1
0
mirror of synced 2025-02-16 20:13:19 +03:00

Update docs

[ci skip]
This commit is contained in:
hwdsl2 2016-10-29 18:30:35 -05:00
parent 9319ce8ae2
commit 75bcdfae75
6 changed files with 10 additions and 10 deletions

View File

@ -37,8 +37,8 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
- 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持 - 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持
- 可直接作为 Amazon EC2 实例创建时的用户数据使用 - 可直接作为 Amazon EC2 实例创建时的用户数据使用
- 自动确定服务器的公网 IP 以及私有 IP 地址 - 自动确定服务器的公网 IP 以及私有 IP 地址
- 包括基本的 IPTables 防火墙规则和 `sysctl.conf` 优化设置 - 包`sysctl.conf` 优化设置,以达到更佳的传输性能
- 测试通过: Ubuntu 16.04/14.04/12.04 Debian 8 和 CentOS 6/7 - 测试通过: Ubuntu 16.04/14.04/12.04 Debian 8 和 CentOS 7/6
## 系统要求 ## 系统要求
@ -133,7 +133,7 @@ DigitalOcean 用户可以参考这个<a href="https://usefulpcguide.com/17318/cr
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500以及 TCP 端口 22 (用于 SSH 对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500以及 TCP 端口 22 (用于 SSH
果需要打开服务器上的其它端口,请编辑 `/etc/iptables.rules` 和/或 `/etc/iptables/rules.v4` (Ubuntu/Debian),或者 `/etc/sysconfig/iptables` (CentOS)。然后重启服务器。 需更改 IPTables 规则,请编辑 `/etc/iptables.rules` 和/或 `/etc/iptables/rules.v4` (Ubuntu/Debian),或者 `/etc/sysconfig/iptables` (CentOS)。然后重启服务器。
在使用 `IPsec/L2TP` 连接时VPN 服务器在虚拟网络 `192.168.42.0/24` 内具有 IP `192.168.42.1` 在使用 `IPsec/L2TP` 连接时VPN 服务器在虚拟网络 `192.168.42.0/24` 内具有 IP `192.168.42.1`

View File

@ -37,8 +37,8 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
- Encapsulates all VPN traffic in UDP - does not need ESP protocol - Encapsulates all VPN traffic in UDP - does not need ESP protocol
- Can be directly used as "user-data" for a new Amazon EC2 instance - Can be directly used as "user-data" for a new Amazon EC2 instance
- Automatically determines public IP and private IP of server - Automatically determines public IP and private IP of server
- Includes basic IPTables rules and `sysctl.conf` settings - Includes `sysctl.conf` optimizations for improved performance
- Tested with Ubuntu 16.04/14.04/12.04, Debian 8 and CentOS 6 & 7 - Tested with Ubuntu 16.04/14.04/12.04, Debian 8 and CentOS 7/6
## Requirements ## Requirements
@ -133,7 +133,7 @@ Clients are set to use <a href="https://developers.google.com/speed/public-dns/"
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH). For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH).
To open additional ports on the server, edit `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS). Then reboot your server. To change the IPTables rules, edit `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS). Then reboot your server.
When connecting via `IPsec/L2TP`, the VPN server has IP `192.168.42.1` within the VPN subnet `192.168.42.0/24`. When connecting via `IPsec/L2TP`, the VPN server has IP `192.168.42.1` within the VPN subnet `192.168.42.0/24`.

View File

@ -315,7 +315,7 @@ route add default dev ppp0
至此 VPN 连接已成功完成。检查 VPN 是否正常工作: 至此 VPN 连接已成功完成。检查 VPN 是否正常工作:
``` ```
wget -qO- http://whatismyip.akamai.com; echo wget -qO- http://ipv4.icanhazip.com; echo
``` ```
以上命令应该返回 `你的 VPN 服务器 IP` 以上命令应该返回 `你的 VPN 服务器 IP`

View File

@ -315,7 +315,7 @@ route add default dev ppp0
The VPN connection is now complete. Verify that your traffic is being routed properly: The VPN connection is now complete. Verify that your traffic is being routed properly:
``` ```
wget -qO- http://whatismyip.akamai.com; echo wget -qO- http://ipv4.icanhazip.com; echo
``` ```
The above command should return `Your VPN Server IP`. The above command should return `Your VPN Server IP`.

View File

@ -24,7 +24,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
1. 获取服务器的公共和私有 IP 地址,并确保它们的值非空。注意,这两个 IP 地址可以相同。 1. 获取服务器的公共和私有 IP 地址,并确保它们的值非空。注意,这两个 IP 地址可以相同。
```bash ```bash
$ PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://whatismyip.akamai.com) $ PUBLIC_IP=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short)
$ PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}') $ PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}')
$ echo "$PUBLIC_IP" $ echo "$PUBLIC_IP"
(Your public IP is displayed) (Your public IP is displayed)

View File

@ -24,7 +24,7 @@ First, make sure you have successfully <a href="https://github.com/hwdsl2/setup-
1. Find the public and private IP of your server, and make sure they are not empty. It is OK if they are the same. 1. Find the public and private IP of your server, and make sure they are not empty. It is OK if they are the same.
```bash ```bash
$ PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://whatismyip.akamai.com) $ PUBLIC_IP=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short)
$ PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}') $ PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}')
$ echo "$PUBLIC_IP" $ echo "$PUBLIC_IP"
(Your public IP is displayed) (Your public IP is displayed)