骤之后,你的计算机仍然不能通过 VPN 连接发送通信,检查一下服务顺序。进入系统偏好设置中的网络部分,单击左侧连接列表下方的齿轮按钮,选择 "设定服务顺序"。然后将 VPN 连接拖动到顶端。 -### iOS 13/14 和 macOS 10.15/11 +### iOS 13 和 macOS 10.15/11 -如果你的 iOS 13/14, macOS 10.15 (Catalina) 或者 macOS 11 (Big Sur) 设备无法连接,请尝试以下步骤:编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。然后重新连接 VPN。 +如果你的设备运行 iOS 13 或以上版本, macOS 10.15 (Catalina) 或者 macOS 11 (Big Sur),并且无法连接到 VPN,请尝试以下步骤:编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。然后重新连接 VPN。 另外,macOS Big Sur 11.0 用户应该更新到版本 11.1 或以上,以修复 VPN 连接的某些问题。要检查 macOS 版本并安装更新,请看[这里](https://www.businessinsider.com/how-to-check-mac-os-version)。 @@ -360,9 +360,10 @@ OS X (macOS) 用户: 如果可以成功地使用 IPsec/L2TP 模式连接,但 如果需要 VPN 在设备唤醒后自动重连,你可以使用 [IKEv2](ikev2-howto-zh.md) 模式连接(推荐)并启用 "VPN On Demand" 功能。或者你也可以另外尝试使用 [OpenVPN](https://github.com/Nyr/openvpn-install),它支持 [一些选项](https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/) 比如 "Reconnect on Wakeup" 和 "Seamless Tunnel"。 + Android 设备在进入睡眠模式不久后也会断开 Wi-Fi 连接,如果你没有启用选项 "睡眠期间保持 WLAN 开启" 的话。该选项在 Android 8 (Oreo) 和更新版本中不再可用。另外,你也可以尝试打开 "始终开启 VPN" 选项以保持连接。详情请看 [这里](https://support.google.com/android/answer/9089766?hl=zh-Hans)。 -### Debian 10 内核 +### Debian 10/11 内核 Debian 11 或者 10 用户:运行 `uname -r` 以检查你的服务器的 Linux 内核版本。如果它包含 `cloud` 字样,并且 `/dev/ppp` 不存在,则该内核缺少 `ppp` 支持从而不能使用 IPsec/L2TP 模式。VPN 安装脚本会尝试检测此情形,并显示错误。 diff --git a/docs/clients.md b/docs/clients.md index a627633..b179322 100644 --- a/docs/clients.md +++ b/docs/clients.md @@ -228,9 +228,9 @@ First check [here](https://github.com/nm-l2tp/NetworkManager-l2tp/wiki/Prebuilt- * [Android MTU/MSS issues](#android-mtumss-issues) * [Android 6 and 7](#android-6-and-7) * [macOS send traffic over VPN](#macos-send-traffic-over-vpn) -* [iOS 13/14 and macOS 10.15/11](#ios-1314-and-macos-101511) +* [iOS 13 and macOS 10.15/11](#ios-13-and-macos-101511) * [iOS/Android sleep mode](#iosandroid-sleep-mode) -* [Debian 10 kernel](#debian-10-kernel) +* [Debian 10/11 kernel](#debian-1011-kernel) * [Other errors](#other-errors) * [Check logs and VPN status](#check-logs-and-vpn-status) @@ -347,9 +347,9 @@ OS X (macOS) users: If you can successfully connect using IPsec/L2TP mode, but y After trying the steps above, if your computer is still not sending traffic over the VPN, check the service order. From the main network preferences screen, select "set service order" in the cog drop down under the list of connections. Drag the VPN connection to the top. -### iOS 13/14 and macOS 10.15/11 +### iOS 13 and macOS 10.15/11 -If your iOS 13/14, macOS 10.15 (Catalina) or macOS 11 (Big Sur) device cannot connect, try these steps: Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`. Save the file and run `service ipsec restart`. Then reconnect the VPN. +If your device running iOS 13 or above, macOS 10.15 (Catalina) or macOS 11 (Big Sur) cannot connect, try these steps: Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`. Save the file and run `service ipsec restart`. Then reconnect the VPN. In addition, users running macOS Big Sur 11.0 should update to version 11.1 or newer, to fix some issues with VPN connections. To check your macOS version and update, refer to [this article](https://www.businessinsider.com/how-to-check-mac-os-version). @@ -359,9 +359,10 @@ To save battery, iOS devices (iPhone/iPad) will automatically disconnect Wi-Fi s If you need the VPN to auto-reconnect when the device wakes up, you may connect using [IKEv2](ikev2-howto.md) mode (recommended) and enable the "VPN On Demand" feature. Alternatively, you may try [OpenVPN](https://github.com/Nyr/openvpn-install) instead, which [has support for options](https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/) such as "Reconnect on Wakeup" and "Seamless Tunnel". + Android devices will also disconnect Wi-Fi shortly after entering sleep mode, unless the option "Keep Wi-Fi on during sleep" is enabled. This option is no longer available in Android 8 (Oreo) and newer. Alternatively, you may try enabling the "Always-on VPN" option to stay connected. Learn more [here](https://support.google.com/android/answer/9089766?hl=en). -### Debian 10 kernel +### Debian 10/11 kernel Debian 11 or 10 users: Run `uname -r` to check your server's Linux kernel version. If it contains the word "cloud", and `/dev/ppp` is missing, then the kernel lacks `ppp` support and cannot use IPsec/L2TP mode. The VPN setup scripts try to detect this and show an error. diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index e7f56e8..26b675a 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -31,13 +31,16 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来 **重要:** 在继续之前,你应该已经成功地 [搭建自己的 VPN 服务器](../README-zh.md),并且(可选但推荐)[升级 Libreswan](../README-zh.md#升级libreswan)。**Docker 用户请看 [这里](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#配置并使用-ikev2-vpn)**。 -使用这个辅助脚本来自动地在 VPN 服务器上配置 IKEv2: +使用这个 [辅助脚本](../extras/ikev2setup.sh) 来自动地在 VPN 服务器上配置 IKEv2: -``` +```bash +# 使用默认选项配置 IKEv2 sudo ikev2.sh --auto +# 或者你也可以自定义 IKEv2 选项 +sudo ikev2.sh ``` -以上命令使用自动模式和默认选项运行 [辅助脚本](../extras/ikev2setup.sh)。如果你想要自定义 IKEv2 安装选项,请在运行脚本时去掉 `--auto` 参数。在完成之后,请转到 [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端)。 +在完成之后,请转到 [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端)。
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 443dd90..e686c8e 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -31,13 +31,16 @@ After following this guide, you will be able to connect to the VPN using IKEv2 i **Important:** Before continuing, you should have successfully [set up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn), and (optional but recommended) [updated Libreswan](../README.md#upgrade-libreswan). **Docker users, see [here](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#configure-and-use-ikev2-vpn)**. -Use this helper script to automatically set up IKEv2 on the VPN server: +Use this [helper script](../extras/ikev2setup.sh) to automatically set up IKEv2 on the VPN server: -``` +```bash +# Set up IKEv2 using default options sudo ikev2.sh --auto +# Alternatively, you may customize IKEv2 options +sudo ikev2.sh ``` -The command above runs the [helper script](../extras/ikev2setup.sh) in auto mode, using default options. Remove the `--auto` parameter if you want to customize IKEv2 setup options. When finished, continue to [configure IKEv2 VPN clients](#configure-ikev2-vpn-clients). +When finished, continue to [configure IKEv2 VPN clients](#configure-ikev2-vpn-clients).