1
0
mirror of synced 2024-11-23 21:36:09 +03:00

Compare commits

..

No commits in common. "244d6a36f947d0d2d5e56c6c0361caf69a73b0ae" and "c983a8d5ba83ec6c20938f97ce066856bcb27eeb" have entirely different histories.

11 changed files with 49 additions and 43 deletions

View File

@ -17,7 +17,7 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
使用以下命令快速搭建 IPsec VPN 服务器: 使用以下命令快速搭建 IPsec VPN 服务器:
```bash ```bash
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh wget https://get.vpnsetup.net -qO vpn.sh && sudo sh vpn.sh
``` ```
你的 VPN 登录凭证将会被自动随机生成,并在安装完成后显示。 你的 VPN 登录凭证将会被自动随机生成,并在安装完成后显示。
@ -102,13 +102,13 @@ curl -fsSL https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh -o
**选项 1:** 使用脚本随机生成的 VPN 登录凭证(完成后会显示)。 **选项 1:** 使用脚本随机生成的 VPN 登录凭证(完成后会显示)。
```bash ```bash
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh wget https://get.vpnsetup.net -qO vpn.sh && sudo sh vpn.sh
``` ```
**选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证。 **选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证。
```bash ```bash
wget https://get.vpnsetup.net -O vpn.sh wget https://get.vpnsetup.net -nv -O vpn.sh
nano -w vpn.sh nano -w vpn.sh
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD] [替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
sudo sh vpn.sh sudo sh vpn.sh
@ -121,7 +121,7 @@ sudo sh vpn.sh
```bash ```bash
# 所有变量值必须用 '单引号' 括起来 # 所有变量值必须用 '单引号' 括起来
# *不要* 在值中使用这些字符: \ " ' # *不要* 在值中使用这些字符: \ " '
wget https://get.vpnsetup.net -O vpn.sh wget https://get.vpnsetup.net -nv -O vpn.sh
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \ sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
VPN_USER='你的VPN用户名' \ VPN_USER='你的VPN用户名' \
VPN_PASSWORD='你的VPN密码' \ VPN_PASSWORD='你的VPN密码' \
@ -216,7 +216,7 @@ sudo sh vpn.sh
使用以下命令更新你的 VPN 服务器上的 [Libreswan](https://libreswan.org)[更新日志](https://github.com/libreswan/libreswan/blob/main/CHANGES) | [通知列表](https://lists.libreswan.org/mailman/listinfo/swan-announce))。 使用以下命令更新你的 VPN 服务器上的 [Libreswan](https://libreswan.org)[更新日志](https://github.com/libreswan/libreswan/blob/main/CHANGES) | [通知列表](https://lists.libreswan.org/mailman/listinfo/swan-announce))。
```bash ```bash
wget https://get.vpnsetup.net/upg -O vpnup.sh && sudo sh vpnup.sh wget https://get.vpnsetup.net/upg -qO vpnup.sh && sudo sh vpnup.sh
``` ```
<details> <details>
@ -253,12 +253,12 @@ curl -fsSL https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnupgr
## 卸载 VPN ## 卸载 VPN
要卸载 IPsec VPN运行[辅助脚本](extras/vpnuninstall.sh)
**警告:** 此辅助脚本将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销** **警告:** 此辅助脚本将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销**
要卸载 IPsec VPN运行[辅助脚本](extras/vpnuninstall.sh)
```bash ```bash
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh wget https://get.vpnsetup.net/unst -qO vpnunst.sh && sudo bash vpnunst.sh
``` ```
更多信息请参见 [卸载 VPN](docs/uninstall-zh.md)。 更多信息请参见 [卸载 VPN](docs/uninstall-zh.md)。

View File

@ -17,12 +17,12 @@ First, prepare your Linux server\* with a fresh install of Ubuntu, Debian or Cen
Use this one-liner to set up an IPsec VPN server: Use this one-liner to set up an IPsec VPN server:
```bash ```bash
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh wget https://get.vpnsetup.net -qO vpn.sh && sudo sh vpn.sh
``` ```
Your VPN login details will be randomly generated, and displayed when finished. Your VPN login details will be randomly generated, and displayed when finished.
After setup, you may optionally install [OpenVPN](https://github.com/hwdsl2/openvpn-install) and/or [WireGuard](https://github.com/hwdsl2/wireguard-install) on the same server. After successful installation, you may optionally install [OpenVPN](https://github.com/hwdsl2/openvpn-install) and/or [WireGuard](https://github.com/hwdsl2/wireguard-install) on the same server.
<details> <details>
<summary> <summary>
@ -102,13 +102,13 @@ To install the VPN, please choose one of the following options:
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished). **Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished).
```bash ```bash
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh wget https://get.vpnsetup.net -qO vpn.sh && sudo sh vpn.sh
``` ```
**Option 2:** Edit the script and provide your own VPN credentials. **Option 2:** Edit the script and provide your own VPN credentials.
```bash ```bash
wget https://get.vpnsetup.net -O vpn.sh wget https://get.vpnsetup.net -nv -O vpn.sh
nano -w vpn.sh nano -w vpn.sh
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD] [Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
sudo sh vpn.sh sudo sh vpn.sh
@ -121,14 +121,14 @@ sudo sh vpn.sh
```bash ```bash
# All values MUST be placed inside 'single quotes' # All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " ' # DO NOT use these special characters within values: \ " '
wget https://get.vpnsetup.net -O vpn.sh wget https://get.vpnsetup.net -nv -O vpn.sh
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \ sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
VPN_USER='your_vpn_username' \ VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' \ VPN_PASSWORD='your_vpn_password' \
sh vpn.sh sh vpn.sh
``` ```
After setup, you may optionally install [OpenVPN](https://github.com/hwdsl2/openvpn-install) and/or [WireGuard](https://github.com/hwdsl2/wireguard-install) on the same server. After successful installation, you may optionally install [OpenVPN](https://github.com/hwdsl2/openvpn-install) and/or [WireGuard](https://github.com/hwdsl2/wireguard-install) on the same server.
<details> <details>
<summary> <summary>
@ -216,7 +216,7 @@ The scripts will backup existing config files before making changes, with `.old-
Use this one-liner to update [Libreswan](https://libreswan.org) ([changelog](https://github.com/libreswan/libreswan/blob/main/CHANGES) | [announce](https://lists.libreswan.org/mailman/listinfo/swan-announce)) on your VPN server. Use this one-liner to update [Libreswan](https://libreswan.org) ([changelog](https://github.com/libreswan/libreswan/blob/main/CHANGES) | [announce](https://lists.libreswan.org/mailman/listinfo/swan-announce)) on your VPN server.
```bash ```bash
wget https://get.vpnsetup.net/upg -O vpnup.sh && sudo sh vpnup.sh wget https://get.vpnsetup.net/upg -qO vpnup.sh && sudo sh vpnup.sh
``` ```
<details> <details>
@ -253,12 +253,12 @@ See [Advanced usage](docs/advanced-usage.md).
## Uninstall the VPN ## Uninstall the VPN
To uninstall IPsec VPN, run the [helper script](extras/vpnuninstall.sh):
**Warning:** This helper script will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**! **Warning:** This helper script will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**!
To uninstall IPsec VPN, run the [helper script](extras/vpnuninstall.sh):
```bash ```bash
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh wget https://get.vpnsetup.net/unst -qO vpnunst.sh && sudo bash vpnunst.sh
``` ```
For more information, see [Uninstall the VPN](docs/uninstall.md). For more information, see [Uninstall the VPN](docs/uninstall.md).

View File

@ -44,7 +44,9 @@ sudo VPN_DNS_NAME='vpn.example.com' ikev2.sh --auto
要启用仅限 IKEv2 模式,首先按照 [自述文件](../README-zh.md) 中的说明安装 VPN 服务器并且配置 IKEv2。然后运行 [辅助脚本](../extras/ikev2onlymode.sh) 并按提示操作。 要启用仅限 IKEv2 模式,首先按照 [自述文件](../README-zh.md) 中的说明安装 VPN 服务器并且配置 IKEv2。然后运行 [辅助脚本](../extras/ikev2onlymode.sh) 并按提示操作。
```bash ```bash
wget https://get.vpnsetup.net/ikev2only -O ikev2only.sh # 下载脚本
wget https://get.vpnsetup.net/ikev2only -nv -O ikev2only.sh
# 运行脚本并按提示操作
sudo bash ikev2only.sh sudo bash ikev2only.sh
``` ```

View File

@ -44,7 +44,9 @@ Using Libreswan 4.2 or newer, advanced users can enable IKEv2-only mode on the V
To enable IKEv2-only mode, first install the VPN server and set up IKEv2 using instructions in the [README](../README.md). Then run the [helper script](../extras/ikev2onlymode.sh) and follow the prompts. To enable IKEv2-only mode, first install the VPN server and set up IKEv2 using instructions in the [README](../README.md). Then run the [helper script](../extras/ikev2onlymode.sh) and follow the prompts.
```bash ```bash
wget https://get.vpnsetup.net/ikev2only -O ikev2only.sh # Download the script
wget https://get.vpnsetup.net/ikev2only -nv -O ikev2only.sh
# Run the script and follow the prompts
sudo bash ikev2only.sh sudo bash ikev2only.sh
``` ```

View File

@ -57,7 +57,7 @@ sudo ikev2.sh
如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载 IKEv2 辅助脚本: 如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载 IKEv2 辅助脚本:
```bash ```bash
wget https://get.vpnsetup.net/ikev2 -O /opt/src/ikev2.sh wget https://get.vpnsetup.net/ikev2 -nv -O /opt/src/ikev2.sh
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin
``` ```
@ -766,10 +766,12 @@ REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2
在某些情况下,你可能需要在配置之后更改 IKEv2 服务器地址。例如切换为使用域名,或者在服务器的 IP 更改之后。请注意,你在 VPN 客户端指定的服务器地址必须与 IKEv2 辅助脚本输出中的服务器地址 **完全一致**,否则客户端可能无法连接。 在某些情况下,你可能需要在配置之后更改 IKEv2 服务器地址。例如切换为使用域名,或者在服务器的 IP 更改之后。请注意,你在 VPN 客户端指定的服务器地址必须与 IKEv2 辅助脚本输出中的服务器地址 **完全一致**,否则客户端可能无法连接。
要更改服务器地址,运行 [辅助脚本](../extras/ikev2changeaddr.sh) 并按提示操作。 要更改服务器地址,运行[辅助脚本](../extras/ikev2changeaddr.sh)
```bash ```bash
wget https://get.vpnsetup.net/ikev2addr -O ikev2addr.sh # 下载脚本
wget https://get.vpnsetup.net/ikev2addr -nv -O ikev2addr.sh
# 运行脚本并按照提示操作
sudo bash ikev2addr.sh sudo bash ikev2addr.sh
``` ```
@ -780,7 +782,7 @@ sudo bash ikev2addr.sh
IKEv2 辅助脚本会不时更新,以进行错误修复和改进([更新日志](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh))。 当有新版本可用时,你可以更新服务器上的 IKEv2 辅助脚本。这是可选的。请注意,这些命令将覆盖任何现有的 `ikev2.sh` IKEv2 辅助脚本会不时更新,以进行错误修复和改进([更新日志](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh))。 当有新版本可用时,你可以更新服务器上的 IKEv2 辅助脚本。这是可选的。请注意,这些命令将覆盖任何现有的 `ikev2.sh`
```bash ```bash
wget https://get.vpnsetup.net/ikev2 -O /opt/src/ikev2.sh wget https://get.vpnsetup.net/ikev2 -nv -O /opt/src/ikev2.sh
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
``` ```

View File

@ -57,7 +57,7 @@ Error: "sudo: ikev2.sh: command not found".
This is normal if you used an older version of the VPN setup script. First, download the IKEv2 helper script: This is normal if you used an older version of the VPN setup script. First, download the IKEv2 helper script:
```bash ```bash
wget https://get.vpnsetup.net/ikev2 -O /opt/src/ikev2.sh wget https://get.vpnsetup.net/ikev2 -nv -O /opt/src/ikev2.sh
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin
``` ```
@ -768,10 +768,12 @@ If you are unable to connect multiple IKEv2 clients from behind the same NAT (e.
In certain circumstances, you may need to change the IKEv2 server address after setup. For example, to switch to use a DNS name, or after server IP changes. Note that the server address you specify on VPN client devices must **exactly match** the server address in the output of the IKEv2 helper script. Otherwise, devices may be unable to connect. In certain circumstances, you may need to change the IKEv2 server address after setup. For example, to switch to use a DNS name, or after server IP changes. Note that the server address you specify on VPN client devices must **exactly match** the server address in the output of the IKEv2 helper script. Otherwise, devices may be unable to connect.
To change the server address, run the [helper script](../extras/ikev2changeaddr.sh) and follow the prompts. To change the server address, run the [helper script](../extras/ikev2changeaddr.sh):
```bash ```bash
wget https://get.vpnsetup.net/ikev2addr -O ikev2addr.sh # Download the script
wget https://get.vpnsetup.net/ikev2addr -nv -O ikev2addr.sh
# Run the script and follow the prompts
sudo bash ikev2addr.sh sudo bash ikev2addr.sh
``` ```
@ -782,7 +784,7 @@ sudo bash ikev2addr.sh
The IKEv2 helper script is updated from time to time for bug fixes and improvements ([commit log](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh)). When a newer version is available, you may optionally update the IKEv2 helper script on your server. Note that these commands will overwrite any existing `ikev2.sh`. The IKEv2 helper script is updated from time to time for bug fixes and improvements ([commit log](https://github.com/hwdsl2/setup-ipsec-vpn/commits/master/extras/ikev2setup.sh)). When a newer version is available, you may optionally update the IKEv2 helper script on your server. Note that these commands will overwrite any existing `ikev2.sh`.
```bash ```bash
wget https://get.vpnsetup.net/ikev2 -O /opt/src/ikev2.sh wget https://get.vpnsetup.net/ikev2 -nv -O /opt/src/ikev2.sh
chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null chmod +x /opt/src/ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
``` ```

View File

@ -35,7 +35,7 @@ sudo addvpnuser.sh
如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载辅助脚本: 如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载辅助脚本:
```bash ```bash
wget https://get.vpnsetup.net/adduser -O /opt/src/addvpnuser.sh wget https://get.vpnsetup.net/adduser -nv -O /opt/src/addvpnuser.sh
chmod +x /opt/src/addvpnuser.sh && ln -s /opt/src/addvpnuser.sh /usr/bin chmod +x /opt/src/addvpnuser.sh && ln -s /opt/src/addvpnuser.sh /usr/bin
``` ```
@ -70,7 +70,7 @@ sudo delvpnuser.sh
如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载辅助脚本: 如果你使用了较早版本的 VPN 安装脚本,这是正常的。首先下载辅助脚本:
```bash ```bash
wget https://get.vpnsetup.net/deluser -O /opt/src/delvpnuser.sh wget https://get.vpnsetup.net/deluser -nv -O /opt/src/delvpnuser.sh
chmod +x /opt/src/delvpnuser.sh && ln -s /opt/src/delvpnuser.sh /usr/bin chmod +x /opt/src/delvpnuser.sh && ln -s /opt/src/delvpnuser.sh /usr/bin
``` ```
@ -92,7 +92,7 @@ sudo delvpnuser.sh '要删除的用户名'
首先下载[辅助脚本](../extras/update_vpn_users.sh) 首先下载[辅助脚本](../extras/update_vpn_users.sh)
```bash ```bash
wget https://get.vpnsetup.net/updateusers -O updatevpnusers.sh wget https://get.vpnsetup.net/updateusers -nv -O updatevpnusers.sh
``` ```
**重要:** 这个脚本会将你当前 **所有的 VPN 用户** 移除并替换为你指定的列表中的用户。如果你需要保留已有的 VPN 用户,则必须将它们包含在下面的变量中。 **重要:** 这个脚本会将你当前 **所有的 VPN 用户** 移除并替换为你指定的列表中的用户。如果你需要保留已有的 VPN 用户,则必须将它们包含在下面的变量中。

View File

@ -35,7 +35,7 @@ Error: "sudo: addvpnuser.sh: command not found".
This is normal if you used an older version of the VPN setup script. First, download the helper script: This is normal if you used an older version of the VPN setup script. First, download the helper script:
```bash ```bash
wget https://get.vpnsetup.net/adduser -O /opt/src/addvpnuser.sh wget https://get.vpnsetup.net/adduser -nv -O /opt/src/addvpnuser.sh
chmod +x /opt/src/addvpnuser.sh && ln -s /opt/src/addvpnuser.sh /usr/bin chmod +x /opt/src/addvpnuser.sh && ln -s /opt/src/addvpnuser.sh /usr/bin
``` ```
@ -70,7 +70,7 @@ Error: "sudo: delvpnuser.sh: command not found".
This is normal if you used an older version of the VPN setup script. First, download the helper script: This is normal if you used an older version of the VPN setup script. First, download the helper script:
```bash ```bash
wget https://get.vpnsetup.net/deluser -O /opt/src/delvpnuser.sh wget https://get.vpnsetup.net/deluser -nv -O /opt/src/delvpnuser.sh
chmod +x /opt/src/delvpnuser.sh && ln -s /opt/src/delvpnuser.sh /usr/bin chmod +x /opt/src/delvpnuser.sh && ln -s /opt/src/delvpnuser.sh /usr/bin
``` ```
@ -92,7 +92,7 @@ Remove **all existing VPN users** and replace with the list of users you specify
First, download the [helper script](../extras/update_vpn_users.sh): First, download the [helper script](../extras/update_vpn_users.sh):
```bash ```bash
wget https://get.vpnsetup.net/updateusers -O updatevpnusers.sh wget https://get.vpnsetup.net/updateusers -nv -O updatevpnusers.sh
``` ```
**Important:** This script will remove **all existing VPN users** and replace with the list of users you specify. Therefore, you must include any existing user(s) you want to keep in the variables below. **Important:** This script will remove **all existing VPN users** and replace with the list of users you specify. Therefore, you must include any existing user(s) you want to keep in the variables below.

View File

@ -7,12 +7,12 @@
## 使用辅助脚本卸载 VPN ## 使用辅助脚本卸载 VPN
要卸载 IPsec VPN运行[辅助脚本](../extras/vpnuninstall.sh)
**警告:** 此辅助脚本将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销** **警告:** 此辅助脚本将从你的服务器中删除 IPsec VPN。所有的 VPN 配置将被**永久删除**,并且 Libreswan 和 xl2tpd 将被移除。此操作**不可撤销**
要卸载 IPsec VPN运行[辅助脚本](../extras/vpnuninstall.sh)
```bash ```bash
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh wget https://get.vpnsetup.net/unst -qO vpnunst.sh && sudo bash vpnunst.sh
``` ```
## 手动卸载 VPN ## 手动卸载 VPN

View File

@ -7,12 +7,12 @@
## Uninstall using helper script ## Uninstall using helper script
To uninstall IPsec VPN, run the [helper script](../extras/vpnuninstall.sh):
**Warning:** This helper script will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**! **Warning:** This helper script will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**!
To uninstall IPsec VPN, run the [helper script](../extras/vpnuninstall.sh):
```bash ```bash
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh wget https://get.vpnsetup.net/unst -qO vpnunst.sh && sudo bash vpnunst.sh
``` ```
## Manually uninstall the VPN ## Manually uninstall the VPN

View File

@ -186,9 +186,7 @@ update_sysctl() {
else else
sed --follow-symlinks -i '/# Added by hwdsl2 VPN script/,+17d' /etc/sysctl.conf sed --follow-symlinks -i '/# Added by hwdsl2 VPN script/,+17d' /etc/sysctl.conf
fi fi
if [ ! -f /usr/bin/wg-quick ] && [ ! -f /usr/sbin/openvpn ]; then echo 0 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/ip_forward
fi
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
fi fi
} }