1
0
mirror of synced 2024-11-24 05:46:09 +03:00

Compare commits

...

2 Commits

Author SHA1 Message Date
hwdsl2
608fca101c Update docs 2022-09-11 00:54:45 -05:00
hwdsl2
8912e6ec8e Update IKEv2 script
- Cleanup
2022-09-11 00:17:26 -05:00
9 changed files with 22 additions and 30 deletions

View File

@ -2,8 +2,6 @@
# 配置 IPsec/XAuth VPN 客户端 # 配置 IPsec/XAuth VPN 客户端
**注:** 你也可以使用 [IKEv2](ikev2-howto-zh.md)(推荐)或者 [IPsec/L2TP](clients-zh.md) 模式连接。
在成功 [搭建自己的 VPN 服务器](../README-zh.md) 之后按照下面的步骤来配置你的设备。IPsec/XAuth ("Cisco IPsec") 在 Android, iOS 和 OS X 上均受支持无需安装额外的软件。Windows 用户可以使用免费的 [Shrew Soft 客户端](https://www.shrew.net/download/vpn)。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。 在成功 [搭建自己的 VPN 服务器](../README-zh.md) 之后按照下面的步骤来配置你的设备。IPsec/XAuth ("Cisco IPsec") 在 Android, iOS 和 OS X 上均受支持无需安装额外的软件。Windows 用户可以使用免费的 [Shrew Soft 客户端](https://www.shrew.net/download/vpn)。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
IPsec/XAuth 模式也称为 "Cisco IPsec"。该模式通常能够比 IPsec/L2TP **更高效**地传输数据(较低的额外开销)。 IPsec/XAuth 模式也称为 "Cisco IPsec"。该模式通常能够比 IPsec/L2TP **更高效**地传输数据(较低的额外开销)。

View File

@ -2,8 +2,6 @@
# Configure IPsec/XAuth VPN Clients # Configure IPsec/XAuth VPN Clients
**Note:** You may also connect using [IKEv2](ikev2-howto.md) (recommended) or [IPsec/L2TP](clients.md) mode.
After [setting up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn), follow these steps to configure your devices. IPsec/XAuth ("Cisco IPsec") is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free [Shrew Soft client](https://www.shrew.net/download/vpn). In case you are unable to connect, first check to make sure the VPN credentials were entered correctly. After [setting up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn), follow these steps to configure your devices. IPsec/XAuth ("Cisco IPsec") is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free [Shrew Soft client](https://www.shrew.net/download/vpn). In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
IPsec/XAuth mode is also called "Cisco IPsec". This mode is generally **faster than** IPsec/L2TP with less overhead. IPsec/XAuth mode is also called "Cisco IPsec". This mode is generally **faster than** IPsec/L2TP with less overhead.

View File

@ -2,8 +2,6 @@
# 配置 IPsec/L2TP VPN 客户端 # 配置 IPsec/L2TP VPN 客户端
**注:** 你也可以使用 [IKEv2](ikev2-howto-zh.md)(推荐)或者 [IPsec/XAuth](clients-xauth-zh.md) 模式连接。
在成功 [搭建自己的 VPN 服务器](../README-zh.md) 之后按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。 在成功 [搭建自己的 VPN 服务器](../README-zh.md) 之后按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
--- ---

View File

@ -2,8 +2,6 @@
# Configure IPsec/L2TP VPN Clients # Configure IPsec/L2TP VPN Clients
**Note:** You may also connect using [IKEv2](ikev2-howto.md) (recommended) or [IPsec/XAuth](clients-xauth.md) mode.
After [setting up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn), follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly. After [setting up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn), follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
--- ---

View File

@ -2,12 +2,10 @@
# IKEv2 VPN 配置和使用指南 # IKEv2 VPN 配置和使用指南
**注:** 你也可以使用 [IPsec/L2TP](clients-zh.md) 或者 [IPsec/XAuth](clients-xauth-zh.md) 模式连接。
* [导言](#导言) * [导言](#导言)
* [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端) * [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端)
* [故障排除](#故障排除) * [故障排除](#故障排除)
* [管理客户端证书](#管理客户端证书) * [管理 IKEv2 客户端](#管理-ikev2-客户端)
* [更改 IKEv2 服务器地址](#更改-ikev2-服务器地址) * [更改 IKEv2 服务器地址](#更改-ikev2-服务器地址)
* [更新 IKEv2 辅助脚本](#更新-ikev2-辅助脚本) * [更新 IKEv2 辅助脚本](#更新-ikev2-辅助脚本)
* [使用辅助脚本配置 IKEv2](#使用辅助脚本配置-ikev2) * [使用辅助脚本配置 IKEv2](#使用辅助脚本配置-ikev2)
@ -549,7 +547,7 @@ REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2
Windows 自带的 VPN 客户端可能不支持 IKEv2 fragmentation该功能[需要](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 或更新版本)。在有些网络上,这可能会导致连接错误或其它连接问题。你可以尝试换用 [IPsec/L2TP](clients-zh.md) 或 [IPsec/XAuth](clients-xauth-zh.md) 模式。 Windows 自带的 VPN 客户端可能不支持 IKEv2 fragmentation该功能[需要](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 或更新版本)。在有些网络上,这可能会导致连接错误或其它连接问题。你可以尝试换用 [IPsec/L2TP](clients-zh.md) 或 [IPsec/XAuth](clients-xauth-zh.md) 模式。
## 管理客户端证书 ## 管理 IKEv2 客户端
* [列出已有的客户端](#列出已有的客户端) * [列出已有的客户端](#列出已有的客户端)
* [添加客户端证书](#添加客户端证书) * [添加客户端证书](#添加客户端证书)
@ -594,7 +592,7 @@ sudo ikev2.sh --exportclient [client name]
**警告:** 这将**永久删除**客户端证书和私钥。此操作**不可撤销** **警告:** 这将**永久删除**客户端证书和私钥。此操作**不可撤销**
如果要删除一个客户端证书 如果要删除一个现有的客户端:
```bash ```bash
sudo ikev2.sh --deleteclient [client name] sudo ikev2.sh --deleteclient [client name]
@ -635,7 +633,9 @@ sudo ikev2.sh --deleteclient [client name]
### 吊销客户端证书 ### 吊销客户端证书
在某些情况下,你可能需要吊销一个之前生成的 VPN 客户端证书。要吊销证书,可以运行辅助脚本。 在某些情况下,你可能需要吊销一个之前生成的 VPN 客户端证书。
如果要吊销一个现有的客户端:
```bash ```bash
sudo ikev2.sh --revokeclient [client name] sudo ikev2.sh --revokeclient [client name]
@ -828,8 +828,8 @@ Options:
--addclient [client name] add a new client using default options --addclient [client name] add a new client using default options
--exportclient [client name] export configuration for an existing client --exportclient [client name] export configuration for an existing client
--listclients list the names of existing clients --listclients list the names of existing clients
--revokeclient [client name] revoke a client certificate --revokeclient [client name] revoke an existing client
--deleteclient [client name] delete a client certificate --deleteclient [client name] delete an existing client
--removeikev2 remove IKEv2 and delete all certificates and keys from the IPsec database --removeikev2 remove IKEv2 and delete all certificates and keys from the IPsec database
-h, --help show this help message and exit -h, --help show this help message and exit

View File

@ -2,12 +2,10 @@
# Guide: How to Set Up and Use IKEv2 VPN # Guide: How to Set Up and Use IKEv2 VPN
**Note:** You may also connect using [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode.
* [Introduction](#introduction) * [Introduction](#introduction)
* [Configure IKEv2 VPN clients](#configure-ikev2-vpn-clients) * [Configure IKEv2 VPN clients](#configure-ikev2-vpn-clients)
* [Troubleshooting](#troubleshooting) * [Troubleshooting](#troubleshooting)
* [Manage client certificates](#manage-client-certificates) * [Manage IKEv2 clients](#manage-ikev2-clients)
* [Change IKEv2 server address](#change-ikev2-server-address) * [Change IKEv2 server address](#change-ikev2-server-address)
* [Update IKEv2 helper script](#update-ikev2-helper-script) * [Update IKEv2 helper script](#update-ikev2-helper-script)
* [Set up IKEv2 using helper script](#set-up-ikev2-using-helper-script) * [Set up IKEv2 using helper script](#set-up-ikev2-using-helper-script)
@ -551,7 +549,7 @@ If using Windows 10 and the VPN is stuck on "connecting" for more than a few min
The built-in VPN client in Windows may not support IKEv2 fragmentation (this feature [requires](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 or newer). On some networks, this can cause the connection to fail or have other issues. You may instead try the [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode. The built-in VPN client in Windows may not support IKEv2 fragmentation (this feature [requires](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 or newer). On some networks, this can cause the connection to fail or have other issues. You may instead try the [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode.
## Manage client certificates ## Manage IKEv2 clients
* [List existing clients](#list-existing-clients) * [List existing clients](#list-existing-clients)
* [Add a client certificate](#add-a-client-certificate) * [Add a client certificate](#add-a-client-certificate)
@ -596,7 +594,7 @@ First, read the important note above. Then click here for instructions.
**Warning:** The client certificate and private key will be **permanently deleted**. This **cannot be undone**! **Warning:** The client certificate and private key will be **permanently deleted**. This **cannot be undone**!
To delete a client certificate: To delete an existing client:
```bash ```bash
sudo ikev2.sh --deleteclient [client name] sudo ikev2.sh --deleteclient [client name]
@ -637,7 +635,9 @@ Alternatively, you can manually delete a client certificate.
### Revoke a client certificate ### Revoke a client certificate
In certain circumstances, you may need to revoke a previously generated VPN client certificate. To revoke a certificate, run the helper script. In certain circumstances, you may need to revoke a previously generated VPN client certificate.
To revoke an existing client:
```bash ```bash
sudo ikev2.sh --revokeclient [client name] sudo ikev2.sh --revokeclient [client name]
@ -830,8 +830,8 @@ Options:
--addclient [client name] add a new client using default options --addclient [client name] add a new client using default options
--exportclient [client name] export configuration for an existing client --exportclient [client name] export configuration for an existing client
--listclients list the names of existing clients --listclients list the names of existing clients
--revokeclient [client name] revoke a client certificate --revokeclient [client name] revoke an existing client
--deleteclient [client name] delete a client certificate --deleteclient [client name] delete an existing client
--removeikev2 remove IKEv2 and delete all certificates and keys from the IPsec database --removeikev2 remove IKEv2 and delete all certificates and keys from the IPsec database
-h, --help show this help message and exit -h, --help show this help message and exit

View File

@ -2,7 +2,7 @@
# 管理 VPN 用户 # 管理 VPN 用户
在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要查看或管理 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户,请阅读本文档。对于 IKEv2参见 [管理客户端证书](ikev2-howto-zh.md#管理客户端证书)。 在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要查看或管理 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户,请阅读本文档。对于 IKEv2参见 [管理 IKEv2 客户端](ikev2-howto-zh.md#管理-ikev2-客户端)。
* [使用辅助脚本管理 VPN 用户](#使用辅助脚本管理-vpn-用户) * [使用辅助脚本管理 VPN 用户](#使用辅助脚本管理-vpn-用户)
* [查看 VPN 用户](#查看-vpn-用户) * [查看 VPN 用户](#查看-vpn-用户)
@ -11,7 +11,7 @@
## 使用辅助脚本管理 VPN 用户 ## 使用辅助脚本管理 VPN 用户
你可以使用辅助脚本添加,删除或者更新 VPN 用户。它们将同时更新 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户。对于 IKEv2 模式参见 [管理客户端证书](ikev2-howto-zh.md#管理客户端证书)。 你可以使用辅助脚本添加,删除或者更新 VPN 用户。它们将同时更新 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户。对于 IKEv2参见 [管理 IKEv2 客户端](ikev2-howto-zh.md#管理-ikev2-客户端)。
**注:** 将下面的命令的参数换成你自己的值。VPN 用户信息保存在文件 `/etc/ppp/chap-secrets``/etc/ipsec.d/passwd`。脚本在修改这些文件之前会先做备份,使用 `.old-日期-时间` 为后缀。 **注:** 将下面的命令的参数换成你自己的值。VPN 用户信息保存在文件 `/etc/ppp/chap-secrets``/etc/ipsec.d/passwd`。脚本在修改这些文件之前会先做备份,使用 `.old-日期-时间` 为后缀。

View File

@ -2,7 +2,7 @@
# Manage VPN Users # Manage VPN Users
By default, a single user account for VPN login is created. If you wish to view or manage users for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes, read this document. For IKEv2, see [Manage client certificates](ikev2-howto.md#manage-client-certificates). By default, a single user account for VPN login is created. If you wish to view or manage users for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes, read this document. For IKEv2, see [Manage IKEv2 clients](ikev2-howto.md#manage-ikev2-clients).
* [Manage VPN users using helper scripts](#manage-vpn-users-using-helper-scripts) * [Manage VPN users using helper scripts](#manage-vpn-users-using-helper-scripts)
* [View VPN users](#view-vpn-users) * [View VPN users](#view-vpn-users)
@ -11,7 +11,7 @@ By default, a single user account for VPN login is created. If you wish to view
## Manage VPN users using helper scripts ## Manage VPN users using helper scripts
You may use helper scripts to add, delete or update VPN users for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. For IKEv2 mode, see [Manage client certificates](ikev2-howto.md#manage-client-certificates). You may use helper scripts to add, delete or update VPN users for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. For IKEv2, see [Manage IKEv2 clients](ikev2-howto.md#manage-ikev2-clients).
**Note:** Replace command arguments below with your own values. VPN users are stored in `/etc/ppp/chap-secrets` and `/etc/ipsec.d/passwd`. The scripts will backup these files before making changes, with `.old-date-time` suffix. **Note:** Replace command arguments below with your own values. VPN users are stored in `/etc/ppp/chap-secrets` and `/etc/ipsec.d/passwd`. The scripts will backup these files before making changes, with `.old-date-time` suffix.

View File

@ -175,8 +175,8 @@ Options:
--addclient [client name] add a new client using default options --addclient [client name] add a new client using default options
--exportclient [client name] export configuration for an existing client --exportclient [client name] export configuration for an existing client
--listclients list the names of existing clients --listclients list the names of existing clients
--revokeclient [client name] revoke a client certificate --revokeclient [client name] revoke an existing client
--deleteclient [client name] delete a client certificate --deleteclient [client name] delete an existing client
--removeikev2 remove IKEv2 and delete all certificates and keys from the IPsec database --removeikev2 remove IKEv2 and delete all certificates and keys from the IPsec database
-h, --help show this help message and exit -h, --help show this help message and exit