Update docs
This commit is contained in:
parent
f2f6524201
commit
a3ee9ce033
@ -58,7 +58,7 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
|
|||||||
## 系统要求
|
## 系统要求
|
||||||
|
|
||||||
一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例,使用这些映像 (AMIs):
|
一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例,使用这些映像 (AMIs):
|
||||||
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>[*](#ubuntu-1804-note)
|
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>
|
||||||
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 9 (Stretch) or 8 (Jessie)</a>
|
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 9 (Stretch) or 8 (Jessie)</a>
|
||||||
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
|
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
|
||||||
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
|
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
|
||||||
@ -77,8 +77,7 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
|
|||||||
|
|
||||||
高级用户可以在 $35 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">Raspberry Pi 3</a> 上搭建 VPN 服务器。
|
高级用户可以在 $35 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">Raspberry Pi 3</a> 上搭建 VPN 服务器。
|
||||||
|
|
||||||
<a name="ubuntu-1804-note"></a>
|
**注:** 目前脚本还不支持 Ubuntu 18.04,因为一个 xl2tpd 与 Linux 内核 4.15 兼容性的 <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">问题</a>。
|
||||||
\***注:** 目前脚本还不支持 Ubuntu 18.04,因为一个 xl2tpd 与 Linux 内核 4.15 兼容性的 <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">问题</a>。
|
|
||||||
|
|
||||||
:warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上!
|
:warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上!
|
||||||
|
|
||||||
|
@ -58,7 +58,7 @@ For other installation options and how to set up VPN clients, read the sections
|
|||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> instance, from these images (AMIs):
|
A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> instance, from these images (AMIs):
|
||||||
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>[*](#ubuntu-1804-note)
|
- <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 16.04 (Xenial) or 14.04 (Trusty)</a>
|
||||||
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 9 (Stretch) or 8 (Jessie)</a>
|
- <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 9 (Stretch) or 8 (Jessie)</a>
|
||||||
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
|
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
|
||||||
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
|
- <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
|
||||||
@ -77,8 +77,7 @@ This also includes Linux VMs in public clouds, such as <a href="https://blog.ls2
|
|||||||
|
|
||||||
Advanced users can set up the VPN server on a $35 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">Raspberry Pi 3</a>.
|
Advanced users can set up the VPN server on a $35 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">Raspberry Pi 3</a>.
|
||||||
|
|
||||||
<a name="ubuntu-1804-note"></a>
|
**Note:** Ubuntu 18.04 is not yet supported due to an xl2tpd <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">issue</a> with Linux kernel 4.15.
|
||||||
\***Note:** Ubuntu 18.04 is not yet supported due to an xl2tpd <a href="https://github.com/xelerance/xl2tpd/issues/147" target="_blank">issue</a> with Linux kernel 4.15.
|
|
||||||
|
|
||||||
:warning: **DO NOT** run these scripts on your PC or Mac! They should only be used on a server!
|
:warning: **DO NOT** run these scripts on your PC or Mac! They should only be used on a server!
|
||||||
|
|
||||||
|
@ -6,8 +6,6 @@
|
|||||||
|
|
||||||
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README-zh.md" target="_blank">搭建自己的 VPN 服务器</a>之后,你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
|
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README-zh.md" target="_blank">搭建自己的 VPN 服务器</a>之后,你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
|
||||||
|
|
||||||
另一个带图片的<a href="https://usefulpcguide.com/17318/create-your-own-vpn/" target="_blank">安装指南</a>可供参考,它由 Tony Tran 编写。
|
|
||||||
|
|
||||||
---
|
---
|
||||||
* 平台名称
|
* 平台名称
|
||||||
* [Windows](#windows)
|
* [Windows](#windows)
|
||||||
@ -406,14 +404,13 @@ REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v ProhibitIpSe
|
|||||||
如果你无法使用 Android 6 或以上版本连接:
|
如果你无法使用 Android 6 或以上版本连接:
|
||||||
|
|
||||||
1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在,请启用它并重试连接。如果不存在,请尝试下一步。
|
1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在,请启用它并重试连接。如果不存在,请尝试下一步。
|
||||||
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=no` 并将它替换为 `sha2-truncbug=yes`。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">参见</a>) 如果仍然无法连接,请尝试下一步。
|
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">参见</a>)
|
||||||
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `ike=` 和 `phase2alg=` 两行的末尾添加 `,aes256-sha2_512` 字样。保存修改并运行 `service ipsec restart`。(<a href="https://github.com/hwdsl2/setup-ipsec-vpn/commit/f58afbc84ba421216ca2615d3e3654902e9a1852" target="_blank">参见</a>)
|
|
||||||
|
|
||||||
![Android VPN workaround](images/vpn-profile-Android.png)
|
![Android VPN workaround](images/vpn-profile-Android.png)
|
||||||
|
|
||||||
### Chromebook
|
### Chromebook
|
||||||
|
|
||||||
Chromebook 用户: 如果你无法连接,请尝试 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/265" target="_blank">这个解决方案</a>。
|
Chromebook 用户: 如果你无法连接,请参见 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/265" target="_blank">这个 Issue</a>。请注意,这个解决方案可能会导致你的其它设备无法连接到 VPN。编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `phase2alg=...` 并将它替换为 `phase2alg=aes_gcm-null`。保存修改并运行 `service ipsec restart`。
|
||||||
|
|
||||||
### 其它错误
|
### 其它错误
|
||||||
|
|
||||||
|
@ -6,8 +6,6 @@
|
|||||||
|
|
||||||
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
|
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
|
||||||
|
|
||||||
An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" target="_blank">setup guide</a> with images is available, written by Tony Tran.
|
|
||||||
|
|
||||||
---
|
---
|
||||||
* Platforms
|
* Platforms
|
||||||
* [Windows](#windows)
|
* [Windows](#windows)
|
||||||
@ -405,14 +403,13 @@ To fix this error, please follow these steps:
|
|||||||
If you are unable to connect using Android 6 or above:
|
If you are unable to connect using Android 6 or above:
|
||||||
|
|
||||||
1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists, enable it and reconnect the VPN. If not, try the next step.
|
1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists, enable it and reconnect the VPN. If not, try the next step.
|
||||||
1. Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=no` and replace it with `sha2-truncbug=yes`. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">Ref</a>) If still unable to connect, try the next step.
|
1. Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">Ref</a>)
|
||||||
1. Edit `/etc/ipsec.conf` on the VPN server. Append `,aes256-sha2_512` to the end of both `ike=` and `phase2alg=` lines. Save the file and run `service ipsec restart`. (<a href="https://github.com/hwdsl2/setup-ipsec-vpn/commit/f58afbc84ba421216ca2615d3e3654902e9a1852" target="_blank">Ref</a>)
|
|
||||||
|
|
||||||
![Android VPN workaround](images/vpn-profile-Android.png)
|
![Android VPN workaround](images/vpn-profile-Android.png)
|
||||||
|
|
||||||
### Chromebook
|
### Chromebook
|
||||||
|
|
||||||
Chromebook users: If you are unable to connect, try <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/265" target="_blank">this workaround</a>.
|
Chromebook users: If you are unable to connect, refer to <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/265" target="_blank">this issue</a>. Please note that this fix may break VPN connectivity from your other devices. Edit `/etc/ipsec.conf` on the VPN server. Find `phase2alg=...` and replace it with `phase2alg=aes_gcm-null`. Save the file and run `service ipsec restart`.
|
||||||
|
|
||||||
### Other errors
|
### Other errors
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user