diff --git a/README.md b/README.md index daad41b..8a38256 100644 --- a/README.md +++ b/README.md @@ -82,12 +82,14 @@ You may use `vpnupgrade_Libreswan.sh` (for Ubuntu/Debian) and `vpnupgrade_Libres ## Important Notes -For **Windows users**, a one-time registry change is required for connections to a VPN server behind NAT (e.g. Amazon EC2). - -**Android 6.0 users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to the end of both `ike=` and `phase2alg=`, then add a new line `sha2-truncbug=yes`. Start lines with two spaces. When finished, run `service ipsec restart`. (Source) - To support multiple VPN users with different credentials, just edit a few lines in the scripts. +For **Windows users**, a one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). + +**Android 6.0 users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to the end of both `ike=` and `phase2alg=`, then add a new line `sha2-truncbug=yes`. Must start lines with two spaces. Finally, run `service ipsec restart`. (Ref) + +**iPhone/iOS users**: In iOS settings, choose `L2TP` (instead of `IPSec`) for the VPN type. In case you're unable to connect, try replacing this line in /etc/ipsec.conf: `rightprotoport=17/%any` with `rightprotoport=17/0`. Then restart `ipsec` service. + Clients are configured to use Google Public DNS when the VPN connection is active. This setting is controlled by `ms-dns` in `/etc/ppp/options.xl2tpd`. If using Amazon EC2, these ports must be open in the instance's security group: **UDP ports 500 & 4500** (for the VPN), and **TCP port 22** (optional, for SSH). @@ -96,8 +98,6 @@ If your server uses a custom SSH port (not 22), or if you wish to allow other se The scripts will backup files `/etc/rc.local`, `/etc/sysctl.conf`, `/etc/iptables.rules` and `/etc/sysconfig/iptables` before overwriting them. Backups can be found under the same folder with `.old` suffix. -iPhone/iOS users: If unable to connect, try replacing `rightprotoport=17/%any` in `ipsec.conf` with `rightprotoport=17/0`. - ## Copyright and license Copyright (C) 2014 Lin Song   View my profile on LinkedIn diff --git a/vpnsetup.sh b/vpnsetup.sh index a2cee7a..03956ac 100644 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -46,21 +46,23 @@ VPN_PASSWORD=your_very_secure_password # IMPORTANT NOTES: -# For **Windows users**, a one-time registry change is required for connections -# to a VPN server behind NAT (e.g. Amazon EC2). Please see: +# To support multiple VPN users with different credentials, just edit a few lines below. +# See: https://gist.github.com/hwdsl2/123b886f29f4c689f531 + +# For **Windows users**, a one-time registry change is required if the VPN server +# and/or client is behind NAT (e.g. home router). Refer to "Error 809" on this page: # https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809 -# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of both -# "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Start lines with two spaces. -# When finished, run "service ipsec restart". Source: -# https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow +# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of +# both "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Must start lines with +# two spaces. Finally, run "service ipsec restart". -# To support multiple VPN users with different credentials, see: -# https://gist.github.com/hwdsl2/123b886f29f4c689f531 +# **iPhone/iOS users**: In iOS settings, choose L2TP (instead of IPSec) for the VPN type. +# In case you're unable to connect, try replacing this line in /etc/ipsec.conf: +# "rightprotoport=17/%any" with "rightprotoport=17/0". Then restart "ipsec" service. -# Clients are configured to use Google Public DNS when the VPN connection is active. +# Clients are configured to use "Google Public DNS" when the VPN connection is active. # This setting is controlled by "ms-dns" in /etc/ppp/options.xl2tpd. -# https://developers.google.com/speed/public-dns/ # If using Amazon EC2, these ports must be open in the instance's security group: # UDP ports 500 & 4500 (for the VPN), and TCP port 22 (optional, for SSH). @@ -71,9 +73,6 @@ VPN_PASSWORD=your_very_secure_password # This script will backup /etc/rc.local, /etc/sysctl.conf and /etc/iptables.rules # before overwriting them. Backups can be found under the same folder with .old suffix. -# iPhone/iOS users: In case you're unable to connect, try replacing this line in /etc/ipsec.conf: -# "rightprotoport=17/%any" with "rightprotoport=17/0". - # Check for empty VPN variables [ -z "$IPSEC_PSK" ] && { echo "'IPSEC_PSK' cannot be empty. Please edit the VPN script."; exit 1; } [ -z "$VPN_USER" ] && { echo "'VPN_USER' cannot be empty. Please edit the VPN script."; exit 1; } diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 60cd822..00f1c2e 100644 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -55,21 +55,23 @@ VPN_PASSWORD=your_very_secure_password # IMPORTANT NOTES: -# For **Windows users**, a one-time registry change is required for connections -# to a VPN server behind NAT (e.g. Amazon EC2). Please see: +# To support multiple VPN users with different credentials, just edit a few lines below. +# See: https://gist.github.com/hwdsl2/123b886f29f4c689f531 + +# For **Windows users**, a one-time registry change is required if the VPN server +# and/or client is behind NAT (e.g. home router). Refer to "Error 809" on this page: # https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809 -# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of both -# "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Start lines with two spaces. -# When finished, run "service ipsec restart". Source: -# https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow +# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of +# both "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Must start lines with +# two spaces. Finally, run "service ipsec restart". -# To support multiple VPN users with different credentials, see: -# https://gist.github.com/hwdsl2/123b886f29f4c689f531 +# **iPhone/iOS users**: In iOS settings, choose L2TP (instead of IPSec) for the VPN type. +# In case you're unable to connect, try replacing this line in /etc/ipsec.conf: +# "rightprotoport=17/%any" with "rightprotoport=17/0". Then restart "ipsec" service. -# Clients are configured to use Google Public DNS when the VPN connection is active. +# Clients are configured to use "Google Public DNS" when the VPN connection is active. # This setting is controlled by "ms-dns" in /etc/ppp/options.xl2tpd. -# https://developers.google.com/speed/public-dns/ # If using Amazon EC2, these ports must be open in the instance's security group: # UDP ports 500 & 4500 (for the VPN), and TCP port 22 (optional, for SSH). @@ -80,9 +82,6 @@ VPN_PASSWORD=your_very_secure_password # This script will backup /etc/rc.local, /etc/sysctl.conf and /etc/sysconfig/iptables # before overwriting them. Backups can be found under the same folder with .old suffix. -# iPhone/iOS users: In case you're unable to connect, try replacing this line in /etc/ipsec.conf: -# "rightprotoport=17/%any" with "rightprotoport=17/0". - # Check for empty VPN variables [ -z "$IPSEC_PSK" ] && { echo "'IPSEC_PSK' cannot be empty. Please edit the VPN script."; exit 1; } [ -z "$VPN_USER" ] && { echo "'VPN_USER' cannot be empty. Please edit the VPN script."; exit 1; }