1
0
mirror of synced 2024-11-25 14:26:09 +03:00

Update docs

This commit is contained in:
hwdsl2 2022-02-14 00:37:18 -06:00
parent 444403ba10
commit ddb6a65b82
10 changed files with 64 additions and 22 deletions

View File

@ -127,7 +127,7 @@ sudo ikev2.sh
</summary> </summary>
```bash ```bash
wget https://git.io/vpnsetup -qO vpn.sh wget https://git.io/vpnsetup -nv -O vpn.sh
nano -w vpn.sh nano -w vpn.sh
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD] [替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
sudo sh vpn.sh sudo sh vpn.sh
@ -153,7 +153,7 @@ sudo ikev2.sh
```bash ```bash
# 所有变量值必须用 '单引号' 括起来 # 所有变量值必须用 '单引号' 括起来
# *不要* 在值中使用这些字符: \ " ' # *不要* 在值中使用这些字符: \ " '
wget https://git.io/vpnsetup -qO vpn.sh wget https://git.io/vpnsetup -nv -O vpn.sh
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \ sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
VPN_USER='你的VPN用户名' \ VPN_USER='你的VPN用户名' \
VPN_PASSWORD='你的VPN密码' \ VPN_PASSWORD='你的VPN密码' \

View File

@ -127,7 +127,7 @@ Option 2: Edit the script and provide your own VPN credentials.
</summary> </summary>
```bash ```bash
wget https://git.io/vpnsetup -qO vpn.sh wget https://git.io/vpnsetup -nv -O vpn.sh
nano -w vpn.sh nano -w vpn.sh
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD] [Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
sudo sh vpn.sh sudo sh vpn.sh
@ -153,7 +153,7 @@ Option 3: Define your VPN credentials as environment variables.
```bash ```bash
# All values MUST be placed inside 'single quotes' # All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " ' # DO NOT use these special characters within values: \ " '
wget https://git.io/vpnsetup -qO vpn.sh wget https://git.io/vpnsetup -nv -O vpn.sh
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \ sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
VPN_USER='your_vpn_username' \ VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' \ VPN_PASSWORD='your_vpn_password' \

View File

@ -29,7 +29,7 @@ sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 ikev2.sh --auto
对于 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,你可以在不需要额外配置的情况下使用一个域名(比如 `vpn.example.com`)而不是 IP 地址连接到 VPN 服务器。另外,一般来说,在服务器的 IP 更改后,比如在恢复一个映像到具有不同 IP 的新服务器后VPN 会继续正常工作,虽然可能需要重启服务器。 对于 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,你可以在不需要额外配置的情况下使用一个域名(比如 `vpn.example.com`)而不是 IP 地址连接到 VPN 服务器。另外,一般来说,在服务器的 IP 更改后,比如在恢复一个映像到具有不同 IP 的新服务器后VPN 会继续正常工作,虽然可能需要重启服务器。
对于 [IKEv2](ikev2-howto-zh.md) 模式,如果你想要 VPN 在服务器的 IP 更改后继续正常工作,则必须在 [配置 IKEv2](ikev2-howto-zh.md) 时指定一个域名作为 VPN 服务器的地址。该域名必须是一个全称域名(FQDN),它将被包含在生成的服务器证书中。示例如下: 对于 [IKEv2](ikev2-howto-zh.md) 模式,如果你想要 VPN 在服务器的 IP 更改后继续正常工作,参见 [这一小节](ikev2-howto-zh.md#更改-ikev2-服务器地址)。或者,你也可以在 [配置 IKEv2](ikev2-howto-zh.md#使用辅助脚本配置-ikev2) 时指定一个域名作为 VPN 服务器的地址。该域名必须是一个全称域名(FQDN),它将被包含在生成的服务器证书中。示例如下:
``` ```
sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto
@ -45,7 +45,7 @@ sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto
```bash ```bash
# 下载脚本 # 下载脚本
wget -qO ikev2onlymode.sh https://bit.ly/ikev2onlymode wget -nv -O ikev2onlymode.sh https://bit.ly/ikev2onlymode
# 运行脚本并按提示操作 # 运行脚本并按提示操作
sudo bash ikev2onlymode.sh sudo bash ikev2onlymode.sh
``` ```

View File

@ -29,7 +29,7 @@ In certain circumstances, you may want VPN clients to use the specified DNS serv
For [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, you may use a DNS name (e.g. `vpn.example.com`) instead of an IP address to connect to the VPN server, without additional configuration. In addition, the VPN should generally continue to work after server IP changes, such as after restoring a snapshot to a new server with a different IP, although a reboot may be required. For [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, you may use a DNS name (e.g. `vpn.example.com`) instead of an IP address to connect to the VPN server, without additional configuration. In addition, the VPN should generally continue to work after server IP changes, such as after restoring a snapshot to a new server with a different IP, although a reboot may be required.
For [IKEv2](ikev2-howto.md) mode, if you want the VPN to continue to work after server IP changes, you must specify a DNS name to be used as the VPN server's address when [setting up IKEv2](ikev2-howto.md). The DNS name must be a fully qualified domain name (FQDN). It will be included in the generated server certificate. Example: For [IKEv2](ikev2-howto.md) mode, if you want the VPN to continue to work after server IP changes, read [this section](ikev2-howto.md#change-ikev2-server-address). Alternatively, you may specify a DNS name to be used as the VPN server's address when [setting up IKEv2](ikev2-howto.md#set-up-ikev2-using-helper-script). The DNS name must be a fully qualified domain name (FQDN). It will be included in the generated server certificate. Example:
``` ```
sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto
@ -45,7 +45,7 @@ To enable IKEv2-only mode, first install the VPN server and set up IKEv2 using i
```bash ```bash
# Download the script # Download the script
wget -qO ikev2onlymode.sh https://bit.ly/ikev2onlymode wget -nv -O ikev2onlymode.sh https://bit.ly/ikev2onlymode
# Run the script and follow the prompts # Run the script and follow the prompts
sudo bash ikev2onlymode.sh sudo bash ikev2onlymode.sh
``` ```

View File

@ -10,6 +10,7 @@
* [管理客户端证书](#管理客户端证书) * [管理客户端证书](#管理客户端证书)
* [手动在 VPN 服务器上配置 IKEv2](#手动在-vpn-服务器上配置-ikev2) * [手动在 VPN 服务器上配置 IKEv2](#手动在-vpn-服务器上配置-ikev2)
* [故障排除](#故障排除) * [故障排除](#故障排除)
* [更改 IKEv2 服务器地址](#更改-ikev2-服务器地址)
* [移除 IKEv2](#移除-ikev2) * [移除 IKEv2](#移除-ikev2)
* [参考链接](#参考链接) * [参考链接](#参考链接)
@ -50,7 +51,7 @@ sudo ikev2.sh
如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载 IKEv2 辅助脚本: 如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载 IKEv2 辅助脚本:
```bash ```bash
wget https://git.io/ikev2setup -qO /opt/src/ikev2.sh wget https://git.io/ikev2setup -nv -O /opt/src/ikev2.sh
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin
``` ```
@ -87,13 +88,20 @@ sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 ikev2.sh --auto
IKEv2 辅助脚本会不时更新,以进行错误修复和改进([更新日志](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh))。 当有新版本可用时,你可以更新服务器上的 IKEv2 辅助脚本。这是可选的。请注意,这些命令将覆盖任何现有的 `ikev2.sh` IKEv2 辅助脚本会不时更新,以进行错误修复和改进([更新日志](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh))。 当有新版本可用时,你可以更新服务器上的 IKEv2 辅助脚本。这是可选的。请注意,这些命令将覆盖任何现有的 `ikev2.sh`
```bash ```bash
wget https://git.io/ikev2setup -qO /opt/src/ikev2.sh wget https://git.io/ikev2setup -nv -O /opt/src/ikev2.sh
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
``` ```
</details> </details>
<details> <details>
<summary> <summary>
单击此处查看 IKEv2 脚本的使用信息。 了解如何在配置 IKEv2 之后更改服务器地址。
</summary>
在某些情况下,你可能需要在配置之后更改 IKEv2 服务器地址。参见 [这一小节](#更改-ikev2-服务器地址)。
</details>
<details>
<summary>
查看 IKEv2 脚本的使用信息。
</summary> </summary>
``` ```
@ -801,6 +809,19 @@ sudo ikev2.sh --revokeclient [client name]
1. Windows 自带的 VPN 客户端可能不支持 IKEv2 fragmentation该功能[需要](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 或更新版本)。在有些网络上,这可能会导致连接错误或其它连接问题。你可以尝试换用 [IPsec/L2TP](clients-zh.md) 或 [IPsec/XAuth](clients-xauth-zh.md) 模式。 1. Windows 自带的 VPN 客户端可能不支持 IKEv2 fragmentation该功能[需要](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 或更新版本)。在有些网络上,这可能会导致连接错误或其它连接问题。你可以尝试换用 [IPsec/L2TP](clients-zh.md) 或 [IPsec/XAuth](clients-xauth-zh.md) 模式。
1. 如果你使用 strongSwan Android VPN 客户端,则必须将服务器上的 Libreswan [升级](../README-zh.md#升级libreswan)到版本 3.26 或以上。 1. 如果你使用 strongSwan Android VPN 客户端,则必须将服务器上的 Libreswan [升级](../README-zh.md#升级libreswan)到版本 3.26 或以上。
## 更改 IKEv2 服务器地址
在某些情况下,你可能需要在配置之后更改 IKEv2 服务器地址。例如切换为使用域名,或者在服务器的 IP 更改之后。要更改服务器地址,运行这个 [辅助脚本](../extras/ikev2changeaddr.sh) 并按提示操作。
```bash
# 下载脚本
wget -nv -O ikev2changeaddr.sh https://bit.ly/ikev2changeaddr
# 运行脚本并按照提示操作
sudo bash ikev2changeaddr.sh
```
**重要:** 运行此脚本后,你必须手动更新任何现有 IKEv2 客户端设备上的服务器地址。对于 iOS 客户端,你需要使用 IKEv2 [辅助脚本](#使用辅助脚本配置-ikev2) 导出然后重新导入客户端配置。
## 移除 IKEv2 ## 移除 IKEv2
如果你想要从 VPN 服务器移除 IKEv2但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式(如果已安装),请重新运行 [辅助脚本](#使用辅助脚本配置-ikev2) 并选择 "Remove IKEv2" 选项。**警告:** 这将**永久删除**所有的 IKEv2 配置(包括证书和密钥),并且**不可撤销** 如果你想要从 VPN 服务器移除 IKEv2但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式(如果已安装),请重新运行 [辅助脚本](#使用辅助脚本配置-ikev2) 并选择 "Remove IKEv2" 选项。**警告:** 这将**永久删除**所有的 IKEv2 配置(包括证书和密钥),并且**不可撤销**

View File

@ -10,6 +10,7 @@
* [Manage client certificates](#manage-client-certificates) * [Manage client certificates](#manage-client-certificates)
* [Manually set up IKEv2 on the VPN server](#manually-set-up-ikev2-on-the-vpn-server) * [Manually set up IKEv2 on the VPN server](#manually-set-up-ikev2-on-the-vpn-server)
* [Troubleshooting](#troubleshooting) * [Troubleshooting](#troubleshooting)
* [Change IKEv2 server address](#change-ikev2-server-address)
* [Remove IKEv2](#remove-ikev2) * [Remove IKEv2](#remove-ikev2)
* [References](#references) * [References](#references)
@ -50,7 +51,7 @@ Error: "sudo: ikev2.sh: command not found".
This is normal if you used an older version of the VPN setup script. First, download the IKEv2 helper script: This is normal if you used an older version of the VPN setup script. First, download the IKEv2 helper script:
```bash ```bash
wget https://git.io/ikev2setup -qO /opt/src/ikev2.sh wget https://git.io/ikev2setup -nv -O /opt/src/ikev2.sh
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin
``` ```
@ -87,13 +88,20 @@ Learn how to update the IKEv2 helper script on your server.
The IKEv2 helper script is updated from time to time for bug fixes and improvements ([commit log](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh)). When a newer version is available, you may optionally update the IKEv2 helper script on your server. Note that these commands will overwrite any existing `ikev2.sh`. The IKEv2 helper script is updated from time to time for bug fixes and improvements ([commit log](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh)). When a newer version is available, you may optionally update the IKEv2 helper script on your server. Note that these commands will overwrite any existing `ikev2.sh`.
```bash ```bash
wget https://git.io/ikev2setup -qO /opt/src/ikev2.sh wget https://git.io/ikev2setup -nv -O /opt/src/ikev2.sh
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
``` ```
</details> </details>
<details> <details>
<summary> <summary>
Click here to view usage information for the IKEv2 script. Learn how to change server address after IKEv2 setup.
</summary>
In certain circumstances, you may need to change the IKEv2 server address after setup. Learn more in [this section](#change-ikev2-server-address).
</details>
<details>
<summary>
View usage information for the IKEv2 script.
</summary> </summary>
``` ```
@ -803,6 +811,19 @@ If you are unable to connect multiple IKEv2 clients from behind the same NAT (e.
1. The built-in VPN client in Windows may not support IKEv2 fragmentation (this feature [requires](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 or newer). On some networks, this can cause the connection to fail or have other issues. You may instead try the [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode. 1. The built-in VPN client in Windows may not support IKEv2 fragmentation (this feature [requires](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 or newer). On some networks, this can cause the connection to fail or have other issues. You may instead try the [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode.
1. If using the strongSwan Android VPN client, you must [update Libreswan](../README.md#upgrade-libreswan) on your server to version 3.26 or above. 1. If using the strongSwan Android VPN client, you must [update Libreswan](../README.md#upgrade-libreswan) on your server to version 3.26 or above.
## Change IKEv2 server address
In certain circumstances, you may need to change the IKEv2 server address after setup. For example, to switch to use a DNS name, or after server IP changes. To change the server address, run this [helper script](../extras/ikev2changeaddr.sh) and follow the prompts.
```bash
# Download the script
wget -nv -O ikev2changeaddr.sh https://bit.ly/ikev2changeaddr
# Run the script and follow the prompts
sudo bash ikev2changeaddr.sh
```
**Important:** After running this script, you must manually update the server address on any existing IKEv2 client devices. For iOS clients, you'll need to export and re-import client configuration using the IKEv2 [helper script](#set-up-ikev2-using-helper-script).
## Remove IKEv2 ## Remove IKEv2
If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes (if installed), run the [helper script](#set-up-ikev2-using-helper-script) again and select the "Remove IKEv2" option. **Warning:** All IKEv2 configuration including certificates and keys will be **permanently deleted**. This **cannot be undone**! If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes (if installed), run the [helper script](#set-up-ikev2-using-helper-script) again and select the "Remove IKEv2" option. **Warning:** All IKEv2 configuration including certificates and keys will be **permanently deleted**. This **cannot be undone**!

View File

@ -52,7 +52,7 @@ service xl2tpd restart
```bash ```bash
# 下载脚本 # 下载脚本
wget -qO add_vpn_user.sh https://bit.ly/addvpnuser wget -nv -O add_vpn_user.sh https://bit.ly/addvpnuser
# 运行脚本并按提示操作 # 运行脚本并按提示操作
sudo bash add_vpn_user.sh sudo bash add_vpn_user.sh
``` ```
@ -73,7 +73,7 @@ sudo bash add_vpn_user.sh '要更新的用户名' '新密码'
```bash ```bash
# 下载脚本 # 下载脚本
wget -qO del_vpn_user.sh https://bit.ly/delvpnuser wget -nv -O del_vpn_user.sh https://bit.ly/delvpnuser
# 运行脚本并按提示操作 # 运行脚本并按提示操作
sudo bash del_vpn_user.sh sudo bash del_vpn_user.sh
``` ```
@ -92,7 +92,7 @@ sudo bash del_vpn_user.sh '要删除的用户名'
```bash ```bash
# 下载脚本 # 下载脚本
wget -qO update_vpn_users.sh https://bit.ly/updatevpnusers wget -nv -O update_vpn_users.sh https://bit.ly/updatevpnusers
``` ```
要使用这个脚本,从以下选项中选择一个: 要使用这个脚本,从以下选项中选择一个:

View File

@ -52,7 +52,7 @@ Add a new VPN user, or update an existing VPN user with a new password.
```bash ```bash
# Download the script # Download the script
wget -qO add_vpn_user.sh https://bit.ly/addvpnuser wget -nv -O add_vpn_user.sh https://bit.ly/addvpnuser
# Run the script and follow the prompts # Run the script and follow the prompts
sudo bash add_vpn_user.sh sudo bash add_vpn_user.sh
``` ```
@ -73,7 +73,7 @@ Delete the specified VPN user.
```bash ```bash
# Download the script # Download the script
wget -qO del_vpn_user.sh https://bit.ly/delvpnuser wget -nv -O del_vpn_user.sh https://bit.ly/delvpnuser
# Run the script and follow the prompts # Run the script and follow the prompts
sudo bash del_vpn_user.sh sudo bash del_vpn_user.sh
``` ```
@ -92,7 +92,7 @@ Remove all existing VPN users and replace with the list of users you specify.
```bash ```bash
# Download the script # Download the script
wget -qO update_vpn_users.sh https://bit.ly/updatevpnusers wget -nv -O update_vpn_users.sh https://bit.ly/updatevpnusers
``` ```
To use this script, choose one of the following options: To use this script, choose one of the following options:

View File

@ -10,7 +10,7 @@
**警告:** 此[辅助脚本](../extras/vpnuninstall.sh)将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销** **警告:** 此[辅助脚本](../extras/vpnuninstall.sh)将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销**
```bash ```bash
wget https://git.io/vpnuninstall -qO vpnunst.sh wget https://git.io/vpnuninstall -nv -O vpnunst.sh
sudo bash vpnunst.sh sudo bash vpnunst.sh
``` ```

View File

@ -10,7 +10,7 @@
**Warning:** This [helper script](../extras/vpnuninstall.sh) will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**! **Warning:** This [helper script](../extras/vpnuninstall.sh) will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**!
```bash ```bash
wget https://git.io/vpnuninstall -qO vpnunst.sh wget https://git.io/vpnuninstall -nv -O vpnunst.sh
sudo bash vpnunst.sh sudo bash vpnunst.sh
``` ```