1
0
mirror of synced 2024-11-29 08:06:04 +03:00

Update IKEv2 docs

This commit is contained in:
hwdsl2 2020-05-31 17:37:49 -05:00
parent 204904abf4
commit 99e87f5287
2 changed files with 8 additions and 4 deletions

View File

@ -25,12 +25,12 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
## 使用辅助脚本 ## 使用辅助脚本
**重要:** 作为使用本指南的先决条件,在继续之前,你必须确保你已经成功地 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a>,并且(可选但推荐)将 Libreswan <a href="../README-zh.md#升级libreswan" target="_blank">升级</a> 到最新版本。 **重要:** 作为使用本指南的先决条件,在继续之前,你必须确保你已经成功地 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a>,并且(可选但推荐)将 Libreswan <a href="../README-zh.md#升级libreswan" target="_blank">升级</a> 到最新版本。Docker 用户请看 <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#配置并使用-ikev2-vpn" target="_blank">这里</a>
你可以使用这个辅助脚本来自动地在 VPN 服务器上配置 IKEv2 你可以使用这个辅助脚本来自动地在 VPN 服务器上配置 IKEv2
``` ```
wget https://git.io/ikev2setup -O ikev2setup.sh && sudo bash ikev2setup.sh wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh
``` ```
<a href="../extras/ikev2setup.sh" target="_blank">脚本</a> 必须使用 `bash` 而不是 `sh` 运行。按照脚本的提示配置 IKEv2。在完成之后请转到 [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端) 和 [已知问题](#已知问题)。如需为更多的客户端生成证书,请参见下一小节的第 4 步。 <a href="../extras/ikev2setup.sh" target="_blank">脚本</a> 必须使用 `bash` 而不是 `sh` 运行。按照脚本的提示配置 IKEv2。在完成之后请转到 [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端) 和 [已知问题](#已知问题)。如需为更多的客户端生成证书,请参见下一小节的第 4 步。
@ -237,6 +237,8 @@ wget https://git.io/ikev2setup -O ikev2setup.sh && sudo bash ikev2setup.sh
## 配置 IKEv2 VPN 客户端 ## 配置 IKEv2 VPN 客户端
*其他语言版本: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端).*
**注:** 如果你在上面的第一步指定了服务器的域名(而不是 IP 地址),则必须在 **服务器地址****远程 ID** 字段中输入该域名。如需为更多的客户端生成证书,请参见上一小节的第 4 步。 **注:** 如果你在上面的第一步指定了服务器的域名(而不是 IP 地址),则必须在 **服务器地址****远程 ID** 字段中输入该域名。如需为更多的客户端生成证书,请参见上一小节的第 4 步。
* [Windows 7, 8.x 和 10](#windows-7-8x-和-10) * [Windows 7, 8.x 和 10](#windows-7-8x-和-10)

View File

@ -25,12 +25,12 @@ Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certifica
## Using helper scripts ## Using helper scripts
**Important:** As a prerequisite to using this guide, and before continuing, you must make sure that you have successfully <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">set up your own VPN server</a>, and (optional but recommended) <a href="../README.md#upgrade-libreswan" target="_blank">upgraded Libreswan</a> to the latest version. **Important:** As a prerequisite to using this guide, and before continuing, you must make sure that you have successfully <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">set up your own VPN server</a>, and (optional but recommended) <a href="../README.md#upgrade-libreswan" target="_blank">upgraded Libreswan</a> to the latest version. Docker users, see <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#configure-and-use-ikev2-vpn" target="_blank">here</a>.
You may use this helper script to automatically set up IKEv2 on the VPN server: You may use this helper script to automatically set up IKEv2 on the VPN server:
``` ```
wget https://git.io/ikev2setup -O ikev2setup.sh && sudo bash ikev2setup.sh wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh
``` ```
The <a href="../extras/ikev2setup.sh" target="_blank">script</a> must be run using `bash`, not `sh`. Follow the prompts to set up IKEv2. When finished, continue to [configure IKEv2 VPN clients](#configure-ikev2-vpn-clients) and check [known issues](#known-issues). If you wish to generate certificates for additional VPN clients, refer to step 4 in the next section. The <a href="../extras/ikev2setup.sh" target="_blank">script</a> must be run using `bash`, not `sh`. Follow the prompts to set up IKEv2. When finished, continue to [configure IKEv2 VPN clients](#configure-ikev2-vpn-clients) and check [known issues](#known-issues). If you wish to generate certificates for additional VPN clients, refer to step 4 in the next section.
@ -237,6 +237,8 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th
## Configure IKEv2 VPN clients ## Configure IKEv2 VPN clients
*Read this in other languages: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端).*
**Note:** If you specified the server's DNS name (instead of its IP address) in step 1 above, you must enter the DNS name in the **Server** and **Remote ID** fields. If you wish to generate certificates for additional VPN clients, refer to step 4 in the previous section. **Note:** If you specified the server's DNS name (instead of its IP address) in step 1 above, you must enter the DNS name in the **Server** and **Remote ID** fields. If you wish to generate certificates for additional VPN clients, refer to step 4 in the previous section.
* [Windows 7, 8.x and 10](#windows-7-8x-and-10) * [Windows 7, 8.x and 10](#windows-7-8x-and-10)