1
0
mirror of synced 2024-11-29 08:06:04 +03:00

Update docs

This commit is contained in:
hwdsl2 2021-05-02 00:48:29 -05:00
parent ee409250d8
commit 933114087b
4 changed files with 14 additions and 10 deletions

View File

@ -338,6 +338,7 @@ wget https://git.io/vpnupgrade-amzn -O vpnup.sh && sudo sh vpnup.sh
- [使用其他的 DNS 服务器](#使用其他的-dns-服务器) - [使用其他的 DNS 服务器](#使用其他的-dns-服务器)
- [域名和更改服务器 IP](#域名和更改服务器-ip) - [域名和更改服务器 IP](#域名和更改服务器-ip)
- [VPN 内网 IP](#vpn-内网-ip) - [VPN 内网 IP](#vpn-内网-ip)
- [访问 VPN 服务器的网段](#访问-vpn-服务器的网段)
- [仅限 IKEv2 的 VPN](#仅限-ikev2-的-vpn) - [仅限 IKEv2 的 VPN](#仅限-ikev2-的-vpn)
- [更改 IPTables 规则](#更改-iptables-规则) - [更改 IPTables 规则](#更改-iptables-规则)
@ -379,6 +380,12 @@ iptables -I FORWARD 2 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j D
iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
``` ```
### 访问 VPN 服务器的网段
连接到 VPN 后VPN 客户端通常可以访问与 VPN 服务器位于同一本地子网内的其他设备上运行的服务,而无需进行其他配置。
例如,如果 VPN 服务器的本地子网为 `192.168.0.0/24`,并且一个 Nginx 服务器在 IP `192.168.0.2` 上运行,则 VPN 客户端可以使用 IP `192.168.0.2`来访问 Nginx 服务器。如果无法访问,请检查其他设备上的防火墙设置。
### 仅限 IKEv2 的 VPN ### 仅限 IKEv2 的 VPN
Libreswan 4.2 和更新版本支持 `ikev1-policy` 配置选项。使用此选项,高级用户可以设置仅限 IKEv2 的 VPN即 VPN 服务器仅接受 IKEv2 连接,而 IKEv1 连接(包括 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式)将被丢弃。 Libreswan 4.2 和更新版本支持 `ikev1-policy` 配置选项。使用此选项,高级用户可以设置仅限 IKEv2 的 VPN即 VPN 服务器仅接受 IKEv2 连接,而 IKEv1 连接(包括 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式)将被丢弃。

View File

@ -338,6 +338,7 @@ wget https://git.io/vpnupgrade-amzn -O vpnup.sh && sudo sh vpnup.sh
- [Use alternative DNS servers](#use-alternative-dns-servers) - [Use alternative DNS servers](#use-alternative-dns-servers)
- [DNS name and server IP changes](#dns-name-and-server-ip-changes) - [DNS name and server IP changes](#dns-name-and-server-ip-changes)
- [Internal VPN IPs](#internal-vpn-ips) - [Internal VPN IPs](#internal-vpn-ips)
- [Access VPN server's subnet](#access-vpn-servers-subnet)
- [IKEv2 only VPN](#ikev2-only-vpn) - [IKEv2 only VPN](#ikev2-only-vpn)
- [Modify IPTables rules](#modify-iptables-rules) - [Modify IPTables rules](#modify-iptables-rules)
@ -379,6 +380,12 @@ iptables -I FORWARD 2 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j D
iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
``` ```
### Access VPN server's subnet
After connecting to the VPN, VPN clients can generally access services running on other devices that are within the same local subnet as the VPN server, without additional configuration.
For example, if the VPN server's local subnet is `192.168.0.0/24`, and an Nginx server is running on IP `192.168.0.2`, VPN clients can use IP `192.168.0.2` to access the Nginx server. If unable to access, check the firewall settings on the other device.
### IKEv2 only VPN ### IKEv2 only VPN
Libreswan 4.2 and newer versions support the `ikev1-policy` config option. Using this option, advanced users can set up an IKEv2-only VPN, i.e. only IKEv2 connections are accepted by the VPN server, while IKEv1 connections (including the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes) are dropped. Libreswan 4.2 and newer versions support the `ikev1-policy` config option. Using this option, advanced users can set up an IKEv2-only VPN, i.e. only IKEv2 connections are accepted by the VPN server, while IKEv1 connections (including the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes) are dropped.

View File

@ -230,7 +230,6 @@ Fedora 28和更新版本和 CentOS 8/7 用户可以使用 [IPsec/XAuth](cl
* [iOS 13/14 和 macOS 10.15/11](#ios-1314-和-macos-101511) * [iOS 13/14 和 macOS 10.15/11](#ios-1314-和-macos-101511)
* [iOS/Android 睡眠模式](#iosandroid-睡眠模式) * [iOS/Android 睡眠模式](#iosandroid-睡眠模式)
* [Debian 10 内核](#debian-10-内核) * [Debian 10 内核](#debian-10-内核)
* [Chromebook 连接问题](#chromebook-连接问题)
* [其它错误](#其它错误) * [其它错误](#其它错误)
* [检查日志及 VPN 状态](#检查日志及-vpn-状态) * [检查日志及 VPN 状态](#检查日志及-vpn-状态)
@ -367,10 +366,6 @@ Debian 10 用户:运行 `uname -r` 以检查你的服务器的 Linux 内核版
要解决此问题,你可以换用标准的 Linux 内核,通过安装比如 `linux-image-amd64` 软件包来实现。然后更新 GRUB 的内核默认值并重启服务器。最后重新运行 VPN 安装脚本。 要解决此问题,你可以换用标准的 Linux 内核,通过安装比如 `linux-image-amd64` 软件包来实现。然后更新 GRUB 的内核默认值并重启服务器。最后重新运行 VPN 安装脚本。
### Chromebook 连接问题
Chromebook 用户: 如果你无法连接,请尝试以下步骤:编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到这一行 `phase2alg=...` 并在结尾加上 `,aes_gcm-null` 。保存修改并运行 `service ipsec restart`
### 其它错误 ### 其它错误
如果你遇到其它错误,请参见以下链接: 如果你遇到其它错误,请参见以下链接:

View File

@ -229,7 +229,6 @@ First check <a href="https://github.com/nm-l2tp/NetworkManager-l2tp/wiki/Prebuil
* [iOS 13/14 and macOS 10.15/11](#ios-1314-and-macos-101511) * [iOS 13/14 and macOS 10.15/11](#ios-1314-and-macos-101511)
* [iOS/Android sleep mode](#iosandroid-sleep-mode) * [iOS/Android sleep mode](#iosandroid-sleep-mode)
* [Debian 10 kernel](#debian-10-kernel) * [Debian 10 kernel](#debian-10-kernel)
* [Chromebook issues](#chromebook-issues)
* [Other errors](#other-errors) * [Other errors](#other-errors)
* [Check logs and VPN status](#check-logs-and-vpn-status) * [Check logs and VPN status](#check-logs-and-vpn-status)
@ -366,10 +365,6 @@ Debian 10 users: Run `uname -r` to check your server's Linux kernel version. If
To fix, you may switch to the standard Linux kernel by installing e.g. the `linux-image-amd64` package. Then update the default kernel in GRUB and reboot your server. Finally, re-run the VPN setup script. To fix, you may switch to the standard Linux kernel by installing e.g. the `linux-image-amd64` package. Then update the default kernel in GRUB and reboot your server. Finally, re-run the VPN setup script.
### Chromebook issues
Chromebook users: If you are unable to connect, try these steps: Edit `/etc/ipsec.conf` on the VPN server. Find the line `phase2alg=...` and append `,aes_gcm-null` at the end. Save the file and run `service ipsec restart`.
### Other errors ### Other errors
If you encounter other errors, refer to the links below: If you encounter other errors, refer to the links below: