diff --git a/README-zh.md b/README-zh.md
index 43e43ec..1431135 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -28,15 +28,39 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
## 快速开始
-首先,在你的 Linux 服务器[\*](#quick-start-note) 上全新安装一个 Ubuntu LTS, Debian 或者 CentOS 系统。
+首先,在你的 Linux 服务器[\*](#quick-start-note) 上全新安装以下系统之一。
使用以下命令快速搭建 IPsec VPN 服务器:
+
+
+Ubuntu & Debian
+
+
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
+
-如果使用 CentOS,请将上面的地址换成 `https://git.io/vpnsetup-centos`。
+
+
+CentOS & RHEL
+
+
+```bash
+wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
+```
+
+
+
+
+Amazon Linux 2
+
+
+```bash
+wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
+```
+
你的 VPN 登录凭证将会被自动随机生成,并在安装完成后显示在屏幕上。
@@ -85,57 +109,137 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
## 安装说明
-### Ubuntu & Debian
-
-首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
+首先,更新你的系统:运行 `apt-get update && apt-get dist-upgrade` (Ubuntu/Debian) 或者 `yum update` (CentOS/RHEL/Amazon Linux 2) 并重启。这一步是可选的,但推荐。
要安装 VPN,请从以下选项中选择一个:
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 (完成后会在屏幕上显示):
+
+
+Ubuntu & Debian
+
+
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
+
+
+
+
+CentOS & RHEL
+
+
+```bash
+wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
+```
+
+
+
+
+Amazon Linux 2
+
+
+```bash
+wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
+```
+
**选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证:
+
+
+Ubuntu & Debian
+
+
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
+
+
+
+
+CentOS & RHEL
+
+
+```bash
+wget https://git.io/vpnsetup-centos -O vpnsetup.sh
+nano -w vpnsetup.sh
+[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
+sudo sh vpnsetup.sh
+```
+
+
+
+
+Amazon Linux 2
+
+
+```bash
+wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
+nano -w vpnsetup.sh
+[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
+sudo sh vpnsetup.sh
+```
+
**注:** 一个安全的 IPsec PSK 应该至少包含 20 个随机字符。
**选项 3:** 将你自己的 VPN 登录凭证定义为环境变量:
+
+
+Ubuntu & Debian
+
+
```bash
# 所有变量值必须用 '单引号' 括起来
# *不要* 在值中使用这些字符: \ " '
-wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
-VPN_IPSEC_PSK='你的IPsec预共享密钥' \
+wget https://git.io/vpnsetup -O vpnsetup.sh
+sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
VPN_USER='你的VPN用户名' \
VPN_PASSWORD='你的VPN密码' \
sh vpnsetup.sh
```
+
+
+
+
+CentOS & RHEL
+
+
+```bash
+# 所有变量值必须用 '单引号' 括起来
+# *不要* 在值中使用这些字符: \ " '
+wget https://git.io/vpnsetup-centos -O vpnsetup.sh
+sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
+VPN_USER='你的VPN用户名' \
+VPN_PASSWORD='你的VPN密码' \
+sh vpnsetup.sh
+```
+
+
+
+
+Amazon Linux 2
+
+
+```bash
+# 所有变量值必须用 '单引号' 括起来
+# *不要* 在值中使用这些字符: \ " '
+wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
+sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
+VPN_USER='你的VPN用户名' \
+VPN_PASSWORD='你的VPN密码' \
+sh vpnsetup.sh
+```
+
**注:** 如果无法通过 `wget` 下载,你也可以打开 vpnsetup.sh,然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
-### CentOS & RHEL
-
-首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
-
-按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://git.io/vpnsetup-centos`。
-
-### Amazon Linux 2
-
-首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
-
-按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://bit.ly/vpnsetup-amzn`。
-
-**注:** 在阅读本项目的文档时,对于 Amazon Linux 2 请参见 CentOS/RHEL 部分。
-
## 下一步
配置你的计算机或其它设备使用 VPN 。请参见:
@@ -178,14 +282,35 @@ sh vpnsetup.sh
在 extras/ 目录提供额外的脚本,可用于升级 Libreswan(更新日志 | 通知列表)。请在运行前根据需要修改 `SWAN_VER` 变量。查看已安装版本: `ipsec --version`.
+
+
+Ubuntu & Debian
+
+
```bash
-# Ubuntu & Debian
wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh vpnupgrade.sh
-# CentOS & RHEL
+```
+
+
+
+
+CentOS & RHEL
+
+
+```bash
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sudo sh vpnupgrade.sh
-# Amazon Linux 2
+```
+
+
+
+
+Amazon Linux 2
+
+
+```bash
wget https://bit.ly/vpnupgrade-amzn -O vpnupgrade.sh && sudo sh vpnupgrade.sh
```
+
## 问题和反馈
diff --git a/README.md b/README.md
index 08317b0..858c5f0 100644
--- a/README.md
+++ b/README.md
@@ -28,15 +28,39 @@ We will use Libreswan as th
## Quick start
-First, prepare your Linux server[\*](#quick-start-note) with a fresh install of Ubuntu LTS, Debian or CentOS.
+First, prepare your Linux server[\*](#quick-start-note) with a fresh install of one of the following OS.
Use this one-liner to set up an IPsec VPN server:
+
+
+Ubuntu & Debian
+
+
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
+
-If using CentOS, replace the link above with `https://git.io/vpnsetup-centos`.
+
+
+CentOS & RHEL
+
+
+```bash
+wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
+```
+
+
+
+
+Amazon Linux 2
+
+
+```bash
+wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
+```
+
Your VPN login details will be randomly generated, and displayed on the screen when finished.
@@ -85,57 +109,137 @@ Advanced users can set up the VPN server on a $35
+
+
+
+CentOS & RHEL
+
+
+```bash
+# All values MUST be placed inside 'single quotes'
+# DO NOT use these special characters within values: \ " '
+wget https://git.io/vpnsetup-centos -O vpnsetup.sh
+sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
+VPN_USER='your_vpn_username' \
+VPN_PASSWORD='your_vpn_password' \
+sh vpnsetup.sh
+```
+
+
+
+
+Amazon Linux 2
+
+
+```bash
+# All values MUST be placed inside 'single quotes'
+# DO NOT use these special characters within values: \ " '
+wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
+sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
+VPN_USER='your_vpn_username' \
+VPN_PASSWORD='your_vpn_password' \
+sh vpnsetup.sh
+```
+
**Note:** If unable to download via `wget`, you may also open vpnsetup.sh and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
-### CentOS & RHEL
-
-First, update your system with `yum update` and reboot. This is optional, but recommended.
-
-Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://git.io/vpnsetup-centos`.
-
-### Amazon Linux 2
-
-First, update your system with `yum update` and reboot. This is optional, but recommended.
-
-Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://bit.ly/vpnsetup-amzn`.
-
-**Note:** When reading documentation in this project, refer to the CentOS/RHEL sections for Amazon Linux 2.
-
## Next steps
Get your computer or device to use the VPN. Please refer to:
@@ -178,14 +282,35 @@ The scripts will backup existing config files before making changes, with `.old-
The additional scripts in extras/ can be used to upgrade Libreswan (changelog | announce). Edit the `SWAN_VER` variable as necessary. Check which version is installed: `ipsec --version`.
+
+
+Ubuntu & Debian
+
+
```bash
-# Ubuntu & Debian
wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh vpnupgrade.sh
-# CentOS & RHEL
+```
+
+
+
+
+CentOS & RHEL
+
+
+```bash
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sudo sh vpnupgrade.sh
-# Amazon Linux 2
+```
+
+
+
+
+Amazon Linux 2
+
+
+```bash
wget https://bit.ly/vpnupgrade-amzn -O vpnupgrade.sh && sudo sh vpnupgrade.sh
```
+
## Bugs & Questions
diff --git a/docs/clients-zh.md b/docs/clients-zh.md
index 6b13ad8..2a1b63c 100644
--- a/docs/clients-zh.md
+++ b/docs/clients-zh.md
@@ -374,7 +374,7 @@ service xl2tpd restart
grep pluto /var/log/auth.log
grep xl2tpd /var/log/syslog
-# CentOS & RHEL
+# CentOS/RHEL & Amazon Linux 2
grep pluto /var/log/secure
grep xl2tpd /var/log/messages
```
diff --git a/docs/clients.md b/docs/clients.md
index 84fd28d..3149cd4 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -373,7 +373,7 @@ Check the Libreswan (IPsec) and xl2tpd logs for errors:
grep pluto /var/log/auth.log
grep xl2tpd /var/log/syslog
-# CentOS & RHEL
+# CentOS/RHEL & Amazon Linux 2
grep pluto /var/log/secure
grep xl2tpd /var/log/messages
```
diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 27daedf..5deab97 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -2,9 +2,6 @@
*其他语言版本: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
-**注:** 本指南适用于**高级用户**。其他用户请使用 [IPsec/L2TP](clients-zh.md) 或者 [IPsec/XAuth](clients-xauth-zh.md) 模式。
-
----
* [导言](#导言)
* [使用辅助脚本](#使用辅助脚本)
* [手动在 VPN 服务器上配置 IKEv2](#手动在-vpn-服务器上配置-ikev2)
@@ -25,6 +22,8 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
- Android 4.x 和更新版本(使用 strongSwan VPN 客户端)
- iOS (iPhone/iPad)
+在按照本指南操作之后,你将可以选择三种模式中的任意一种连接到 VPN:IKEv2,以及已有的 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式。
+
## 使用辅助脚本
**重要:** 作为使用本指南的先决条件,在继续之前,你必须确保你已经成功地 搭建自己的 VPN 服务器,并且(可选但推荐)将 Libreswan 升级 到最新版本。**Docker 用户请看 这里**。
@@ -107,7 +106,7 @@ wget https://bit.ly/ikev2setup -O ikev2.sh && sudo bash ikev2.sh
EOF
```
- **注:** 如果你的服务器(或者 Docker 主机)运行 Debian 或者 CentOS/RHEL,并且你想要启用 MOBIKE 支持,可以将上面命令中的 `mobike=no` 换成 `mobike=yes`。**不要** 在 Ubuntu 系统或者 Raspberry Pi 上启用该选项。
+ **注:** 如果你的服务器(或者 Docker 主机)运行 Debian, CentOS/RHEL 或者 Amazon Linux 2,并且你想要启用 MOBIKE 支持,可以将上面命令中的 `mobike=no` 换成 `mobike=yes`。**不要** 在 Ubuntu 系统或者 Raspberry Pi 上启用该选项。
如果是 Libreswan 3.19-3.22:
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index b1a0669..41f99a8 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -2,9 +2,6 @@
*Read this in other languages: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
-**Note:** This guide is for **advanced users**. Other users please use [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode.
-
----
* [Introduction](#introduction)
* [Using helper scripts](#using-helper-scripts)
* [Manually set up IKEv2 on the VPN server](#manually-set-up-ikev2-on-the-vpn-server)
@@ -25,6 +22,8 @@ Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certifica
- Android 4.x and newer (using the strongSwan VPN client)
- iOS (iPhone/iPad)
+After following this guide, you will be able to connect to the VPN using IKEv2 in addition to the existing [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes.
+
## Using helper scripts
**Important:** As a prerequisite to using this guide, and before continuing, you must make sure that you have successfully set up your own VPN server, and (optional but recommended) upgraded Libreswan to the latest version. **Docker users, see here**.
@@ -107,7 +106,7 @@ The following example shows how to manually configure IKEv2 with Libreswan. Comm
EOF
```
- **Note:** If your server (or Docker host) runs Debian or CentOS/RHEL and you wish to enable MOBIKE support, replace `mobike=no` with `mobike=yes` in the command above. **DO NOT** enable this option on Ubuntu systems or Raspberry Pis.
+ **Note:** If your server (or Docker host) runs Debian, CentOS/RHEL or Amazon Linux 2, and you wish to enable MOBIKE support, replace `mobike=no` with `mobike=yes` in the command above. **DO NOT** enable this option on Ubuntu systems or Raspberry Pis.
For Libreswan 3.19-3.22:
diff --git a/docs/uninstall-zh.md b/docs/uninstall-zh.md
index 561349f..5b3390c 100644
--- a/docs/uninstall-zh.md
+++ b/docs/uninstall-zh.md
@@ -25,21 +25,21 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
## 第二步
-### Ubuntu/Debian
+### Ubuntu & Debian
`apt-get purge xl2tpd`
-### CentOS/RHEL
+### CentOS/RHEL & Amazon Linux 2
`yum remove xl2tpd`
## 第三步
-### Ubuntu/Debian
+### Ubuntu & Debian
编辑 `/etc/iptables.rules` 并删除不需要的规则。你之前的防火墙规则(如果有)备份在 `/etc/iptables.rules.old-日期-时间`。另外如果文件 `/etc/iptables/rules.v4` 存在,请编辑它。
-### CentOS/RHEL
+### CentOS/RHEL & Amazon Linux 2
编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。你之前的防火墙规则(如果有)备份在 `/etc/sysconfig/iptables.old-日期-时间`。
diff --git a/docs/uninstall.md b/docs/uninstall.md
index b0f0cd6..778968e 100644
--- a/docs/uninstall.md
+++ b/docs/uninstall.md
@@ -25,21 +25,21 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
## Second step
-### Ubuntu/Debian
+### Ubuntu & Debian
`apt-get purge xl2tpd`
-### CentOS/RHEL
+### CentOS/RHEL & Amazon Linux 2
`yum remove xl2tpd`
## Third step
-### Ubuntu/Debian
+### Ubuntu & Debian
Edit `/etc/iptables.rules` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`. In addition, edit `/etc/iptables/rules.v4` if the file exists.
-### CentOS/RHEL
+### CentOS/RHEL & Amazon Linux 2
Edit `/etc/sysconfig/iptables` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.