From 480a3ce9ca09cca5a83c602a8f967d308bff0225 Mon Sep 17 00:00:00 2001 From: Lin Song Date: Thu, 31 Mar 2016 11:39:16 -0500 Subject: [PATCH] Update README.md --- README.md | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 30288e7..ac17050 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,20 @@ Scripts for automatic configuration of IPsec/L2TP VPN server on Ubuntu 14.04 & 1 We will use Libreswan as the IPsec server, and xl2tpd as the L2TP provider. -#### Link to my VPN tutorial with detailed usage instructions +#### Link to VPN tutorial with detailed usage instructions + +## Table of Contents +- [Author](#author) +- [Features](#features) +- [Requirements](#requirements) +- [Installation](#installation) + - [For Ubuntu and Debian](#for-ubuntu-and-debian) + - [For CentOS and RHEL](#for-centos-and-rhel) +- [Next Steps](#next-steps) +- [Important Notes](#important-notes) +- [Upgrading Libreswan](#upgrading-libreswan) +- [Bugs & Questions](#bugs--questions) +- [Copyright and License](#copyright-and-license) ## Author @@ -79,17 +92,17 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: ## Important Notes -For **Windows users**, a one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). In addition, make sure `CHAP` is enabled under "Allow these protocols" in the "Security" tab of VPN connection properties. +For **Windows users**, a one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). Also make sure that `CHAP` is enabled under "Allow these protocols" in the "Security" tab of VPN properties. **Android 6 (Marshmallow) users**: After install, edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=`. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Finally, run `service ipsec restart`. **iPhone/iPad users**: In iOS settings, choose `L2TP` (instead of `IPSec`) as the VPN type. In case you are unable to connect, edit `ipsec.conf` and replace `rightprotoport=17/%any` with `rightprotoport=17/0`. Then restart `ipsec` service. -If you wish to enable multiple VPN users with different credentials, just edit a few lines in the scripts. +If you wish to create multiple VPN users with different credentials, just edit a few lines in the scripts. Clients are configured to use Google Public DNS when the VPN is active. To change, set `ms-dns` in `options.xl2tpd`. -For Amazon EC2 servers only: In the security group, open **UDP ports 500 & 4500** and **TCP port 22** (optional, for SSH). +For Amazon EC2 instances only: In the security group, open **UDP ports 500 & 4500** and **TCP port 22** (optional, for SSH). If you configured a custom SSH port (not 22) or wish to allow other services, edit IPTables rules before using the scripts. @@ -108,7 +121,7 @@ The additional scripts vpnupgr ## Copyright and License Copyright (C) 2014-2016 Lin Song   View my profile on LinkedIn -Based on the work of Thomas Sarlandie (Copyright 2012) +Based on the work of Thomas Sarlandie (Copyright 2012) This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License Attribution required: please include my name in any derivative and let me know how you have improved it!