Update docs
This commit is contained in:
parent
ee409250d8
commit
933114087b
@ -338,6 +338,7 @@ wget https://git.io/vpnupgrade-amzn -O vpnup.sh && sudo sh vpnup.sh
|
|||||||
- [使用其他的 DNS 服务器](#使用其他的-dns-服务器)
|
- [使用其他的 DNS 服务器](#使用其他的-dns-服务器)
|
||||||
- [域名和更改服务器 IP](#域名和更改服务器-ip)
|
- [域名和更改服务器 IP](#域名和更改服务器-ip)
|
||||||
- [VPN 内网 IP](#vpn-内网-ip)
|
- [VPN 内网 IP](#vpn-内网-ip)
|
||||||
|
- [访问 VPN 服务器的网段](#访问-vpn-服务器的网段)
|
||||||
- [仅限 IKEv2 的 VPN](#仅限-ikev2-的-vpn)
|
- [仅限 IKEv2 的 VPN](#仅限-ikev2-的-vpn)
|
||||||
- [更改 IPTables 规则](#更改-iptables-规则)
|
- [更改 IPTables 规则](#更改-iptables-规则)
|
||||||
|
|
||||||
@ -379,6 +380,12 @@ iptables -I FORWARD 2 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j D
|
|||||||
iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
|
iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### 访问 VPN 服务器的网段
|
||||||
|
|
||||||
|
连接到 VPN 后,VPN 客户端通常可以访问与 VPN 服务器位于同一本地子网内的其他设备上运行的服务,而无需进行其他配置。
|
||||||
|
|
||||||
|
例如,如果 VPN 服务器的本地子网为 `192.168.0.0/24`,并且一个 Nginx 服务器在 IP `192.168.0.2` 上运行,则 VPN 客户端可以使用 IP `192.168.0.2`来访问 Nginx 服务器。如果无法访问,请检查其他设备上的防火墙设置。
|
||||||
|
|
||||||
### 仅限 IKEv2 的 VPN
|
### 仅限 IKEv2 的 VPN
|
||||||
|
|
||||||
Libreswan 4.2 和更新版本支持 `ikev1-policy` 配置选项。使用此选项,高级用户可以设置仅限 IKEv2 的 VPN,即 VPN 服务器仅接受 IKEv2 连接,而 IKEv1 连接(包括 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式)将被丢弃。
|
Libreswan 4.2 和更新版本支持 `ikev1-policy` 配置选项。使用此选项,高级用户可以设置仅限 IKEv2 的 VPN,即 VPN 服务器仅接受 IKEv2 连接,而 IKEv1 连接(包括 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式)将被丢弃。
|
||||||
|
@ -338,6 +338,7 @@ wget https://git.io/vpnupgrade-amzn -O vpnup.sh && sudo sh vpnup.sh
|
|||||||
- [Use alternative DNS servers](#use-alternative-dns-servers)
|
- [Use alternative DNS servers](#use-alternative-dns-servers)
|
||||||
- [DNS name and server IP changes](#dns-name-and-server-ip-changes)
|
- [DNS name and server IP changes](#dns-name-and-server-ip-changes)
|
||||||
- [Internal VPN IPs](#internal-vpn-ips)
|
- [Internal VPN IPs](#internal-vpn-ips)
|
||||||
|
- [Access VPN server's subnet](#access-vpn-servers-subnet)
|
||||||
- [IKEv2 only VPN](#ikev2-only-vpn)
|
- [IKEv2 only VPN](#ikev2-only-vpn)
|
||||||
- [Modify IPTables rules](#modify-iptables-rules)
|
- [Modify IPTables rules](#modify-iptables-rules)
|
||||||
|
|
||||||
@ -379,6 +380,12 @@ iptables -I FORWARD 2 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j D
|
|||||||
iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
|
iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Access VPN server's subnet
|
||||||
|
|
||||||
|
After connecting to the VPN, VPN clients can generally access services running on other devices that are within the same local subnet as the VPN server, without additional configuration.
|
||||||
|
|
||||||
|
For example, if the VPN server's local subnet is `192.168.0.0/24`, and an Nginx server is running on IP `192.168.0.2`, VPN clients can use IP `192.168.0.2` to access the Nginx server. If unable to access, check the firewall settings on the other device.
|
||||||
|
|
||||||
### IKEv2 only VPN
|
### IKEv2 only VPN
|
||||||
|
|
||||||
Libreswan 4.2 and newer versions support the `ikev1-policy` config option. Using this option, advanced users can set up an IKEv2-only VPN, i.e. only IKEv2 connections are accepted by the VPN server, while IKEv1 connections (including the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes) are dropped.
|
Libreswan 4.2 and newer versions support the `ikev1-policy` config option. Using this option, advanced users can set up an IKEv2-only VPN, i.e. only IKEv2 connections are accepted by the VPN server, while IKEv1 connections (including the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes) are dropped.
|
||||||
|
@ -230,7 +230,6 @@ Fedora 28(和更新版本)和 CentOS 8/7 用户可以使用 [IPsec/XAuth](cl
|
|||||||
* [iOS 13/14 和 macOS 10.15/11](#ios-1314-和-macos-101511)
|
* [iOS 13/14 和 macOS 10.15/11](#ios-1314-和-macos-101511)
|
||||||
* [iOS/Android 睡眠模式](#iosandroid-睡眠模式)
|
* [iOS/Android 睡眠模式](#iosandroid-睡眠模式)
|
||||||
* [Debian 10 内核](#debian-10-内核)
|
* [Debian 10 内核](#debian-10-内核)
|
||||||
* [Chromebook 连接问题](#chromebook-连接问题)
|
|
||||||
* [其它错误](#其它错误)
|
* [其它错误](#其它错误)
|
||||||
* [检查日志及 VPN 状态](#检查日志及-vpn-状态)
|
* [检查日志及 VPN 状态](#检查日志及-vpn-状态)
|
||||||
|
|
||||||
@ -367,10 +366,6 @@ Debian 10 用户:运行 `uname -r` 以检查你的服务器的 Linux 内核版
|
|||||||
|
|
||||||
要解决此问题,你可以换用标准的 Linux 内核,通过安装比如 `linux-image-amd64` 软件包来实现。然后更新 GRUB 的内核默认值并重启服务器。最后重新运行 VPN 安装脚本。
|
要解决此问题,你可以换用标准的 Linux 内核,通过安装比如 `linux-image-amd64` 软件包来实现。然后更新 GRUB 的内核默认值并重启服务器。最后重新运行 VPN 安装脚本。
|
||||||
|
|
||||||
### Chromebook 连接问题
|
|
||||||
|
|
||||||
Chromebook 用户: 如果你无法连接,请尝试以下步骤:编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到这一行 `phase2alg=...` 并在结尾加上 `,aes_gcm-null` 。保存修改并运行 `service ipsec restart`。
|
|
||||||
|
|
||||||
### 其它错误
|
### 其它错误
|
||||||
|
|
||||||
如果你遇到其它错误,请参见以下链接:
|
如果你遇到其它错误,请参见以下链接:
|
||||||
|
@ -229,7 +229,6 @@ First check <a href="https://github.com/nm-l2tp/NetworkManager-l2tp/wiki/Prebuil
|
|||||||
* [iOS 13/14 and macOS 10.15/11](#ios-1314-and-macos-101511)
|
* [iOS 13/14 and macOS 10.15/11](#ios-1314-and-macos-101511)
|
||||||
* [iOS/Android sleep mode](#iosandroid-sleep-mode)
|
* [iOS/Android sleep mode](#iosandroid-sleep-mode)
|
||||||
* [Debian 10 kernel](#debian-10-kernel)
|
* [Debian 10 kernel](#debian-10-kernel)
|
||||||
* [Chromebook issues](#chromebook-issues)
|
|
||||||
* [Other errors](#other-errors)
|
* [Other errors](#other-errors)
|
||||||
* [Check logs and VPN status](#check-logs-and-vpn-status)
|
* [Check logs and VPN status](#check-logs-and-vpn-status)
|
||||||
|
|
||||||
@ -366,10 +365,6 @@ Debian 10 users: Run `uname -r` to check your server's Linux kernel version. If
|
|||||||
|
|
||||||
To fix, you may switch to the standard Linux kernel by installing e.g. the `linux-image-amd64` package. Then update the default kernel in GRUB and reboot your server. Finally, re-run the VPN setup script.
|
To fix, you may switch to the standard Linux kernel by installing e.g. the `linux-image-amd64` package. Then update the default kernel in GRUB and reboot your server. Finally, re-run the VPN setup script.
|
||||||
|
|
||||||
### Chromebook issues
|
|
||||||
|
|
||||||
Chromebook users: If you are unable to connect, try these steps: Edit `/etc/ipsec.conf` on the VPN server. Find the line `phase2alg=...` and append `,aes_gcm-null` at the end. Save the file and run `service ipsec restart`.
|
|
||||||
|
|
||||||
### Other errors
|
### Other errors
|
||||||
|
|
||||||
If you encounter other errors, refer to the links below:
|
If you encounter other errors, refer to the links below:
|
||||||
|
Loading…
Reference in New Issue
Block a user