From 5943b2a041fa26dd96ec36f9f33c65376ed73d0c Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Fri, 28 Oct 2022 22:13:05 -0500 Subject: [PATCH] Update docs --- docs/clients-zh.md | 4 +++- docs/clients.md | 4 +++- docs/ikev2-howto-zh.md | 7 +++++++ docs/ikev2-howto.md | 7 +++++++ 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/clients-zh.md b/docs/clients-zh.md index e6581ae..96426f7 100644 --- a/docs/clients-zh.md +++ b/docs/clients-zh.md @@ -425,7 +425,9 @@ service xl2tpd restart **Docker 用户:** 运行 `docker restart ipsec-vpn-server`。 -然后重启你的 VPN 客户端设备,并重试连接。如果仍然无法连接,可以尝试删除并重新创建 VPN 连接。请确保输入了正确的 VPN 登录凭证。 +然后重启你的 VPN 客户端设备,并重试连接。如果仍然无法连接,可以尝试删除并重新创建 VPN 连接。请确保输入了正确的 VPN 服务器地址和 VPN 登录凭证。 + +对于有外部防火墙的服务器(比如 [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)/[GCE](https://cloud.google.com/vpc/docs/firewalls)),请为 VPN 打开 UDP 端口 500 和 4500。 检查 Libreswan (IPsec) 和 xl2tpd 日志是否有错误: diff --git a/docs/clients.md b/docs/clients.md index 65f55bc..af2ddad 100644 --- a/docs/clients.md +++ b/docs/clients.md @@ -424,7 +424,9 @@ service xl2tpd restart **Docker users:** Run `docker restart ipsec-vpn-server`. -Then reboot your VPN client device, and retry the connection. If still unable to connect, try removing and recreating the VPN connection. Make sure that the VPN credentials are entered correctly. +Then reboot your VPN client device, and retry the connection. If still unable to connect, try removing and recreating the VPN connection. Make sure that the VPN server address and VPN credentials are entered correctly. + +For servers with an external firewall (e.g. [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)/[GCE](https://cloud.google.com/vpc/docs/firewalls)), open UDP ports 500 and 4500 for the VPN. Check the Libreswan (IPsec) and xl2tpd logs for errors: diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 82b038c..adb39b7 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -497,6 +497,7 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key **另见:** [检查日志及 VPN 状态](clients-zh.md#检查日志及-vpn-状态),[IKEv1 故障排除](clients-zh.md#故障排除) 和 [高级用法](advanced-usage-zh.md)。 +* [无法连接到 VPN 服务器](#无法连接到-vpn-服务器) * [无法连接多个 IKEv2 客户端](#无法连接多个-ikev2-客户端) * [IKE 身份验证凭证不可接受](#ike-身份验证凭证不可接受) * [参数错误 policy match error](#参数错误-policy-match-error) @@ -504,6 +505,12 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key * [Windows 10 正在连接](#windows-10-正在连接) * [其它已知问题](#其它已知问题) +### 无法连接到 VPN 服务器 + +首先,请确保你的 VPN 客户端设备上指定的 VPN 服务器地址与 IKEv2 辅助脚本输出中的服务器地址**完全一致**。 + +对于有外部防火墙的服务器(比如 [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)/[GCE](https://cloud.google.com/vpc/docs/firewalls)),请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433)。 + ### 无法连接多个 IKEv2 客户端 如果要同时连接在同一个 NAT(比如家用路由器)后面的多个 IKEv2 客户端,你需要为每个客户端生成唯一的证书。否则,你可能会遇到稍后连接的客户端影响现有客户端的 VPN 连接,从而导致无法访问 Internet 的问题。 diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 8222b0c..5a29aec 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -499,6 +499,7 @@ for the entire network, or use `192.168.0.10` for just one device, and so on. **See also:** [Check logs and VPN status](clients.md#check-logs-and-vpn-status), [IKEv1 troubleshooting](clients.md#troubleshooting) and [Advanced usage](advanced-usage.md). +* [Cannot connect to the VPN server](#cannot-connect-to-the-vpn-server) * [Unable to connect multiple IKEv2 clients](#unable-to-connect-multiple-ikev2-clients) * [IKE authentication credentials are unacceptable](#ike-authentication-credentials-are-unacceptable) * [Policy match error](#policy-match-error) @@ -506,6 +507,12 @@ for the entire network, or use `192.168.0.10` for just one device, and so on. * [Windows 10 connecting](#windows-10-connecting) * [Other known issues](#other-known-issues) +### Cannot connect to the VPN server + +First, make sure that the VPN server address specified on your VPN client device **exactly matches** the server address in the output of the IKEv2 helper script. + +For servers with an external firewall (e.g. [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)/[GCE](https://cloud.google.com/vpc/docs/firewalls)), open UDP ports 500 and 4500 for the VPN. Aliyun users, see [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433). + ### Unable to connect multiple IKEv2 clients To connect multiple IKEv2 clients from behind the same NAT (e.g. home router) at the same time, you will need to generate a unique certificate for each client. Otherwise, you could encounter the issue where a later connected client affects the VPN connection of an existing client, which may lose Internet access.