mirror of
https://github.com/hwdsl2/setup-ipsec-vpn.git
synced 2024-09-22 00:00:42 +02:00
Update docs
This commit is contained in:
hwdsl2
parent
3353888ee9
commit
60716c0654
|
|
@ -146,7 +146,9 @@ sh vpnsetup.sh
|
|||
|
||||
*其他语言版本: [English](README.md#important-notes), [简体中文](README-zh.md#重要提示).*
|
||||
|
||||
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#windows-错误-809" target="_blank">修改注册表</a>,以解决 VPN 服务器 和/或 客户端与 NAT(比如家用路由器)的兼容问题。
|
||||
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#windows-错误-809" target="_blank">修改注册表</a>,以解决 VPN 服务器和/或客户端与 NAT(比如家用路由器)的兼容问题。
|
||||
|
||||
**Android 6 和 7 用户**:如果你遇到连接问题,请尝试 <a href="docs/clients-zh.md#android-6-和-7" target="_blank">这些步骤</a>。
|
||||
|
||||
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT (比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 <a href="docs/clients-xauth-zh.md" target="_blank">IPsec/XAuth 模式</a>。
|
||||
|
||||
|
|
|
|||
|
|
@ -146,7 +146,9 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
|
|||
|
||||
*Read this in other languages: [English](README.md#important-notes), [简体中文](README-zh.md#重要提示).*
|
||||
|
||||
For **Windows users**, this <a href="docs/clients.md#windows-error-809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
|
||||
**Windows users**: This <a href="docs/clients.md#windows-error-809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router).
|
||||
|
||||
**Android 6 and 7 users**: If you encounter connection issues, try <a href="docs/clients.md#android-6-and-7" target="_blank">these steps</a>.
|
||||
|
||||
The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>.
|
||||
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ VPN 连接成功后,你会在 VPN Connect 状态窗口中看到 **tunnel enabl
|
|||
## Android
|
||||
|
||||
1. 启动 **设置** 应用程序。
|
||||
1. 在 **无线和网络** 部分单击 **更多...**。
|
||||
1. 单击 **网络和互联网**。或者,如果你使用 Android 7 或更早版本,在 **无线和网络** 部分单击 **更多...**。
|
||||
1. 单击 **VPN**。
|
||||
1. 单击 **添加VPN配置文件** 或窗口右上角的 **+**。
|
||||
1. 在 **名称** 字段中输入任意内容。
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ If you get an error when trying to connect, see <a href="clients.md#troubleshoot
|
|||
## Android
|
||||
|
||||
1. Launch the **Settings** application.
|
||||
1. Tap **More...** in the **Wireless & Networks** section.
|
||||
1. Tap "Network & internet". Or, if using Android 7 or earlier, tap **More...** in the **Wireless & networks** section.
|
||||
1. Tap **VPN**.
|
||||
1. Tap **Add VPN Profile** or the **+** icon at top-right of screen.
|
||||
1. Enter anything you like in the **Name** field.
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ Add-VpnConnection -Name 'My IPsec VPN' -ServerAddress '你的 VPN 服务器 IP'
|
|||
## Android
|
||||
|
||||
1. 启动 **设置** 应用程序。
|
||||
1. 在 **无线和网络** 部分单击 **更多...**。
|
||||
1. 单击 **网络和互联网**。或者,如果你使用 Android 7 或更早版本,在 **无线和网络** 部分单击 **更多...**。
|
||||
1. 单击 **VPN**。
|
||||
1. 单击 **添加VPN配置文件** 或窗口右上角的 **+**。
|
||||
1. 在 **名称** 字段中输入任意内容。
|
||||
|
|
@ -207,9 +207,9 @@ Fedora 28 (和更新版本)和 CentOS 7 用户可以使用更高效的 [IPse
|
|||
* [Windows 10 升级](#windows-10-升级)
|
||||
* [Windows 8/10 DNS 泄漏](#windows-810-dns-泄漏)
|
||||
* [macOS VPN 流量](#macos-vpn-流量)
|
||||
* [Android 6 和 7](#android-6-和-7)
|
||||
* [iOS 13 和 macOS 10.15](#ios-13-和-macos-1015)
|
||||
* [iOS/Android 睡眠模式](#iosandroid-睡眠模式)
|
||||
* [iOS 13 连接问题](#ios-13-连接问题)
|
||||
* [Android 6 及以上版本](#android-6-及以上版本)
|
||||
* [Debian 10 内核](#debian-10-内核)
|
||||
* [Chromebook 连接问题](#chromebook-连接问题)
|
||||
* [访问 VPN 服务器的网段](#访问-vpn-服务器的网段)
|
||||
|
|
@ -284,25 +284,25 @@ Windows 8.x 和 10 默认使用 "smart multi-homed name resolution" (智能多
|
|||
|
||||
OS X (macOS) 用户: 如果你成功地使用 IPsec/L2TP 模式连接,但是你的公有 IP 没有显示为 `你的 VPN 服务器 IP`,请阅读上面的 [OS X](#os-x) 部分并完成这一步:单击 **高级** 按钮,并选中 **通过VPN连接发送所有通信** 复选框。然后重新连接 VPN。
|
||||
|
||||
### Android 6 和 7
|
||||
|
||||
如果你的 Android 6.x 或者 7.x 设备无法连接,请尝试以下步骤:
|
||||
|
||||
1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在(看下图),请启用它并重试连接。如果不存在,请尝试下一步。
|
||||
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug` 一行并切换它的值。也就是说,将 `sha2-truncbug=no` 替换为 `sha2-truncbug=yes`,或者将 `sha2-truncbug=yes` 替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。然后重新连接 VPN。
|
||||
|
||||
|
||||
|
||||
### iOS 13 和 macOS 10.15
|
||||
|
||||
如果你的 iOS 13 或者 macOS 10.15 (Catalina) 设备无法连接,请尝试以下步骤:编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。然后重新连接 VPN。
|
||||
|
||||
### iOS/Android 睡眠模式
|
||||
|
||||
为了节约电池,iOS 设备 (iPhone/iPad) 在屏幕变黑(睡眠模式)之后不久就会自动断开 Wi-Fi 连接。这会导致 IPsec VPN 断开。该行为是被 <a href="https://discussions.apple.com/thread/2333948" target="_blank">故意设计的</a> 并且不能被配置。如果你需要 VPN 在设备唤醒后自动重连,可以另外尝试使用 <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>,它支持 <a href="https://docs.openvpn.net/connecting/connecting-to-access-server-with-apple-ios/faq-regarding-openvpn-connect-ios/" target="_blank">一些选项</a> 比如 "Reconnect on Wakeup" 和 "Seamless Tunnel"。
|
||||
|
||||
Android 设备在进入睡眠模式不久后也会断开 Wi-Fi 连接,如果你没有启用选项 "睡眠期间保持 WLAN 开启" 的话。该选项在 Android 8 (Oreo) 中不再可用。 另外,你也可以尝试打开 "始终开启 VPN" 选项以保持连接。详情请看 <a href="https://support.google.com/android/answer/9089766?hl=zh-Hans" target="_blank">这里</a>。
|
||||
|
||||
### iOS 13 连接问题
|
||||
|
||||
如果你的 iOS 13 设备 (iPhone/iPad) 可以连接到 VPN 但是不能上网,请尝试以下步骤:编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart`。
|
||||
|
||||
### Android 6 及以上版本
|
||||
|
||||
如果你无法使用 Android 6 或以上版本连接:
|
||||
|
||||
1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在(看下图),请启用它并重试连接。如果不存在,请尝试下一步。
|
||||
1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`。保存修改并运行 `service ipsec restart` (<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">参见</a>)
|
||||
|
||||
|
||||
|
||||
### Debian 10 内核
|
||||
|
||||
Debian 10 用户: 运行 `uname -r` 以检查你的服务器的 Linux 内核版本。如果它包含 `cloud` 字样,并且 `/dev/ppp` 不存在,则该内核缺少 `ppp` 支持从而不能使用 IPsec/L2TP 模式([IPsec/XAuth 模式](clients-xauth-zh.md) 不受影响)。
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub
|
|||
## Android
|
||||
|
||||
1. Launch the **Settings** application.
|
||||
1. Tap **More...** in the **Wireless & Networks** section.
|
||||
1. Tap "Network & internet". Or, if using Android 7 or earlier, tap **More...** in the **Wireless & networks** section.
|
||||
1. Tap **VPN**.
|
||||
1. Tap **Add VPN Profile** or the **+** icon at top-right of screen.
|
||||
1. Enter anything you like in the **Name** field.
|
||||
|
|
@ -207,9 +207,9 @@ First check <a href="https://github.com/nm-l2tp/network-manager-l2tp/wiki/Prebui
|
|||
* [Windows 10 upgrades](#windows-10-upgrades)
|
||||
* [Windows 8/10 DNS leaks](#windows-810-dns-leaks)
|
||||
* [macOS VPN traffic](#macos-vpn-traffic)
|
||||
* [Android 6 and 7](#android-6-and-7)
|
||||
* [iOS 13 and macOS 10.15](#ios-13-and-macos-1015)
|
||||
* [iOS/Android sleep mode](#iosandroid-sleep-mode)
|
||||
* [iOS 13 connection issues](#ios-13-connection-issues)
|
||||
* [Android 6 and above](#android-6-and-above)
|
||||
* [Debian 10 kernel](#debian-10-kernel)
|
||||
* [Chromebook issues](#chromebook-issues)
|
||||
* [Access VPN server's subnet](#access-vpn-servers-subnet)
|
||||
|
|
@ -284,25 +284,25 @@ In addition, if your computer has IPv6 enabled, all IPv6 traffic (including DNS
|
|||
|
||||
OS X (macOS) users: If you can successfully connect using IPsec/L2TP mode, but your public IP does not show `Your VPN Server IP`, read the [OS X](#os-x) section above and complete this step: Click the **Advanced** button and make sure the **Send all traffic over VPN connection** checkbox is checked. Then re-connect the VPN.
|
||||
|
||||
### Android 6 and 7
|
||||
|
||||
If your Android 6.x or 7.x device cannot connect, try these steps:
|
||||
|
||||
1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists (see image below), enable it and reconnect the VPN. If not, try the next step.
|
||||
1. Edit `/etc/ipsec.conf` on the VPN server. Find the line `sha2-truncbug` and toggle its value. i.e. Replace `sha2-truncbug=no` with `sha2-truncbug=yes`, or replace `sha2-truncbug=yes` with `sha2-truncbug=no`. Save the file and run `service ipsec restart`. Then reconnect the VPN.
|
||||
|
||||
|
||||
|
||||
### iOS 13 and macOS 10.15
|
||||
|
||||
If your iOS 13 or macOS 10.15 (Catalina) device cannot connect, try these steps: Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`. Save the file and run `service ipsec restart`. Then reconnect the VPN.
|
||||
|
||||
### iOS/Android sleep mode
|
||||
|
||||
To save battery, iOS devices (iPhone/iPad) will automatically disconnect Wi-Fi shortly after the screen turns off (sleep mode). As a result, the IPsec VPN disconnects. This behavior is <a href="https://discussions.apple.com/thread/2333948" target="_blank">by design</a> and cannot be configured. If you need the VPN to auto-reconnect when the device wakes up, try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a> instead, which <a href="https://docs.openvpn.net/connecting/connecting-to-access-server-with-apple-ios/faq-regarding-openvpn-connect-ios/" target="_blank">has support for options</a> such as "Reconnect on Wakeup" and "Seamless Tunnel".
|
||||
|
||||
Android devices will also disconnect Wi-Fi shortly after entering sleep mode, unless the option "Keep Wi-Fi on during sleep" is enabled. This option is no longer available in Android 8 (Oreo). Alternatively, you may try enabling the "Always-on VPN" option to stay connected. Learn more <a href="https://support.google.com/android/answer/9089766?hl=en" target="_blank">here</a>.
|
||||
|
||||
### iOS 13 connection issues
|
||||
|
||||
If your iOS 13 device (iPhone/iPad) can connect to the VPN but cannot access the Internet, try these steps: Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`. Save the file and run `service ipsec restart`.
|
||||
|
||||
### Android 6 and above
|
||||
|
||||
If you are unable to connect using Android 6 or above:
|
||||
|
||||
1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists (see image below), enable it and reconnect the VPN. If not, try the next step.
|
||||
1. Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`. Save the file and run `service ipsec restart` (<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">Ref</a>).
|
||||
|
||||
|
||||
|
||||
### Debian 10 kernel
|
||||
|
||||
Debian 10 users: Run `uname -r` to check your server's Linux kernel version. If it contains the word "cloud", and `/dev/ppp` is missing, then the kernel lacks `ppp` support and cannot use IPsec/L2TP mode ([IPsec/XAuth mode](clients-xauth.md) is not affected).
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user