1
0
mirror of synced 2024-11-28 15:56:01 +03:00

Update docs

This commit is contained in:
hwdsl2 2022-02-12 23:20:31 -06:00
parent f815d6810a
commit a168770482
3 changed files with 129 additions and 31 deletions

View File

@ -17,7 +17,7 @@ assignees: ''
- [ ] This bug is about the VPN setup scripts, and not IPsec VPN itself - [ ] This bug is about the VPN setup scripts, and not IPsec VPN itself
<!--- <!---
If you need help with IPsec VPN itself, please see [Bugs & Questions](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README.md#bugs--questions). Ask VPN-related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or search e.g. [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn). If you need help with IPsec VPN itself, please see [Feedback & Questions](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README.md#feedback--questions). Ask VPN-related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or search e.g. [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn).
---> --->
**Describe the issue** **Describe the issue**

View File

@ -21,8 +21,8 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
- [升级Libreswan](#升级libreswan) - [升级Libreswan](#升级libreswan)
- [管理 VPN 用户](#管理-vpn-用户) - [管理 VPN 用户](#管理-vpn-用户)
- [高级用法](#高级用法) - [高级用法](#高级用法)
- [问题和反馈](#问题和反馈)
- [卸载说明](#卸载说明) - [卸载说明](#卸载说明)
- [问题和反馈](#问题和反馈)
- [授权协议](#授权协议) - [授权协议](#授权协议)
## 快速开始 ## 快速开始
@ -40,7 +40,17 @@ wget https://git.io/vpnstart -qO vpn.sh && sudo sh vpn.sh
<details> <details>
<summary> <summary>
单击此处查看 VPN 脚本的示例输出(终端记录)。 或者,你也可以使用 curl 下载并运行脚本。
</summary>
```bash
curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
```
</details>
<details>
<summary>
单击查看 VPN 脚本的示例输出(终端记录)。
</summary> </summary>
**注:** 此终端记录仅用于演示目的。该记录中的 VPN 凭据 **无效** **注:** 此终端记录仅用于演示目的。该记录中的 VPN 凭据 **无效**
@ -92,13 +102,15 @@ wget https://git.io/vpnstart -qO vpn.sh && sudo sh vpn.sh
要安装 VPN请从以下选项中选择一个 要安装 VPN请从以下选项中选择一个
**选项 1:** 使用脚本随机生成的 VPN 登录凭证(完成后会在屏幕上显示): <details open>
<summary>
选项 1: 使用脚本随机生成的 VPN 登录凭证(完成后会在屏幕上显示)。
</summary>
```bash ```bash
wget https://git.io/vpnsetup -qO vpn.sh && sudo sh vpn.sh wget https://git.io/vpnsetup -qO vpn.sh && sudo sh vpn.sh
``` ```
<a name="ikev2-setup-note"></a>
在安装成功之后,推荐 [配置 IKEv2](docs/ikev2-howto-zh.md) 在安装成功之后,推荐 [配置 IKEv2](docs/ikev2-howto-zh.md)
```bash ```bash
@ -107,8 +119,12 @@ sudo ikev2.sh --auto
# 或者你也可以自定义 IKEv2 选项 # 或者你也可以自定义 IKEv2 选项
sudo ikev2.sh sudo ikev2.sh
``` ```
</details>
**选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证: <details>
<summary>
选项 2: 编辑脚本并提供你自己的 VPN 登录凭证。
</summary>
```bash ```bash
wget https://git.io/vpnsetup -qO vpn.sh wget https://git.io/vpnsetup -qO vpn.sh
@ -119,9 +135,20 @@ sudo sh vpn.sh
**注:** 一个安全的 IPsec PSK 应该至少包含 20 个随机字符。 **注:** 一个安全的 IPsec PSK 应该至少包含 20 个随机字符。
在安装成功之后,推荐 [配置 IKEv2](#ikev2-setup-note)。 在安装成功之后,推荐 [配置 IKEv2](docs/ikev2-howto-zh.md)
**选项 3:** 将你自己的 VPN 登录凭证定义为环境变量: ```bash
# 使用默认选项配置 IKEv2
sudo ikev2.sh --auto
# 或者你也可以自定义 IKEv2 选项
sudo ikev2.sh
```
</details>
<details>
<summary>
选项 3: 将你自己的 VPN 登录凭证定义为环境变量。
</summary>
```bash ```bash
# 所有变量值必须用 '单引号' 括起来 # 所有变量值必须用 '单引号' 括起来
@ -133,9 +160,30 @@ VPN_PASSWORD='你的VPN密码' \
sh vpn.sh sh vpn.sh
``` ```
在安装成功之后,推荐 [配置 IKEv2](#ikev2-setup-note)。 在安装成功之后,推荐 [配置 IKEv2](docs/ikev2-howto-zh.md)
**注:** 如果无法通过 `wget` 下载,你也可以打开 [vpnsetup.sh](vpnsetup.sh),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl/Cmd + A` 全选, `Ctrl/Cmd + C` 复制,然后粘贴到你喜欢的编辑器。 ```bash
# 使用默认选项配置 IKEv2
sudo ikev2.sh --auto
# 或者你也可以自定义 IKEv2 选项
sudo ikev2.sh
```
</details>
<details>
<summary>
如果无法通过 wget 下载,点这里查看解决方案。
</summary>
你也可以使用 curl 下载。例如:
```bash
curl -fsSL https://git.io/vpnsetup -o vpn.sh
sudo sh vpn.sh
```
或者,你也可以打开 [vpnsetup.sh](vpnsetup.sh),然后点击右方的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。
</details>
## 下一步 ## 下一步
@ -204,12 +252,6 @@ wget https://git.io/vpnupgrade -qO vpnup.sh && sudo sh vpnup.sh
- [更改 IPTables 规则](docs/advanced-usage-zh.md#更改-iptables-规则) - [更改 IPTables 规则](docs/advanced-usage-zh.md#更改-iptables-规则)
- [部署 Google BBR 拥塞控制算法](docs/advanced-usage-zh.md#部署-google-bbr-拥塞控制算法) - [部署 Google BBR 拥塞控制算法](docs/advanced-usage-zh.md#部署-google-bbr-拥塞控制算法)
## 问题和反馈
- 有问题需要提问?请先搜索 [已有的 issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) 以及在 [这个 Gist](https://gist.github.com/hwdsl2/9030462#comments) 和 [我的博客](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread) 上已有的留言。
- VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 邮件列表提问,或者参考这些网站:[[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup)。
- 如果你发现了一个可重复的程序漏洞,请提交一个 [GitHub Issue](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue)。
## 卸载说明 ## 卸载说明
请参见 [卸载 VPN](docs/uninstall-zh.md)。 请参见 [卸载 VPN](docs/uninstall-zh.md)。
@ -217,6 +259,13 @@ wget https://git.io/vpnupgrade -qO vpnup.sh && sudo sh vpnup.sh
- [使用辅助脚本卸载 VPN](docs/uninstall-zh.md#使用辅助脚本卸载-vpn) - [使用辅助脚本卸载 VPN](docs/uninstall-zh.md#使用辅助脚本卸载-vpn)
- [手动卸载 VPN](docs/uninstall-zh.md#手动卸载-vpn) - [手动卸载 VPN](docs/uninstall-zh.md#手动卸载-vpn)
## 问题和反馈
- 如果你对文档或 VPN 脚本有改进建议,请提交一个 [改进建议](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose),或者欢迎提交 [Pull request](https://github.com/hwdsl2/setup-ipsec-vpn/pulls)。
- 如果你发现了一个可重复的程序漏洞,请提交一个 [错误报告](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose)。
- 有问题需要提问?请先搜索 [已有的 issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) 以及在 [这个 Gist](https://gist.github.com/hwdsl2/9030462#comments) 和 [我的博客](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread) 上已有的留言。
- VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 邮件列表提问,或者参考这些网站:[[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup)。
## 授权协议 ## 授权协议
版权所有 (C) 2014-2022 [Lin Song](https://github.com/hwdsl2) [![View my profile on LinkedIn](https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png)](https://www.linkedin.com/in/linsongui) 版权所有 (C) 2014-2022 [Lin Song](https://github.com/hwdsl2) [![View my profile on LinkedIn](https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png)](https://www.linkedin.com/in/linsongui)

View File

@ -21,8 +21,8 @@ We will use [Libreswan](https://libreswan.org/) as the IPsec server, and [xl2tpd
- [Upgrade Libreswan](#upgrade-libreswan) - [Upgrade Libreswan](#upgrade-libreswan)
- [Manage VPN users](#manage-vpn-users) - [Manage VPN users](#manage-vpn-users)
- [Advanced usage](#advanced-usage) - [Advanced usage](#advanced-usage)
- [Bugs & Questions](#bugs--questions)
- [Uninstallation](#uninstallation) - [Uninstallation](#uninstallation)
- [Feedback & Questions](#feedback--questions)
- [License](#license) - [License](#license)
## Quick start ## Quick start
@ -40,7 +40,17 @@ Your VPN login details will be randomly generated, and displayed on the screen w
<details> <details>
<summary> <summary>
Click here to see the VPN script in action (terminal recording). Alternative one-liner using curl instead of wget.
</summary>
```bash
curl -fsSL https://git.io/vpnstart -o vpn.sh && sudo sh vpn.sh
```
</details>
<details>
<summary>
Click to see the VPN script in action (terminal recording).
</summary> </summary>
**Note:** This recording is for demo purposes only. VPN credentials in this recording are **NOT** valid. **Note:** This recording is for demo purposes only. VPN credentials in this recording are **NOT** valid.
@ -92,13 +102,15 @@ First, update your system with `sudo apt-get update && sudo apt-get dist-upgrade
To install the VPN, please choose one of the following options: To install the VPN, please choose one of the following options:
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished): <details open>
<summary>
Option 1: Have the script generate random VPN credentials for you (will be displayed when finished).
</summary>
```bash ```bash
wget https://git.io/vpnsetup -qO vpn.sh && sudo sh vpn.sh wget https://git.io/vpnsetup -qO vpn.sh && sudo sh vpn.sh
``` ```
<a name="ikev2-setup-note"></a>
After successful installation, it is recommended to [set up IKEv2](docs/ikev2-howto.md): After successful installation, it is recommended to [set up IKEv2](docs/ikev2-howto.md):
```bash ```bash
@ -107,8 +119,12 @@ sudo ikev2.sh --auto
# Alternatively, you may customize IKEv2 options # Alternatively, you may customize IKEv2 options
sudo ikev2.sh sudo ikev2.sh
``` ```
</details>
**Option 2:** Edit the script and provide your own VPN credentials: <details>
<summary>
Option 2: Edit the script and provide your own VPN credentials.
</summary>
```bash ```bash
wget https://git.io/vpnsetup -qO vpn.sh wget https://git.io/vpnsetup -qO vpn.sh
@ -119,9 +135,20 @@ sudo sh vpn.sh
**Note:** A secure IPsec PSK should consist of at least 20 random characters. **Note:** A secure IPsec PSK should consist of at least 20 random characters.
After successful installation, it is recommended to [set up IKEv2](#ikev2-setup-note). After successful installation, it is recommended to [set up IKEv2](docs/ikev2-howto.md):
**Option 3:** Define your VPN credentials as environment variables: ```bash
# Set up IKEv2 using default options
sudo ikev2.sh --auto
# Alternatively, you may customize IKEv2 options
sudo ikev2.sh
```
</details>
<details>
<summary>
Option 3: Define your VPN credentials as environment variables.
</summary>
```bash ```bash
# All values MUST be placed inside 'single quotes' # All values MUST be placed inside 'single quotes'
@ -133,9 +160,30 @@ VPN_PASSWORD='your_vpn_password' \
sh vpn.sh sh vpn.sh
``` ```
After successful installation, it is recommended to [set up IKEv2](#ikev2-setup-note). After successful installation, it is recommended to [set up IKEv2](docs/ikev2-howto.md):
**Note:** If unable to download via `wget`, you may also open [vpnsetup.sh](vpnsetup.sh), then click the **`Raw`** button on the right. Press `Ctrl/Cmd + A` to select all, `Ctrl/Cmd + C` to copy, then paste into your favorite editor. ```bash
# Set up IKEv2 using default options
sudo ikev2.sh --auto
# Alternatively, you may customize IKEv2 options
sudo ikev2.sh
```
</details>
<details>
<summary>
Click here if you are unable to download using wget.
</summary>
You may also use curl to download. For example:
```bash
curl -fsSL https://git.io/vpnsetup -o vpn.sh
sudo sh vpn.sh
```
Alternatively, you may open [vpnsetup.sh](vpnsetup.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
</details>
## Next steps ## Next steps
@ -204,12 +252,6 @@ See [Advanced usage](docs/advanced-usage.md).
- [Modify IPTables rules](docs/advanced-usage.md#modify-iptables-rules) - [Modify IPTables rules](docs/advanced-usage.md#modify-iptables-rules)
- [Deploy Google BBR congestion control algorithm](docs/advanced-usage.md#deploy-google-bbr-congestion-control-algorithm) - [Deploy Google BBR congestion control algorithm](docs/advanced-usage.md#deploy-google-bbr-congestion-control-algorithm)
## Bugs & Questions
- Got a question? Please first search [existing issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) and comments [in this Gist](https://gist.github.com/hwdsl2/9030462#comments) and [on my blog](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread).
- Ask VPN related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or read these wikis: [[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup).
- If you found a reproducible bug, open a [GitHub Issue](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) to submit a bug report.
## Uninstallation ## Uninstallation
See [Uninstall the VPN](docs/uninstall.md). See [Uninstall the VPN](docs/uninstall.md).
@ -217,6 +259,13 @@ See [Uninstall the VPN](docs/uninstall.md).
- [Uninstall using helper script](docs/uninstall.md#uninstall-using-helper-script) - [Uninstall using helper script](docs/uninstall.md#uninstall-using-helper-script)
- [Manually uninstall the VPN](docs/uninstall.md#manually-uninstall-the-vpn) - [Manually uninstall the VPN](docs/uninstall.md#manually-uninstall-the-vpn)
## Feedback & Questions
- Have an improvement suggestion for documentation or VPN scripts? Open an [Enhancement request](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose). [Pull requests](https://github.com/hwdsl2/setup-ipsec-vpn/pulls) are also welcome.
- If you found a reproducible bug, please file a [Bug report](https://github.com/hwdsl2/setup-ipsec-vpn/issues/new/choose).
- Got a question? Please first search [existing issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) and comments [in this Gist](https://gist.github.com/hwdsl2/9030462#comments) and [on my blog](https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread).
- Ask VPN related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) mailing list, or read these wikis: [[1]](https://libreswan.org/wiki/Main_Page) [[2]](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_virtual_private_networks) [[3]](https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation) [[4]](https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server) [[5]](https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup).
## License ## License
Copyright (C) 2014-2022 [Lin Song](https://github.com/hwdsl2) [![View my profile on LinkedIn](https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png)](https://www.linkedin.com/in/linsongui) Copyright (C) 2014-2022 [Lin Song](https://github.com/hwdsl2) [![View my profile on LinkedIn](https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png)](https://www.linkedin.com/in/linsongui)