Update important notes
This commit is contained in:
parent
21629ae178
commit
7cfe17f1a2
12
README.md
12
README.md
@ -82,12 +82,14 @@ You may use `vpnupgrade_Libreswan.sh` (for Ubuntu/Debian) and `vpnupgrade_Libres
|
||||
|
||||
## Important Notes
|
||||
|
||||
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required for connections to a VPN server behind NAT (e.g. Amazon EC2).
|
||||
|
||||
**Android 6.0 users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to the end of both `ike=` and `phase2alg=`, then add a new line `sha2-truncbug=yes`. Start lines with two spaces. When finished, run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Source</a>)
|
||||
|
||||
To support multiple VPN users with different credentials, just <a href="https://gist.github.com/hwdsl2/123b886f29f4c689f531" target="_blank">edit a few lines</a> in the scripts.
|
||||
|
||||
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
|
||||
|
||||
**Android 6.0 users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to the end of both `ike=` and `phase2alg=`, then add a new line `sha2-truncbug=yes`. Must start lines with two spaces. Finally, run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Ref</a>)
|
||||
|
||||
**iPhone/iOS users**: In iOS settings, choose `L2TP` (instead of `IPSec`) for the VPN type. In case you're unable to connect, try replacing this line in /etc/ipsec.conf: `rightprotoport=17/%any` with `rightprotoport=17/0`. Then restart `ipsec` service.
|
||||
|
||||
Clients are configured to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN connection is active. This setting is controlled by `ms-dns` in `/etc/ppp/options.xl2tpd`.
|
||||
|
||||
If using Amazon EC2, these ports must be open in the instance's security group: **UDP ports 500 & 4500** (for the VPN), and **TCP port 22** (optional, for SSH).
|
||||
@ -96,8 +98,6 @@ If your server uses a custom SSH port (not 22), or if you wish to allow other se
|
||||
|
||||
The scripts will backup files `/etc/rc.local`, `/etc/sysctl.conf`, `/etc/iptables.rules` and `/etc/sysconfig/iptables` before overwriting them. Backups can be found under the same folder with `.old` suffix.
|
||||
|
||||
iPhone/iOS users: If unable to connect, try replacing `rightprotoport=17/%any` in `ipsec.conf` with `rightprotoport=17/0`.
|
||||
|
||||
## Copyright and license
|
||||
|
||||
Copyright (C) 2014 Lin Song <a href="https://www.linkedin.com/in/linsongui" target="_blank"><img src="https://static.licdn.com/scds/common/u/img/webpromo/btn_profile_bluetxt_80x15.png" width="80" height="15" border="0" alt="View my profile on LinkedIn"></a>
|
||||
|
25
vpnsetup.sh
25
vpnsetup.sh
@ -46,21 +46,23 @@ VPN_PASSWORD=your_very_secure_password
|
||||
|
||||
# IMPORTANT NOTES:
|
||||
|
||||
# For **Windows users**, a one-time registry change is required for connections
|
||||
# to a VPN server behind NAT (e.g. Amazon EC2). Please see:
|
||||
# To support multiple VPN users with different credentials, just edit a few lines below.
|
||||
# See: https://gist.github.com/hwdsl2/123b886f29f4c689f531
|
||||
|
||||
# For **Windows users**, a one-time registry change is required if the VPN server
|
||||
# and/or client is behind NAT (e.g. home router). Refer to "Error 809" on this page:
|
||||
# https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809
|
||||
|
||||
# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of both
|
||||
# "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Start lines with two spaces.
|
||||
# When finished, run "service ipsec restart". Source:
|
||||
# https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow
|
||||
# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of
|
||||
# both "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Must start lines with
|
||||
# two spaces. Finally, run "service ipsec restart".
|
||||
|
||||
# To support multiple VPN users with different credentials, see:
|
||||
# https://gist.github.com/hwdsl2/123b886f29f4c689f531
|
||||
# **iPhone/iOS users**: In iOS settings, choose L2TP (instead of IPSec) for the VPN type.
|
||||
# In case you're unable to connect, try replacing this line in /etc/ipsec.conf:
|
||||
# "rightprotoport=17/%any" with "rightprotoport=17/0". Then restart "ipsec" service.
|
||||
|
||||
# Clients are configured to use Google Public DNS when the VPN connection is active.
|
||||
# Clients are configured to use "Google Public DNS" when the VPN connection is active.
|
||||
# This setting is controlled by "ms-dns" in /etc/ppp/options.xl2tpd.
|
||||
# https://developers.google.com/speed/public-dns/
|
||||
|
||||
# If using Amazon EC2, these ports must be open in the instance's security group:
|
||||
# UDP ports 500 & 4500 (for the VPN), and TCP port 22 (optional, for SSH).
|
||||
@ -71,9 +73,6 @@ VPN_PASSWORD=your_very_secure_password
|
||||
# This script will backup /etc/rc.local, /etc/sysctl.conf and /etc/iptables.rules
|
||||
# before overwriting them. Backups can be found under the same folder with .old suffix.
|
||||
|
||||
# iPhone/iOS users: In case you're unable to connect, try replacing this line in /etc/ipsec.conf:
|
||||
# "rightprotoport=17/%any" with "rightprotoport=17/0".
|
||||
|
||||
# Check for empty VPN variables
|
||||
[ -z "$IPSEC_PSK" ] && { echo "'IPSEC_PSK' cannot be empty. Please edit the VPN script."; exit 1; }
|
||||
[ -z "$VPN_USER" ] && { echo "'VPN_USER' cannot be empty. Please edit the VPN script."; exit 1; }
|
||||
|
@ -55,21 +55,23 @@ VPN_PASSWORD=your_very_secure_password
|
||||
|
||||
# IMPORTANT NOTES:
|
||||
|
||||
# For **Windows users**, a one-time registry change is required for connections
|
||||
# to a VPN server behind NAT (e.g. Amazon EC2). Please see:
|
||||
# To support multiple VPN users with different credentials, just edit a few lines below.
|
||||
# See: https://gist.github.com/hwdsl2/123b886f29f4c689f531
|
||||
|
||||
# For **Windows users**, a one-time registry change is required if the VPN server
|
||||
# and/or client is behind NAT (e.g. home router). Refer to "Error 809" on this page:
|
||||
# https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809
|
||||
|
||||
# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of both
|
||||
# "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Start lines with two spaces.
|
||||
# When finished, run "service ipsec restart". Source:
|
||||
# https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow
|
||||
# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of
|
||||
# both "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Must start lines with
|
||||
# two spaces. Finally, run "service ipsec restart".
|
||||
|
||||
# To support multiple VPN users with different credentials, see:
|
||||
# https://gist.github.com/hwdsl2/123b886f29f4c689f531
|
||||
# **iPhone/iOS users**: In iOS settings, choose L2TP (instead of IPSec) for the VPN type.
|
||||
# In case you're unable to connect, try replacing this line in /etc/ipsec.conf:
|
||||
# "rightprotoport=17/%any" with "rightprotoport=17/0". Then restart "ipsec" service.
|
||||
|
||||
# Clients are configured to use Google Public DNS when the VPN connection is active.
|
||||
# Clients are configured to use "Google Public DNS" when the VPN connection is active.
|
||||
# This setting is controlled by "ms-dns" in /etc/ppp/options.xl2tpd.
|
||||
# https://developers.google.com/speed/public-dns/
|
||||
|
||||
# If using Amazon EC2, these ports must be open in the instance's security group:
|
||||
# UDP ports 500 & 4500 (for the VPN), and TCP port 22 (optional, for SSH).
|
||||
@ -80,9 +82,6 @@ VPN_PASSWORD=your_very_secure_password
|
||||
# This script will backup /etc/rc.local, /etc/sysctl.conf and /etc/sysconfig/iptables
|
||||
# before overwriting them. Backups can be found under the same folder with .old suffix.
|
||||
|
||||
# iPhone/iOS users: In case you're unable to connect, try replacing this line in /etc/ipsec.conf:
|
||||
# "rightprotoport=17/%any" with "rightprotoport=17/0".
|
||||
|
||||
# Check for empty VPN variables
|
||||
[ -z "$IPSEC_PSK" ] && { echo "'IPSEC_PSK' cannot be empty. Please edit the VPN script."; exit 1; }
|
||||
[ -z "$VPN_USER" ] && { echo "'VPN_USER' cannot be empty. Please edit the VPN script."; exit 1; }
|
||||
|
Loading…
Reference in New Issue
Block a user