mirror of synced 2025-03-19 22:43:54 +03:00

Add instructions for client setup

This commit is contained in:
hwdsl2 2016-05-10 14:52:02 -05:00
parent 3493ab62f4
commit de8d25a540
4 changed files with 239 additions and 4 deletions

View File

@ -67,9 +67,9 @@ sudo sh vpnsetup_centos.sh
如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
## 下一步 ## 使用方法
配置你的计算机或其它设备使用 VPN 。在网络上根据关键词搜索教程,例如 <a href="https://www.bing.com/search?q=setup+L2TP+client" target="_blank">bing.com/search?q=setup+L2TP+client</a> 配置你的计算机或其它设备使用 VPN 。请参见: <a href="docs/clients-zh.md" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles: 开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:

View File

@ -66,9 +66,9 @@ sudo sh vpnsetup_centos.sh
If unable to download via `wget`, you may alternatively open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor. If unable to download via `wget`, you may alternatively open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
## Next Steps ## Usage
Get your computer or device to use the VPN. Search the web for instructions, e.g. <a href="https://www.google.com/search?q=setup+l2tp+client" target="_blank">google.com/search?q=setup+l2tp+client</a> Get your computer or device to use the VPN. Please see: <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:

docs/clients-zh.md Normal file
View File

@ -0,0 +1,117 @@
## 配置 IPsec/L2TP VPN 客户端
*Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*
注: 本说明是在 <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> 项目文档的基础上修改。该项目由 <a href="https://github.com/jlund" target="_blank">Joshua Lund</a> 和其他志愿者维护。 授权协议: GPLv3
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的用户名和密码。
* 平台名称
* [Windows](#windows)
* [OS X](#osx)
* [Android](#android)
* [iOS](#ios)
* [Chromebook](#chromebook)
<a name="windows"></a>
### Windows ###
1. 单击开始菜单,进入控制面板。
1. 单击 **网络与共享中心**
1. 单击 **设置新的连接或网络**
1. 选择 **连接到工作区**,然后单击**下一步**。
1. 单击 **使用我的Internet连接 (VPN)**
1. 在 **Internet地址** 字段中输入`你的 VPN 服务器 IP`
1. 在 **目标名称** 字段中输入任意内容。
1. 选中 **现在不连接;仅进行设置以便稍后连接** 复选框。
1. 单击 **下一步**
1. 在 **用户名** 字段中输入`你的 VPN 用户名`
1. 在 **密码** 字段中输入`你的 VPN 密码`
1. 选中 **记住此密码** 复选框。
1. 单击 **连接**,然后单击 **关闭** 按钮。
1. 返回到控制面板中的 **网络和Internet** 部分,然后单击 **连接到网络** 选项。
1. 右键单击新的VPN连接并选择 **属性**
1. 单击 **选项** 选项卡,取消选中 **包含Windows登录域** 复选框。
1. 单击 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">**安全** 选项卡</a>,从 **VPN 类型** 下拉菜单中选择 **使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)**。在 **允许使用这些协议** 下,选中 `CHAP` 复选框,并且取消选中 `MS-CHAP v2`
1. 单击 **高级设置** 按钮。
1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 IPsec PSK`
1. 单击 **确定** 关闭 **高级设置**
1. 单击 **确定** 保存 VPN 连接的详细信息。
1. 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。请按照链接文章中的说明进行操作,并在完成后重新启动计算机。
要连接到 VPN只需在系统托盘中的无线/网络图标上单击右键,选择新的 VPN 连接,然后单击 **连接**
<a name="osx"></a>
### OS X ###
1. 打开系统偏好设置并转到网络部分。
1. 在窗口左下角单击 **+** 按钮。
1. 从 **接口** 下拉菜单选择 **VPN**
1. 从 **VPN类型** 下拉菜单选择 **IPSec 上的 L2TP**
1. 在 **服务名称** 字段中输入任意内容。
1. 单击 **创建**
1. 在 **服务器地址** 字段中输入`你的 VPN 服务器 IP`
1. 在 **帐户名称** 字段中输入`你的 VPN 用户名`
1. 单击 **鉴定设置** 按钮。
1. 在 **用户鉴定** 部分,选择 **密码** 单选按钮,然后输入`你的 VPN 密码`
1. 在 **机器鉴定** 部分,选择 **共享的密钥** 单选按钮,然后输入`你的 IPsec PSK`
1. 单击 **好**
1. 选中 **在菜单栏中显示 VPN 状态** 复选框。
1. 单击 **高级** 按钮,并选中 **通过VPN连接发送所有通信** 复选框。
1. 单击 **TCP/IP** 选项卡,并确保在 **配置IPv6** 部分中选择 **仅本地**
1. 单击 **好** 关闭高级设置,然后单击 **应用** 保存VPN连接信息。
要连接到 VPN你可以使用菜单栏中的 VPN 图标,或者在系统偏好设置的网络部分选择 VPN并单击 **连接**
<a name="android"></a>
### Android ###
1. 启动 **设置** 应用程序。
1. 在 **无线和网络** 部分单击 **更多...**
1. 单击 **VPN**
1. 单击 **添加VPN配置文件**
1. 在 **名称** 字段中输入任意内容。
1. 在 **类型** 下拉菜单选择 **L2TP/IPSec PSK**
1. 在 **服务器地址** 字段中输入`你的 VPN 服务器 IP`
1. 在 **IPSec 预共享密钥** 字段中输入`你的 IPsec PSK`
1. 单击 **保存**
1. 单击新的VPN连接。
1. 在 **用户名** 字段中输入`你的 VPN 用户名`
1. 在 **密码** 字段中输入`你的 VPN 密码`
1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接**
Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 。另外<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">增加一行</a> `sha2-truncbug=yes` 。每行开头必须空两格。保存修改并运行 `service ipsec restart`
VPN 连接成功后,会在通知栏显示图标。
<a name="ios"></a>
### iOS ###
1. 进入设置 -> 通用 -> VPN。
1. 单击 **添加VPN配置...**
1. 单击 **类型** 。选择 **L2TP** 并返回。
1. 在 **描述** 字段中输入任意内容。
1. 在 **服务器** 字段中输入`你的 VPN 服务器 IP`
1. 在 **帐户** 字段中输入`你的 VPN 用户名`
1. 在 **密码** 字段中输入`你的 VPN 密码`
1. 在 **密钥** 字段中输入`你的 IPsec PSK`
1. 启用 **发送所有流量** 选项。
1. 单击右上角的 **存储**
1. 启用 **VPN** 连接。
VPN 连接成功后,会在通知栏显示图标。
<a name="chromebook"></a>
### Chromebook ###
1. 如果你尚未登录 Chromebook请先登录。
1. 单击状态区(其中显示帐户头像)。
1. 单击 **设置**
1. 在 **互联网连接** 部分,单击**添加连接**。
1. 单击 **添加 OpenVPN / L2TP**
1. 在 **服务器主机名** 字段中输入`你的 VPN 服务器 IP`
1. 在 **服务名称** 字段中输入任意内容。
1. 在 **供应商类型** 下拉菜单选择 **L2TP/IPsec + 预共享密钥**
1. 在 **预共享密钥** 字段中输入`你的 IPsec PSK`
1. 在 **用户名** 字段中输入`你的 VPN 用户名`
1. 在 **密码** 字段中输入`你的 VPN 密码`
1. 单击 **连接**
VPN 连接成功后,你会看到网络状态图标被 VPN 图标覆盖。

docs/clients.md Normal file
View File

@ -0,0 +1,118 @@
## Configure IPsec/L2TP VPN Clients
*Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*
Note: These instructions were adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project by <a href="https://github.com/jlund" target="_blank">Joshua Lund</a> and contributors. License: GPLv3
After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
* Platforms
* [Windows](#windows)
* [OS X](#osx)
* [Android](#android)
* [iOS](#ios)
* [Chromebook](#chromebook)
<a name="windows"></a>
### Windows ###
1. Click on the Start Menu and go to the Control Panel.
1. Go to the **Network and Internet** section.
1. Click **View network status and tasks**.
1. Click **Set up a new connection or network**.
1. Select **Connect to a workplace** and click **Next**.
1. Click **Use my Internet connection (VPN)**.
1. Enter `Your VPN Server IP` in the **Internet address** field.
1. Enter anything you like in the **Destination name** field.
1. Check the **Don't connect now; just set it up so I can connect later** checkbox.
1. Click **Next**.
1. Enter `Your VPN Username` in the **User name** field.
1. Enter `Your VPN Password` in the **Password** field.
1. Check the **Remember this password** checkbox.
1. Click **Connect**, then click the **Close** button.
1. Return to the Control Panel's **Network and Internet** section and click on the **Connect to a network** option.
1. Right-click on the new VPN connection and choose **Properties**.
1. Click the **Options** tab and uncheck **Include Windows logon domain**.
1. Click the <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-210084875" target="_blank">**Security** tab</a> and select **Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)** from the **Type of VPN** drop-down menu. Under "Allow these protocols", check the `CHAP` checkbox, and un-check `MS-CHAP v2`.
1. Click the **Advanced settings** button.
1. Select **Use preshared key for authentication** and enter `Your IPsec PSK` for the **Key**.
1. Click **OK** to close the **Advanced settings**.
1. Click **OK** to save the VPN connection details.
1. This <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Please follow instructions in the linked article, and reboot your computer when done.
To connect to the VPN, simply right-click on the wireless/network icon in your system tray, select the new VPN connection, and click **Connect**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
<a name="osx"></a>
### OS X ###
1. Open System Preferences and go to the Network section.
1. Click the **+** button in the lower-left corner of the window.
1. Select **VPN** from the **Interface** drop-down menu.
1. Select **L2TP over IPSec** from the **VPN Type** drop-down menu.
1. Enter anything you like for the **Service Name**.
1. Click **Create**.
1. Enter `Your VPN Server IP` for the **Server Address**.
1. Enter `Your VPN Username` for the **Account Name**.
1. Click the **Authentication Settings** button.
1. In the **User Authentication** section, select the **Password** radio button and enter `Your VPN Password` as its value.
1. In the **Machine Authentication** section, select the **Shared Secret** radio button and enter `Your IPsec PSK` as its value.
1. Click **OK**.
1. Check the **Show VPN status in menu bar** checkbox.
1. Click the **Advanced** button and make sure the **Send all traffic over VPN connection** checkbox is selected.
1. Click the **TCP/IP** tab, and make sure **Link-local only** is selected in the **Configure IPv6** section.
1. Click **OK** to close the Advanced settings, and then click **Apply** to save the VPN connection information.
You can connect to the VPN using the VPN icon in the menu bar, or by selecting the VPN in the Network section of System Preferences and choosing **Connect**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
<a name="android"></a>
### Android ###
1. Launch the **Settings** application.
1. Tap **More...** in the **Wireless & Networks** section.
1. Tap **VPN**.
1. Tap the **+** icon in the top-right of the screen.
1. Enter anything you like in the **Name** field.
1. Select **L2TP/IPSec PSK** in the **Type** drop-down menu.
1. Enter `Your VPN Server IP` in the **Server address** field.
1. Enter `Your IPsec PSK` in the **IPSec pre-shared key** field.
1. Tap **Save**.
1. Tap the new VPN connection.
1. Enter `Your VPN Username` in the **Username** field.
1. Enter `Your VPN Password` in the **Password** field.
1. Check the **Save account information** checkbox.
1. Tap **Connect**.
Note for Android 6 (Marshmallow) users: On the VPN server, edit the file `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then <a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">add a new line</a> `sha2-truncbug=yes` after those. Indent lines with two spaces. When finished, save the file and run `service ipsec restart`.
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
<a name="ios"></a>
### iOS ###
1. Go to Settings -> General -> VPN.
1. Tap **Add VPN Configuration...**.
1. Tap **Type**.
1. Select **L2TP** and go back.
1. Tap **Description** and enter anything you like.
1. Tap **Server** and enter `Your VPN Server IP`.
1. Tap **Account** and enter `Your VPN Username`.
1. Tap **Password** and enter `Your VPN Password`.
1. Tap **Secret** and enter `Your IPsec PSK`.
1. Tap **Done**.
1. Slide the **VPN** switch on.
Once connected, you will see a VPN icon in the status bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
<a name="chromebook"></a>
### Chromebook ###
1. If you haven't already, sign in to your Chromebook.
1. Click the status area, where your account picture appears.
1. Click **Settings**.
1. In the **Internet connection** section, click **Add connection**.
1. Click **Add OpenVPN / L2TP**.
1. Enter `Your VPN Server IP` for the **Server hostname**.
1. Enter anything you like for the **Service name**.
1. Make sure **Provider type** is **L2TP/IPSec + pre-shared key**.
1. Enter `Your IPsec PSK` for the **Pre-shared key**.
1. Enter `Your VPN Username` for the **Username**.
1. Enter `Your VPN Password` for the **Password**.
1. Click **Connect**.
Once connected, you will see a VPN icon overlay on the network status icon. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".