Update docs

2024-11-21 20:46:10 +03:00 · 2021-03-27 14:51:18 -05:00 · 2021-03-27 14:51:18 -05:00 · 9437be8553
commit 9437be8553
parent de2acaabc5
6 changed files with 61 additions and 39 deletions
--- a/README-zh.md
+++ b/README-zh.md
@ -153,6 +153,8 @@ wget https://git.io/vpnsetup-amzn -O vpn.sh && sudo sh vpn.sh
 ```
 </details>

+在安装成功之后，推荐 <a href="docs/ikev2-howto-zh.md" target="_blank">配置 IKEv2</a>。
+
 **选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证：

 <details open>
@ -197,6 +199,8 @@ sudo sh vpn.sh

 **注：** 一个安全的 IPsec PSK 应该至少包含 20 个随机字符。

+在安装成功之后，推荐 <a href="docs/ikev2-howto-zh.md" target="_blank">配置 IKEv2</a>。
+
 **选项 3:** 将你自己的 VPN 登录凭证定义为环境变量：

 <details open>
@ -248,11 +252,7 @@ sh vpn.sh
 ```
 </details>

-在安装成功之后，推荐配置 IKEv2。更多信息请参见 <a href="docs/ikev2-howto-zh.md" target="_blank">IKEv2 指南</a>。
-
-```bash
-wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
-```
+在安装成功之后，推荐 <a href="docs/ikev2-howto-zh.md" target="_blank">配置 IKEv2</a>。

 **注：** 如果无法通过 `wget` 下载，你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a>，<a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a> 或者 <a href="vpnsetup_amzn.sh" target="_blank">vpnsetup_amzn.sh</a>，然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选， `Ctrl-C` 复制，然后粘贴到你喜欢的编辑器。

--- a/README.md
+++ b/README.md
@ -153,6 +153,8 @@ wget https://git.io/vpnsetup-amzn -O vpn.sh && sudo sh vpn.sh
 ```
 </details>

+After successful installation, it is recommended to <a href="docs/ikev2-howto.md" target="_blank">set up IKEv2</a>.
+
 **Option 2:** Edit the script and provide your own VPN credentials:

 <details open>
@ -197,6 +199,8 @@ sudo sh vpn.sh

 **Note:** A secure IPsec PSK should consist of at least 20 random characters.

+After successful installation, it is recommended to <a href="docs/ikev2-howto.md" target="_blank">set up IKEv2</a>.
+
 **Option 3:** Define your VPN credentials as environment variables:

 <details open>
@ -248,11 +252,7 @@ sh vpn.sh
 ```
 </details>

-After successful installation, it is recommended to set up IKEv2. Refer to the <a href="docs/ikev2-howto.md" target="_blank">IKEv2 guide</a> for more details.
-
-```bash
-wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
-```
+After successful installation, it is recommended to <a href="docs/ikev2-howto.md" target="_blank">set up IKEv2</a>.

 **Note:** If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a>, <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a> or <a href="vpnsetup_amzn.sh" target="_blank">vpnsetup_amzn.sh</a>, and click the **`Raw`** button on the right. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.

--- a/docs/clients-zh.md
+++ b/docs/clients-zh.md
@ -2,7 +2,7 @@

 *其他语言版本: [English](clients.md), [简体中文](clients-zh.md).*

-**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用更高效的 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。

 在成功 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a> 之后，按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持，无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。

@ -18,6 +18,8 @@

 ## Windows

+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐）。
+
 ### Windows 10 and 8.x

 1. 右键单击系统托盘中的无线/网络图标。
@ -86,6 +88,8 @@ Add-VpnConnection -Name 'My IPsec VPN' -ServerAddress '你的 VPN 服务器 IP'

 ## OS X

+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
+
 1. 打开系统偏好设置并转到网络部分。
 1. 在窗口左下角单击 **+** 按钮。
 1. 从 **接口** 下拉菜单选择 **VPN**。
@ -110,6 +114,8 @@ Add-VpnConnection -Name 'My IPsec VPN' -ServerAddress '你的 VPN 服务器 IP'

 ## Android

+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
+
 1. 启动 **设置** 应用程序。
 1. 单击 **网络和互联网**。或者，如果你使用 Android 7 或更早版本，在 **无线和网络** 部分单击 **更多...**。
 1. 单击 **VPN**。
@ -133,6 +139,8 @@ VPN 连接成功后，会在通知栏显示图标。最后你可以到 <a href="

 ## iOS

+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
+
 1. 进入设置 -> 通用 -> VPN。
 1. 单击 **添加VPN配置...**。
 1. 单击 **类型** 。选择 **L2TP** 并返回。
@ -170,6 +178,8 @@ VPN 连接成功后，网络状态图标上会出现 VPN 指示。最后你可

 ## Linux

+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐）。
+
 ### Ubuntu Linux

 Ubuntu 18.04 和更新版本用户可以使用 `apt` 安装 <a href="https://packages.ubuntu.com/search?keywords=network-manager-l2tp-gnome" target="_blank">network-manager-l2tp-gnome</a> 软件包，然后通过 GUI 配置 IPsec/L2TP VPN 客户端。Ubuntu 16.04 用户可能需要添加 `nm-l2tp` PPA，参见 <a href="https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721" target="_blank">这里</a>。
@ -198,7 +208,7 @@ VPN 连接成功后，你可以到 <a href="https://www.ipchicken.com" target="_

 ### Fedora 和 CentOS

-Fedora 28 （和更新版本）和 CentOS 8/7 用户可以使用更高效的 [IPsec/XAuth](clients-xauth-zh.md#linux) 模式连接。
+Fedora 28（和更新版本）和 CentOS 8/7 用户可以使用 [IPsec/XAuth](clients-xauth-zh.md) 模式连接。

 ### 其它 Linux

@ -400,24 +410,24 @@ ipsec whack --trafficstatus

 ## 使用命令行配置 Linux VPN 客户端

-在成功 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a> 之后，按照下面的步骤来使用命令行配置 Linux VPN 客户端。另外，你也可以 [使用图形界面](#linux) 配置。以下步骤是基于 [Peter Sanford 的工作](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c)。这些命令必须在你的 VPN 客户端上使用 `root` 账户运行。
+在成功 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a> 之后，按照下面的步骤来使用命令行配置 Linux VPN 客户端。另外，你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者 [使用图形界面](#linux) 配置。以下步骤是基于 [Peter Sanford 的工作](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c)。这些命令必须在你的 VPN 客户端上使用 `root` 账户运行。

 要配置 VPN 客户端，首先安装以下软件包：

 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 apt-get update
-apt-get -y install strongswan xl2tpd net-tools
+apt-get install strongswan xl2tpd net-tools

-# CentOS & RHEL
-yum -y install epel-release
-yum --enablerepo=epel -y install strongswan xl2tpd net-tools
+# CentOS
+yum install epel-release
+yum --enablerepo=epel install strongswan xl2tpd net-tools

 # Fedora
-yum -y install strongswan xl2tpd net-tools
+yum install strongswan xl2tpd net-tools
 ```

-创建 VPN 变量 （替换为你自己的值）：
+创建 VPN 变量（替换为你自己的值）：

 ```bash
 VPN_SERVER_IP='你的VPN服务器IP'
@ -451,7 +461,7 @@ EOF

 chmod 600 /etc/ipsec.secrets

-# For CentOS/RHEL & Fedora ONLY
+# For CentOS and Fedora ONLY
 mv /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.old 2>/dev/null
 mv /etc/strongswan/ipsec.secrets /etc/strongswan/ipsec.secrets.old 2>/dev/null
 ln -s /etc/ipsec.conf /etc/strongswan/ipsec.conf
@ -510,10 +520,10 @@ service xl2tpd restart
 开始 IPsec 连接：

 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 ipsec up myvpn

-# CentOS/RHEL & Fedora
+# CentOS and Fedora
 strongswan up myvpn
 ```

@ -569,11 +579,11 @@ route del default dev ppp0
 要断开连接：

 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 echo "d myvpn" > /var/run/xl2tpd/l2tp-control
 ipsec down myvpn

-# CentOS/RHEL & Fedora
+# CentOS and Fedora
 echo "d myvpn" > /var/run/xl2tpd/l2tp-control
 strongswan down myvpn
 ```
--- a/docs/clients.md
+++ b/docs/clients.md
@ -2,7 +2,7 @@

 *Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*

-**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using the faster [IPsec/XAuth mode](clients-xauth.md).
+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/XAuth mode](clients-xauth.md).

 After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.

@ -18,6 +18,8 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin

 ## Windows

+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended).
+
 ### Windows 10 and 8.x

 1. Right-click on the wireless/network icon in your system tray.
@ -86,6 +88,8 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub

 ## OS X

+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/XAuth mode](clients-xauth.md).
+
 1. Open System Preferences and go to the Network section.
 1. Click the **+** button in the lower-left corner of the window.
 1. Select **VPN** from the **Interface** drop-down menu.
@ -109,6 +113,8 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub

 ## Android

+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/XAuth mode](clients-xauth.md).
+
 1. Launch the **Settings** application.
 1. Tap "Network & internet". Or, if using Android 7 or earlier, tap **More...** in the **Wireless & networks** section.
 1. Tap **VPN**.
@ -132,6 +138,8 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub

 ## iOS

+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/XAuth mode](clients-xauth.md).
+
 1. Go to Settings -> General -> VPN.
 1. Tap **Add VPN Configuration...**.
 1. Tap **Type**. Select **L2TP** and go back.
@ -169,6 +177,8 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub

 ## Linux

+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended).
+
 ### Ubuntu Linux

 Ubuntu 18.04 (and newer) users can install the <a href="https://packages.ubuntu.com/search?keywords=network-manager-l2tp-gnome" target="_blank">network-manager-l2tp-gnome</a> package using `apt`, then configure the IPsec/L2TP VPN client using the GUI. Ubuntu 16.04 users may need to add the `nm-l2tp` PPA, read more <a href="https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721" target="_blank">here</a>.
@ -197,7 +207,7 @@ If you get an error when trying to connect, try <a href="https://github.com/nm-l

 ### Fedora and CentOS

-Fedora 28 (and newer) and CentOS 8/7 users can connect using the faster [IPsec/XAuth](clients-xauth.md#linux) mode.
+Fedora 28 (and newer) and CentOS 8/7 users can connect using [IPsec/XAuth](clients-xauth.md) mode.

 ### Other Linux

@ -399,21 +409,21 @@ ipsec whack --trafficstatus

 ## Configure Linux VPN clients using the command line

-After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure Linux VPN clients using the command line. Alternatively, you may configure [using the GUI](#linux). Instructions below are based on [the work of Peter Sanford](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c). Commands must be run as `root` on your VPN client.
+After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure Linux VPN clients using the command line. Alternatively, you may [set up IKEv2](ikev2-howto.md) (recommended), or configure [using the GUI](#linux). Instructions below are based on [the work of Peter Sanford](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c). Commands must be run as `root` on your VPN client.

 To set up the VPN client, first install the following packages:

 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 apt-get update
-apt-get -y install strongswan xl2tpd net-tools
+apt-get install strongswan xl2tpd net-tools

-# CentOS & RHEL
-yum -y install epel-release
-yum --enablerepo=epel -y install strongswan xl2tpd net-tools
+# CentOS
+yum install epel-release
+yum --enablerepo=epel install strongswan xl2tpd net-tools

 # Fedora
-yum -y install strongswan xl2tpd net-tools
+yum install strongswan xl2tpd net-tools
 ```

 Create VPN variables (replace with actual values):
@ -450,7 +460,7 @@ EOF

 chmod 600 /etc/ipsec.secrets

-# For CentOS/RHEL & Fedora ONLY
+# For CentOS and Fedora ONLY
 mv /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.old 2>/dev/null
 mv /etc/strongswan/ipsec.secrets /etc/strongswan/ipsec.secrets.old 2>/dev/null
 ln -s /etc/ipsec.conf /etc/strongswan/ipsec.conf
@ -509,10 +519,10 @@ service xl2tpd restart
 Start the IPsec connection:

 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 ipsec up myvpn

-# CentOS/RHEL & Fedora
+# CentOS and Fedora
 strongswan up myvpn
 ```

@ -567,11 +577,11 @@ route del default dev ppp0
 To disconnect:

 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 echo "d myvpn" > /var/run/xl2tpd/l2tp-control
 ipsec down myvpn

-# CentOS/RHEL & Fedora
+# CentOS and Fedora
 echo "d myvpn" > /var/run/xl2tpd/l2tp-control
 strongswan down myvpn
 ```
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@ -318,6 +318,7 @@ openssl pkcs12 -in vpnclient.p12 -nocerts -nodes  -out vpnclient.key
 rm vpnclient.p12

 # （重要）保护证书和私钥文件
+# 注：这一步是可选的，但强烈推荐。
 sudo chown root.root ikev2vpnca.cer vpnclient.cer vpnclient.key
 sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
 ```
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@ -320,6 +320,7 @@ openssl pkcs12 -in vpnclient.p12 -nocerts -nodes  -out vpnclient.key
 rm vpnclient.p12

 # (Important) Protect certificate and private key files
+# Note: This step is optional, but strongly recommended.
 sudo chown root.root ikev2vpnca.cer vpnclient.cer vpnclient.key
 sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
 ```