diff --git a/README-zh.md b/README-zh.md
index 323fe8e..57558a6 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -91,7 +91,7 @@ sudo sh vpnsetup.sh
## 重要提示
-**Windows 用户** 在首次连接之前需要修改一次注册表,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到 `错误 628`,请打开 VPN 连接属性的 "安全" 选项卡,并确保仅选中 "CHAP" 选项。
+**Windows 用户** 在首次连接之前需要修改一次注册表,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果在连接过程中遇到错误,请参见 故障排除。
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: 配置 IPsec/L2TP VPN 客户端。
@@ -99,13 +99,15 @@ sudo sh vpnsetup.sh
在 VPN 已连接时,客户端配置为使用 Google Public DNS。如果要使用另外的 DNS 服务商,可以编辑文件 `options.xl2tpd` 和 `ipsec.conf` 并用新的服务器替换 `8.8.8.8` 和 `8.8.4.4`。然后重新启动系统。
+对于有外部防火墙的服务器(比如 EC2/GCE),请打开 UDP 端口 500 和 4500,以及 TCP 端口 22 (用于 SSH)。
+
如果你为服务器配置了自定义 SSH 端口(不是 22)或其他服务,请在使用前编辑脚本中的 IPTables 防火墙规则。
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
## 关于升级Libreswan
-提供两个额外的脚本 vpnupgrade_Libreswan.sh 和 vpnupgrade_Libreswan_centos.sh ,可用于升级 Libreswan。请关注官方网站,并在运行前根据需要更新 `swan_ver` 变量。
+提供额外的脚本 vpnupgrade_Libreswan.sh 和 vpnupgrade_Libreswan_centos.sh ,可用于升级 Libreswan (官网 | 通知列表)。请在运行前根据需要修改 `swan_ver` 变量。检查已安装版本: `ipsec --version`
## 问题和反馈
@@ -115,11 +117,11 @@ sudo sh vpnsetup.sh
## 卸载说明
-请参见 [卸载 VPN](docs/uninstall-zh.md)。
+请参见 卸载 VPN。
## 另见
-- [在 Docker 上搭建 IPsec VPN](https://github.com/hwdsl2/docker-ipsec-vpn-server)
+- 在 Docker 上搭建 IPsec VPN
## 作者
@@ -128,7 +130,7 @@ sudo sh vpnsetup.sh
- 现在正在积极寻找新的工作机会,比如软件或系统工程师
- 在 LinkedIn 上与我联系: https://www.linkedin.com/in/linsongui
-感谢本项目所有的 [贡献者](https://github.com/hwdsl2/setup-ipsec-vpn/graphs/contributors)!
+感谢本项目所有的 贡献者!
## 授权协议
diff --git a/README.md b/README.md
index d261902..5eee9e5 100644
--- a/README.md
+++ b/README.md
@@ -91,7 +91,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important Notes
-For **Windows users**, a one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). Also, if you see `Error 628`, open the "Security" tab of VPN connection properties and make sure only "CHAP" is selected.
+For **Windows users**, a one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). If you encountered an error when connecting, see Troubleshooting.
**Android 6 (Marshmallow) users**: Please see notes in Configure IPsec/L2TP VPN Clients.
@@ -99,13 +99,15 @@ If you wish to add, edit or remove VPN user accounts, refer to Google Public DNS when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `options.xl2tpd` and `ipsec.conf` with new ones. Then reboot your server.
-For servers with a custom SSH port (not 22) or other services, edit IPTables rules in the script before using.
+For servers with an external firewall (e.g. EC2/GCE), open UDP ports 500 & 4500, and TCP port 22 (for SSH).
+
+If your server has a custom SSH port (not 22) or other services, edit IPTables rules in the script before using.
The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
## Upgrading Libreswan
-The additional scripts vpnupgrade_Libreswan.sh and vpnupgrade_Libreswan_centos.sh can be used to upgrade Libreswan. Check the official website and update the `swan_ver` variable as necessary.
+The additional scripts vpnupgrade_Libreswan.sh and vpnupgrade_Libreswan_centos.sh can be used to upgrade Libreswan (website | swan-announce). Update the `swan_ver` variable as necessary. Check installed version: `ipsec --version`
## Bugs & Questions
@@ -115,11 +117,11 @@ The additional scripts
## Uninstallation
-Please refer to [Uninstall the VPN](docs/uninstall.md).
+Please refer to Uninstall the VPN.
## See Also
-- [IPsec VPN Server on Docker](https://github.com/hwdsl2/docker-ipsec-vpn-server)
+- IPsec VPN Server on Docker
## Author
@@ -128,7 +130,7 @@ Please refer to [Uninstall the VPN](docs/uninstall.md).
- Actively seeking opportunities in areas such as Software or Systems Engineering
- Contact me on LinkedIn: https://www.linkedin.com/in/linsongui
-Thanks to [all contributors](https://github.com/hwdsl2/setup-ipsec-vpn/graphs/contributors) of this project!
+Thanks to all contributors to this project!
## License
diff --git a/docs/clients-xauth-zh.md b/docs/clients-xauth-zh.md
index 5546781..9355df1 100644
--- a/docs/clients-xauth-zh.md
+++ b/docs/clients-xauth-zh.md
@@ -34,6 +34,9 @@
VPN 连接成功后,会在 VPN Connect 状态窗口中显示 **tunnel enabled** 字样。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
+
+如果在连接过程中遇到错误,请参见 故障排除。
+
**注:** 在首次连接之前需要修改一次注册表,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。请参照链接文章中的说明,或者打开提升权限命令提示符并运行以下命令。完成后必须重新启动计算机。
- 适用于 Windows Vista, 7, 8 和 10
```console
@@ -100,6 +103,32 @@ VPN 连接成功后,会在通知栏显示图标。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
+## 故障排除
+
+### Windows 错误 809
+
+> 无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应。
+
+要解决此错误,请按照上面的步骤添加注册表键并重启计算机。
+
+### Windows 错误 628
+
+> 在连接完成前,连接被远程计算机终止。
+
+要解决此错误,请按以下步骤操作:
+
+1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**。
+1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性**。
+1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
+1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
+1. 单击 **确定** 保存 VPN 连接的详细信息。
+
+
+
+### 其它错误
+
+更多的故障排除信息请参见 这个文档。
+
## 致谢
本文档是在 Streisand 项目文档基础上翻译和修改。该项目由 Joshua Lund 和其他开发者维护。
diff --git a/docs/clients-xauth.md b/docs/clients-xauth.md
index cbd754b..51347f3 100644
--- a/docs/clients-xauth.md
+++ b/docs/clients-xauth.md
@@ -34,6 +34,9 @@ After settin
Once connected, you will see **tunnel enabled** in the VPN Connect status window. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`".
+
+If you encountered an error when connecting, see Troubleshooting.
+
**Note:** A one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). Please refer to the linked page, or run the following from an elevated command prompt. You must reboot your computer when done.
- For Windows Vista, 7, 8 and 10
```console
@@ -100,6 +103,32 @@ Once connected, you will see a VPN icon in the notification bar. You can verify
Once connected, you will see a VPN icon in the status bar. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`".
+## Troubleshooting
+
+### Windows Error 809
+
+> The network connection between your computer and the VPN server could not be established because the remote server is not responding.
+
+To fix this error, follow the steps above to add a registry key and reboot your computer.
+
+### Windows Error 628
+
+> The connection was terminated by the remote computer before it could be completed.
+
+To fix this error, please follow these steps:
+
+1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**.
+1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**.
+1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**.
+1. Click **Allow these protocols**. Select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox, and deselect all others.
+1. Click **OK** to save the VPN connection details.
+
+
+
+### Other Errors
+
+Please refer to this document for more troubleshooting tips.
+
## Credits
This document was adapted from the Streisand project by Joshua Lund and contributors.
diff --git a/docs/clients-zh.md b/docs/clients-zh.md
index c42887b..96a9540 100644
--- a/docs/clients-zh.md
+++ b/docs/clients-zh.md
@@ -62,9 +62,11 @@
1. 单击 **确定** 关闭 **高级设置**。
1. 单击 **确定** 保存 VPN 连接的详细信息。
-
要连接到 VPN: 单击系统托盘中的无线/网络图标,选择新的 VPN 连接,然后单击 **连接**。如果出现提示,在登录窗口中输入 `你的 VPN 用户名` 和 `密码` ,并单击 **确定**。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
+
+如果在连接过程中遇到错误,请参见 故障排除。
+
**注:** 在首次连接之前需要修改一次注册表,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。请参照链接文章中的说明,或者打开提升权限命令提示符并运行以下命令。完成后必须重新启动计算机。
- 适用于 Windows Vista, 7, 8 和 10
```console
@@ -147,6 +149,32 @@ VPN 连接成功后,会在通知栏显示图标。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
+## 故障排除
+
+### Windows 错误 809
+
+> 无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应。
+
+要解决此错误,请按照上面的步骤添加注册表键并重启计算机。
+
+### Windows 错误 628
+
+> 在连接完成前,连接被远程计算机终止。
+
+要解决此错误,请按以下步骤操作:
+
+1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**。
+1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性**。
+1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
+1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
+1. 单击 **确定** 保存 VPN 连接的详细信息。
+
+
+
+### 其它错误
+
+更多的故障排除信息请参见 这个文档。
+
## 致谢
本文档是在 Streisand 项目文档基础上翻译和修改。该项目由 Joshua Lund 和其他开发者维护。
diff --git a/docs/clients.md b/docs/clients.md
index f66a62a..fd6f1c2 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -62,9 +62,11 @@ After settin
1. Click **OK** to close the **Advanced settings**.
1. Click **OK** to save the VPN connection details.
-
To connect to the VPN: Click on the wireless/network icon in your system tray, select the new VPN entry, and click **Connect**. If prompted, enter `Your VPN Username` and `Password`, then click **OK**. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`".
+
+If you encountered an error when connecting, see Troubleshooting.
+
**Note:** A one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). Please refer to the linked page, or run the following from an elevated command prompt. You must reboot your computer when done.
- For Windows Vista, 7, 8 and 10
```console
@@ -147,6 +149,32 @@ Once connected, you will see a VPN icon in the status bar. You can verify that y
Once connected, you will see a VPN icon overlay on the network status icon. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`".
+## Troubleshooting
+
+### Windows Error 809
+
+> The network connection between your computer and the VPN server could not be established because the remote server is not responding.
+
+To fix this error, follow the steps above to add a registry key and reboot your computer.
+
+### Windows Error 628
+
+> The connection was terminated by the remote computer before it could be completed.
+
+To fix this error, please follow these steps:
+
+1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**.
+1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**.
+1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**.
+1. Click **Allow these protocols**. Select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox, and deselect all others.
+1. Click **OK** to save the VPN connection details.
+
+
+
+### Other Errors
+
+Please refer to this document for more troubleshooting tips.
+
## Credits
This document was adapted from the Streisand project by Joshua Lund and contributors.