1
0
mirror of synced 2024-11-25 22:36:04 +03:00

Update docs

[ci skip]
This commit is contained in:
hwdsl2 2016-06-29 14:35:28 -05:00
parent ac91fa9b79
commit 9b541c6da3
11 changed files with 90 additions and 56 deletions

View File

@ -1,8 +1,8 @@
# IPsec VPN 服务器一键安装脚本 <a href="https://travis-ci.org/hwdsl2/setup-ipsec-vpn"><img align="right" src="https://travis-ci.org/hwdsl2/setup-ipsec-vpn.svg?branch=master" alt="Build status" /></a> # IPsec VPN 服务器一键安装脚本 &nbsp;[![Build Status](https://static.ls20.com/travis-ci/setup-ipsec-vpn.svg)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
*其他语言版本: [English](README.md), [简体中文](README-zh.md).* *其他语言版本: [English](README.md), [简体中文](README-zh.md).*
使用这些 Linux Shell 脚本一键快速搭建 IPsec VPN 服务器。支持 IPsec/L2TP 和 Cisco IPsec 协议,可用于 UbuntuDebian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,然后运行脚本自动完成安装。 使用 Linux Shell 脚本一键快速搭建 IPsec VPN 服务器。支持 IPsec/L2TP 和 Cisco IPsec 协议,可用于 UbuntuDebian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,然后运行脚本自动完成安装。
我们将使用 <a href="https://libreswan.org/" target="_blank">Libreswan</a> 作为 IPsec 服务器,以及 <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> 作为 L2TP 提供者。 我们将使用 <a href="https://libreswan.org/" target="_blank">Libreswan</a> 作为 IPsec 服务器,以及 <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> 作为 L2TP 提供者。
@ -17,7 +17,7 @@
- [CentOS & RHEL](#centos--rhel) - [CentOS & RHEL](#centos--rhel)
- [下一步](#下一步) - [下一步](#下一步)
- [重要提示](#重要提示) - [重要提示](#重要提示)
- [关于升级Libreswan](#关于升级libreswan) - [升级Libreswan](#升级libreswan)
- [问题和反馈](#问题和反馈) - [问题和反馈](#问题和反馈)
- [卸载说明](#卸载说明) - [卸载说明](#卸载说明)
- [另见](#另见) - [另见](#另见)
@ -26,8 +26,8 @@
## 功能特性 ## 功能特性
- **NEW:** 新增支持更高效的 `IPsec/XAuth ("Cisco IPsec")` 模式 - **新:** 增加支持更高效的 `IPsec/XAuth ("Cisco IPsec")` 模式
- **NEW:** 现在可以下载 VPN 服务器的预构建 <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">Docker 镜像</a> - **新:** 现在可以下载 VPN 服务器的预构建 [Docker 镜像](#另见)
- 全自动的 IPsec VPN 服务器配置,无需用户输入 - 全自动的 IPsec VPN 服务器配置,无需用户输入
- 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持 - 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持
- 可直接作为 Amazon EC2 实例创建时的用户数据使用 - 可直接作为 Amazon EC2 实例创建时的用户数据使用
@ -37,7 +37,7 @@
## 系统要求 ## 系统要求
一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例,使用这些 AMI (详细步骤<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">点这里</a>) 一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例,使用这些 AMI (详细步骤 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">点这里</a>
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)</a> - <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)</a>
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 8 (Jessie) EC2 Images</a> - <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 8 (Jessie) EC2 Images</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a> - <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
@ -45,7 +45,7 @@
**-或者-** **-或者-**
一个专用服务器,或者基于 KVM/Xen 的虚拟专用服务器 (VPS),全新安装以上操作系统之一。另外也可用 Debian 7 (Wheezy),但是必须首先运行 <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">另一个脚本</a>。 OpenVZ VPS 用户请使用其它的 VPN 软件,比如 <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a> 一个专用服务器,或者任何基于 KVM/Xen 的虚拟专用服务器 (VPS),全新安装以上系统之一。另外也可用 Debian 7 (Wheezy),但是必须首先运行 <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">另一个脚本</a>。 OpenVZ VPS 用户请使用其它的 VPN 软件,比如 Shadowsocks ( <a href="https://github.com/shadowsocks/shadowsocks-libev" target="_blank">libev</a> | <a href="https://github.com/breakwa11/shadowsocks-rss" target="_blank">rss</a> )
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; 我想建立并使用自己的 VPN ,但是没有可用的服务器**</a> <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; 我想建立并使用自己的 VPN ,但是没有可用的服务器**</a>
@ -57,6 +57,8 @@
首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。 首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
要安装 VPN请从以下选项中选择一个
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 (完成后会在屏幕上显示): **选项 1:** 使用脚本随机生成的 VPN 登录凭证 (完成后会在屏幕上显示):
```bash ```bash
@ -72,20 +74,31 @@ nano -w vpnsetup.sh
sudo sh vpnsetup.sh sudo sh vpnsetup.sh
``` ```
**选项 3:** 将你自己的 VPN 登录凭证定义为环境变量:
```bash
# 所有变量值必须用 '单引号' 括起来
# *不要* 在值中使用这些字符: \ " '
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
VPN_IPSEC_PSK='你的IPsec预共享密钥' \
VPN_USER='你的VPN用户名' \
VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
```
**注:** 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
### CentOS & RHEL ### CentOS & RHEL
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。 首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://git.io/vpnsetup-centos` 按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://git.io/vpnsetup-centos`
注: 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
## 下一步 ## 下一步
配置你的计算机或其它设备使用 VPN 。请参见: 配置你的计算机或其它设备使用 VPN 。请参见:
<a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a> <a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
<a href="docs/clients-xauth-zh.md" target="_blank">配置 IPsec/XAuth VPN 客户端</a> <a href="docs/clients-xauth-zh.md" target="_blank">配置 IPsec/XAuth ("Cisco IPsec") VPN 客户端</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles: 开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
@ -95,9 +108,11 @@ sudo sh vpnsetup.sh
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a> **Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
如果需要添加,编辑或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a> 如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果要使用另外的 DNS 服务商,可以编辑文件 `options.xl2tpd``ipsec.conf` 并用新的服务器替换 `8.8.8.8``8.8.4.4`。然后重新启动系统。 在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,请编辑 `/etc/ppp/options.xl2tpd``/etc/ipsec.conf` 并替换 `8.8.8.8``8.8.4.4`。然后重启服务器。
在使用 `IPsec/L2TP` 连接时VPN 服务器在虚拟网络 `192.168.42.0/24` 内具有 IP `192.168.42.1`
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500以及 TCP 端口 22 (用于 SSH 对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500以及 TCP 端口 22 (用于 SSH
@ -105,9 +120,9 @@ sudo sh vpnsetup.sh
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。 这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
## 关于升级Libreswan ## 升级Libreswan
提供额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a><a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于升级 Libreswan (<a href="https://libreswan.org" target="_blank"></a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">通知列表</a>)。请在运行前根据需要修改 `swan_ver` 变量。检查已安装版本: `ipsec --version` 提供两个额外的脚本 <a href="extras/vpnupgrade.sh" target="_blank">vpnupgrade.sh</a><a href="extras/vpnupgrade_centos.sh" target="_blank">vpnupgrade_centos.sh</a>,可用于升级 Libreswan <a href="https://libreswan.org" target="_blank"></a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">通知列表</a>。请在运行前根据需要修改 `swan_ver` 变量。检查已安装版本: `ipsec --version`
## 问题和反馈 ## 问题和反馈

View File

@ -1,8 +1,8 @@
# IPsec VPN Server Auto Setup Scripts <a href="https://travis-ci.org/hwdsl2/setup-ipsec-vpn"><img align="right" src="https://travis-ci.org/hwdsl2/setup-ipsec-vpn.svg?branch=master" alt="Build status" /></a> # IPsec VPN Server Auto Setup Scripts &nbsp;[![Build Status](https://static.ls20.com/travis-ci/setup-ipsec-vpn.svg)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).* *Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
These scripts will let you set up your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian & CentOS. All you need to do is provide your own VPN credentials, and the scripts will handle the rest. Set up your own IPsec VPN server in just a few minutes, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest.
We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as the IPsec server, and <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> as the L2TP provider. We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as the IPsec server, and <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> as the L2TP provider.
@ -17,7 +17,7 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
- [CentOS & RHEL](#centos--rhel) - [CentOS & RHEL](#centos--rhel)
- [Next Steps](#next-steps) - [Next Steps](#next-steps)
- [Important Notes](#important-notes) - [Important Notes](#important-notes)
- [Upgrading Libreswan](#upgrading-libreswan) - [Upgrade Libreswan](#upgrade-libreswan)
- [Bugs & Questions](#bugs--questions) - [Bugs & Questions](#bugs--questions)
- [Uninstallation](#uninstallation) - [Uninstallation](#uninstallation)
- [See Also](#see-also) - [See Also](#see-also)
@ -26,8 +26,8 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
## Features ## Features
- **NEW:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported - **New:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported
- **NEW:** A pre-built <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">Docker image</a> of the VPN server is now available - **New:** A pre-built [Docker image](#see-also) of the VPN server is now available
- Fully automated IPsec VPN server setup, no user input needed - Fully automated IPsec VPN server setup, no user input needed
- Encapsulates all VPN traffic in UDP - does not need ESP protocol - Encapsulates all VPN traffic in UDP - does not need ESP protocol
- Can be directly used as "user-data" for a new Amazon EC2 instance - Can be directly used as "user-data" for a new Amazon EC2 instance
@ -45,7 +45,7 @@ A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2
**-OR-** **-OR-**
A dedicated server or KVM/Xen-based Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS users should instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>. A dedicated server or any KVM/Xen-based Virtual Private Server (VPS), freshly installed with one of the above systems. Additionally, Debian 7 (Wheezy) can be used with <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS users should instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>.
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; I want to run my own VPN but don't have a server for that**</a> <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; I want to run my own VPN but don't have a server for that**</a>
@ -57,6 +57,8 @@ A dedicated server or KVM/Xen-based Virtual Private Server (VPS), freshly instal
First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended. First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended.
To install the VPN, please choose one of the following options:
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished): **Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished):
```bash ```bash
@ -72,20 +74,31 @@ nano -w vpnsetup.sh
sudo sh vpnsetup.sh sudo sh vpnsetup.sh
``` ```
**Option 3:** Define your VPN credentials as environment variables:
```bash
# All values MUST be placed inside 'single quotes'
# DO NOT use these characters within values: \ " '
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' sh vpnsetup.sh
```
**Note:** If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
### CentOS & RHEL ### CentOS & RHEL
First, update your system with `yum update` and reboot. This is optional, but recommended. First, update your system with `yum update` and reboot. This is optional, but recommended.
Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://git.io/vpnsetup-centos`. Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://git.io/vpnsetup-centos`.
Note: If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
## Next Steps ## Next Steps
Get your computer or device to use the VPN. Please refer to: Get your computer or device to use the VPN. Please refer to:
<a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a> <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>
<a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAuth VPN Clients</a> <a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAuth ("Cisco IPsec") VPN Clients</a>
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
@ -97,7 +110,9 @@ For **Windows users**, a <a href="docs/clients.md#regkey" target="_blank">one-ti
If you wish to add, edit or remove VPN user accounts, refer to <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>. If you wish to add, edit or remove VPN user accounts, refer to <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `options.xl2tpd` and `ipsec.conf` with new ones. Then reboot your server. Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`. Then reboot your server.
When connecting via `IPsec/L2TP`, the VPN server has IP `192.168.42.1` within the VPN subnet `192.168.42.0/24`.
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH). For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH).
@ -105,9 +120,9 @@ If your server has a custom SSH port (not 22) or other services, edit IPTables r
The scripts will backup existing config files before making changes, with `.old-date-time` suffix. The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
## Upgrading Libreswan ## Upgrade Libreswan
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to upgrade Libreswan (<a href="https://libreswan.org" target="_blank">website</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">swan-announce</a>). Update the `swan_ver` variable as necessary. Check installed version: `ipsec --version` The additional scripts <a href="extras/vpnupgrade.sh" target="_blank">vpnupgrade.sh</a> and <a href="extras/vpnupgrade_centos.sh" target="_blank">vpnupgrade_centos.sh</a> can be used to upgrade Libreswan (<a href="https://libreswan.org" target="_blank">website</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">mailing list</a>). Update the `swan_ver` variable as necessary. Check installed version: `ipsec --version`
## Bugs & Questions ## Bugs & Questions

View File

@ -4,9 +4,9 @@
*如需使用 IPsec/L2TP 模式连接,请参见: [配置 IPsec/L2TP VPN 客户端](clients-zh.md)* *如需使用 IPsec/L2TP 模式连接,请参见: [配置 IPsec/L2TP VPN 客户端](clients-zh.md)*
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/XAuth 在 Android, iOS 和 OS X 上均受支持无需安装额外的软件。Windows 用户可以使用免费的 <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft 客户端</a>。如果无法连接,请首先检查是否输入了正确的 VPN 登录信息 在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的 VPN 服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/XAuth ("Cisco IPsec") 在 Android, iOS 和 OS X 上均受支持无需安装额外的软件。Windows 用户可以使用免费的 <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft 客户端</a>。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证
`IPsec/XAuth` 模式也称为 `Cisco IPsec`。和 `IPsec/L2TP` 相比较,它通常能够更高效地传输数据。 `IPsec/XAuth` 模式也称为 "Cisco IPsec"。和 `IPsec/L2TP` 相比较,它通常能够更高效地传输数据。
--- ---
* 平台名称 * 平台名称

View File

@ -4,9 +4,9 @@
*To connect using IPsec/L2TP mode, see: [Configure IPsec/L2TP VPN Clients](clients.md)* *To connect using IPsec/L2TP mode, see: [Configure IPsec/L2TP VPN Clients](clients.md)*
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/XAuth is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft client</a>. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly. After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/XAuth ("Cisco IPsec") is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft client</a>. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
`IPsec/XAuth` mode is also called `Cisco IPsec`. Compared to `IPsec/L2TP`, it is generally faster with less overhead. `IPsec/XAuth` mode is also called "Cisco IPsec". Compared to `IPsec/L2TP`, it is generally faster with less overhead.
--- ---
* Platforms * Platforms

View File

@ -2,9 +2,9 @@
*其他语言版本: [English](clients.md), [简体中文](clients-zh.md).* *其他语言版本: [English](clients.md), [简体中文](clients-zh.md).*
*如需使用 IPsec/XAuth 模式连接,请参见: [配置 IPsec/XAuth VPN 客户端](clients-xauth-zh.md)* *如需使用 IPsec/XAuth ("Cisco IPsec") 模式连接,请参见: [配置 IPsec/XAuth VPN 客户端](clients-xauth-zh.md)*
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录信息 在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的 VPN 服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证
--- ---
* 平台名称 * 平台名称

View File

@ -2,7 +2,7 @@
*Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).* *Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*
*To connect using IPsec/XAuth mode, see: [Configure IPsec/XAuth VPN Clients](clients-xauth.md)* *To connect using IPsec/XAuth ("Cisco IPsec") mode, see: [Configure IPsec/XAuth VPN Clients](clients-xauth.md)*
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly. After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.

View File

@ -31,7 +31,7 @@
这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成: 这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成:
```bash ```bash
# The output will be <VPN Password 1 (hashed)> # 以下命令的输出为 <VPN Password 1 (hashed)>
openssl passwd -1 "<VPN Password 1>" openssl passwd -1 "<VPN Password 1>"
``` ```

View File

@ -11,7 +11,7 @@
* [第三步](#第三步) * [第三步](#第三步)
* [第四步](#第四步) * [第四步](#第四步)
* [可选步骤](#可选步骤) * [可选步骤](#可选步骤)
* [操作完成后](#操作完成后) * [完成后](#完成后)
## 第一步 ## 第一步
@ -19,14 +19,15 @@
service ipsec stop service ipsec stop
service xl2tpd stop service xl2tpd stop
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
/etc/init.d/ipsec /usr/lib/systemd/system/ipsec.service
``` ```
## 第二步 ## 第二步
### Ubuntu/Debian ### Ubuntu/Debian
`apt-get remove xl2tpd` `apt-get purge xl2tpd`
### CentOS/RHEL ### CentOS/RHEL
@ -56,23 +57,24 @@ rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service
删除这些配置文件: 删除这些配置文件:
* /etc/ipsec.conf * /etc/ipsec.conf*
* /etc/ipsec.secrets * /etc/ipsec.secrets*
* /etc/xl2tpd/xl2tpd.conf * /etc/ppp/chap-secrets*
* /etc/ppp/options.xl2tpd * /etc/ppp/options.xl2tpd*
* /etc/ppp/chap-secrets
* /etc/pam.d/pluto * /etc/pam.d/pluto
* /etc/sysconfig/pluto * /etc/sysconfig/pluto
* /etc/default/pluto
* /etc/ipsec.d (目录) * /etc/ipsec.d (目录)
* /etc/xl2tpd (目录)
要快速删除,可以复制并粘贴以下命令: 要快速删除,可以复制并粘贴以下命令:
``` ```
rm -f /etc/ipsec.conf /etc/ipsec.secrets /etc/xl2tpd/xl2tpd.conf /etc/ppp/options.xl2tpd \ rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \
/etc/ppp/chap-secrets /etc/pam.d/pluto /etc/sysconfig/pluto /etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto
rm -rf /etc/ipsec.d rm -rf /etc/ipsec.d /etc/xl2tpd
``` ```
## 操作完成后 ## 完成后
重启你的服务器。 重启你的服务器。

View File

@ -19,14 +19,15 @@ Follow these steps to remove the VPN. Commands must be run as `root`, or with `s
service ipsec stop service ipsec stop
service xl2tpd stop service xl2tpd stop
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
/etc/init.d/ipsec /usr/lib/systemd/system/ipsec.service
``` ```
## Second step ## Second step
### Ubuntu/Debian ### Ubuntu/Debian
`apt-get remove xl2tpd` `apt-get purge xl2tpd`
### CentOS/RHEL ### CentOS/RHEL
@ -56,21 +57,22 @@ Note: This step is optional.
Remove these config files: Remove these config files:
* /etc/ipsec.conf * /etc/ipsec.conf*
* /etc/ipsec.secrets * /etc/ipsec.secrets*
* /etc/xl2tpd/xl2tpd.conf * /etc/ppp/chap-secrets*
* /etc/ppp/options.xl2tpd * /etc/ppp/options.xl2tpd*
* /etc/ppp/chap-secrets
* /etc/pam.d/pluto * /etc/pam.d/pluto
* /etc/sysconfig/pluto * /etc/sysconfig/pluto
* /etc/default/pluto
* /etc/ipsec.d (directory) * /etc/ipsec.d (directory)
* /etc/xl2tpd (directory)
Copy and paste for fast removal: Copy and paste for fast removal:
``` ```
rm -f /etc/ipsec.conf /etc/ipsec.secrets /etc/xl2tpd/xl2tpd.conf /etc/ppp/options.xl2tpd \ rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \
/etc/ppp/chap-secrets /etc/pam.d/pluto /etc/sysconfig/pluto /etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto
rm -rf /etc/ipsec.d rm -rf /etc/ipsec.d /etc/xl2tpd
``` ```
## When finished ## When finished