1
0
mirror of synced 2024-11-22 04:56:03 +03:00

Update docs

- Add translation for AWS deployment README
This commit is contained in:
hwdsl2 2020-08-29 14:06:59 -05:00
parent b891abc724
commit 7d3046fc14
4 changed files with 74 additions and 9 deletions

View File

@ -65,7 +65,7 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
- <a href="https://aws.amazon.com/partners/redhat/faqs/" target="_blank">Red Hat Enterprise Linux (RHEL) 8, 7 或者 6</a>
请参见 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">详细步骤</a> 以及 <a href="https://aws.amazon.com/cn/ec2/pricing/" target="_blank">EC2 定价细节</a>。另外,你也可以使用 [CloudFormation](aws/README.md) 来快速地在 EC2 上部署。
请参见 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">详细步骤</a> 以及 <a href="https://aws.amazon.com/cn/ec2/pricing/" target="_blank">EC2 定价细节</a>。另外,你也可以使用 <a href="aws/README-zh.md" target="_blank">CloudFormation</a> 来快速部署。
**-或者-**
@ -155,7 +155,7 @@ sh vpnsetup.sh
如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。该文档包含辅助脚本,以方便管理 VPN 用户。
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>),请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433)
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>),请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/433" target="_blank">#433</a>
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,编辑 `/etc/ppp/options.xl2tpd``/etc/ipsec.conf` 并替换 `8.8.8.8``8.8.4.4`,然后重启服务器。高级用户可以在运行 VPN 脚本时定义 `VPN_DNS_SRV1``VPN_DNS_SRV2`(可选)。

View File

@ -65,7 +65,7 @@ A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
- <a href="https://aws.amazon.com/partners/redhat/faqs/" target="_blank">Red Hat Enterprise Linux (RHEL) 8, 7 or 6</a>
Please see <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">detailed instructions</a> and <a href="https://aws.amazon.com/ec2/pricing/" target="_blank">EC2 pricing</a>. As an alternative, you can also deploy on EC2 using [CloudFormation](aws/README.md).
See <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">detailed instructions</a> and <a href="https://aws.amazon.com/ec2/pricing/" target="_blank">EC2 pricing</a>. Alternatively, you can deploy rapidly using <a href="aws/README.md" target="_blank">CloudFormation</a>.
**-OR-**
@ -155,7 +155,7 @@ The same VPN account can be used by your multiple devices. However, due to an IP
If you wish to add, edit or remove VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>. Helper scripts are included for convenience.
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN. Aliyun users, see [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433).
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN. Aliyun users, see <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/433" target="_blank">#433</a>.
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`, then reboot your server. Advanced users can define `VPN_DNS_SRV1` and optionally `VPN_DNS_SRV2` when running the VPN setup script.

63
aws/README-zh.md Normal file
View File

@ -0,0 +1,63 @@
# 使用 CloudFormation 在 Amazon EC2 上部署(测试版)
*其他语言版本: [English](README.md), [简体中文](README-zh.md).*
> **注:** 此部署模板目前为 **测试版**,在使用时你可能会遇到错误。如果遇到问题,请创建一个新的 Issue。
使用这个模板,你可以在 Amazon Elastic Compute CloudAmazon EC2上快速搭建一个 IPsec VPN 服务器。在继续之前,请参见 EC2 [定价细节](https://aws.amazon.com/cn/ec2/pricing/on-demand/)。在部署中使用 `t2.micro` 服务器实例可能符合 [AWS 免费套餐](https://aws.amazon.com/cn/free/) 的资格。
可用的自定义参数:
- Amazon EC2 实例类型
- VPN 服务器的操作系统Ubuntu 20.04/18.04/16.04Debian 9
> **注:** 在 EC2 上使用 Debian 9 映像之前,你需要先在 AWS Marketplace 上订阅:[Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3)。
- 你的 VPN 用户名
- 你的 VPN 密码
- 你的 VPN IPsec PSK预共享密钥
> **注:** \*不要\* 在值中使用这些字符: `\ " '`
确保使用 **AWS 账户根用户** 或者有 **管理员权限****IAM 用户** 部署此模板。
右键单击这个 [**模板链接**](https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/aws/cloudformation-template-ipsec),并将它保存到你的计算机上的一个新文件。然后在 "创建堆栈" 向导中将其作为模板源上传。
![上传模板](upload-the-template.png)
在步骤 4你需要确认选择此模板可以创建 IAM 资源。
![确认 IAM](confirm-iam.png)
点击下面的图标开始:
<a href="https://console.aws.amazon.com/cloudformation/home#/stacks/new" target="_blank"><img src="cloudformation-launch-stack-button.png" alt="Launch stack" height="34px"></a>
要指定一个 AWS 区域,你可以使用导航栏上你的帐户信息右侧的选择器。成功创建堆栈后,单击 **Outputs** 选项卡以查看你的 VPN 登录信息。然后继续下一步:[配置 VPN 客户端](../README-zh.md#下一步)。
> **注:** 在堆栈显示 **CREATE_COMPLETE** 之后你至少需要再等待5分钟然后使用 VPN 客户端连接。这是为了确保 VPN 安装完成。
## 常见问题
<details>
<summary>
部署后如何通过 SSH 连接到服务器?
</summary>
Amazon EC2 不允许用户使用 SSH 密码访问新创建的实例。用户必须创建“密钥对”来作为 SSH 访问的凭据。
此模板在部署期间为你生成一个密钥对,并且在成功创建堆栈后,其中的私钥将在 **Outputs** 选项卡下以文本形式提供。
如果要通过 SSH 访问 VPN 服务器,则需要将 **Outputs** 选项卡中的私钥保存到你的计算机上的一个新文件。
> **注:** 在保存到你的计算机之前,你可能需要修改私钥的格式,比如用换行符替换所有的空格。
![显示密钥](show-key.png)
</details>
## 作者
版权所有 (C) 2020 [S. X. Liang](https://github.com/scottpedia)
## 屏幕截图
![指定参数](specify-parameters.png)

View File

@ -1,21 +1,23 @@
# Deploy to Amazon EC2 using CloudFormation (Beta)
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
> **Note:** This deployment template is still in **BETA**. You may encounter failures during deployment. In that case, please open a new issue.
This template will create a fully-working IPsec VPN server on Amazon Elastic Compute Cloud (Amazon EC2). Please make sure to check the EC2 [pricing details](https://aws.amazon.com/ec2/pricing/on-demand/) before continuing. Using a `t2.micro` server instance for your deployment may qualify for the [AWS Free Tier](https://aws.amazon.com/free/).
## Available customization parameters:
Available customization parameters:
- Amazon EC2 instance type
- OS for your VPN server (Ubuntu 20.04/18.04/16.04, Debian 9)
> **Note:** Before using the Debian 9 image on EC2, you need to first subscribe at the AWS Marketplace [here](https://aws.amazon.com/marketplace/pp/B073HW9SP3).
> **Note:** Before using the Debian 9 image on EC2, you need to first subscribe at the AWS Marketplace: [Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3).
- Your VPN username
- Your VPN password
- Your VPN IPsec PSK (pre-shared key)
> **Note:** When choosing your VPN username, password and PSK, DO NOT use these special characters: `\ " '`.
> **Note:** DO NOT use these special characters within values: `\ " '`
Make sure to do this with an **AWS ROOT ACCOUNT** or an **IAM ACCOUNT** with **ADMINISTRATOR ACCESS**.
Make sure to deploy this template with an **AWS Account Root User** or an **IAM Account** with **Administrator Access**.
Right-click this [**template link**](https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/aws/cloudformation-template-ipsec) and save as a file on your computer. Then upload it as the template source in the stack creation wizard.
@ -40,7 +42,7 @@ You may choose an AWS region using the selector to the right of your account inf
How to connect to the server via SSH after deployment?
</summary>
Amazon EC2 does not allow users to access the instances with an SSH password. Instead, users are instructed to create "key pairs", which are used as credentials to access the instances via SSH.
Amazon EC2 does not allow users to access newly created instances with an SSH password. Instead, users are required to create "key pairs", which are used as credentials for SSH access.
This template generates a key pair for you during deployment, and the private key will be available as text under the **Outputs** tab after the stack is successfully created.