Update docs
[ci skip]
This commit is contained in:
parent
ac91fa9b79
commit
9b541c6da3
43
README-zh.md
43
README-zh.md
@ -1,8 +1,8 @@
|
|||||||
# IPsec VPN 服务器一键安装脚本 <a href="https://travis-ci.org/hwdsl2/setup-ipsec-vpn"><img align="right" src="https://travis-ci.org/hwdsl2/setup-ipsec-vpn.svg?branch=master" alt="Build status" /></a>
|
# IPsec VPN 服务器一键安装脚本 [![Build Status](https://static.ls20.com/travis-ci/setup-ipsec-vpn.svg)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
|
||||||
|
|
||||||
*其他语言版本: [English](README.md), [简体中文](README-zh.md).*
|
*其他语言版本: [English](README.md), [简体中文](README-zh.md).*
|
||||||
|
|
||||||
使用这些 Linux Shell 脚本一键快速搭建 IPsec VPN 服务器。支持 IPsec/L2TP 和 Cisco IPsec 协议,可用于 Ubuntu,Debian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,然后运行脚本自动完成安装。
|
使用 Linux Shell 脚本一键快速搭建 IPsec VPN 服务器。支持 IPsec/L2TP 和 Cisco IPsec 协议,可用于 Ubuntu,Debian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,然后运行脚本自动完成安装。
|
||||||
|
|
||||||
我们将使用 <a href="https://libreswan.org/" target="_blank">Libreswan</a> 作为 IPsec 服务器,以及 <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> 作为 L2TP 提供者。
|
我们将使用 <a href="https://libreswan.org/" target="_blank">Libreswan</a> 作为 IPsec 服务器,以及 <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> 作为 L2TP 提供者。
|
||||||
|
|
||||||
@ -17,7 +17,7 @@
|
|||||||
- [CentOS & RHEL](#centos--rhel)
|
- [CentOS & RHEL](#centos--rhel)
|
||||||
- [下一步](#下一步)
|
- [下一步](#下一步)
|
||||||
- [重要提示](#重要提示)
|
- [重要提示](#重要提示)
|
||||||
- [关于升级Libreswan](#关于升级libreswan)
|
- [升级Libreswan](#升级libreswan)
|
||||||
- [问题和反馈](#问题和反馈)
|
- [问题和反馈](#问题和反馈)
|
||||||
- [卸载说明](#卸载说明)
|
- [卸载说明](#卸载说明)
|
||||||
- [另见](#另见)
|
- [另见](#另见)
|
||||||
@ -26,8 +26,8 @@
|
|||||||
|
|
||||||
## 功能特性
|
## 功能特性
|
||||||
|
|
||||||
- **NEW:** 新增支持更高效的 `IPsec/XAuth ("Cisco IPsec")` 模式
|
- **新:** 增加支持更高效的 `IPsec/XAuth ("Cisco IPsec")` 模式
|
||||||
- **NEW:** 现在可以下载 VPN 服务器的预构建 <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">Docker 镜像</a>
|
- **新:** 现在可以下载 VPN 服务器的预构建 [Docker 镜像](#另见)
|
||||||
- 全自动的 IPsec VPN 服务器配置,无需用户输入
|
- 全自动的 IPsec VPN 服务器配置,无需用户输入
|
||||||
- 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持
|
- 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持
|
||||||
- 可直接作为 Amazon EC2 实例创建时的用户数据使用
|
- 可直接作为 Amazon EC2 实例创建时的用户数据使用
|
||||||
@ -37,7 +37,7 @@
|
|||||||
|
|
||||||
## 系统要求
|
## 系统要求
|
||||||
|
|
||||||
一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例,使用这些 AMI: (详细步骤<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">点这里</a>)
|
一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例,使用这些 AMI: (详细步骤 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">点这里</a> )
|
||||||
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)</a>
|
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)</a>
|
||||||
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 8 (Jessie) EC2 Images</a>
|
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 8 (Jessie) EC2 Images</a>
|
||||||
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
|
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
|
||||||
@ -45,7 +45,7 @@
|
|||||||
|
|
||||||
**-或者-**
|
**-或者-**
|
||||||
|
|
||||||
一个专用服务器,或者基于 KVM/Xen 的虚拟专用服务器 (VPS),全新安装以上操作系统之一。另外也可用 Debian 7 (Wheezy),但是必须首先运行 <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">另一个脚本</a>。 OpenVZ VPS 用户请使用其它的 VPN 软件,比如 <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>。
|
一个专用服务器,或者任何基于 KVM/Xen 的虚拟专用服务器 (VPS),全新安装以上系统之一。另外也可用 Debian 7 (Wheezy),但是必须首先运行 <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">另一个脚本</a>。 OpenVZ VPS 用户请使用其它的 VPN 软件,比如 Shadowsocks ( <a href="https://github.com/shadowsocks/shadowsocks-libev" target="_blank">libev</a> | <a href="https://github.com/breakwa11/shadowsocks-rss" target="_blank">rss</a> )。
|
||||||
|
|
||||||
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**» 我想建立并使用自己的 VPN ,但是没有可用的服务器**</a>
|
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**» 我想建立并使用自己的 VPN ,但是没有可用的服务器**</a>
|
||||||
|
|
||||||
@ -57,6 +57,8 @@
|
|||||||
|
|
||||||
首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
|
首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
|
||||||
|
|
||||||
|
要安装 VPN,请从以下选项中选择一个:
|
||||||
|
|
||||||
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 (完成后会在屏幕上显示):
|
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 (完成后会在屏幕上显示):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -72,20 +74,31 @@ nano -w vpnsetup.sh
|
|||||||
sudo sh vpnsetup.sh
|
sudo sh vpnsetup.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**选项 3:** 将你自己的 VPN 登录凭证定义为环境变量:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# 所有变量值必须用 '单引号' 括起来
|
||||||
|
# *不要* 在值中使用这些字符: \ " '
|
||||||
|
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
|
||||||
|
VPN_IPSEC_PSK='你的IPsec预共享密钥' \
|
||||||
|
VPN_USER='你的VPN用户名' \
|
||||||
|
VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
**注:** 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
|
||||||
|
|
||||||
### CentOS & RHEL
|
### CentOS & RHEL
|
||||||
|
|
||||||
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
|
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
|
||||||
|
|
||||||
按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://git.io/vpnsetup-centos`。
|
按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://git.io/vpnsetup-centos`。
|
||||||
|
|
||||||
注: 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
|
|
||||||
|
|
||||||
## 下一步
|
## 下一步
|
||||||
|
|
||||||
配置你的计算机或其它设备使用 VPN 。请参见:
|
配置你的计算机或其它设备使用 VPN 。请参见:
|
||||||
|
|
||||||
<a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
|
<a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
|
||||||
<a href="docs/clients-xauth-zh.md" target="_blank">配置 IPsec/XAuth VPN 客户端</a>
|
<a href="docs/clients-xauth-zh.md" target="_blank">配置 IPsec/XAuth ("Cisco IPsec") VPN 客户端</a>
|
||||||
|
|
||||||
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
|
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
|
||||||
|
|
||||||
@ -95,9 +108,11 @@ sudo sh vpnsetup.sh
|
|||||||
|
|
||||||
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>。
|
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>。
|
||||||
|
|
||||||
如果需要添加,编辑或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。
|
如果需要添加,修改或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。
|
||||||
|
|
||||||
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果要使用另外的 DNS 服务商,可以编辑文件 `options.xl2tpd` 和 `ipsec.conf` 并用新的服务器替换 `8.8.8.8` 和 `8.8.4.4`。然后重新启动系统。
|
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,请编辑 `/etc/ppp/options.xl2tpd` 和 `/etc/ipsec.conf` 并替换 `8.8.8.8` 和 `8.8.4.4`。然后重启服务器。
|
||||||
|
|
||||||
|
在使用 `IPsec/L2TP` 连接时,VPN 服务器在虚拟网络 `192.168.42.0/24` 内具有 IP `192.168.42.1`。
|
||||||
|
|
||||||
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500,以及 TCP 端口 22 (用于 SSH)。
|
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500,以及 TCP 端口 22 (用于 SSH)。
|
||||||
|
|
||||||
@ -105,9 +120,9 @@ sudo sh vpnsetup.sh
|
|||||||
|
|
||||||
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
|
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
|
||||||
|
|
||||||
## 关于升级Libreswan
|
## 升级Libreswan
|
||||||
|
|
||||||
提供额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> 和 <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于升级 Libreswan (<a href="https://libreswan.org" target="_blank">官网</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">通知列表</a>)。请在运行前根据需要修改 `swan_ver` 变量。检查已安装版本: `ipsec --version`
|
提供两个额外的脚本 <a href="extras/vpnupgrade.sh" target="_blank">vpnupgrade.sh</a> 和 <a href="extras/vpnupgrade_centos.sh" target="_blank">vpnupgrade_centos.sh</a>,可用于升级 Libreswan (<a href="https://libreswan.org" target="_blank">网站</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">通知列表</a>)。请在运行前根据需要修改 `swan_ver` 变量。检查已安装版本: `ipsec --version`
|
||||||
|
|
||||||
## 问题和反馈
|
## 问题和反馈
|
||||||
|
|
||||||
|
39
README.md
39
README.md
@ -1,8 +1,8 @@
|
|||||||
# IPsec VPN Server Auto Setup Scripts <a href="https://travis-ci.org/hwdsl2/setup-ipsec-vpn"><img align="right" src="https://travis-ci.org/hwdsl2/setup-ipsec-vpn.svg?branch=master" alt="Build status" /></a>
|
# IPsec VPN Server Auto Setup Scripts [![Build Status](https://static.ls20.com/travis-ci/setup-ipsec-vpn.svg)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
|
||||||
|
|
||||||
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
|
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
|
||||||
|
|
||||||
These scripts will let you set up your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian & CentOS. All you need to do is provide your own VPN credentials, and the scripts will handle the rest.
|
Set up your own IPsec VPN server in just a few minutes, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest.
|
||||||
|
|
||||||
We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as the IPsec server, and <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> as the L2TP provider.
|
We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as the IPsec server, and <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> as the L2TP provider.
|
||||||
|
|
||||||
@ -17,7 +17,7 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
|
|||||||
- [CentOS & RHEL](#centos--rhel)
|
- [CentOS & RHEL](#centos--rhel)
|
||||||
- [Next Steps](#next-steps)
|
- [Next Steps](#next-steps)
|
||||||
- [Important Notes](#important-notes)
|
- [Important Notes](#important-notes)
|
||||||
- [Upgrading Libreswan](#upgrading-libreswan)
|
- [Upgrade Libreswan](#upgrade-libreswan)
|
||||||
- [Bugs & Questions](#bugs--questions)
|
- [Bugs & Questions](#bugs--questions)
|
||||||
- [Uninstallation](#uninstallation)
|
- [Uninstallation](#uninstallation)
|
||||||
- [See Also](#see-also)
|
- [See Also](#see-also)
|
||||||
@ -26,8 +26,8 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
|
|||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
- **NEW:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported
|
- **New:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported
|
||||||
- **NEW:** A pre-built <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">Docker image</a> of the VPN server is now available
|
- **New:** A pre-built [Docker image](#see-also) of the VPN server is now available
|
||||||
- Fully automated IPsec VPN server setup, no user input needed
|
- Fully automated IPsec VPN server setup, no user input needed
|
||||||
- Encapsulates all VPN traffic in UDP - does not need ESP protocol
|
- Encapsulates all VPN traffic in UDP - does not need ESP protocol
|
||||||
- Can be directly used as "user-data" for a new Amazon EC2 instance
|
- Can be directly used as "user-data" for a new Amazon EC2 instance
|
||||||
@ -45,7 +45,7 @@ A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2
|
|||||||
|
|
||||||
**-OR-**
|
**-OR-**
|
||||||
|
|
||||||
A dedicated server or KVM/Xen-based Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS users should instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>.
|
A dedicated server or any KVM/Xen-based Virtual Private Server (VPS), freshly installed with one of the above systems. Additionally, Debian 7 (Wheezy) can be used with <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS users should instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>.
|
||||||
|
|
||||||
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**» I want to run my own VPN but don't have a server for that**</a>
|
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**» I want to run my own VPN but don't have a server for that**</a>
|
||||||
|
|
||||||
@ -57,6 +57,8 @@ A dedicated server or KVM/Xen-based Virtual Private Server (VPS), freshly instal
|
|||||||
|
|
||||||
First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended.
|
First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended.
|
||||||
|
|
||||||
|
To install the VPN, please choose one of the following options:
|
||||||
|
|
||||||
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished):
|
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -72,20 +74,31 @@ nano -w vpnsetup.sh
|
|||||||
sudo sh vpnsetup.sh
|
sudo sh vpnsetup.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**Option 3:** Define your VPN credentials as environment variables:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# All values MUST be placed inside 'single quotes'
|
||||||
|
# DO NOT use these characters within values: \ " '
|
||||||
|
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
|
||||||
|
VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
|
||||||
|
VPN_USER='your_vpn_username' \
|
||||||
|
VPN_PASSWORD='your_vpn_password' sh vpnsetup.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
**Note:** If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
|
||||||
|
|
||||||
### CentOS & RHEL
|
### CentOS & RHEL
|
||||||
|
|
||||||
First, update your system with `yum update` and reboot. This is optional, but recommended.
|
First, update your system with `yum update` and reboot. This is optional, but recommended.
|
||||||
|
|
||||||
Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://git.io/vpnsetup-centos`.
|
Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://git.io/vpnsetup-centos`.
|
||||||
|
|
||||||
Note: If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
|
|
||||||
|
|
||||||
## Next Steps
|
## Next Steps
|
||||||
|
|
||||||
Get your computer or device to use the VPN. Please refer to:
|
Get your computer or device to use the VPN. Please refer to:
|
||||||
|
|
||||||
<a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>
|
<a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>
|
||||||
<a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAuth VPN Clients</a>
|
<a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAuth ("Cisco IPsec") VPN Clients</a>
|
||||||
|
|
||||||
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
|
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
|
||||||
|
|
||||||
@ -97,7 +110,9 @@ For **Windows users**, a <a href="docs/clients.md#regkey" target="_blank">one-ti
|
|||||||
|
|
||||||
If you wish to add, edit or remove VPN user accounts, refer to <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.
|
If you wish to add, edit or remove VPN user accounts, refer to <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.
|
||||||
|
|
||||||
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `options.xl2tpd` and `ipsec.conf` with new ones. Then reboot your server.
|
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`. Then reboot your server.
|
||||||
|
|
||||||
|
When connecting via `IPsec/L2TP`, the VPN server has IP `192.168.42.1` within the VPN subnet `192.168.42.0/24`.
|
||||||
|
|
||||||
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH).
|
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH).
|
||||||
|
|
||||||
@ -105,9 +120,9 @@ If your server has a custom SSH port (not 22) or other services, edit IPTables r
|
|||||||
|
|
||||||
The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
|
The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
|
||||||
|
|
||||||
## Upgrading Libreswan
|
## Upgrade Libreswan
|
||||||
|
|
||||||
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to upgrade Libreswan (<a href="https://libreswan.org" target="_blank">website</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">swan-announce</a>). Update the `swan_ver` variable as necessary. Check installed version: `ipsec --version`
|
The additional scripts <a href="extras/vpnupgrade.sh" target="_blank">vpnupgrade.sh</a> and <a href="extras/vpnupgrade_centos.sh" target="_blank">vpnupgrade_centos.sh</a> can be used to upgrade Libreswan (<a href="https://libreswan.org" target="_blank">website</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">mailing list</a>). Update the `swan_ver` variable as necessary. Check installed version: `ipsec --version`
|
||||||
|
|
||||||
## Bugs & Questions
|
## Bugs & Questions
|
||||||
|
|
||||||
|
@ -4,9 +4,9 @@
|
|||||||
|
|
||||||
*如需使用 IPsec/L2TP 模式连接,请参见: [配置 IPsec/L2TP VPN 客户端](clients-zh.md)*
|
*如需使用 IPsec/L2TP 模式连接,请参见: [配置 IPsec/L2TP VPN 客户端](clients-zh.md)*
|
||||||
|
|
||||||
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后,你可以按照下面的步骤来配置你的设备。IPsec/XAuth 在 Android, iOS 和 OS X 上均受支持,无需安装额外的软件。Windows 用户可以使用免费的 <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft 客户端</a>。如果无法连接,请首先检查是否输入了正确的 VPN 登录信息。
|
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的 VPN 服务器</a>之后,你可以按照下面的步骤来配置你的设备。IPsec/XAuth ("Cisco IPsec") 在 Android, iOS 和 OS X 上均受支持,无需安装额外的软件。Windows 用户可以使用免费的 <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft 客户端</a>。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
|
||||||
|
|
||||||
`IPsec/XAuth` 模式也称为 `Cisco IPsec`。和 `IPsec/L2TP` 相比较,它通常能够更高效地传输数据。
|
`IPsec/XAuth` 模式也称为 "Cisco IPsec"。和 `IPsec/L2TP` 相比较,它通常能够更高效地传输数据。
|
||||||
|
|
||||||
---
|
---
|
||||||
* 平台名称
|
* 平台名称
|
||||||
|
@ -4,9 +4,9 @@
|
|||||||
|
|
||||||
*To connect using IPsec/L2TP mode, see: [Configure IPsec/L2TP VPN Clients](clients.md)*
|
*To connect using IPsec/L2TP mode, see: [Configure IPsec/L2TP VPN Clients](clients.md)*
|
||||||
|
|
||||||
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/XAuth is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft client</a>. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
|
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/XAuth ("Cisco IPsec") is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft client</a>. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
|
||||||
|
|
||||||
`IPsec/XAuth` mode is also called `Cisco IPsec`. Compared to `IPsec/L2TP`, it is generally faster with less overhead.
|
`IPsec/XAuth` mode is also called "Cisco IPsec". Compared to `IPsec/L2TP`, it is generally faster with less overhead.
|
||||||
|
|
||||||
---
|
---
|
||||||
* Platforms
|
* Platforms
|
||||||
|
@ -2,9 +2,9 @@
|
|||||||
|
|
||||||
*其他语言版本: [English](clients.md), [简体中文](clients-zh.md).*
|
*其他语言版本: [English](clients.md), [简体中文](clients-zh.md).*
|
||||||
|
|
||||||
*如需使用 IPsec/XAuth 模式连接,请参见: [配置 IPsec/XAuth VPN 客户端](clients-xauth-zh.md)*
|
*如需使用 IPsec/XAuth ("Cisco IPsec") 模式连接,请参见: [配置 IPsec/XAuth VPN 客户端](clients-xauth-zh.md)*
|
||||||
|
|
||||||
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后,你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录信息。
|
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的 VPN 服务器</a>之后,你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
|
||||||
|
|
||||||
---
|
---
|
||||||
* 平台名称
|
* 平台名称
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
*Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*
|
*Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*
|
||||||
|
|
||||||
*To connect using IPsec/XAuth mode, see: [Configure IPsec/XAuth VPN Clients](clients-xauth.md)*
|
*To connect using IPsec/XAuth ("Cisco IPsec") mode, see: [Configure IPsec/XAuth VPN Clients](clients-xauth.md)*
|
||||||
|
|
||||||
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
|
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@
|
|||||||
这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成:
|
这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# The output will be <VPN Password 1 (hashed)>
|
# 以下命令的输出为 <VPN Password 1 (hashed)>
|
||||||
openssl passwd -1 "<VPN Password 1>"
|
openssl passwd -1 "<VPN Password 1>"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
* [第三步](#第三步)
|
* [第三步](#第三步)
|
||||||
* [第四步](#第四步)
|
* [第四步](#第四步)
|
||||||
* [可选步骤](#可选步骤)
|
* [可选步骤](#可选步骤)
|
||||||
* [操作完成后](#操作完成后)
|
* [完成后](#完成后)
|
||||||
|
|
||||||
## 第一步
|
## 第一步
|
||||||
|
|
||||||
@ -19,14 +19,15 @@
|
|||||||
service ipsec stop
|
service ipsec stop
|
||||||
service xl2tpd stop
|
service xl2tpd stop
|
||||||
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
|
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
|
||||||
rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service
|
rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
|
||||||
|
/etc/init.d/ipsec /usr/lib/systemd/system/ipsec.service
|
||||||
```
|
```
|
||||||
|
|
||||||
## 第二步
|
## 第二步
|
||||||
|
|
||||||
### Ubuntu/Debian
|
### Ubuntu/Debian
|
||||||
|
|
||||||
`apt-get remove xl2tpd`
|
`apt-get purge xl2tpd`
|
||||||
|
|
||||||
### CentOS/RHEL
|
### CentOS/RHEL
|
||||||
|
|
||||||
@ -56,23 +57,24 @@ rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service
|
|||||||
|
|
||||||
删除这些配置文件:
|
删除这些配置文件:
|
||||||
|
|
||||||
* /etc/ipsec.conf
|
* /etc/ipsec.conf*
|
||||||
* /etc/ipsec.secrets
|
* /etc/ipsec.secrets*
|
||||||
* /etc/xl2tpd/xl2tpd.conf
|
* /etc/ppp/chap-secrets*
|
||||||
* /etc/ppp/options.xl2tpd
|
* /etc/ppp/options.xl2tpd*
|
||||||
* /etc/ppp/chap-secrets
|
|
||||||
* /etc/pam.d/pluto
|
* /etc/pam.d/pluto
|
||||||
* /etc/sysconfig/pluto
|
* /etc/sysconfig/pluto
|
||||||
|
* /etc/default/pluto
|
||||||
* /etc/ipsec.d (目录)
|
* /etc/ipsec.d (目录)
|
||||||
|
* /etc/xl2tpd (目录)
|
||||||
|
|
||||||
要快速删除,可以复制并粘贴以下命令:
|
要快速删除,可以复制并粘贴以下命令:
|
||||||
|
|
||||||
```
|
```
|
||||||
rm -f /etc/ipsec.conf /etc/ipsec.secrets /etc/xl2tpd/xl2tpd.conf /etc/ppp/options.xl2tpd \
|
rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \
|
||||||
/etc/ppp/chap-secrets /etc/pam.d/pluto /etc/sysconfig/pluto
|
/etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto
|
||||||
rm -rf /etc/ipsec.d
|
rm -rf /etc/ipsec.d /etc/xl2tpd
|
||||||
```
|
```
|
||||||
|
|
||||||
## 操作完成后
|
## 完成后
|
||||||
|
|
||||||
重启你的服务器。
|
重启你的服务器。
|
||||||
|
@ -19,14 +19,15 @@ Follow these steps to remove the VPN. Commands must be run as `root`, or with `s
|
|||||||
service ipsec stop
|
service ipsec stop
|
||||||
service xl2tpd stop
|
service xl2tpd stop
|
||||||
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
|
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
|
||||||
rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service
|
rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
|
||||||
|
/etc/init.d/ipsec /usr/lib/systemd/system/ipsec.service
|
||||||
```
|
```
|
||||||
|
|
||||||
## Second step
|
## Second step
|
||||||
|
|
||||||
### Ubuntu/Debian
|
### Ubuntu/Debian
|
||||||
|
|
||||||
`apt-get remove xl2tpd`
|
`apt-get purge xl2tpd`
|
||||||
|
|
||||||
### CentOS/RHEL
|
### CentOS/RHEL
|
||||||
|
|
||||||
@ -56,21 +57,22 @@ Note: This step is optional.
|
|||||||
|
|
||||||
Remove these config files:
|
Remove these config files:
|
||||||
|
|
||||||
* /etc/ipsec.conf
|
* /etc/ipsec.conf*
|
||||||
* /etc/ipsec.secrets
|
* /etc/ipsec.secrets*
|
||||||
* /etc/xl2tpd/xl2tpd.conf
|
* /etc/ppp/chap-secrets*
|
||||||
* /etc/ppp/options.xl2tpd
|
* /etc/ppp/options.xl2tpd*
|
||||||
* /etc/ppp/chap-secrets
|
|
||||||
* /etc/pam.d/pluto
|
* /etc/pam.d/pluto
|
||||||
* /etc/sysconfig/pluto
|
* /etc/sysconfig/pluto
|
||||||
|
* /etc/default/pluto
|
||||||
* /etc/ipsec.d (directory)
|
* /etc/ipsec.d (directory)
|
||||||
|
* /etc/xl2tpd (directory)
|
||||||
|
|
||||||
Copy and paste for fast removal:
|
Copy and paste for fast removal:
|
||||||
|
|
||||||
```
|
```
|
||||||
rm -f /etc/ipsec.conf /etc/ipsec.secrets /etc/xl2tpd/xl2tpd.conf /etc/ppp/options.xl2tpd \
|
rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \
|
||||||
/etc/ppp/chap-secrets /etc/pam.d/pluto /etc/sysconfig/pluto
|
/etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto
|
||||||
rm -rf /etc/ipsec.d
|
rm -rf /etc/ipsec.d /etc/xl2tpd
|
||||||
```
|
```
|
||||||
|
|
||||||
## When finished
|
## When finished
|
||||||
|
Loading…
Reference in New Issue
Block a user