1
0
mirror of synced 2024-11-28 23:56:04 +03:00

Update docs

This commit is contained in:
hwdsl2 2021-03-01 10:12:46 -06:00
parent 916765b544
commit e7e9bf2dc0
4 changed files with 20 additions and 16 deletions

View File

@ -286,6 +286,8 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,请看 [这里](#使用其他的-dns-服务器)。 在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务,请看 [这里](#使用其他的-dns-服务器)。
使用内核支持有助于提高 IPsec/L2TP 性能。它在所有 [受支持的系统](#系统要求) 上可用。Ubuntu 系统需要安装 `linux-modules-extra-$(uname -r)`(或者 `linux-image-extra`)软件包并运行 `service xl2tpd restart`
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。 这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
## 升级Libreswan ## 升级Libreswan
@ -327,9 +329,8 @@ wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh && sudo sh vpnupgrade.sh
*其他语言版本: [English](README.md#advanced-usage), [简体中文](README-zh.md#高级用法).* *其他语言版本: [English](README.md#advanced-usage), [简体中文](README-zh.md#高级用法).*
- [使用其他的 DNS 服务器](#使用其他的-dns-服务器) - [使用其他的 DNS 服务器](#使用其他的-dns-服务器)
- [使用域名和更改服务器 IP](#使用域名和更改服务器-ip) - [域名和更改服务器 IP](#域名和更改服务器-ip)
- [VPN 内网 IP](#vpn-内网-ip) - [VPN 内网 IP](#vpn-内网-ip)
- [L2TP 内核支持](#l2tp-内核支持)
- [更改 IPTables 规则](#更改-iptables-规则) - [更改 IPTables 规则](#更改-iptables-规则)
### 使用其他的 DNS 服务器 ### 使用其他的 DNS 服务器
@ -343,7 +344,7 @@ sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 sh vpn.sh
sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto
``` ```
### 使用域名和更改服务器 IP ### 域名和更改服务器 IP
对于 `IPsec/L2TP``IPsec/XAuth ("Cisco IPsec")` 模式,你可以在不需要额外配置的情况下使用一个域名(比如 `vpn.example.com`)而不是 IP 地址连接到 VPN 服务器。另外,一般来说,在服务器的 IP 更改后,比如在恢复一个映像到具有不同 IP 的新服务器后VPN 会继续正常工作,虽然可能需要重启服务器。 对于 `IPsec/L2TP``IPsec/XAuth ("Cisco IPsec")` 模式,你可以在不需要额外配置的情况下使用一个域名(比如 `vpn.example.com`)而不是 IP 地址连接到 VPN 服务器。另外,一般来说,在服务器的 IP 更改后,比如在恢复一个映像到具有不同 IP 的新服务器后VPN 会继续正常工作,虽然可能需要重启服务器。
@ -363,10 +364,6 @@ sudo VPN_DNS_NAME='vpn.example.com' bash ikev2.sh --auto
你可以使用这些 VPN 内网 IP 进行通信。但是请注意,为 VPN 客户端分配的 IP 是动态的,而且客户端设备上的防火墙可能会阻止这些流量。 你可以使用这些 VPN 内网 IP 进行通信。但是请注意,为 VPN 客户端分配的 IP 是动态的,而且客户端设备上的防火墙可能会阻止这些流量。
### L2TP 内核支持
使用内核支持有助于提高 IPsec/L2TP 性能。它在所有 [受支持的系统](#系统要求) 上可用。Ubuntu 系统需要安装 `linux-modules-extra-$(uname -r)`(或者 `linux-image-extra`)软件包并运行 `service xl2tpd restart`
### 更改 IPTables 规则 ### 更改 IPTables 规则
如果你想要在安装后更改 IPTables 规则,请编辑 `/etc/iptables.rules` 和/或 `/etc/iptables/rules.v4` (Ubuntu/Debian),或者 `/etc/sysconfig/iptables` (CentOS/RHEL)。然后重启服务器。 如果你想要在安装后更改 IPTables 规则,请编辑 `/etc/iptables.rules` 和/或 `/etc/iptables/rules.v4` (Ubuntu/Debian),或者 `/etc/sysconfig/iptables` (CentOS/RHEL)。然后重启服务器。

View File

@ -286,6 +286,8 @@ For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, [read below](#use-alternative-dns-servers). Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, [read below](#use-alternative-dns-servers).
Using kernel support could improve IPsec/L2TP performance. It is available on [all supported OS](#requirements). Ubuntu users should install the `linux-modules-extra-$(uname -r)` (or `linux-image-extra`) package and run `service xl2tpd restart`.
The scripts will backup existing config files before making changes, with `.old-date-time` suffix. The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
## Upgrade Libreswan ## Upgrade Libreswan
@ -327,9 +329,8 @@ wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh && sudo sh vpnupgrade.sh
*Read this in other languages: [English](README.md#advanced-usage), [简体中文](README-zh.md#高级用法).* *Read this in other languages: [English](README.md#advanced-usage), [简体中文](README-zh.md#高级用法).*
- [Use alternative DNS servers](#use-alternative-dns-servers) - [Use alternative DNS servers](#use-alternative-dns-servers)
- [Use a DNS name and server IP changes](#use-a-dns-name-and-server-ip-changes) - [DNS name and server IP changes](#dns-name-and-server-ip-changes)
- [Internal VPN IPs](#internal-vpn-ips) - [Internal VPN IPs](#internal-vpn-ips)
- [L2TP kernel support](#l2tp-kernel-support)
- [Modify IPTables rules](#modify-iptables-rules) - [Modify IPTables rules](#modify-iptables-rules)
### Use alternative DNS servers ### Use alternative DNS servers
@ -343,7 +344,7 @@ sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 sh vpn.sh
sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto
``` ```
### Use a DNS name and server IP changes ### DNS name and server IP changes
For `IPsec/L2TP` and `IPsec/XAuth ("Cisco IPsec")` modes, you may use a DNS name (e.g. `vpn.example.com`) instead of an IP address to connect to the VPN server, without additional configuration. In addition, the VPN should generally continue to work after server IP changes, such as after restoring a snapshot to a new server with a different IP, although a reboot may be required. For `IPsec/L2TP` and `IPsec/XAuth ("Cisco IPsec")` modes, you may use a DNS name (e.g. `vpn.example.com`) instead of an IP address to connect to the VPN server, without additional configuration. In addition, the VPN should generally continue to work after server IP changes, such as after restoring a snapshot to a new server with a different IP, although a reboot may be required.
@ -363,10 +364,6 @@ When connecting using `IPsec/XAuth ("Cisco IPsec")` or `IKEv2` mode, the VPN ser
You may use these internal VPN IPs for communication. However, note that the IPs assigned to VPN clients are dynamic, and firewalls on client devices may block such traffic. You may use these internal VPN IPs for communication. However, note that the IPs assigned to VPN clients are dynamic, and firewalls on client devices may block such traffic.
### L2TP kernel support
Using kernel support could improve IPsec/L2TP performance. It is available on [all supported OS](#requirements). Ubuntu users should install the `linux-modules-extra-$(uname -r)` (or `linux-image-extra`) package and run `service xl2tpd restart`.
### Modify IPTables rules ### Modify IPTables rules
If you want to modify the IPTables rules after install, edit `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS/RHEL). Then reboot your server. If you want to modify the IPTables rules after install, edit `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS/RHEL). Then reboot your server.

View File

@ -40,6 +40,11 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
<a href="../extras/ikev2setup.sh" target="_blank">脚本</a> 必须使用 `bash` 而不是 `sh` 运行。以上命令使用自动模式和默认选项运行辅助脚本。如果你想要自定义 IKEv2 安装选项,请在运行脚本时去掉 `--auto` 参数。在完成之后,请转到 [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端)。 <a href="../extras/ikev2setup.sh" target="_blank">脚本</a> 必须使用 `bash` 而不是 `sh` 运行。以上命令使用自动模式和默认选项运行辅助脚本。如果你想要自定义 IKEv2 安装选项,请在运行脚本时去掉 `--auto` 参数。在完成之后,请转到 [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端)。
<details>
<summary>
你可以指定一个域名和/或另外的 DNS 服务器。这是可选的。点这里查看详情。
</summary>
在使用自动模式安装 IKEv2 时,高级用户可以指定一个域名作为 VPN 服务器的地址。这是可选的。该域名必须是一个全称域名(FQDN)。示例如下: 在使用自动模式安装 IKEv2 时,高级用户可以指定一个域名作为 VPN 服务器的地址。这是可选的。该域名必须是一个全称域名(FQDN)。示例如下:
``` ```
@ -51,7 +56,7 @@ sudo VPN_DNS_NAME='vpn.example.com' bash ikev2.sh --auto
``` ```
sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto
``` ```
</details>
<details> <details>
<summary> <summary>
单击此处以查看 IKEv2 辅助脚本的详细使用信息。 单击此处以查看 IKEv2 辅助脚本的详细使用信息。

View File

@ -40,6 +40,11 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
The <a href="../extras/ikev2setup.sh" target="_blank">script</a> must be run using `bash`, not `sh`. The command above runs the helper script in auto mode, using default options. Remove the `--auto` parameter if you want to customize IKEv2 setup options. When finished, continue to [configure IKEv2 VPN clients](#configure-ikev2-vpn-clients). The <a href="../extras/ikev2setup.sh" target="_blank">script</a> must be run using `bash`, not `sh`. The command above runs the helper script in auto mode, using default options. Remove the `--auto` parameter if you want to customize IKEv2 setup options. When finished, continue to [configure IKEv2 VPN clients](#configure-ikev2-vpn-clients).
<details>
<summary>
You may optionally specify a DNS name and/or custom DNS servers. Click here for details.
</summary>
When running IKEv2 setup in auto mode, advanced users can optionally specify a DNS name to be used as the VPN server's address. The DNS name must be a fully qualified domain name (FQDN). Example: When running IKEv2 setup in auto mode, advanced users can optionally specify a DNS name to be used as the VPN server's address. The DNS name must be a fully qualified domain name (FQDN). Example:
``` ```
@ -51,7 +56,7 @@ By default, IKEv2 clients are set to use <a href="https://developers.google.com/
``` ```
sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto
``` ```
</details>
<details> <details>
<summary> <summary>
Click here to view detailed usage information for the IKEv2 helper script. Click here to view detailed usage information for the IKEv2 helper script.