Compare commits
No commits in common. "244d6a36f947d0d2d5e56c6c0361caf69a73b0ae" and "c983a8d5ba83ec6c20938f97ce066856bcb27eeb" have entirely different histories.
244d6a36f9
...
c983a8d5ba
16
README-zh.md
16
README-zh.md
@ -17,7 +17,7 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
|
||||
使用以下命令快速搭建 IPsec VPN 服务器:
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh
|
||||
wget https://get.vpnsetup.net -qO vpn.sh && sudo sh vpn.sh
|
||||
```
|
||||
|
||||
你的 VPN 登录凭证将会被自动随机生成,并在安装完成后显示。
|
||||
@ -102,13 +102,13 @@ curl -fsSL https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh -o
|
||||
**选项 1:** 使用脚本随机生成的 VPN 登录凭证(完成后会显示)。
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh
|
||||
wget https://get.vpnsetup.net -qO vpn.sh && sudo sh vpn.sh
|
||||
```
|
||||
|
||||
**选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证。
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net -O vpn.sh
|
||||
wget https://get.vpnsetup.net -nv -O vpn.sh
|
||||
nano -w vpn.sh
|
||||
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
|
||||
sudo sh vpn.sh
|
||||
@ -121,7 +121,7 @@ sudo sh vpn.sh
|
||||
```bash
|
||||
# 所有变量值必须用 '单引号' 括起来
|
||||
# *不要* 在值中使用这些字符: \ " '
|
||||
wget https://get.vpnsetup.net -O vpn.sh
|
||||
wget https://get.vpnsetup.net -nv -O vpn.sh
|
||||
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
|
||||
VPN_USER='你的VPN用户名' \
|
||||
VPN_PASSWORD='你的VPN密码' \
|
||||
@ -216,7 +216,7 @@ sudo sh vpn.sh
|
||||
使用以下命令更新你的 VPN 服务器上的 [Libreswan](https://libreswan.org)([更新日志](https://github.com/libreswan/libreswan/blob/main/CHANGES) | [通知列表](https://lists.libreswan.org/mailman/listinfo/swan-announce))。
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/upg -O vpnup.sh && sudo sh vpnup.sh
|
||||
wget https://get.vpnsetup.net/upg -qO vpnup.sh && sudo sh vpnup.sh
|
||||
```
|
||||
|
||||
<details>
|
||||
@ -253,12 +253,12 @@ curl -fsSL https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnupgr
|
||||
|
||||
## 卸载 VPN
|
||||
|
||||
要卸载 IPsec VPN,运行[辅助脚本](extras/vpnuninstall.sh):
|
||||
|
||||
**警告:** 此辅助脚本将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销**!
|
||||
|
||||
要卸载 IPsec VPN,运行[辅助脚本](extras/vpnuninstall.sh):
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh
|
||||
wget https://get.vpnsetup.net/unst -qO vpnunst.sh && sudo bash vpnunst.sh
|
||||
```
|
||||
|
||||
更多信息请参见 [卸载 VPN](docs/uninstall-zh.md)。
|
||||
|
20
README.md
20
README.md
@ -17,12 +17,12 @@ First, prepare your Linux server\* with a fresh install of Ubuntu, Debian or Cen
|
||||
Use this one-liner to set up an IPsec VPN server:
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh
|
||||
wget https://get.vpnsetup.net -qO vpn.sh && sudo sh vpn.sh
|
||||
```
|
||||
|
||||
Your VPN login details will be randomly generated, and displayed when finished.
|
||||
|
||||
After setup, you may optionally install [OpenVPN](https://github.com/hwdsl2/openvpn-install) and/or [WireGuard](https://github.com/hwdsl2/wireguard-install) on the same server.
|
||||
After successful installation, you may optionally install [OpenVPN](https://github.com/hwdsl2/openvpn-install) and/or [WireGuard](https://github.com/hwdsl2/wireguard-install) on the same server.
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
@ -102,13 +102,13 @@ To install the VPN, please choose one of the following options:
|
||||
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished).
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh
|
||||
wget https://get.vpnsetup.net -qO vpn.sh && sudo sh vpn.sh
|
||||
```
|
||||
|
||||
**Option 2:** Edit the script and provide your own VPN credentials.
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net -O vpn.sh
|
||||
wget https://get.vpnsetup.net -nv -O vpn.sh
|
||||
nano -w vpn.sh
|
||||
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
|
||||
sudo sh vpn.sh
|
||||
@ -121,14 +121,14 @@ sudo sh vpn.sh
|
||||
```bash
|
||||
# All values MUST be placed inside 'single quotes'
|
||||
# DO NOT use these special characters within values: \ " '
|
||||
wget https://get.vpnsetup.net -O vpn.sh
|
||||
wget https://get.vpnsetup.net -nv -O vpn.sh
|
||||
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
|
||||
VPN_USER='your_vpn_username' \
|
||||
VPN_PASSWORD='your_vpn_password' \
|
||||
sh vpn.sh
|
||||
```
|
||||
|
||||
After setup, you may optionally install [OpenVPN](https://github.com/hwdsl2/openvpn-install) and/or [WireGuard](https://github.com/hwdsl2/wireguard-install) on the same server.
|
||||
After successful installation, you may optionally install [OpenVPN](https://github.com/hwdsl2/openvpn-install) and/or [WireGuard](https://github.com/hwdsl2/wireguard-install) on the same server.
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
@ -216,7 +216,7 @@ The scripts will backup existing config files before making changes, with `.old-
|
||||
Use this one-liner to update [Libreswan](https://libreswan.org) ([changelog](https://github.com/libreswan/libreswan/blob/main/CHANGES) | [announce](https://lists.libreswan.org/mailman/listinfo/swan-announce)) on your VPN server.
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/upg -O vpnup.sh && sudo sh vpnup.sh
|
||||
wget https://get.vpnsetup.net/upg -qO vpnup.sh && sudo sh vpnup.sh
|
||||
```
|
||||
|
||||
<details>
|
||||
@ -253,12 +253,12 @@ See [Advanced usage](docs/advanced-usage.md).
|
||||
|
||||
## Uninstall the VPN
|
||||
|
||||
To uninstall IPsec VPN, run the [helper script](extras/vpnuninstall.sh):
|
||||
|
||||
**Warning:** This helper script will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**!
|
||||
|
||||
To uninstall IPsec VPN, run the [helper script](extras/vpnuninstall.sh):
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh
|
||||
wget https://get.vpnsetup.net/unst -qO vpnunst.sh && sudo bash vpnunst.sh
|
||||
```
|
||||
|
||||
For more information, see [Uninstall the VPN](docs/uninstall.md).
|
||||
|
@ -44,7 +44,9 @@ sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto
|
||||
要启用仅限 IKEv2 模式,首先按照 [自述文件](../README-zh.md) 中的说明安装 VPN 服务器并且配置 IKEv2。然后运行 [辅助脚本](../extras/ikev2onlymode.sh) 并按提示操作。
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/ikev2only -O ikev2only.sh
|
||||
# 下载脚本
|
||||
wget https://get.vpnsetup.net/ikev2only -nv -O ikev2only.sh
|
||||
# 运行脚本并按提示操作
|
||||
sudo bash ikev2only.sh
|
||||
```
|
||||
|
||||
|
@ -44,7 +44,9 @@ Using Libreswan 4.2 or newer, advanced users can enable IKEv2-only mode on the V
|
||||
To enable IKEv2-only mode, first install the VPN server and set up IKEv2 using instructions in the [README](../README.md). Then run the [helper script](../extras/ikev2onlymode.sh) and follow the prompts.
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/ikev2only -O ikev2only.sh
|
||||
# Download the script
|
||||
wget https://get.vpnsetup.net/ikev2only -nv -O ikev2only.sh
|
||||
# Run the script and follow the prompts
|
||||
sudo bash ikev2only.sh
|
||||
```
|
||||
|
||||
|
@ -57,7 +57,7 @@ sudo ikev2.sh
|
||||
如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载 IKEv2 辅助脚本:
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/ikev2 -O /opt/src/ikev2.sh
|
||||
wget https://get.vpnsetup.net/ikev2 -nv -O /opt/src/ikev2.sh
|
||||
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin
|
||||
```
|
||||
|
||||
@ -766,10 +766,12 @@ REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2
|
||||
|
||||
在某些情况下,你可能需要在配置之后更改 IKEv2 服务器地址。例如切换为使用域名,或者在服务器的 IP 更改之后。请注意,你在 VPN 客户端指定的服务器地址必须与 IKEv2 辅助脚本输出中的服务器地址 **完全一致**,否则客户端可能无法连接。
|
||||
|
||||
要更改服务器地址,运行 [辅助脚本](../extras/ikev2changeaddr.sh) 并按提示操作。
|
||||
要更改服务器地址,运行[辅助脚本](../extras/ikev2changeaddr.sh):
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/ikev2addr -O ikev2addr.sh
|
||||
# 下载脚本
|
||||
wget https://get.vpnsetup.net/ikev2addr -nv -O ikev2addr.sh
|
||||
# 运行脚本并按照提示操作
|
||||
sudo bash ikev2addr.sh
|
||||
```
|
||||
|
||||
@ -780,7 +782,7 @@ sudo bash ikev2addr.sh
|
||||
IKEv2 辅助脚本会不时更新,以进行错误修复和改进([更新日志](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh))。 当有新版本可用时,你可以更新服务器上的 IKEv2 辅助脚本。这是可选的。请注意,这些命令将覆盖任何现有的 `ikev2.sh`。
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/ikev2 -O /opt/src/ikev2.sh
|
||||
wget https://get.vpnsetup.net/ikev2 -nv -O /opt/src/ikev2.sh
|
||||
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||
```
|
||||
|
||||
|
@ -57,7 +57,7 @@ Error: "sudo: ikev2.sh: command not found".
|
||||
This is normal if you used an older version of the VPN setup script. First, download the IKEv2 helper script:
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/ikev2 -O /opt/src/ikev2.sh
|
||||
wget https://get.vpnsetup.net/ikev2 -nv -O /opt/src/ikev2.sh
|
||||
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin
|
||||
```
|
||||
|
||||
@ -768,10 +768,12 @@ If you are unable to connect multiple IKEv2 clients from behind the same NAT (e.
|
||||
|
||||
In certain circumstances, you may need to change the IKEv2 server address after setup. For example, to switch to use a DNS name, or after server IP changes. Note that the server address you specify on VPN client devices must **exactly match** the server address in the output of the IKEv2 helper script. Otherwise, devices may be unable to connect.
|
||||
|
||||
To change the server address, run the [helper script](../extras/ikev2changeaddr.sh) and follow the prompts.
|
||||
To change the server address, run the [helper script](../extras/ikev2changeaddr.sh):
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/ikev2addr -O ikev2addr.sh
|
||||
# Download the script
|
||||
wget https://get.vpnsetup.net/ikev2addr -nv -O ikev2addr.sh
|
||||
# Run the script and follow the prompts
|
||||
sudo bash ikev2addr.sh
|
||||
```
|
||||
|
||||
@ -782,7 +784,7 @@ sudo bash ikev2addr.sh
|
||||
The IKEv2 helper script is updated from time to time for bug fixes and improvements ([commit log](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh)). When a newer version is available, you may optionally update the IKEv2 helper script on your server. Note that these commands will overwrite any existing `ikev2.sh`.
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/ikev2 -O /opt/src/ikev2.sh
|
||||
wget https://get.vpnsetup.net/ikev2 -nv -O /opt/src/ikev2.sh
|
||||
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||
```
|
||||
|
||||
|
@ -35,7 +35,7 @@ sudo addvpnuser.sh
|
||||
如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载辅助脚本:
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/adduser -O /opt/src/addvpnuser.sh
|
||||
wget https://get.vpnsetup.net/adduser -nv -O /opt/src/addvpnuser.sh
|
||||
chmod +x /opt/src/addvpnuser.sh && ln -s /opt/src/addvpnuser.sh /usr/bin
|
||||
```
|
||||
|
||||
@ -70,7 +70,7 @@ sudo delvpnuser.sh
|
||||
如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载辅助脚本:
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/deluser -O /opt/src/delvpnuser.sh
|
||||
wget https://get.vpnsetup.net/deluser -nv -O /opt/src/delvpnuser.sh
|
||||
chmod +x /opt/src/delvpnuser.sh && ln -s /opt/src/delvpnuser.sh /usr/bin
|
||||
```
|
||||
|
||||
@ -92,7 +92,7 @@ sudo delvpnuser.sh '要删除的用户名'
|
||||
首先下载[辅助脚本](../extras/update_vpn_users.sh):
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/updateusers -O updatevpnusers.sh
|
||||
wget https://get.vpnsetup.net/updateusers -nv -O updatevpnusers.sh
|
||||
```
|
||||
|
||||
**重要:** 这个脚本会将你当前 **所有的 VPN 用户** 移除并替换为你指定的列表中的用户。如果你需要保留已有的 VPN 用户,则必须将它们包含在下面的变量中。
|
||||
|
@ -35,7 +35,7 @@ Error: "sudo: addvpnuser.sh: command not found".
|
||||
This is normal if you used an older version of the VPN setup script. First, download the helper script:
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/adduser -O /opt/src/addvpnuser.sh
|
||||
wget https://get.vpnsetup.net/adduser -nv -O /opt/src/addvpnuser.sh
|
||||
chmod +x /opt/src/addvpnuser.sh && ln -s /opt/src/addvpnuser.sh /usr/bin
|
||||
```
|
||||
|
||||
@ -70,7 +70,7 @@ Error: "sudo: delvpnuser.sh: command not found".
|
||||
This is normal if you used an older version of the VPN setup script. First, download the helper script:
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/deluser -O /opt/src/delvpnuser.sh
|
||||
wget https://get.vpnsetup.net/deluser -nv -O /opt/src/delvpnuser.sh
|
||||
chmod +x /opt/src/delvpnuser.sh && ln -s /opt/src/delvpnuser.sh /usr/bin
|
||||
```
|
||||
|
||||
@ -92,7 +92,7 @@ Remove **all existing VPN users** and replace with the list of users you specify
|
||||
First, download the [helper script](../extras/update_vpn_users.sh):
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/updateusers -O updatevpnusers.sh
|
||||
wget https://get.vpnsetup.net/updateusers -nv -O updatevpnusers.sh
|
||||
```
|
||||
|
||||
**Important:** This script will remove **all existing VPN users** and replace with the list of users you specify. Therefore, you must include any existing user(s) you want to keep in the variables below.
|
||||
|
@ -7,12 +7,12 @@
|
||||
|
||||
## 使用辅助脚本卸载 VPN
|
||||
|
||||
要卸载 IPsec VPN,运行[辅助脚本](../extras/vpnuninstall.sh):
|
||||
|
||||
**警告:** 此辅助脚本将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销**!
|
||||
|
||||
要卸载 IPsec VPN,运行[辅助脚本](../extras/vpnuninstall.sh):
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh
|
||||
wget https://get.vpnsetup.net/unst -qO vpnunst.sh && sudo bash vpnunst.sh
|
||||
```
|
||||
|
||||
## 手动卸载 VPN
|
||||
|
@ -7,12 +7,12 @@
|
||||
|
||||
## Uninstall using helper script
|
||||
|
||||
To uninstall IPsec VPN, run the [helper script](../extras/vpnuninstall.sh):
|
||||
|
||||
**Warning:** This helper script will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**!
|
||||
|
||||
To uninstall IPsec VPN, run the [helper script](../extras/vpnuninstall.sh):
|
||||
|
||||
```bash
|
||||
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh
|
||||
wget https://get.vpnsetup.net/unst -qO vpnunst.sh && sudo bash vpnunst.sh
|
||||
```
|
||||
|
||||
## Manually uninstall the VPN
|
||||
|
@ -186,9 +186,7 @@ update_sysctl() {
|
||||
else
|
||||
sed --follow-symlinks -i '/# Added by hwdsl2 VPN script/,+17d' /etc/sysctl.conf
|
||||
fi
|
||||
if [ ! -f /usr/bin/wg-quick ] && [ ! -f /usr/sbin/openvpn ]; then
|
||||
echo 0 > /proc/sys/net/ipv4/ip_forward
|
||||
fi
|
||||
echo 0 > /proc/sys/net/ipv4/ip_forward
|
||||
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
|
||||
fi
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user