Update docs
This commit is contained in:
parent
5fe5f04835
commit
9a9496b41b
@ -157,9 +157,9 @@ sh vpnsetup.sh
|
|||||||
|
|
||||||
如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。该文档包含辅助脚本,以方便管理 VPN 用户。
|
如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。该文档包含辅助脚本,以方便管理 VPN 用户。
|
||||||
|
|
||||||
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>),请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433)。
|
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>),请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433)。
|
||||||
|
|
||||||
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,编辑 `/etc/ppp/options.xl2tpd` 和 `/etc/ipsec.conf` 并替换 `8.8.8.8` 和 `8.8.4.4`,然后重启服务器。高级用户可以在运行 VPN 脚本时定义 `VPN_DNS_SRV1` 和 `VPN_DNS_SRV2`(可选)。
|
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,编辑 `/etc/ppp/options.xl2tpd` 和 `/etc/ipsec.conf` 并替换 `8.8.8.8` 和 `8.8.4.4`,然后重启服务器。
|
||||||
|
|
||||||
使用内核支持有助于提高 IPsec/L2TP 性能。它在以下系统上可用: Ubuntu 16.04-20.04, Debian 9-10 和 CentOS 6-8. Ubuntu 系统需要安装 `linux-modules-extra-$(uname -r)`(或者 `linux-image-extra`),然后运行 `service xl2tpd restart`。
|
使用内核支持有助于提高 IPsec/L2TP 性能。它在以下系统上可用: Ubuntu 16.04-20.04, Debian 9-10 和 CentOS 6-8. Ubuntu 系统需要安装 `linux-modules-extra-$(uname -r)`(或者 `linux-image-extra`),然后运行 `service xl2tpd restart`。
|
||||||
|
|
||||||
|
@ -157,9 +157,9 @@ The same VPN account can be used by your multiple devices. However, due to an IP
|
|||||||
|
|
||||||
If you wish to add, edit or remove VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>. Helper scripts are included for convenience.
|
If you wish to add, edit or remove VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>. Helper scripts are included for convenience.
|
||||||
|
|
||||||
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN. Aliyun users, see [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433).
|
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN. Aliyun users, see [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433).
|
||||||
|
|
||||||
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`, then reboot your server. Advanced users can define `VPN_DNS_SRV1` and optionally `VPN_DNS_SRV2` when running the VPN setup script.
|
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`, then reboot your server.
|
||||||
|
|
||||||
Using kernel support could improve IPsec/L2TP performance. It is available on Ubuntu 16.04-20.04, Debian 9-10 and CentOS 6-8. Ubuntu users: Install `linux-modules-extra-$(uname -r)` (or `linux-image-extra`), then run `service xl2tpd restart`.
|
Using kernel support could improve IPsec/L2TP performance. It is available on Ubuntu 16.04-20.04, Debian 9-10 and CentOS 6-8. Ubuntu users: Install `linux-modules-extra-$(uname -r)` (or `linux-image-extra`), then run `service xl2tpd restart`.
|
||||||
|
|
||||||
|
@ -37,14 +37,13 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
|
|||||||
|
|
||||||
### Ubuntu/Debian
|
### Ubuntu/Debian
|
||||||
|
|
||||||
编辑 `/etc/iptables.rules` 并删除不需要的规则。
|
编辑 `/etc/iptables.rules` 并删除不需要的规则。你之前的防火墙规则(如果有)备份在 `/etc/iptables.rules.old-日期-时间`。另外如果文件 `/etc/iptables/rules.v4` 存在,请编辑它。
|
||||||
你以前的防火墙规则(如果有)会备份在 `/etc/iptables.rules.old-日期-时间`。
|
|
||||||
另外如果文件 `/etc/iptables/rules.v4` 存在,请编辑它。
|
|
||||||
|
|
||||||
### CentOS/RHEL
|
### CentOS/RHEL
|
||||||
|
|
||||||
编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。
|
编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。你之前的防火墙规则(如果有)备份在 `/etc/sysconfig/iptables.old-日期-时间`。
|
||||||
你以前的防火墙规则(如果有)会备份在 `/etc/sysconfig/iptables.old-日期-时间`。
|
|
||||||
|
**注:** 如果使用 CentOS/RHEL 8 并且在安装 VPN 时 firewalld 正在运行,则可能已配置 nftables。编辑 `/etc/sysconfig/nftables.conf` 并删除不需要的规则。你之前的防火墙规则备份在 `/etc/sysconfig/nftables.conf.old-日期-时间`。
|
||||||
|
|
||||||
## 第四步
|
## 第四步
|
||||||
|
|
||||||
@ -53,7 +52,7 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
|
|||||||
|
|
||||||
## 可选步骤
|
## 可选步骤
|
||||||
|
|
||||||
注: 这一步是可选的。
|
**注:** 这一步是可选的。
|
||||||
|
|
||||||
删除这些配置文件:
|
删除这些配置文件:
|
||||||
|
|
||||||
|
@ -37,14 +37,13 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
|
|||||||
|
|
||||||
### Ubuntu/Debian
|
### Ubuntu/Debian
|
||||||
|
|
||||||
Edit `/etc/iptables.rules` and remove unneeded rules.
|
Edit `/etc/iptables.rules` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`. In addition, edit `/etc/iptables/rules.v4` if the file exists.
|
||||||
Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`.
|
|
||||||
In addition, edit `/etc/iptables/rules.v4` if the file exists.
|
|
||||||
|
|
||||||
### CentOS/RHEL
|
### CentOS/RHEL
|
||||||
|
|
||||||
Edit `/etc/sysconfig/iptables` and remove unneeded rules.
|
Edit `/etc/sysconfig/iptables` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.
|
||||||
Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.
|
|
||||||
|
**Note:** If using CentOS/RHEL 8 and firewalld was active during VPN setup, nftables may be configured. Edit `/etc/sysconfig/nftables.conf` and remove unneeded rules. Your original rules are backed up as `/etc/sysconfig/nftables.conf.old-date-time`.
|
||||||
|
|
||||||
## Fourth step
|
## Fourth step
|
||||||
|
|
||||||
@ -53,7 +52,7 @@ Edit `/etc/rc.local` and remove the lines after `# Added by hwdsl2 VPN script`.
|
|||||||
|
|
||||||
## Optional
|
## Optional
|
||||||
|
|
||||||
Note: This step is optional.
|
**Note:** This step is optional.
|
||||||
|
|
||||||
Remove these config files:
|
Remove these config files:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user