mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-25 06:16:07 +03:00
Code Issues Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
hwdsl2 2022-02-12 01:22:26 -06:00
parent dbc3527448
commit 8a9b83164a
2 changed files with 11 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
docs/ikev2-howto-zh.md
View File

@ -116,7 +116,7 @@ To customize IKEv2 or client options, run this script without arguments.
*其他语言版本: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端)。*
**注:** 客户端配置文件的密码可以在 IKEv2 辅助脚本的输出中找到。如果你想要添加或者导出 IKEv2 客户端,只需重新运行[辅助脚本](#使用辅助脚本配置-ikev2)。使用参数 `-h` 显示使用信息。
**注:** 如果要添加或者导出 IKEv2 客户端,只需重新运行[辅助脚本](#使用辅助脚本配置-ikev2)。使用参数 `-h` 显示使用信息。
* [Windows 7, 8, 10 和 11](#windows-7-8-10-和-11)
* [OS X (macOS)](#os-x-macos)
@ -126,6 +126,8 @@ To customize IKEv2 or client options, run this script without arguments.
### Windows 7, 8, 10 和 11
**注:** 如果 IKEv2 辅助脚本的输出中没有包含客户端配置文件的密码,请在提示输入密码时按回车键继续,或者在手动导入 `.p12` 文件时保持密码字段空白。
Windows 8, 10 和 11 用户可以自动导入 IKEv2 配置:
1. 将生成的 `.p12` 文件安全地传送到你的计算机。
@ -355,7 +357,8 @@ sudo yum --enablerepo=epel install NetworkManager-strongswan-gnome
```bash
# 示例:提取 CA 证书,客户端证书和私钥。在完成后可以删除 .p12 文件。
# 注:你将需要输入 import password它可以在 IKEv2 辅助脚本的输出中找到。
# 注:你可能需要输入 import password它可以在 IKEv2 辅助脚本的输出中找到。
# 如果在脚本的输出中没有 import password请按回车键继续。
openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ikev2vpnca.cer
openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out vpnclient.cer
openssl pkcs12 -in vpnclient.p12 -nocerts -nodes -out vpnclient.key
@ -772,38 +775,10 @@ sudo ikev2.sh --revokeclient [client name]
**另见:** [检查日志及 VPN 状态](clients-zh.md#检查日志及-vpn-状态)[IKEv1 故障排除](clients-zh.md#故障排除) 和 [高级用法](advanced-usage-zh.md)。
* [在导入时提示密码不正确](#在导入时提示密码不正确)
* [IKEv2 在一小时后断开连接](#ikev2-在一小时后断开连接)
* [无法同时连接多个 IKEv2 客户端](#无法同时连接多个-ikev2-客户端)
* [其它已知问题](#其它已知问题)
### 在导入时提示密码不正确
如果你忘记了客户端配置文件的密码,可以重新 [导出 IKEv2 客户端的配置](#导出已有的客户端的配置)。
Ubuntu 18.04 用户在尝试将生成的 `.p12` 文件导入到 Windows 时可能会遇到错误 "输入的密码不正确"。这是由 `NSS` 中的一个问题导致的。更多信息请看 [这里](https://github.com/hwdsl2/setup-ipsec-vpn/issues/414#issuecomment-460495258)。在 2021-01-21 已更新 IKEv2 辅助脚本以自动应用以下解决方法。
<details>
<summary>
Ubuntu 18.04 上的 NSS 问题的解决方法
</summary>
**注:** 该解决方法仅适用于运行在 `x86_64` 架构下的 Ubuntu 18.04 系统。
首先安装更新版本的 `libnss3` 相关的软件包:
```
wget https://mirrors.kernel.org/ubuntu/pool/main/n/nss/libnss3_3.49.1-1ubuntu1.6_amd64.deb
wget https://mirrors.kernel.org/ubuntu/pool/main/n/nss/libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb
wget https://mirrors.kernel.org/ubuntu/pool/universe/n/nss/libnss3-tools_3.49.1-1ubuntu1.6_amd64.deb
apt-get -y update
apt-get -y install "./libnss3_3.49.1-1ubuntu1.6_amd64.deb" \
"./libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb" \
"./libnss3-tools_3.49.1-1ubuntu1.6_amd64.deb"
```
然后重新 [导出 IKEv2 客户端的配置](#导出已有的客户端的配置)。
</details>
### IKEv2 在一小时后断开连接
如果 IKEv2 连接在一小时60 分钟)后自动断开,可以这样解决:编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`(如果不存在,编辑 `/etc/ipsec.conf`)。在 `conn ikev2-cp` 一节的末尾添加以下行,开头必须空两格:

37
docs/ikev2-howto.md
View File

@ -116,7 +116,7 @@ To customize IKEv2 or client options, run this script without arguments.
*Read this in other languages: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端).*
**Note:** The password for client configuration files can be found in the output of the IKEv2 helper script. If you want to add or export IKEv2 client(s), just run the [helper script](#set-up-ikev2-using-helper-script) again. Use option `-h` to show usage information.
**Note:** If you want to add or export IKEv2 client(s), just run the [helper script](#set-up-ikev2-using-helper-script) again. Use option `-h` to show usage information.
* [Windows 7, 8, 10 and 11](#windows-7-8-10-and-11)
* [OS X (macOS)](#os-x-macos)
@ -126,6 +126,8 @@ To customize IKEv2 or client options, run this script without arguments.
### Windows 7, 8, 10 and 11
**Note:** If there is no password for client config files in the output of the IKEv2 helper script, press Enter to continue when prompted for the password, or if manually importing the `.p12` file, leave the password field blank.
Windows 8, 10 and 11 users can automatically import IKEv2 configuration:
1. Securely transfer the generated `.p12` file to your computer.
@ -356,8 +358,9 @@ Next, securely transfer the generated `.p12` file from the VPN server to your Li
```bash
# Example: Extract CA certificate, client certificate and private key.
# You may delete the .p12 file when finished.
# Note: You will need to enter the import password, which can be found
# in the output of the IKEv2 helper script.
# Note: You may need to enter the import password, which can be found
# in the output of the IKEv2 helper script. If the output does not
# contain an import password, press Enter to continue.
openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ikev2vpnca.cer
openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out vpnclient.cer
openssl pkcs12 -in vpnclient.p12 -nocerts -nodes -out vpnclient.key
@ -774,38 +777,10 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th
**See also:** [Check logs and VPN status](clients.md#check-logs-and-vpn-status), [IKEv1 troubleshooting](clients.md#troubleshooting) and [Advanced usage](advanced-usage.md).
* [Incorrect password when trying to import](#incorrect-password-when-trying-to-import)
* [IKEv2 disconnects after one hour](#ikev2-disconnects-after-one-hour)
* [Unable to connect multiple IKEv2 clients](#unable-to-connect-multiple-ikev2-clients)
* [Other known issues](#other-known-issues)
### Incorrect password when trying to import
If you forgot the password for client config files, you may [export configuration for the IKEv2 client](#export-configuration-for-an-existing-client) again.
Ubuntu 18.04 users may encounter the error "The password you entered is incorrect" when trying to import the generated `.p12` file into Windows. This is due to a bug in `NSS`. Read more [here](https://github.com/hwdsl2/setup-ipsec-vpn/issues/414#issuecomment-460495258). As of 2021-01-21, the IKEv2 helper script was updated to automatically apply the workaround below.
<details>
<summary>
Workaround for the NSS bug on Ubuntu 18.04
</summary>
**Note:** This workaround should only be used on Ubuntu 18.04 systems running on the `x86_64` architecture.
First, install newer versions of `libnss3` related packages:
```
wget https://mirrors.kernel.org/ubuntu/pool/main/n/nss/libnss3_3.49.1-1ubuntu1.6_amd64.deb
wget https://mirrors.kernel.org/ubuntu/pool/main/n/nss/libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb
wget https://mirrors.kernel.org/ubuntu/pool/universe/n/nss/libnss3-tools_3.49.1-1ubuntu1.6_amd64.deb
apt-get -y update
apt-get -y install "./libnss3_3.49.1-1ubuntu1.6_amd64.deb" \
"./libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb" \
"./libnss3-tools_3.49.1-1ubuntu1.6_amd64.deb"
```
After that, [export configuration for the IKEv2 client](#export-configuration-for-an-existing-client) again.
</details>
### IKEv2 disconnects after one hour
If the IKEv2 connection disconnects automatically after one hour (60 minutes), apply this fix: Edit `/etc/ipsec.d/ikev2.conf` on the VPN server (or `/etc/ipsec.conf` if it does not exist), append these lines to the end of section `conn ikev2-cp`, indented by two spaces: