1
0
mirror of synced 2024-11-24 05:46:09 +03:00

Compare commits

..

No commits in common. "1fb560c226e8d617e65927e9a110d5143da8b963" and "92a68aa4f5165ce16c20d85686c4a759de69ff11" have entirely different histories.

10 changed files with 45 additions and 70 deletions

View File

@ -186,10 +186,6 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
*其他语言版本: [English](README.md#next-steps), [中文](README-zh.md#下一步)。* *其他语言版本: [English](README.md#next-steps), [中文](README-zh.md#下一步)。*
> 如果你喜欢这个项目,可以表达你的支持或感谢。
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="docs/images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="docs/images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
配置你的计算机或其它设备使用 VPN。请参见 配置你的计算机或其它设备使用 VPN。请参见
**[配置 IKEv2 VPN 客户端(推荐)](docs/ikev2-howto-zh.md)** **[配置 IKEv2 VPN 客户端(推荐)](docs/ikev2-howto-zh.md)**
@ -200,6 +196,10 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
开始使用自己的专属 VPN! :sparkles::tada::rocket::sparkles: 开始使用自己的专属 VPN! :sparkles::tada::rocket::sparkles:
如果你喜欢这个项目,可以表达你的支持或感谢。
<a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" src="docs/images/kofi1.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="docs/images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## 重要提示 ## 重要提示
**Windows 用户** 对于 IPsec/L2TP 模式,在首次连接之前需要 [修改注册表](docs/clients-zh.md#windows-错误-809),以解决 VPN 服务器或客户端与 NAT比如家用路由器的兼容问题。 **Windows 用户** 对于 IPsec/L2TP 模式,在首次连接之前需要 [修改注册表](docs/clients-zh.md#windows-错误-809),以解决 VPN 服务器或客户端与 NAT比如家用路由器的兼容问题。

View File

@ -186,10 +186,6 @@ If you are unable to download, open [vpnsetup.sh](vpnsetup.sh), then click the `
*Read this in other languages: [English](README.md#next-steps), [中文](README-zh.md#下一步).* *Read this in other languages: [English](README.md#next-steps), [中文](README-zh.md#下一步).*
> Like this project? You can show your support or appreciation.
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="docs/images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="docs/images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
Get your computer or device to use the VPN. Please refer to: Get your computer or device to use the VPN. Please refer to:
**[Configure IKEv2 VPN Clients (recommended)](docs/ikev2-howto.md)** **[Configure IKEv2 VPN Clients (recommended)](docs/ikev2-howto.md)**
@ -200,6 +196,10 @@ Get your computer or device to use the VPN. Please refer to:
Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
Like this project? You can show your support or appreciation.
<a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" src="docs/images/kofi1.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="docs/images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Important notes ## Important notes
**Windows users**: For IPsec/L2TP mode, a [one-time registry change](docs/clients.md#windows-error-809) is required if the VPN server or client is behind NAT (e.g. home router). **Windows users**: For IPsec/L2TP mode, a [one-time registry change](docs/clients.md#windows-error-809) is required if the VPN server or client is behind NAT (e.g. home router).

View File

@ -16,9 +16,7 @@ IPsec/XAuth 模式也称为 "Cisco IPsec"。该模式通常能够比 IPsec/L2TP
* [iOS (iPhone/iPad)](#ios) * [iOS (iPhone/iPad)](#ios)
* [Linux](#linux) * [Linux](#linux)
> 如果你喜欢这个项目,可以表达你的支持或感谢。 如果你喜欢这个项目,可以[表达你的支持或感谢](https://coindrop.to/hwdsl2)。
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Windows ## Windows

View File

@ -16,9 +16,7 @@ IPsec/XAuth mode is also called "Cisco IPsec". This mode is generally **faster t
* [iOS (iPhone/iPad)](#ios) * [iOS (iPhone/iPad)](#ios)
* [Linux](#linux) * [Linux](#linux)
> Like this project? You can show your support or appreciation. Like this project? You can [show your support or appreciation](https://coindrop.to/hwdsl2).
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Windows ## Windows

View File

@ -16,9 +16,7 @@
* [Linux](#linux) * [Linux](#linux)
* [故障排除](#故障排除) * [故障排除](#故障排除)
> 如果你喜欢这个项目,可以表达你的支持或感谢。 如果你喜欢这个项目,可以[表达你的支持或感谢](https://coindrop.to/hwdsl2)。
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Windows ## Windows

View File

@ -16,9 +16,7 @@ After [setting up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn
* [Linux](#linux) * [Linux](#linux)
* [Troubleshooting](#troubleshooting) * [Troubleshooting](#troubleshooting)
> Like this project? You can show your support or appreciation. Like this project? You can [show your support or appreciation](https://coindrop.to/hwdsl2).
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
## Windows ## Windows

View File

@ -35,9 +35,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
* [Linux](#linux) * [Linux](#linux)
* [Mikrotik RouterOS](#routeros) * [Mikrotik RouterOS](#routeros)
> 如果你喜欢这个项目,可以表达你的支持或感谢。 如果你喜欢这个项目,可以[表达你的支持或感谢](https://coindrop.to/hwdsl2)。
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
### Windows 7, 8, 10 和 11 ### Windows 7, 8, 10 和 11
@ -366,7 +364,7 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
### RouterOS ### RouterOS
**注:** 这些步骤由 [@Unix-User](https://github.com/Unix-User) 提供。建议通过 SSH 连接运行终端命令,例如通过 Putty。 **注:** 这些步骤由 [@Unix-User](https://github.com/Unix-User) 提供。
1. 将生成的 `.p12` 文件安全地传送到你的计算机。 1. 将生成的 `.p12` 文件安全地传送到你的计算机。
@ -388,29 +386,6 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
![routeros import certificate](images/routeros-import-cert.gif) ![routeros import certificate](images/routeros-import-cert.gif)
</details> </details>
或者,你也可以使用终端命令 (empty passphrase):
```bash
[admin@MikroTik] > /certificate/import file-name=mikrotik.p12
passphrase:
certificates-imported: 2
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
[admin@MikroTik] > /certificate/import file-name=mikrotik.p12
passphrase:
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
```
3. 在 terminal 中运行以下命令。将以下内容替换为你自己的值。 3. 在 terminal 中运行以下命令。将以下内容替换为你自己的值。
`YOUR_VPN_SERVER_IP_OR_DNS_NAME` 是你的 VPN 服务器 IP 或域名。 `YOUR_VPN_SERVER_IP_OR_DNS_NAME` 是你的 VPN 服务器 IP 或域名。
`IMPORTED_CERTIFICATE` 是上面第 2 步中的证书名称,例如 `vpnclient.p12_0` `IMPORTED_CERTIFICATE` 是上面第 2 步中的证书名称,例如 `vpnclient.p12_0`
@ -420,15 +395,23 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
来指定整个网络,或者使用 `192.168.0.10` 来指定仅用于一个设备,依此类推。 来指定整个网络,或者使用 `192.168.0.10` 来指定仅用于一个设备,依此类推。
```bash ```bash
/ip firewall address-list add address=THESE_ADDRESSES_GO_THROUGH_VPN list=local /ip firewall address-list
/ip ipsec mode-config add name=ike2-rw responder=no src-address-list=local add address=THESE_ADDRESSES_GO_THROUGH_VPN list=local
/ip ipsec policy group add name=ike2-rw /ip ipsec mode-config
/ip ipsec profile add name=ike2-rw add name=ike2-rw responder=no src-address-list=local
/ip ipsec peer add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw /ip ipsec policy group
/ip ipsec proposal add name=ike2-rw pfs-group=none add name=ike2-rw
/ip ipsec identity add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \ /ip ipsec profile
add name=ike2-rw
/ip ipsec peer
add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
/ip ipsec proposal
add name=ike2-rw pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \
peer=ike2-rw-client policy-template-group=ike2-rw peer=ike2-rw-client policy-template-group=ike2-rw
/ip ipsec policy add group=ike2-rw proposal=ike2-rw template=yes /ip ipsec policy
add group=ike2-rw proposal=ike2-rw template=yes
``` ```
4. 更多信息请参见 [#1112](https://github.com/hwdsl2/setup-ipsec-vpn/issues/1112#issuecomment-1059628623)。 4. 更多信息请参见 [#1112](https://github.com/hwdsl2/setup-ipsec-vpn/issues/1112#issuecomment-1059628623)。

View File

@ -35,9 +35,7 @@ By default, IKEv2 is automatically set up when running the VPN setup script. If
* [Linux](#linux) * [Linux](#linux)
* [Mikrotik RouterOS](#routeros) * [Mikrotik RouterOS](#routeros)
> Like this project? You can show your support or appreciation. Like this project? You can [show your support or appreciation](https://coindrop.to/hwdsl2).
>
> <a href="https://ko-fi.com/hwdsl2" target="_blank"><img height="36" width="187" src="images/kofi2.png" border="0" alt="Buy Me a Coffee at ko-fi.com" /></a> &nbsp;<a href="https://coindrop.to/hwdsl2" target="_blank"><img src="images/embed-button.png" height="36" width="145" border="0" alt="Coindrop.to me" /></a>
### Windows 7, 8, 10 and 11 ### Windows 7, 8, 10 and 11
@ -368,7 +366,9 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti
### RouterOS ### RouterOS
**Note:** These steps were contributed by [@Unix-User](https://github.com/Unix-User). It is recommended to run terminal commands via an SSH connection, e.g. via Putty. **Note:** These steps were contributed by [@Unix-User](https://github.com/Unix-User).
It is recommended to use terminal command via SSH connection, eg via Putty.
1. Securely transfer the generated `.p12` file to your computer. 1. Securely transfer the generated `.p12` file to your computer.
@ -382,16 +382,7 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti
2. In WinBox, go to System > certificates > import. Import the `.p12` certificate file twice (yes, import the same file two times!). Verify in your certificates panel. You will see 2 files, the one that is marked KT is the key. 2. In WinBox, go to System > certificates > import. Import the `.p12` certificate file twice (yes, import the same file two times!). Verify in your certificates panel. You will see 2 files, the one that is marked KT is the key.
<details>
<summary>
Click to see screencast.
</summary>
![routeros import certificate](images/routeros-import-cert.gif)
</details>
Or you can use terminal instead (empty passphrase): Or you can use terminal instead (empty passphrase):
```bash ```bash
[admin@MikroTik] > /certificate/import file-name=mikrotik.p12 [admin@MikroTik] > /certificate/import file-name=mikrotik.p12
passphrase: passphrase:
@ -413,6 +404,15 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti
``` ```
<details>
<summary>
Click to see screencast.
</summary>
![routeros import certificate](images/routeros-import-cert.gif)
</details>
3. Run these commands in terminal. Replace the following with your own values. 3. Run these commands in terminal. Replace the following with your own values.
`YOUR_VPN_SERVER_IP_OR_DNS_NAME` is your VPN server IP or DNS name. `YOUR_VPN_SERVER_IP_OR_DNS_NAME` is your VPN server IP or DNS name.
`IMPORTED_CERTIFICATE` is the name of the certificate from step 2 above, e.g. `vpnclient.p12_0` `IMPORTED_CERTIFICATE` is the name of the certificate from step 2 above, e.g. `vpnclient.p12_0`

BIN
docs/images/kofi1.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.2 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 38 KiB