diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 1688372..959d2ab 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -498,7 +498,13 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key ### 无法连接多个 IKEv2 客户端 -如果要同时连接多个 IKEv2 客户端,你必须为每个客户端 [生成唯一的证书](#添加客户端证书)。 +如果要同时连接在同一个 NAT(比如家用路由器)后面的多个 IKEv2 客户端,你需要为每个客户端生成唯一的证书。否则,你可能会遇到稍后连接的客户端影响现有客户端的 VPN 连接,从而导致无法访问 Internet 的问题。 + +要为其它的 IKEv2 客户端生成证书,运行辅助脚本并添加 `--addclient` 选项。要自定义客户端选项,可以在不添加参数的情况下运行脚本。 + +```bash +sudo ikev2.sh --addclient [client name] +``` ### IKE 身份验证凭证不可接受 @@ -561,7 +567,7 @@ sudo ikev2.sh --listclients ### 添加客户端证书 -要为更多的 IKEv2 客户端添加证书,运行辅助脚本并添加 `--addclient` 选项。要自定义客户端选项,可以在不添加参数的情况下运行脚本。 +要为其它的 IKEv2 客户端生成证书,运行辅助脚本并添加 `--addclient` 选项。要自定义客户端选项,可以在不添加参数的情况下运行脚本。 ```bash sudo ikev2.sh --addclient [client name] @@ -978,7 +984,7 @@ To customize IKEv2 or client options, run this script without arguments. 1. 生成客户端证书,然后导出 `.p12` 文件,该文件包含客户端证书,私钥以及 CA 证书。 - **注:** 你可以重复本步骤来为更多的客户端生成证书,但必须将所有的 `vpnclient` 换成比如 `vpnclient2`,等等。如需连接多个客户端,则必须为每个客户端生成唯一的证书。 + **注:** 你可以重复本步骤来为其它的客户端生成证书,但必须将所有的 `vpnclient` 换成比如 `vpnclient2`,等等。如果要同时连接在同一个 NAT(比如家用路由器)后面的多个 IKEv2 客户端,你需要为每个客户端生成唯一的证书。 生成客户端证书: diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index dfc64ce..42ae9a1 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -500,7 +500,13 @@ for the entire network, or use `192.168.0.10` for just one device, and so on. ### Unable to connect multiple IKEv2 clients -To connect multiple IKEv2 clients at the same time, you must [generate a unique certificate](#add-a-client-certificate) for each client. +To connect multiple IKEv2 clients from behind the same NAT (e.g. home router) at the same time, you will need to generate a unique certificate for each client. Otherwise, you could encounter the issue where a later connected client affects the VPN connection of an existing client, which may lose Internet access. + +To generate certificates for additional IKEv2 clients, run the helper script with the `--addclient` option. To customize client options, run the script without arguments. + +```bash +sudo ikev2.sh --addclient [client name] +``` ### IKE authentication credentials are unacceptable @@ -563,7 +569,7 @@ sudo ikev2.sh --listclients ### Add a client certificate -To add certificates for additional IKEv2 clients, run the helper script with the `--addclient` option. To customize client options, run the script without arguments. +To generate certificates for additional IKEv2 clients, run the helper script with the `--addclient` option. To customize client options, run the script without arguments. ```bash sudo ikev2.sh --addclient [client name] @@ -980,7 +986,7 @@ View example steps for manually configuring IKEv2 with Libreswan. 1. Generate client certificate(s), then export the `.p12` file that contains the client certificate, private key, and CA certificate. - **Note:** You may repeat this step to generate certificates for additional VPN clients, but make sure to replace every `vpnclient` with `vpnclient2`, etc. To connect multiple VPN clients, you must generate a unique certificate for each. + **Note:** You may repeat this step to generate certificates for additional VPN clients, but make sure to replace every `vpnclient` with `vpnclient2`, etc. To connect multiple IKEv2 clients from behind the same NAT (e.g. home router) at the same time, you will need to generate a unique certificate for each client. Generate client certificate: