1
0
mirror of synced 2024-11-22 04:56:03 +03:00

Update docs

[ci skip]
This commit is contained in:
hwdsl2 2016-07-20 13:47:21 -05:00
parent 1ec957d3be
commit da8726e24e
6 changed files with 108 additions and 86 deletions

View File

@ -47,7 +47,7 @@
一个专用服务器或者虚拟专用服务器 (VPS),全新安装以上操作系统之一。另外也可使用 Debian 7 (Wheezy),但是必须首先运行<a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">另一个脚本</a>。 OpenVZ VPS 不受支持,用户可以尝试使用 <a href="https://github.com/breakwa11/shadowsocks-rss" target="_blank">ShadowsocksR</a> 或者 <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>
这也包括各种云计算服务中的 Linux 虚拟机,比如 Google Compute Engine, Amazon EC2, Microsoft Azure, IBM SoftLayer, VMware vCloud Air, Rackspace, DigitalOcean 和 Linode.
这也包括各种云计算服务中的 Linux 虚拟机,比如 Google Compute Engine, Amazon EC2, Microsoft Azure, IBM SoftLayer, VMware vCloud Air, Rackspace, DigitalOcean, Vultr 和 Linode。
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; 我想建立并使用自己的 VPN ,但是没有可用的服务器**</a>

View File

@ -47,7 +47,7 @@ A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2
A dedicated server or Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS is not supported, users could instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>.
This also includes Linux VMs in public clouds such as Google Compute Engine, Amazon EC2, Microsoft Azure, IBM SoftLayer, VMware vCloud Air, Rackspace, DigitalOcean and Linode.
This also includes Linux VMs in public clouds such as Google Compute Engine, Amazon EC2, Microsoft Azure, IBM SoftLayer, VMware vCloud Air, Rackspace, DigitalOcean, Vultr and Linode.
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; I want to run my own VPN but don't have a server for that**</a>

View File

@ -11,9 +11,9 @@
---
* 平台名称
* [Windows](#windows)
* [OS X](#os-x)
* [OS X (macOS)](#os-x)
* [Android](#android)
* [iOS](#ios)
* [iOS (iPhone/iPad)](#ios)
### Windows ###
@ -34,9 +34,6 @@
VPN 连接成功后,会在 VPN Connect 状态窗口中显示 **tunnel enabled** 字样。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
<a id="regkey"></a>
如果在连接过程中遇到错误,请参见 <a href="#故障排除">故障排除</a>
**注:** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。请参照链接网页中的说明,或者打开<a href="http://www.cnblogs.com/xxcanghai/p/4610054.html" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重启计算机。
- 适用于 Windows Vista, 7, 8 和 10
```console
@ -65,7 +62,7 @@ VPN 连接成功后,会在 VPN Connect 状态窗口中显示 **tunnel enabled*
1. 选中 **在菜单栏中显示 VPN 状态** 复选框。
1. 单击 **应用** 保存VPN连接信息。
要连接到 VPN,你可以使用菜单栏中的 VPN 图标,或者在系统偏好设置的网络部分选择 VPN并单击 **连接**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
要连接到 VPN 使用菜单栏中的图标,或者打开系统偏好设置的网络部分,选择 VPN 并单击 **连接**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
### Android ###
1. 启动 **设置** 应用程序。
@ -103,32 +100,6 @@ VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="h
VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
## 故障排除
### Windows 错误 809
> 无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应。
要解决此错误,请按照<a href="#regkey">上面的步骤</a>添加注册表键并重启计算机。
### Windows 错误 628
> 在连接完成前,连接被远程计算机终止。
要解决此错误,请按以下步骤操作:
1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**
1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性**
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
1. 单击 **确定** 保存 VPN 连接的详细信息。
![Select only CHAP in VPN connection properties-2](https://cloud.githubusercontent.com/assets/5104323/16026263/cbda945a-3192-11e6-96a6-ff18c5dd9a48.png)
### 其它错误
更多的故障排除信息请参见 <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues" target="_blank">这个文档</a>
## 致谢
本文档是在 <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> 项目文档基础上翻译和修改。该项目由 Joshua Lund 和其他开发者维护。

View File

@ -11,9 +11,9 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
---
* Platforms
* [Windows](#windows)
* [OS X](#os-x)
* [OS X (macOS)](#os-x)
* [Android](#android)
* [iOS](#ios)
* [iOS (iPhone/iPad)](#ios)
### Windows ###
@ -34,9 +34,6 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
Once connected, you will see **tunnel enabled** in the VPN Connect status window. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
<a id="regkey"></a>
If you get an error when trying to connect, see <a href="#troubleshooting">Troubleshooting</a>.
**Note:** This <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an <a href="http://www.winhelponline.com/blog/open-elevated-command-prompt-windows/" target="_blank">elevated command prompt</a>. You must reboot your computer when finished.
- For Windows Vista, 7, 8 and 10
```console
@ -65,7 +62,7 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub
1. Check the **Show VPN status in menu bar** checkbox.
1. Click **Apply** to save the VPN connection information.
You can connect to the VPN using the VPN icon in the menu bar, or by selecting the VPN in the Network section of System Preferences and choosing **Connect**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
To connect to the VPN: Use the menu bar icon, or go to the Network section of System Preferences, select the VPN and choose **Connect**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
### Android ###
1. Launch the **Settings** application.
@ -103,32 +100,6 @@ Once connected, you will see a VPN icon in the notification bar. You can verify
Once connected, you will see a VPN icon in the status bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
## Troubleshooting
### Windows Error 809
> The network connection between your computer and the VPN server could not be established because the remote server is not responding.
To fix this error, follow <a href="#regkey">the steps above</a> to add a registry key and reboot your computer.
### Windows Error 628
> The connection was terminated by the remote computer before it could be completed.
To fix this error, please follow these steps:
1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**.
1. Click **Allow these protocols**. Select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox, and deselect all others.
1. Click **OK** to save the VPN connection details.
![Select only CHAP in VPN connection properties](https://cloud.githubusercontent.com/assets/5104323/16024310/b113e9b6-3186-11e6-9e03-12f5455487ba.png)
### Other Errors
Please refer to <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues" target="_blank">this document</a> for more troubleshooting tips.
## Credits
This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project by Joshua Lund and contributors.

View File

@ -6,15 +6,16 @@
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的 VPN 服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
你也可以参考另一个带图片的<a href="https://usefulpcguide.com/17318/create-your-own-vpn/" target="_blank">分步指南</a>,由 Tony Tran 编写。
你也可以参考另一个<a href="https://usefulpcguide.com/17318/create-your-own-vpn/" target="_blank">带图片的安装指南</a>,由 Tony Tran 编写。
---
* 平台名称
* [Windows](#windows)
* [OS X](#os-x)
* [OS X (macOS)](#os-x)
* [Android](#android)
* [iOS](#ios)
* [iOS (iPhone/iPad)](#ios)
* [Chromebook](#chromebook)
* [Linux](#linux)
### Windows ###
@ -27,8 +28,8 @@
1. 单击 **使用我的Internet连接 (VPN)**
1. 在 **Internet地址** 字段中输入`你的 VPN 服务器 IP`。
1. 在 **目标名称** 字段中输入任意内容。单击 **创建**
1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**。
1. 单击左侧的 **更改适配器设置**右键单击新的 VPN 连接,并选择 **属性**
1. 返回 **网络与共享中心**。单击左侧的 **更改适配器设置**。
1. 右键单击新创建的 VPN 连接,并选择 **属性**
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
1. 单击 **高级设置** 按钮。
@ -54,8 +55,8 @@
1. 在 **密码** 字段中输入`你的 VPN 密码`。
1. 选中 **记住此密码** 复选框。
1. 单击 **创建**,然后单击 **关闭** 按钮。
1. 重复上面的第 1-3 步,打开 **网络与共享中心**。
1. 单击左侧的 **更改适配器设置**右键单击新的 VPN 连接,并选择 **属性**
1. 返回 **网络与共享中心**。单击左侧的 **更改适配器设置**。
1. 右键单击新创建的 VPN 连接,并选择 **属性**
1. 单击 **选项** 选项卡,取消选中 **包含Windows登录域** 复选框。
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
@ -98,7 +99,7 @@
1. 单击 **TCP/IP** 选项卡,并在 **配置IPv6** 部分中选择 **仅本地链接**
1. 单击 **好** 关闭高级设置,然后单击 **应用** 保存VPN连接信息。
要连接到 VPN,你可以使用菜单栏中的 VPN 图标,或者在系统偏好设置的网络部分选择 VPN并单击 **连接**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
要连接到 VPN 使用菜单栏中的图标,或者打开系统偏好设置的网络部分,选择 VPN 并单击 **连接**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
### Android ###
1. 启动 **设置** 应用程序。
@ -151,6 +152,45 @@ VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="h
VPN 连接成功后,网络状态图标上会出现 VPN 指示。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
### Linux ###
**Ubuntu and Debian:**
按照 <a href="http://www.jasonernst.com/2016/06/21/l2tp-ipsec-vpn-on-ubuntu-16-04/" target="_blank">这个教程</a> 的步骤操作。需要更正以下项:
1. 在文件 `xl2tpd.conf` 中,删除这一行 `# your vpn server goes here`
1. 在文件 `options.l2tpd.client` 中,将 `require-mschap-v2` 换成 `require-chap`
1. 替换最后一个命令 `sudo route add -net default gw <vpn server local ip>` 为:
```
sudo route add default dev ppp0
```
如果遇到错误,请检查 `ifconfig` 的输出并将上面的 `ppp0` 换成 `ppp1`,等等。
检查 VPN 是否正常工作:
```
wget -qO- http://whatismyip.akamai.com; echo
```
以上命令应该返回 `你的 VPN 服务器 IP`
要停止通过 VPN 服务器发送数据:
```
sudo route del default dev ppp0
```
**CentOS and Fedora:**
参照上面的 Ubuntu/Debian 部分,并进行以下改动:
1. 使用 `yum` 而不是 `apt-get` 命令来安装软件包。
1. 在这些系统中,`ipsec` 命令已经被重命名为 `strongswan`
1. 文件 `ipsec.conf``ipsec.secrets` 应该保存在 `/etc/strongswan` 目录中。
**Other Linux:**
如果你的系统提供 `strongswan` 软件包,请参见上面的两个部分。
## 故障排除
### Windows 错误 809

View File

@ -6,15 +6,16 @@
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" target="_blank">step-by-step guide</a> with images is available, written by Tony Tran.
You may also refer to this alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" target="_blank">setup guide with images</a> by Tony Tran.
---
* Platforms
* [Windows](#windows)
* [OS X](#os-x)
* [OS X (macOS)](#os-x)
* [Android](#android)
* [iOS](#ios)
* [iOS (iPhone/iPad)](#ios)
* [Chromebook](#chromebook)
* [Linux](#linux)
### Windows ###
@ -27,10 +28,10 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
1. Click **Use my Internet connection (VPN)**.
1. Enter `Your VPN Server IP` in the **Internet address** field.
1. Enter anything you like in the **Destination name** field, and then click **Create**.
1. Right-click on the wireless/network icon in your system tray, select **Open Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN entry and choose **Properties**.
1. Return to **Network and Sharing Center**. On the left, click **Change adapter settings**.
1. Right-click on the new VPN entry and choose **Properties**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**.
1. Click **Allow these protocols**. Select "Challenge Handshake Authentication Protocol (CHAP)" and deselect all others.
1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others.
1. Click the **Advanced settings** button.
1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
1. Click **OK** to close the **Advanced settings**.
@ -54,11 +55,11 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
1. Enter `Your VPN Password` in the **Password** field.
1. Check the **Remember this password** checkbox.
1. Click **Create**, and then **Close**.
1. Repeat steps 1-3 above to open **Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN entry and choose **Properties**.
1. Return to **Network and Sharing Center**. On the left, click **Change adapter settings**.
1. Right-click on the new VPN entry and choose **Properties**.
1. Click the **Options** tab and uncheck **Include Windows logon domain**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**.
1. Click **Allow these protocols**. Select "Challenge Handshake Authentication Protocol (CHAP)" and deselect all others.
1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others.
1. Click the **Advanced settings** button.
1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
1. Click **OK** to close the **Advanced settings**.
@ -94,11 +95,11 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub
1. In the **Machine Authentication** section, select the **Shared Secret** radio button and enter `Your VPN IPsec PSK`.
1. Click **OK**.
1. Check the **Show VPN status in menu bar** checkbox.
1. Click the **Advanced** button and make sure the **Send all traffic over VPN connection** checkbox is selected.
1. Click the **Advanced** button and make sure the **Send all traffic over VPN connection** checkbox is checked.
1. Click the **TCP/IP** tab, and make sure **Link-local only** is selected in the **Configure IPv6** section.
1. Click **OK** to close the Advanced settings, and then click **Apply** to save the VPN connection information.
You can connect to the VPN using the VPN icon in the menu bar, or by selecting the VPN in the Network section of System Preferences and choosing **Connect**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
To connect to the VPN: Use the menu bar icon, or go to the Network section of System Preferences, select the VPN and choose **Connect**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
### Android ###
1. Launch the **Settings** application.
@ -151,6 +152,45 @@ Once connected, you will see a VPN icon in the status bar. You can verify that y
Once connected, you will see a VPN icon overlay on the network status icon. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
### Linux ###
**Ubuntu and Debian:**
Follow the steps in <a href="http://www.jasonernst.com/2016/06/21/l2tp-ipsec-vpn-on-ubuntu-16-04/" target="_blank">this tutorial</a>. Some corrections are required:
1. In `xl2tpd.conf`, remove the line `# your vpn server goes here`.
1. In `options.l2tpd.client`, replace `require-mschap-v2` with `require-chap`.
1. Replace the last command `sudo route add -net default gw <vpn server local ip>` with:
```
sudo route add default dev ppp0
```
If there is an error, check the output of `ifconfig` and replace `ppp0` above with `ppp1`, etc.
Verify that your traffic is being routed properly:
```
wget -qO- http://whatismyip.akamai.com; echo
```
The above command should return `Your VPN Server IP`.
To stop routing traffic via the VPN server:
```
sudo route del default dev ppp0
```
**CentOS and Fedora:**
Refer to the Ubuntu/Debian section above, with these changes:
1. Use `yum` instead of `apt-get` to install packages.
1. In these systems, the `ipsec` command has been renamed to `strongswan`.
1. The files `ipsec.conf` and `ipsec.secrets` should be saved under `/etc/strongswan`.
**Other Linux:**
If your system provides the `strongswan` package, refer to the two sections above.
## Troubleshooting
### Windows Error 809
@ -168,7 +208,7 @@ To fix this error, please follow these steps:
1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**.
1. Click **Allow these protocols**. Select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox, and deselect all others.
1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others.
1. Click **OK** to save the VPN connection details.
![Select only CHAP in VPN connection properties](https://cloud.githubusercontent.com/assets/5104323/16024310/b113e9b6-3186-11e6-9e03-12f5455487ba.png)