1
0
mirror of synced 2024-11-27 23:36:02 +03:00

Compare commits

..

2 Commits

Author SHA1 Message Date
hwdsl2
ad2883fa74 Update tests 2022-10-14 01:24:39 -05:00
hwdsl2
194d188313 Update docs 2022-10-14 00:36:09 -05:00
6 changed files with 78 additions and 4 deletions

View File

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
if: github.repository_owner == 'hwdsl2' if: github.repository_owner == 'hwdsl2'
steps: steps:
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # 2.4.0 - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.1.0
with: with:
persist-credentials: false persist-credentials: false
- name: Check - name: Check

View File

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
if: github.repository_owner == 'hwdsl2' if: github.repository_owner == 'hwdsl2'
steps: steps:
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # 2.4.0 - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.1.0
with: with:
persist-credentials: false persist-credentials: false
- name: Check - name: Check

View File

@ -22,7 +22,7 @@ jobs:
env: env:
OS_VERSION: ${{ matrix.os_version }} OS_VERSION: ${{ matrix.os_version }}
steps: steps:
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # 2.4.0 - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.1.0
with: with:
persist-credentials: false persist-credentials: false
- name: Build - name: Build

View File

@ -23,7 +23,7 @@ jobs:
image: ${{ matrix.os_version }} image: ${{ matrix.os_version }}
options: --cap-add=NET_ADMIN --device=/dev/ppp options: --cap-add=NET_ADMIN --device=/dev/ppp
steps: steps:
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # 2.4.0 - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.1.0
with: with:
persist-credentials: false persist-credentials: false
- name: Test - name: Test

View File

@ -213,6 +213,43 @@ sudo ikev2.sh
**注:** 如果服务器上已经配置了 IKEv2`VPN_SKIP_IKEV2` 变量无效。在这种情况下,如需自定义 IKEv2 选项,你可以首先 [移除 IKEv2](docs/ikev2-howto-zh.md#移除-ikev2),然后运行 `sudo ikev2.sh` 重新配置。 **注:** 如果服务器上已经配置了 IKEv2`VPN_SKIP_IKEV2` 变量无效。在这种情况下,如需自定义 IKEv2 选项,你可以首先 [移除 IKEv2](docs/ikev2-howto-zh.md#移除-ikev2),然后运行 `sudo ikev2.sh` 重新配置。
</details> </details>
<details>
<summary>
供参考IKEv1 和 IKEv2 参数列表。
</summary>
| IKEv1 参数\* |默认值 |自定义(环境变量)\*\* |
| ------------ | ---- | ----------------- |
|服务器地址DNS域名| - |不能,但你可以使用 DNS 域名进行连接 |
|服务器地址公网IP|自动检测 | VPN_PUBLIC_IP |
| IPsec 预共享密钥 |自动生成 | VPN_IPSEC_PSK |
| VPN 用户名 | vpnuser | VPN_USER |
| VPN 密码 |自动生成 | VPN_PASSWORD |
|客户端的 DNS 服务器 |Google Public DNS | VPN_DNS_SRV1, VPN_DNS_SRV2 |
|跳过 IKEv2 安装 |否 | VPN_SKIP_IKEV2=yes |
\* 这些 IKEv1 参数适用于 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式。
\*\* 在运行 vpn(setup).sh 时将这些定义为环境变量。
| IKEv2 参数\* |默认值 |自定义(环境变量)\*\* |自定义(安装时)\*\*\* |
| ----------- | ---- | ------------------ | ----------------- |
|服务器地址DNS域名| - | VPN_DNS_NAME | ✅ |
|服务器地址公网IP|自动检测 | VPN_PUBLIC_IP | ✅ |
|第一个客户端的名称 | vpnclient | VPN_CLIENT_NAME | ✅ |
|客户端的 DNS 服务器 |Google Public DNS | VPN_DNS_SRV1, VPN_DNS_SRV2 | ✅ |
|保护客户端配置文件 |否 | VPN_PROTECT_CONFIG=yes | ✅ |
|启用/禁用 MOBIKE |如果系统支持则启用 | ❌ | ✅ |
|客户端证书有效期 | 10 年120 个月)| ❌ | ✅ |
| CA 和服务器证书有效期 | 10 年120 个月)| ❌ | ❌ |
| CA 证书名称 | IKEv2 VPN CA | ❌ | ❌ |
|证书密钥长度 | 3072 bits | ❌ | ❌ |
\* 这些 IKEv2 参数适用于 IKEv2 模式。
\*\* 在运行 vpn(setup).sh 时,或者在自动模式下配置 IKEv2 时 (`sudo ikev2.sh --auto`) 将这些定义为环境变量。
\*\*\* 可以在交互式配置 IKEv2 期间自定义 (`sudo ikev2.sh`)。参见上面的选项 2。
除了这些参数,高级用户还可以在安装时 [自定义 VPN 子网](docs/advanced-usage-zh.md#自定义-vpn-子网)。
</details>
## 下一步 ## 下一步

View File

@ -213,6 +213,43 @@ sudo ikev2.sh
**Note:** The `VPN_SKIP_IKEV2` variable has no effect if IKEv2 is already set up on the server. In that case, to customize IKEv2 options, you can first [remove IKEv2](docs/ikev2-howto.md#remove-ikev2), then set it up again using `sudo ikev2.sh`. **Note:** The `VPN_SKIP_IKEV2` variable has no effect if IKEv2 is already set up on the server. In that case, to customize IKEv2 options, you can first [remove IKEv2](docs/ikev2-howto.md#remove-ikev2), then set it up again using `sudo ikev2.sh`.
</details> </details>
<details>
<summary>
For reference: List of IKEv1 and IKEv2 parameters.
</summary>
| IKEv1 parameter\* | Default value | Customize (env variable)\*\* |
| --------------------------- | --------------------- | ---------------------------------------- |
| Server address (DNS name) | - | No, but you can connect using a DNS name |
| Server address (public IP) | Auto detect | VPN_PUBLIC_IP |
| IPsec pre-shared key | Auto generate | VPN_IPSEC_PSK |
| VPN username | vpnuser | VPN_USER |
| VPN password | Auto generate | VPN_PASSWORD |
| DNS servers for clients | Google Public DNS | VPN_DNS_SRV1, VPN_DNS_SRV2 |
| Skip IKEv2 setup | No | VPN_SKIP_IKEV2=yes |
\* These IKEv1 parameters are for IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
\*\* Define these as environment variables when running vpn(setup).sh.
| IKEv2 parameter\* | Default value | Customize (env variable)\*\* | Customize (setup)\*\*\* |
| --------------------------- | --------------------- | ---------------------------- | ----------------------- |
| Server address (DNS name) | - | VPN_DNS_NAME | ✅ |
| Server address (public IP) | Auto detect | VPN_PUBLIC_IP | ✅ |
| Name of first client | vpnclient | VPN_CLIENT_NAME | ✅ |
| DNS servers for clients | Google Public DNS | VPN_DNS_SRV1, VPN_DNS_SRV2 | ✅ |
| Protect client config files | No | VPN_PROTECT_CONFIG=yes | ✅ |
| Enable/Disable MOBIKE | Enable if supported | ❌ | ✅ |
| Client cert validity | 10 years (120 months) | ❌ | ✅ |
| CA & server cert validity | 10 years (120 months) | ❌ | ❌ |
| CA certificate name | IKEv2 VPN CA | ❌ | ❌ |
| Certificate key size | 3072 bits | ❌ | ❌ |
\* These IKEv2 parameters are for IKEv2 mode.
\*\* Define these as environment variables when running vpn(setup).sh, or when setting up IKEv2 in auto mode (`sudo ikev2.sh --auto`).
\*\*\* Can be customized during interactive IKEv2 setup (`sudo ikev2.sh`). Refer to option 2 above.
In addition to these parameters, advanced users can also [customize VPN subnets](docs/advanced-usage.md#customize-vpn-subnets) during VPN setup.
</details>
## Next steps ## Next steps