mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-21 20:46:10 +03:00
Code Issues Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
hwdsl2 2016-04-23 18:47:03 -05:00
parent 4063ebf3cf
commit c1aa78bcfe
2 changed files with 21 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README-zh.md
View File

@ -43,7 +43,7 @@ OpenVZ VPS 用户请使用其它的 VPN 软件,比如 <a href="https://github.
## 安装说明
### 用于 Ubuntu 和 Debian:
### Ubuntu & Debian
首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
@ -51,10 +51,10 @@ OpenVZ VPS 用户请使用其它的 VPN 软件,比如 <a href="https://github.
wget https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup.sh -O vpnsetup.sh
nano -w vpnsetup.sh
[修改这些参数为你自己的值: IPSEC_PSK, VPN_USER 和 VPN_PASSWORD]
sh vpnsetup.sh
sudo sh vpnsetup.sh
```
### 用于 CentOS 和 RHEL:
### CentOS & RHEL
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
@ -63,35 +63,34 @@ yum -y install wget nano
wget https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup_centos.sh -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh
[修改这些参数为你自己的值: IPSEC_PSK, VPN_USER 和 VPN_PASSWORD]
sh vpnsetup_centos.sh
sudo sh vpnsetup_centos.sh
```
如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
## 下一步
配置你的计算机或其它设备使用 VPN 。在网络上根据关键词搜索教程,比如 <a href="https://www.bing.com/search?q=setup+L2TP+client" target="_blank">bing.com/search?q=setup+L2TP+client</a>
配置你的计算机或其它设备使用 VPN 。在网络上根据关键词搜索教程,例如 <a href="https://www.bing.com/search?q=setup+L2TP+client" target="_blank">bing.com/search?q=setup+L2TP+client</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
## 重要提示
**Windows 用户** 在首次连接之前可能需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">更改注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外请打开 VPN 连接属性的<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">"安全"选项卡</a>,启用 `CHAP` 选项并禁用 `MS-CHAP v2`
**Windows 用户** 在首次连接之前可能需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">更改注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。如果遇到`Error 628`请打开 VPN 连接属性的<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">"安全"选项卡</a>,启用 `CHAP` 选项并禁用 `MS-CHAP v2`
**Android 6 (Marshmallow) 用户**: 安装完成之后,请编辑文件 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行的结尾添加 `,aes256-sha2_256` 。另外<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">增加一行</a> `sha2-truncbug=yes` 。每行开头必须空两格。保存修改并运行 `service ipsec restart`
**iPhone/iPad 用户**: 在 iOS 的设置菜单选择 `L2TP` (而不是 `IPSec`) 作为 VPN 类型。如果无法连接,可编辑 `ipsec.conf` 并尝试用 `rightprotoport=17/0` 替换 `rightprotoport=17/%any` 。保存修改并重启 `ipsec` 服务。
**iPhone/iPad 用户**: 在 iOS 的设置菜单选择 `L2TP` (而不是 `IPSec`) 作为 VPN 类型。如果无法连接,可编辑 `ipsec.conf` 并尝试用 `rightprotoport=17/0` 替换 `rightprotoport=17/%any` 。保存修改并重启 `ipsec` 服务。
如果你想创建具有不同凭据的多个 VPN 用户,只需<a href="https://gist.github.com/hwdsl2/123b886f29f4c689f531" target="_blank">修改这几行的脚本</a>
如果创建具有不同凭据的多个 VPN 用户,只需<a href="https://gist.github.com/hwdsl2/123b886f29f4c689f531" target="_blank">修改这几行的脚本</a>
在 VPN 处于活动状态时,客户端已配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。此设置可在 `options.xl2tpd` 文件的 `ms-dns` 项更改。
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。此设置可在 `options.xl2tpd` 文件的 `ms-dns` 项更改。
仅适用于 Amazon EC2 实例:在<a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">安全组</a>设置中,请打开 UDP 端口 500 和 4500以及 TCP 端口 22 (可选,用于 SSH )。
如果你为服务器配置了自定义 SSH 端口(不是 22或希望允许其他服务请在运行脚本之前编辑 <a href="vpnsetup.sh#L279" target="_blank">IPTables 防火墙规则</a>
如果你配置了自定义 SSH 端口(不是 22或希望允许其他服务请在运行脚本之前编辑 <a href="vpnsetup.sh#L279" target="_blank">IPTables 防火墙规则</a>
这些脚本每次在更改你的配置文件之前,会在同一目录下以 `.old-日期-时间` 为后缀备份现有的配置文件
这些脚本在更改你现有的配置文件之前,会在同一目录下以 `.old-日期-时间` 为后缀备份。
## 关于升级Libreswan

20
README.md
View File

@ -14,13 +14,13 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
- [Features](#features)
- [Requirements](#requirements)
- [Installation](#installation)
- [For Ubuntu and Debian](#for-ubuntu-and-debian)
- [For CentOS and RHEL](#for-centos-and-rhel)
- [Ubuntu & Debian](#ubuntu--debian)
- [CentOS & RHEL](#centos--rhel)
- [Next Steps](#next-steps)
- [Important Notes](#important-notes)
- [Upgrading Libreswan](#upgrading-libreswan)
- [Bugs & Questions](#bugs--questions)
- [Copyright and License](#copyright-and-license)
- [License](#license)
## Author
@ -62,7 +62,7 @@ OpenVZ VPS users should instead try <a href="https://github.com/Nyr/openvpn-inst
## Installation
### For Ubuntu and Debian:
### Ubuntu & Debian
First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended.
@ -70,10 +70,10 @@ First, update your system with `apt-get update && apt-get dist-upgrade` and rebo
wget https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup.sh -O vpnsetup.sh
nano -w vpnsetup.sh
[Edit and replace IPSEC_PSK, VPN_USER and VPN_PASSWORD with your own values]
sh vpnsetup.sh
sudo sh vpnsetup.sh
```
### For CentOS and RHEL:
### CentOS & RHEL
First, update your system with `yum update` and reboot. This is optional, but recommended.
@ -82,7 +82,7 @@ yum -y install wget nano
wget https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup_centos.sh -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh
[Edit and replace IPSEC_PSK, VPN_USER and VPN_PASSWORD with your own values]
sh vpnsetup_centos.sh
sudo sh vpnsetup_centos.sh
```
If unable to download via `wget`, you may alternatively open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
@ -95,7 +95,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important Notes
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). In addition, you must enable `CHAP` (and disable `MS-CHAP v2`) <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">in the "Security" tab</a> of VPN connection properties.
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). In case you see `Error 628`, go to <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">the "Security" tab</a> of VPN connection properties, enable `CHAP` and disable `MS-CHAP v2`.
**Android 6 (Marshmallow) users**: After install, edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=`. Then <a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">add a new line</a> `sha2-truncbug=yes`. Indent lines with two spaces. Finally, run `service ipsec restart`.
@ -117,11 +117,11 @@ The additional scripts <a href="vpnupgrade_Libreswan.sh" target="_blank">vpnupgr
## Bugs & Questions
- Have a question? Please first search other people's comments <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">in this GitHub Gist</a> and <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">on my blog</a>.
- Got a question? Please first search other people's comments <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">in this GitHub Gist</a> and <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">on my blog</a>.
- Ask Libreswan (IPsec) related questions <a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">on the mailing list</a>, or read these wikis: <a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://help.ubuntu.com/community/L2TPServer" target="_blank">[4]</a> <a href="https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation" target="_blank">[5]</a>.
- If you found a reproducible bug, open a <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues" target="_blank">GitHub Issue</a> to submit a bug report.
## Copyright and License
## License
Copyright (C) 2014-2016&nbsp;Lin Song&nbsp;&nbsp;&nbsp;<a href="https://www.linkedin.com/in/linsongui" target="_blank"><img src="https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View my profile on LinkedIn"></a>
Based on <a href="https://github.com/sarfata/voodooprivacy" target="_blank">the work of Thomas Sarlandie</a> (Copyright 2012)