Update docs
This commit is contained in:
parent
e31c378b44
commit
e6b9208eeb
@ -138,7 +138,7 @@ VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
|
|||||||
|
|
||||||
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#windows-错误-809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。
|
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#windows-错误-809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。
|
||||||
|
|
||||||
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT (比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 <a href="docs/clients-xauth-zh.md" target="_blank">IPsec/XAuth 模式</a>。
|
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT (比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 <a href="docs/clients-xauth-zh.md" target="_blank">IPsec/XAuth 模式</a>。另外,你的服务器必须运行 [Libreswan 3.19](#升级libreswan) 或更新版本。
|
||||||
|
|
||||||
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请为 VPN 打开 UDP 端口 500 和 4500。
|
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请为 VPN 打开 UDP 端口 500 和 4500。
|
||||||
|
|
||||||
|
@ -138,7 +138,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
|
|||||||
|
|
||||||
For **Windows users**, this <a href="docs/clients.md#windows-error-809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
|
For **Windows users**, this <a href="docs/clients.md#windows-error-809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
|
||||||
|
|
||||||
The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>.
|
The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>. Also, your server must run [Libreswan 3.19](#upgrade-libreswan) or newer.
|
||||||
|
|
||||||
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN.
|
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN.
|
||||||
|
|
||||||
|
@ -44,7 +44,7 @@
|
|||||||
1. 单击 **确定** 关闭 **高级设置**。
|
1. 单击 **确定** 关闭 **高级设置**。
|
||||||
1. 单击 **确定** 保存 VPN 连接的详细信息。
|
1. 单击 **确定** 保存 VPN 连接的详细信息。
|
||||||
|
|
||||||
注: 在首次连接之前需要修改一次注册表。请参见下面的说明。
|
**注:** 在首次连接之前需要修改一次注册表。请参见下面的说明。
|
||||||
|
|
||||||
### Windows 7, Vista and XP
|
### Windows 7, Vista and XP
|
||||||
|
|
||||||
@ -72,7 +72,7 @@
|
|||||||
1. 单击 **确定** 关闭 **高级设置**。
|
1. 单击 **确定** 关闭 **高级设置**。
|
||||||
1. 单击 **确定** 保存 VPN 连接的详细信息。
|
1. 单击 **确定** 保存 VPN 连接的详细信息。
|
||||||
|
|
||||||
注: 在首次连接之前需要<a href="#windows-错误-809">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。
|
**注:** 在首次连接之前需要<a href="#windows-错误-809">修改一次注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。
|
||||||
|
|
||||||
要连接到 VPN: 单击系统托盘中的无线/网络图标,选择新的 VPN 连接,然后单击 **连接**。如果出现提示,在登录窗口中输入 `你的 VPN 用户名` 和 `密码` ,并单击 **确定**。最后你可以到 <a href="https://www.ipchicken.com" target="_blank">这里</a> 检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
|
要连接到 VPN: 单击系统托盘中的无线/网络图标,选择新的 VPN 连接,然后单击 **连接**。如果出现提示,在登录窗口中输入 `你的 VPN 用户名` 和 `密码` ,并单击 **确定**。最后你可以到 <a href="https://www.ipchicken.com" target="_blank">这里</a> 检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
|
||||||
|
|
||||||
|
@ -44,7 +44,7 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
|
|||||||
1. Click **OK** to close the **Advanced settings**.
|
1. Click **OK** to close the **Advanced settings**.
|
||||||
1. Click **OK** to save the VPN connection details.
|
1. Click **OK** to save the VPN connection details.
|
||||||
|
|
||||||
Note: A one-time registry change is required before connecting. See details below.
|
**Note:** A one-time registry change is required before connecting. See details below.
|
||||||
|
|
||||||
### Windows 7, Vista and XP
|
### Windows 7, Vista and XP
|
||||||
|
|
||||||
@ -72,7 +72,7 @@ Note: A one-time registry change is required before connecting. See details belo
|
|||||||
1. Click **OK** to close the **Advanced settings**.
|
1. Click **OK** to close the **Advanced settings**.
|
||||||
1. Click **OK** to save the VPN connection details.
|
1. Click **OK** to save the VPN connection details.
|
||||||
|
|
||||||
Note: This <a href="#windows-error-809">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
|
**Note:** This <a href="#windows-error-809">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
|
||||||
|
|
||||||
To connect to the VPN: Click on the wireless/network icon in your system tray, select the new VPN entry, and click **Connect**. If prompted, enter `Your VPN Username` and `Password`, then click **OK**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
|
To connect to the VPN: Click on the wireless/network icon in your system tray, select the new VPN entry, and click **Connect**. If prompted, enter `Your VPN Username` and `Password`, then click **OK**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
|
||||||
|
|
||||||
|
@ -82,7 +82,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
|
|||||||
```
|
```
|
||||||
|
|
||||||
1. 生成 Certificate Authority (CA) 和 VPN 服务器证书:
|
1. 生成 Certificate Authority (CA) 和 VPN 服务器证书:
|
||||||
注: 使用 "-v" 参数指定证书的有效期(单位:月),例如 "-v 36"。
|
**注:** 使用 "-v" 参数指定证书的有效期(单位:月),例如 "-v 36"。
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ certutil -S -x -n "Example CA" -s "O=Example,CN=Example CA" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t "CT,," -2
|
$ certutil -S -x -n "Example CA" -s "O=Example,CN=Example CA" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t "CT,," -2
|
||||||
@ -170,7 +170,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
|
|||||||
vpnclient u,u,u
|
vpnclient u,u,u
|
||||||
```
|
```
|
||||||
|
|
||||||
注:如需显示证书,可使用 `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`。要删除证书,将 `-L` 换成 `-D`。更多的 `certutil` 使用说明请看 <a href="http://manpages.ubuntu.com/manpages/zesty/man1/certutil.1.html" target="_blank">这里</a>。
|
**注:** 如需显示证书,可使用 `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`。要删除证书,将 `-L` 换成 `-D`。更多的 `certutil` 使用说明请看 <a href="http://manpages.ubuntu.com/manpages/zesty/man1/certutil.1.html" target="_blank">这里</a>。
|
||||||
|
|
||||||
1. 重启 IPsec 服务:
|
1. 重启 IPsec 服务:
|
||||||
|
|
||||||
|
@ -82,7 +82,7 @@ Before continuing, make sure you have successfully <a href="https://github.com/h
|
|||||||
```
|
```
|
||||||
|
|
||||||
1. Generate Certificate Authority (CA) and VPN server certificates:
|
1. Generate Certificate Authority (CA) and VPN server certificates:
|
||||||
Note: Specify the certificate validity period (in months) using "-v". e.g. "-v 36".
|
**Note:** Specify the certificate validity period (in months) using "-v". e.g. "-v 36".
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ certutil -S -x -n "Example CA" -s "O=Example,CN=Example CA" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t "CT,," -2
|
$ certutil -S -x -n "Example CA" -s "O=Example,CN=Example CA" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t "CT,," -2
|
||||||
@ -170,7 +170,7 @@ Before continuing, make sure you have successfully <a href="https://github.com/h
|
|||||||
vpnclient u,u,u
|
vpnclient u,u,u
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: To display a certificate, use `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`. To delete it, replace `-L` with `-D`. For other `certutil` usage, read <a href="http://manpages.ubuntu.com/manpages/zesty/man1/certutil.1.html" target="_blank">this page</a>.
|
**Note:** To display a certificate, use `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`. To delete it, replace `-L` with `-D`. For other `certutil` usage, read <a href="http://manpages.ubuntu.com/manpages/zesty/man1/certutil.1.html" target="_blank">this page</a>.
|
||||||
|
|
||||||
1. Restart IPsec service:
|
1. Restart IPsec service:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user