mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 04:56:03 +03:00
Code Issues Projects Releases Wiki Activity

Minor corrections to docs

Browse Source
This commit is contained in:
hwdsl2 2016-05-21 13:57:14 -05:00
parent 631e3db107
commit d9026fe05d
4 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
README-zh.md
View File

@ -2,11 +2,10 @@
[![Build Status](https://img.shields.io/travis/hwdsl2/setup-ipsec-vpn.svg)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
[![Docker Ready](https://img.shields.io/badge/docker-ready-blue.svg)](https://github.com/hwdsl2/docker-ipsec-vpn-server)
[![Docker Pulls](https://img.shields.io/docker/pulls/hwdsl2/ipsec-vpn-server.svg)](https://github.com/hwdsl2/docker-ipsec-vpn-server)
*其他语言版本: [English](README.md), [简体中文](README-zh.md).*
使用这些 Linux Shell 脚本一键快速搭建 IPsec/L2TP VPN 服务器。支持 UbuntuDebian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,或者选择随机生成凭证。然后运行脚本自动完成安装。
使用这些 Linux Shell 脚本一键快速搭建 IPsec/L2TP VPN 服务器。支持 UbuntuDebian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,然后运行脚本自动完成安装。
我们将使用 <a href="https://libreswan.org/" target="_blank">Libreswan</a> 作为 IPsec 服务器,以及 <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> 作为 L2TP 提供者。
@ -59,16 +58,16 @@
首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 在安装完成后显示):
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 会在屏幕上显示):
```bash
wget 'https://git.io/vpnsetup' -O vpnsetup.sh && sudo sh vpnsetup.sh
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
**选项 2:** 在脚本中输入你自己的 VPN 登录凭证,或者将它们定义为环境变量:
**选项 2:** 输入你自己的 VPN 登录凭证,或者将它们定义为环境变量:
```bash
wget 'https://git.io/vpnsetup' -O vpnsetup.sh
wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh
[修改为你自己的值: VPN_IPSEC_PSK, VPN_USER 和 VPN_PASSWORD]
sudo sh vpnsetup.sh
@ -78,16 +77,16 @@ sudo sh vpnsetup.sh
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 在安装完成后显示):
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 会在屏幕上显示):
```bash
wget 'https://git.io/vpnsetup-centos' -O vpnsetup_centos.sh && sudo sh vpnsetup_centos.sh
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh && sudo sh vpnsetup_centos.sh
```
**选项 2:** 在脚本中输入你自己的 VPN 登录凭证,或者将它们定义为环境变量:
**选项 2:** 输入你自己的 VPN 登录凭证,或者将它们定义为环境变量:
```bash
wget 'https://git.io/vpnsetup-centos' -O vpnsetup_centos.sh
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh
[修改为你自己的值: VPN_IPSEC_PSK, VPN_USER 和 VPN_PASSWORD]
sudo sh vpnsetup_centos.sh
@ -99,15 +98,15 @@ sudo sh vpnsetup_centos.sh
配置你的计算机或其它设备使用 VPN 。请参见: <a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
**NEW** 新增支持更高效的 `IPsec/XAuth ("Cisco IPsec")` 模式。请参考 <a href="docs/clients-xauth-zh.md" target="_blank">配置 IPsec/XAuth VPN 客户端</a>
**NEW** 新增支持更高效的 `IPsec/XAuth ("Cisco IPsec")` 模式 <a href="docs/clients-xauth-zh.md" target="_blank">配置 IPsec/XAuth VPN 客户端</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
## 重要提示
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#windows" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到`Error 628`,请打开 VPN 连接属性的<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">"安全"选项卡</a>,启用 `CHAP` 选项并禁用 `MS-CHAP v2`
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#regkey" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到 `Error 628` ,请打开 VPN 连接属性的<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">"安全"选项卡</a>,启用 `CHAP` 选项并禁用 `MS-CHAP v2`
**Android 6 (Marshmallow) 用户** 请参此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
**Android 6 (Marshmallow) 用户** 请参此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
如果要创建具有不同凭据的多个 VPN 用户,只需要<a href="docs/enable-multiple-users.txt" target="_blank">修改这几行的脚本</a>
@ -119,12 +118,12 @@ sudo sh vpnsetup_centos.sh
## 关于升级Libreswan
提供两个额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a><a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于将已安装的 Libreswan 不定期升级至最新版本。请关注<a href="https://libreswan.org" target="_blank">官方网站</a>,并在运行前根据需要更新 `swan_ver` 变量。
提供两个额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a><a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于升级 Libreswan。请关注<a href="https://libreswan.org" target="_blank">官方网站</a>,并在运行前根据需要更新 `swan_ver` 变量。
## 问题和反馈
- 有问题需要提问?请先搜索其他用户的留言,在<a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">这个 GitHub Gist</a> 以及<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">我的博客文章</a>
- Libreswan (IPsec) 的相关问题可在<a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">邮件列表</a>提问。也可以参见这些 wiki 文章:<a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://help.ubuntu.com/community/L2TPServer" target="_blank">[4]</a> <a href="https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation" target="_blank">[5]</a>
- Libreswan (IPsec) 的相关问题可在<a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">邮件列表</a>提问。也可以参见这些文章:<a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://help.ubuntu.com/community/L2TPServer" target="_blank">[4]</a> <a href="https://libreswan.org/man/ipsec.conf.5.html" target="_blank">[5]</a>
- 如果你发现了一个可重复的程序漏洞,请提交一个 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues" target="_blank">GitHub Issue</a>
## 另见

23
README.md
View File

@ -2,11 +2,10 @@
[![Build Status](https://img.shields.io/travis/hwdsl2/setup-ipsec-vpn.svg)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
[![Docker Ready](https://img.shields.io/badge/docker-ready-blue.svg)](https://github.com/hwdsl2/docker-ipsec-vpn-server)
[![Docker Pulls](https://img.shields.io/docker/pulls/hwdsl2/ipsec-vpn-server.svg)](https://github.com/hwdsl2/docker-ipsec-vpn-server)
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
These scripts will let you set up your own IPsec/L2TP VPN server in no more than a minute on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, or auto-generate them. The scripts will handle the rest.
These scripts will let you set up your own IPsec/L2TP VPN server in no more than a minute on Ubuntu, Debian and CentOS. Just provide your own VPN credentials, and the scripts will handle the rest.
We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as the IPsec server, and <a href="https://github.com/xelerance/xl2tpd" target="_blank">xl2tpd</a> as the L2TP provider.
@ -59,16 +58,16 @@ A dedicated server or KVM/Xen-based Virtual Private Server (VPS), freshly instal
First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended.
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when done):
**Option 1:** Have the script generate random VPN credentials for you (will be displayed on the screen):
```bash
wget 'https://git.io/vpnsetup' -O vpnsetup.sh && sudo sh vpnsetup.sh
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
**Option 2:** Enter your own VPN credentials, or define them as environment variables:
```bash
wget 'https://git.io/vpnsetup' -O vpnsetup.sh
wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh
[Replace with your own values: VPN_IPSEC_PSK, VPN_USER and VPN_PASSWORD]
sudo sh vpnsetup.sh
@ -78,16 +77,16 @@ sudo sh vpnsetup.sh
First, update your system with `yum update` and reboot. This is optional, but recommended.
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when done):
**Option 1:** Have the script generate random VPN credentials for you (will be displayed on the screen):
```bash
wget 'https://git.io/vpnsetup-centos' -O vpnsetup_centos.sh && sudo sh vpnsetup_centos.sh
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh && sudo sh vpnsetup_centos.sh
```
**Option 2:** Enter your own VPN credentials, or define them as environment variables:
```bash
wget 'https://git.io/vpnsetup-centos' -O vpnsetup_centos.sh
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh
[Replace with your own values: VPN_IPSEC_PSK, VPN_USER and VPN_PASSWORD]
sudo sh vpnsetup_centos.sh
@ -99,13 +98,13 @@ If unable to download via `wget`, you may alternatively open <a href="vpnsetup.s
Get your computer or device to use the VPN. Please see: <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
**NEW:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported. See: <a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAuth VPN Clients</a>.
**NEW:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported: <a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAuth VPN Clients</a>.
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important Notes
For **Windows users**, a <a href="docs/clients.md#windows" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Also, if you see `Error 628`, go to <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">the "Security" tab</a> of VPN connection properties, enable `CHAP` and disable `MS-CHAP v2`.
For **Windows users**, a <a href="docs/clients.md#regkey" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Also, if you see `Error 628`, go to <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">the "Security" tab</a> of VPN connection properties, enable `CHAP` and disable `MS-CHAP v2`.
**Android 6 (Marshmallow) users** Please see notes in <a href="docs/clients.md#android" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
@ -119,12 +118,12 @@ The scripts will backup existing config files before making changes, with `.old-
## Upgrading Libreswan
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to periodically upgrade Libreswan to the latest version. Check the <a href="https://libreswan.org" target="_blank">official website</a> and update the `swan_ver` variable as necessary.
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to upgrade Libreswan. Check the <a href="https://libreswan.org" target="_blank">official website</a> and update the `swan_ver` variable as necessary.
## Bugs & Questions
- Got a question? Please first search other people's comments <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">in this GitHub Gist</a> and <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">on my blog</a>.
- Ask Libreswan (IPsec) related questions <a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">on the mailing list</a>, or read these wikis: <a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://help.ubuntu.com/community/L2TPServer" target="_blank">[4]</a> <a href="https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation" target="_blank">[5]</a>.
- Ask Libreswan (IPsec) related questions <a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">on the mailing list</a>, or read these articles: <a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://help.ubuntu.com/community/L2TPServer" target="_blank">[4]</a> <a href="https://libreswan.org/man/ipsec.conf.5.html" target="_blank">[5]</a>.
- If you found a reproducible bug, open a <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues" target="_blank">GitHub Issue</a> to submit a bug report.
## See Also

1
docs/clients-zh.md
View File

@ -38,6 +38,7 @@
1. 单击 **确定** 关闭 **高级设置**
1. 单击 **确定** 保存 VPN 连接的详细信息。
<a id="regkey"></a>
要连接到 VPN只需在系统托盘中的无线/网络图标上单击右键,选择新的 VPN 连接,然后单击 **连接**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
**注:** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。请参照链接文章中的说明,或者打开<a href="http://windows.microsoft.com/zh-cn/windows/command-prompt-faq#1TC=windows-7" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重新启动计算机。

1
docs/clients.md
View File

@ -38,6 +38,7 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
1. Click **OK** to close the **Advanced settings**.
1. Click **OK** to save the VPN connection details.
<a id="regkey"></a>
To connect to the VPN, simply right-click on the wireless/network icon in your system tray, select the new VPN connection, and click **Connect**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
**Note:** A <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Please refer to the linked page, or run the following from an <a href="http://windows.microsoft.com/en-us/windows/command-prompt-faq#1TC=windows-7" target="_blank">elevated command prompt</a>. You must reboot your computer when done.