mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 04:56:03 +03:00
Code Issues Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
hwdsl2 2017-03-19 22:10:49 -05:00
parent 6f1dc6db1c
commit fec47196d6
14 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README-zh.md
View File

@ -1,4 +1,4 @@
# IPsec VPN 服务器一键安装脚本 # IPsec VPN 服务器一键安装脚本
[![Build Status](https://travis-ci.org/hwdsl2/setup-ipsec-vpn.svg?branch=master)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn) [![GitHub Stars](https://img.shields.io/github/stars/hwdsl2/setup-ipsec-vpn.svg?maxAge=86400)](https://github.com/hwdsl2/setup-ipsec-vpn/stargazers) [![Docker Stars](https://img.shields.io/docker/stars/hwdsl2/ipsec-vpn-server.svg?maxAge=86400)](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) [![Docker Pulls](https://img.shields.io/docker/pulls/hwdsl2/ipsec-vpn-server.svg?maxAge=86400)](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) [![Build Status](https://travis-ci.org/hwdsl2/setup-ipsec-vpn.svg?branch=master)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn) [![GitHub Stars](https://img.shields.io/github/stars/hwdsl2/setup-ipsec-vpn.svg?maxAge=86400)](https://github.com/hwdsl2/setup-ipsec-vpn/stargazers) [![Docker Stars](https://img.shields.io/docker/stars/hwdsl2/ipsec-vpn-server.svg?maxAge=86400)](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) [![Docker Pulls](https://img.shields.io/docker/pulls/hwdsl2/ipsec-vpn-server.svg?maxAge=86400)](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md)

4
README.md
View File

@ -1,4 +1,4 @@
# IPsec VPN Server Auto Setup Scripts # IPsec VPN Server Auto Setup Scripts
[![Build Status](https://travis-ci.org/hwdsl2/setup-ipsec-vpn.svg?branch=master)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn) [![GitHub Stars](https://img.shields.io/github/stars/hwdsl2/setup-ipsec-vpn.svg?maxAge=86400)](https://github.com/hwdsl2/setup-ipsec-vpn/stargazers) [![Docker Stars](https://img.shields.io/docker/stars/hwdsl2/ipsec-vpn-server.svg?maxAge=86400)](https://github.com/hwdsl2/docker-ipsec-vpn-server) [![Docker Pulls](https://img.shields.io/docker/pulls/hwdsl2/ipsec-vpn-server.svg?maxAge=86400)](https://github.com/hwdsl2/docker-ipsec-vpn-server) [![Build Status](https://travis-ci.org/hwdsl2/setup-ipsec-vpn.svg?branch=master)](https://travis-ci.org/hwdsl2/setup-ipsec-vpn) [![GitHub Stars](https://img.shields.io/github/stars/hwdsl2/setup-ipsec-vpn.svg?maxAge=86400)](https://github.com/hwdsl2/setup-ipsec-vpn/stargazers) [![Docker Stars](https://img.shields.io/docker/stars/hwdsl2/ipsec-vpn-server.svg?maxAge=86400)](https://github.com/hwdsl2/docker-ipsec-vpn-server) [![Docker Pulls](https://img.shields.io/docker/pulls/hwdsl2/ipsec-vpn-server.svg?maxAge=86400)](https://github.com/hwdsl2/docker-ipsec-vpn-server)
@ -139,7 +139,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
For **Windows users**, this <a href="docs/clients.md#windows-error-809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). For **Windows users**, this <a href="docs/clients.md#windows-error-809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>. Also, your server must run [Libreswan 3.19](#upgrade-libreswan) or newer. The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>. Also, your server must run [Libreswan 3.19](#upgrade-libreswan) or newer versions.
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN. For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN.

2
azure/README-zh.md
View File

@ -1,4 +1,4 @@
# 在 Microsoft Azure 上部署 # 在 Microsoft Azure 上部署
*其他语言版本: [English](README.md), [简体中文](README-zh.md).* *其他语言版本: [English](README.md), [简体中文](README-zh.md).*

2
azure/README.md
View File

@ -1,4 +1,4 @@
# Deploy to Microsoft Azure # Deploy to Microsoft Azure
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).* *Read this in other languages: [English](README.md), [简体中文](README-zh.md).*

2
docs/clients-xauth-zh.md
View File

@ -1,4 +1,4 @@
# 配置 IPsec/XAuth VPN 客户端 # 配置 IPsec/XAuth VPN 客户端
*其他语言版本: [English](clients-xauth.md), [简体中文](clients-xauth-zh.md).* *其他语言版本: [English](clients-xauth.md), [简体中文](clients-xauth-zh.md).*

2
docs/clients-xauth.md
View File

@ -1,4 +1,4 @@
# Configure IPsec/XAuth VPN Clients # Configure IPsec/XAuth VPN Clients
*Read this in other languages: [English](clients-xauth.md), [简体中文](clients-xauth-zh.md).* *Read this in other languages: [English](clients-xauth.md), [简体中文](clients-xauth-zh.md).*

2
docs/clients-zh.md
View File

@ -1,4 +1,4 @@
# 配置 IPsec/L2TP VPN 客户端 # 配置 IPsec/L2TP VPN 客户端
*其他语言版本: [English](clients.md), [简体中文](clients-zh.md).* *其他语言版本: [English](clients.md), [简体中文](clients-zh.md).*

2
docs/clients.md
View File

@ -1,4 +1,4 @@
# Configure IPsec/L2TP VPN Clients # Configure IPsec/L2TP VPN Clients
*Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).* *Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*

12
docs/ikev2-howto-zh.md
View File

@ -1,4 +1,4 @@
# 如何配置 IKEv2 VPN: Windows 和 Android # 如何配置 IKEv2 VPN: Windows 和 Android
*其他语言版本: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).* *其他语言版本: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
@ -152,7 +152,9 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
pk12util: PKCS12 EXPORT SUCCESSFUL pk12util: PKCS12 EXPORT SUCCESSFUL
``` ```
重复这个步骤来为更多的客户端生成证书,但必须把所有的 `vpnclient` 换成 `vpnclient2`,等等。请注意,如果你需要同时连接多个客户端,则必须为每个客户端生成唯一的证书。 重复这个步骤来为更多的客户端生成证书,但必须把所有的 `vpnclient` 换成 `vpnclient2`,等等。
**注:** 如果你需要同时连接多个客户端,则必须为每一个客户端生成唯一的证书。
1. 证书数据库现在应该包含以下内容: 1. 证书数据库现在应该包含以下内容:
@ -167,7 +169,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
vpnclient u,u,u vpnclient u,u,u
``` ```
**注:** 如需显示证书,可使用 `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`。要删除证书,将 `-L` 换成 `-D`。更多的 `certutil` 使用说明请看 <a href="http://manpages.ubuntu.com/manpages/zesty/man1/certutil.1.html" target="_blank">这里</a> **注:** 如需显示证书,可使用 `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`。要删除一个证书,将 `-L` 换成 `-D`。更多的 `certutil` 使用说明请看 <a href="http://manpages.ubuntu.com/manpages/zesty/man1/certutil.1.html" target="_blank">这里</a>
1. 重启 IPsec 服务: 1. 重启 IPsec 服务:
@ -181,7 +183,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
1. 将 `.p12` 文件导入到 "计算机账户" 证书存储。在导入证书后,你必须确保将客户端证书放在 "个人 -> 证书" 目录中,并且将 CA 证书放在 "受信任的根证书颁发机构 -> 证书" 目录中。 1. 将 `.p12` 文件导入到 "计算机账户" 证书存储。在导入证书后,你必须确保将客户端证书放在 "个人 -> 证书" 目录中,并且将 CA 证书放在 "受信任的根证书颁发机构 -> 证书" 目录中。
请按照以下链接的步骤操作 详细的操作步骤
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接: 1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接:
@ -200,7 +202,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
1. 在 **VPN Type** 下拉菜单选择 **IKEv2 Certificate** 1. 在 **VPN Type** 下拉菜单选择 **IKEv2 Certificate**
1. 单击添加一个 **User certificate**,然后单击 **Install** 1. 单击添加一个 **User certificate**,然后单击 **Install**
1. 选择你从服务器复制过来的 `.p12` 文件,并按提示操作。 1. 选择你从服务器复制过来的 `.p12` 文件,并按提示操作。
1. 保存新的 VPN 连接,然后单击它开始连接。 1. 保存新的 VPN 连接,然后单击它开始连接。
#### Windows Phone 8.1 及以上 #### Windows Phone 8.1 及以上

10
docs/ikev2-howto.md
View File

@ -1,4 +1,4 @@
# How-To: IKEv2 VPN for Windows and Android # How-To: IKEv2 VPN for Windows and Android
*Read this in other languages: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).* *Read this in other languages: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
@ -152,7 +152,9 @@ Before continuing, make sure you have successfully <a href="https://github.com/h
pk12util: PKCS12 EXPORT SUCCESSFUL pk12util: PKCS12 EXPORT SUCCESSFUL
``` ```
Repeat this step for additional VPN clients, but replace every `vpnclient` with `vpnclient2`, etc. Please note: If you wish to connect multiple VPN clients simultaneously, you must generate a unique certificate for each. Repeat this step for additional VPN clients, but replace every `vpnclient` with `vpnclient2`, etc.
**Note:** If you wish to connect multiple VPN clients simultaneously, you must generate a unique certificate for each.
1. The database should now contain: 1. The database should now contain:
@ -167,7 +169,7 @@ Before continuing, make sure you have successfully <a href="https://github.com/h
vpnclient u,u,u vpnclient u,u,u
``` ```
**Note:** To display a certificate, use `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`. To delete it, replace `-L` with `-D`. For other `certutil` usage, read <a href="http://manpages.ubuntu.com/manpages/zesty/man1/certutil.1.html" target="_blank">this page</a>. **Note:** To display a certificate, use `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`. To delete a certificate, replace `-L` with `-D`. For other `certutil` usage, read <a href="http://manpages.ubuntu.com/manpages/zesty/man1/certutil.1.html" target="_blank">this page</a>.
1. Restart IPsec service: 1. Restart IPsec service:
@ -181,7 +183,7 @@ Before continuing, make sure you have successfully <a href="https://github.com/h
1. Import the `.p12` file to the "Computer account" certificate store. Make sure that the client cert is placed in "Personal -> Certificates", and the CA cert is placed in "Trusted Root Certification Authorities -> Certificates". 1. Import the `.p12` file to the "Computer account" certificate store. Make sure that the client cert is placed in "Personal -> Certificates", and the CA cert is placed in "Trusted Root Certification Authorities -> Certificates".
Follow the instructions at this link: Detailed instructions:
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
1. On the Windows computer, add a new IKEv2 VPN connection 1. On the Windows computer, add a new IKEv2 VPN connection

2
docs/manage-users-zh.md
View File

@ -1,4 +1,4 @@
# 管理 VPN 用户 # 管理 VPN 用户
*其他语言版本: [English](manage-users.md), [简体中文](manage-users-zh.md).* *其他语言版本: [English](manage-users.md), [简体中文](manage-users-zh.md).*

2
docs/manage-users.md
View File

@ -1,4 +1,4 @@
# Manage VPN Users # Manage VPN Users
*Read this in other languages: [English](manage-users.md), [简体中文](manage-users-zh.md).* *Read this in other languages: [English](manage-users.md), [简体中文](manage-users-zh.md).*

2
docs/uninstall-zh.md
View File

@ -1,4 +1,4 @@
# 卸载 VPN # 卸载 VPN
*其他语言版本: [English](uninstall.md), [简体中文](uninstall-zh.md).* *其他语言版本: [English](uninstall.md), [简体中文](uninstall-zh.md).*

2
docs/uninstall.md
View File

@ -1,4 +1,4 @@
# Uninstall the VPN # Uninstall the VPN
*Read this in other languages: [English](uninstall.md), [简体中文](uninstall-zh.md).* *Read this in other languages: [English](uninstall.md), [简体中文](uninstall-zh.md).*