Update docs
This commit is contained in:
parent
7006fb3fa5
commit
8adead17b7
173
README-zh.md
173
README-zh.md
@ -28,15 +28,39 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
|
||||
|
||||
## 快速开始
|
||||
|
||||
首先,在你的 Linux 服务器[\*](#quick-start-note) 上全新安装一个 Ubuntu LTS, Debian 或者 CentOS 系统。
|
||||
首先,在你的 Linux 服务器[\*](#quick-start-note) 上全新安装以下系统之一。
|
||||
|
||||
使用以下命令快速搭建 IPsec VPN 服务器:
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
如果使用 CentOS,请将上面的地址换成 `https://git.io/vpnsetup-centos`。
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
你的 VPN 登录凭证将会被自动随机生成,并在安装完成后显示在屏幕上。
|
||||
|
||||
@ -85,57 +109,137 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
|
||||
## 安装说明
|
||||
|
||||
### Ubuntu & Debian
|
||||
|
||||
首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
|
||||
首先,更新你的系统:运行 `apt-get update && apt-get dist-upgrade` (Ubuntu/Debian) 或者 `yum update` (CentOS/RHEL/Amazon Linux 2) 并重启。这一步是可选的,但推荐。
|
||||
|
||||
要安装 VPN,请从以下选项中选择一个:
|
||||
|
||||
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 (完成后会在屏幕上显示):
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
**选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证:
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh
|
||||
nano -w vpnsetup.sh
|
||||
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
|
||||
sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup-centos -O vpnsetup.sh
|
||||
nano -w vpnsetup.sh
|
||||
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
|
||||
sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
|
||||
nano -w vpnsetup.sh
|
||||
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
|
||||
sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
**注:** 一个安全的 IPsec PSK 应该至少包含 20 个随机字符。
|
||||
|
||||
**选项 3:** 将你自己的 VPN 登录凭证定义为环境变量:
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
# 所有变量值必须用 '单引号' 括起来
|
||||
# *不要* 在值中使用这些字符: \ " '
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
|
||||
VPN_IPSEC_PSK='你的IPsec预共享密钥' \
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh
|
||||
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
|
||||
VPN_USER='你的VPN用户名' \
|
||||
VPN_PASSWORD='你的VPN密码' \
|
||||
sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
# 所有变量值必须用 '单引号' 括起来
|
||||
# *不要* 在值中使用这些字符: \ " '
|
||||
wget https://git.io/vpnsetup-centos -O vpnsetup.sh
|
||||
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
|
||||
VPN_USER='你的VPN用户名' \
|
||||
VPN_PASSWORD='你的VPN密码' \
|
||||
sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
# 所有变量值必须用 '单引号' 括起来
|
||||
# *不要* 在值中使用这些字符: \ " '
|
||||
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
|
||||
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
|
||||
VPN_USER='你的VPN用户名' \
|
||||
VPN_PASSWORD='你的VPN密码' \
|
||||
sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
**注:** 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a>,然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
|
||||
|
||||
### CentOS & RHEL
|
||||
|
||||
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
|
||||
|
||||
按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://git.io/vpnsetup-centos`。
|
||||
|
||||
### Amazon Linux 2
|
||||
|
||||
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
|
||||
|
||||
按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://bit.ly/vpnsetup-amzn`。
|
||||
|
||||
**注:** 在阅读本项目的文档时,对于 Amazon Linux 2 请参见 CentOS/RHEL 部分。
|
||||
|
||||
## 下一步
|
||||
|
||||
配置你的计算机或其它设备使用 VPN 。请参见:
|
||||
@ -178,14 +282,35 @@ sh vpnsetup.sh
|
||||
|
||||
在 <a href="extras/" target="_blank">extras/</a> 目录提供额外的脚本,可用于升级 <a href="https://libreswan.org" target="_blank">Libreswan</a>(<a href="https://github.com/libreswan/libreswan/blob/master/CHANGES" target="_blank">更新日志</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">通知列表</a>)。请在运行前根据需要修改 `SWAN_VER` 变量。查看已安装版本: `ipsec --version`.
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
# Ubuntu & Debian
|
||||
wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh vpnupgrade.sh
|
||||
# CentOS & RHEL
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sudo sh vpnupgrade.sh
|
||||
# Amazon Linux 2
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://bit.ly/vpnupgrade-amzn -O vpnupgrade.sh && sudo sh vpnupgrade.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
## 问题和反馈
|
||||
|
||||
|
173
README.md
173
README.md
@ -28,15 +28,39 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
|
||||
|
||||
## Quick start
|
||||
|
||||
First, prepare your Linux server[\*](#quick-start-note) with a fresh install of Ubuntu LTS, Debian or CentOS.
|
||||
First, prepare your Linux server[\*](#quick-start-note) with a fresh install of one of the following OS.
|
||||
|
||||
Use this one-liner to set up an IPsec VPN server:
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
If using CentOS, replace the link above with `https://git.io/vpnsetup-centos`.
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
Your VPN login details will be randomly generated, and displayed on the screen when finished.
|
||||
|
||||
@ -85,57 +109,137 @@ Advanced users can set up the VPN server on a $35 <a href="https://www.raspberry
|
||||
|
||||
## Installation
|
||||
|
||||
### Ubuntu & Debian
|
||||
|
||||
First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended.
|
||||
First, update your system with `apt-get update && apt-get dist-upgrade` (Ubuntu/Debian) or `yum update` (CentOS/RHEL/Amazon Linux 2) and reboot. This is optional, but recommended.
|
||||
|
||||
To install the VPN, please choose one of the following options:
|
||||
|
||||
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished):
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
**Option 2:** Edit the script and provide your own VPN credentials:
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh
|
||||
nano -w vpnsetup.sh
|
||||
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
|
||||
sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnsetup-centos -O vpnsetup.sh
|
||||
nano -w vpnsetup.sh
|
||||
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
|
||||
sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
|
||||
nano -w vpnsetup.sh
|
||||
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
|
||||
sudo sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
**Note:** A secure IPsec PSK should consist of at least 20 random characters.
|
||||
|
||||
**Option 3:** Define your VPN credentials as environment variables:
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
# All values MUST be placed inside 'single quotes'
|
||||
# DO NOT use these special characters within values: \ " '
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
|
||||
VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
|
||||
wget https://git.io/vpnsetup -O vpnsetup.sh
|
||||
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
|
||||
VPN_USER='your_vpn_username' \
|
||||
VPN_PASSWORD='your_vpn_password' \
|
||||
sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
# All values MUST be placed inside 'single quotes'
|
||||
# DO NOT use these special characters within values: \ " '
|
||||
wget https://git.io/vpnsetup-centos -O vpnsetup.sh
|
||||
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
|
||||
VPN_USER='your_vpn_username' \
|
||||
VPN_PASSWORD='your_vpn_password' \
|
||||
sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
# All values MUST be placed inside 'single quotes'
|
||||
# DO NOT use these special characters within values: \ " '
|
||||
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
|
||||
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
|
||||
VPN_USER='your_vpn_username' \
|
||||
VPN_PASSWORD='your_vpn_password' \
|
||||
sh vpnsetup.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
**Note:** If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
|
||||
|
||||
### CentOS & RHEL
|
||||
|
||||
First, update your system with `yum update` and reboot. This is optional, but recommended.
|
||||
|
||||
Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://git.io/vpnsetup-centos`.
|
||||
|
||||
### Amazon Linux 2
|
||||
|
||||
First, update your system with `yum update` and reboot. This is optional, but recommended.
|
||||
|
||||
Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://bit.ly/vpnsetup-amzn`.
|
||||
|
||||
**Note:** When reading documentation in this project, refer to the CentOS/RHEL sections for Amazon Linux 2.
|
||||
|
||||
## Next steps
|
||||
|
||||
Get your computer or device to use the VPN. Please refer to:
|
||||
@ -178,14 +282,35 @@ The scripts will backup existing config files before making changes, with `.old-
|
||||
|
||||
The additional scripts in <a href="extras/" target="_blank">extras/</a> can be used to upgrade <a href="https://libreswan.org" target="_blank">Libreswan</a> (<a href="https://github.com/libreswan/libreswan/blob/master/CHANGES" target="_blank">changelog</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">announce</a>). Edit the `SWAN_VER` variable as necessary. Check which version is installed: `ipsec --version`.
|
||||
|
||||
<details open>
|
||||
<summary>
|
||||
Ubuntu & Debian
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
# Ubuntu & Debian
|
||||
wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh vpnupgrade.sh
|
||||
# CentOS & RHEL
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
CentOS & RHEL
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sudo sh vpnupgrade.sh
|
||||
# Amazon Linux 2
|
||||
```
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Amazon Linux 2
|
||||
</summary>
|
||||
|
||||
```bash
|
||||
wget https://bit.ly/vpnupgrade-amzn -O vpnupgrade.sh && sudo sh vpnupgrade.sh
|
||||
```
|
||||
</details>
|
||||
|
||||
## Bugs & Questions
|
||||
|
||||
|
@ -374,7 +374,7 @@ service xl2tpd restart
|
||||
grep pluto /var/log/auth.log
|
||||
grep xl2tpd /var/log/syslog
|
||||
|
||||
# CentOS & RHEL
|
||||
# CentOS/RHEL & Amazon Linux 2
|
||||
grep pluto /var/log/secure
|
||||
grep xl2tpd /var/log/messages
|
||||
```
|
||||
|
@ -373,7 +373,7 @@ Check the Libreswan (IPsec) and xl2tpd logs for errors:
|
||||
grep pluto /var/log/auth.log
|
||||
grep xl2tpd /var/log/syslog
|
||||
|
||||
# CentOS & RHEL
|
||||
# CentOS/RHEL & Amazon Linux 2
|
||||
grep pluto /var/log/secure
|
||||
grep xl2tpd /var/log/messages
|
||||
```
|
||||
|
@ -2,9 +2,6 @@
|
||||
|
||||
*其他语言版本: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
|
||||
|
||||
**注:** 本指南适用于**高级用户**。其他用户请使用 [IPsec/L2TP](clients-zh.md) 或者 [IPsec/XAuth](clients-xauth-zh.md) 模式。
|
||||
|
||||
---
|
||||
* [导言](#导言)
|
||||
* [使用辅助脚本](#使用辅助脚本)
|
||||
* [手动在 VPN 服务器上配置 IKEv2](#手动在-vpn-服务器上配置-ikev2)
|
||||
@ -25,6 +22,8 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
|
||||
- Android 4.x 和更新版本(使用 strongSwan VPN 客户端)
|
||||
- iOS (iPhone/iPad)
|
||||
|
||||
在按照本指南操作之后,你将可以选择三种模式中的任意一种连接到 VPN:IKEv2,以及已有的 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式。
|
||||
|
||||
## 使用辅助脚本
|
||||
|
||||
**重要:** 作为使用本指南的先决条件,在继续之前,你必须确保你已经成功地 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a>,并且(可选但推荐)将 Libreswan <a href="../README-zh.md#升级libreswan" target="_blank">升级</a> 到最新版本。**Docker 用户请看 <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#配置并使用-ikev2-vpn" target="_blank">这里</a>**。
|
||||
@ -107,7 +106,7 @@ wget https://bit.ly/ikev2setup -O ikev2.sh && sudo bash ikev2.sh
|
||||
EOF
|
||||
```
|
||||
|
||||
**注:** 如果你的服务器(或者 Docker 主机)运行 Debian 或者 CentOS/RHEL,并且你想要启用 MOBIKE 支持,可以将上面命令中的 `mobike=no` 换成 `mobike=yes`。**不要** 在 Ubuntu 系统或者 Raspberry Pi 上启用该选项。
|
||||
**注:** 如果你的服务器(或者 Docker 主机)运行 Debian, CentOS/RHEL 或者 Amazon Linux 2,并且你想要启用 MOBIKE 支持,可以将上面命令中的 `mobike=no` 换成 `mobike=yes`。**不要** 在 Ubuntu 系统或者 Raspberry Pi 上启用该选项。
|
||||
|
||||
如果是 Libreswan 3.19-3.22:
|
||||
|
||||
|
@ -2,9 +2,6 @@
|
||||
|
||||
*Read this in other languages: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
|
||||
|
||||
**Note:** This guide is for **advanced users**. Other users please use [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode.
|
||||
|
||||
---
|
||||
* [Introduction](#introduction)
|
||||
* [Using helper scripts](#using-helper-scripts)
|
||||
* [Manually set up IKEv2 on the VPN server](#manually-set-up-ikev2-on-the-vpn-server)
|
||||
@ -25,6 +22,8 @@ Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certifica
|
||||
- Android 4.x and newer (using the strongSwan VPN client)
|
||||
- iOS (iPhone/iPad)
|
||||
|
||||
After following this guide, you will be able to connect to the VPN using IKEv2 in addition to the existing [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes.
|
||||
|
||||
## Using helper scripts
|
||||
|
||||
**Important:** As a prerequisite to using this guide, and before continuing, you must make sure that you have successfully <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">set up your own VPN server</a>, and (optional but recommended) <a href="../README.md#upgrade-libreswan" target="_blank">upgraded Libreswan</a> to the latest version. **Docker users, see <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#configure-and-use-ikev2-vpn" target="_blank">here</a>**.
|
||||
@ -107,7 +106,7 @@ The following example shows how to manually configure IKEv2 with Libreswan. Comm
|
||||
EOF
|
||||
```
|
||||
|
||||
**Note:** If your server (or Docker host) runs Debian or CentOS/RHEL and you wish to enable MOBIKE support, replace `mobike=no` with `mobike=yes` in the command above. **DO NOT** enable this option on Ubuntu systems or Raspberry Pis.
|
||||
**Note:** If your server (or Docker host) runs Debian, CentOS/RHEL or Amazon Linux 2, and you wish to enable MOBIKE support, replace `mobike=no` with `mobike=yes` in the command above. **DO NOT** enable this option on Ubuntu systems or Raspberry Pis.
|
||||
|
||||
For Libreswan 3.19-3.22:
|
||||
|
||||
|
@ -25,21 +25,21 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
|
||||
|
||||
## 第二步
|
||||
|
||||
### Ubuntu/Debian
|
||||
### Ubuntu & Debian
|
||||
|
||||
`apt-get purge xl2tpd`
|
||||
|
||||
### CentOS/RHEL
|
||||
### CentOS/RHEL & Amazon Linux 2
|
||||
|
||||
`yum remove xl2tpd`
|
||||
|
||||
## 第三步
|
||||
|
||||
### Ubuntu/Debian
|
||||
### Ubuntu & Debian
|
||||
|
||||
编辑 `/etc/iptables.rules` 并删除不需要的规则。你之前的防火墙规则(如果有)备份在 `/etc/iptables.rules.old-日期-时间`。另外如果文件 `/etc/iptables/rules.v4` 存在,请编辑它。
|
||||
|
||||
### CentOS/RHEL
|
||||
### CentOS/RHEL & Amazon Linux 2
|
||||
|
||||
编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。你之前的防火墙规则(如果有)备份在 `/etc/sysconfig/iptables.old-日期-时间`。
|
||||
|
||||
|
@ -25,21 +25,21 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
|
||||
|
||||
## Second step
|
||||
|
||||
### Ubuntu/Debian
|
||||
### Ubuntu & Debian
|
||||
|
||||
`apt-get purge xl2tpd`
|
||||
|
||||
### CentOS/RHEL
|
||||
### CentOS/RHEL & Amazon Linux 2
|
||||
|
||||
`yum remove xl2tpd`
|
||||
|
||||
## Third step
|
||||
|
||||
### Ubuntu/Debian
|
||||
### Ubuntu & Debian
|
||||
|
||||
Edit `/etc/iptables.rules` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`. In addition, edit `/etc/iptables/rules.v4` if the file exists.
|
||||
|
||||
### CentOS/RHEL
|
||||
### CentOS/RHEL & Amazon Linux 2
|
||||
|
||||
Edit `/etc/sysconfig/iptables` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user