Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-20 04:36:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve docs

Browse Source 
[ci skip]
This commit is contained in:
hwdsl2 2016-06-26 14:51:21 -05:00
parent d32b449f46
commit 8475a9bb99
6 changed files with 131 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README-zh.md
View File

@ -91,7 +91,7 @@ sudo sh vpnsetup.sh
## 重要提示
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#regkey" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到 `错误 628`,请打开 VPN 连接属性的 "安全" 选项卡,并确保<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-182571109" target="_blank">仅选中 "CHAP" 选项</a>
**Windows 用户** 在首次连接之前需要<a href="docs/clients-zh.md#regkey" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果在连接过程中遇到错误,请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a>
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
@ -99,13 +99,15 @@ sudo sh vpnsetup.sh
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果要使用另外的 DNS 服务商,可以编辑文件 `options.xl2tpd``ipsec.conf` 并用新的服务器替换 `8.8.8.8``8.8.4.4`。然后重新启动系统。
对于有外部防火墙的服务器(比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>),请打开 UDP 端口 500 和 4500以及 TCP 端口 22 (用于 SSH
如果你为服务器配置了自定义 SSH 端口(不是 22或其他服务请在使用前编辑脚本中的 IPTables 防火墙规则。
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
## 关于升级Libreswan
提供两个额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a><a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于升级 Libreswan。请关注<a href="https://libreswan.org" target="_blank">方网站</a>,并在运行前根据需要更新 `swan_ver` 变量。
提供额外的脚本 <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a><a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> ,可用于升级 Libreswan (<a href="https://libreswan.org" target="_blank"></a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">通知列表</a>)。请在运行前根据需要修改 `swan_ver` 变量。检查已安装版本: `ipsec --version`
## 问题和反馈
@ -115,11 +117,11 @@ sudo sh vpnsetup.sh
## 卸载说明
请参见 [卸载 VPN](docs/uninstall-zh.md)
请参见 <a href="docs/uninstall-zh.md" target="_blank">卸载 VPN</a>
## 另见
- [在 Docker 上搭建 IPsec VPN](https://github.com/hwdsl2/docker-ipsec-vpn-server)
- <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">在 Docker 上搭建 IPsec VPN</a>
## 作者
@ -128,7 +130,7 @@ sudo sh vpnsetup.sh
- 现在正在积极寻找新的工作机会,比如软件或系统工程师
- 在 LinkedIn 上与我联系: <a href="https://www.linkedin.com/in/linsongui" target="_blank">https://www.linkedin.com/in/linsongui</a>
感谢本项目所有的 [贡献者](https://github.com/hwdsl2/setup-ipsec-vpn/graphs/contributors)
感谢本项目所有的 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/graphs/contributors" target="_blank">贡献者</a>
## 授权协议

14
README.md
View File

@ -91,7 +91,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important Notes
For **Windows users**, a <a href="docs/clients.md#regkey" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Also, if you see `Error 628`, open the "Security" tab of VPN connection properties and make sure <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-182571109" target="_blank">only "CHAP" is selected</a>.
For **Windows users**, a <a href="docs/clients.md#regkey" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). If you encountered an error when connecting, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>.
**Android 6 (Marshmallow) users**: Please see notes in <a href="docs/clients.md#android" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
@ -99,13 +99,15 @@ If you wish to add, edit or remove VPN user accounts, refer to <a href="docs/man
Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `options.xl2tpd` and `ipsec.conf` with new ones. Then reboot your server.
For servers with a custom SSH port (not 22) or other services, edit IPTables rules in the script before using.
For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH).
If your server has a custom SSH port (not 22) or other services, edit IPTables rules in the script before using.
The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
## Upgrading Libreswan
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to upgrade Libreswan. Check the <a href="https://libreswan.org" target="_blank">official website</a> and update the `swan_ver` variable as necessary.
The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">vpnupgrade_Libreswan.sh</a> and <a href="extras/vpnupgrade_Libreswan_centos.sh" target="_blank">vpnupgrade_Libreswan_centos.sh</a> can be used to upgrade Libreswan (<a href="https://libreswan.org" target="_blank">website</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">swan-announce</a>). Update the `swan_ver` variable as necessary. Check installed version: `ipsec --version`
## Bugs & Questions
@ -115,11 +117,11 @@ The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">
## Uninstallation
Please refer to [Uninstall the VPN](docs/uninstall.md).
Please refer to <a href="docs/uninstall.md" target="_blank">Uninstall the VPN</a>.
## See Also
- [IPsec VPN Server on Docker](https://github.com/hwdsl2/docker-ipsec-vpn-server)
- <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">IPsec VPN Server on Docker</a>
## Author
@ -128,7 +130,7 @@ Please refer to [Uninstall the VPN](docs/uninstall.md).
- Actively seeking opportunities in areas such as Software or Systems Engineering
- Contact me on LinkedIn: <a href="https://www.linkedin.com/in/linsongui" target="_blank">https://www.linkedin.com/in/linsongui</a>
Thanks to [all contributors](https://github.com/hwdsl2/setup-ipsec-vpn/graphs/contributors) of this project!
Thanks to <a href="https://github.com/hwdsl2/setup-ipsec-vpn/graphs/contributors" target="_blank">all contributors</a> to this project!
## License

29
docs/clients-xauth-zh.md
View File

@ -34,6 +34,9 @@
VPN 连接成功后,会在 VPN Connect 状态窗口中显示 **tunnel enabled** 字样。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
<a id="regkey"></a>
如果在连接过程中遇到错误,请参见 <a href="#故障排除">故障排除</a>
**注:** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。请参照链接文章中的说明,或者打开<a href="http://windows.microsoft.com/zh-cn/windows/command-prompt-faq#1TC=windows-7" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重新启动计算机。
- 适用于 Windows Vista, 7, 8 和 10
```console
@ -100,6 +103,32 @@ VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="h
VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
## 故障排除
### Windows 错误 809
> 无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应。
要解决此错误,请按照<a href="#regkey">上面的步骤</a>添加注册表键并重启计算机。
### Windows 错误 628
> 在连接完成前,连接被远程计算机终止。
要解决此错误,请按以下步骤操作:
1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**
1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性**
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
1. 单击 **确定** 保存 VPN 连接的详细信息。
![Select only CHAP in VPN connection properties-2](https://cloud.githubusercontent.com/assets/5104323/16026263/cbda945a-3192-11e6-96a6-ff18c5dd9a48.png)
### 其它错误
更多的故障排除信息请参见 <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues" target="_blank">这个文档</a>
## 致谢
本文档是在 <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> 项目文档基础上翻译和修改。该项目由 Joshua Lund 和其他开发者维护。

29
docs/clients-xauth.md
View File

@ -34,6 +34,9 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
Once connected, you will see **tunnel enabled** in the VPN Connect status window. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
<a id="regkey"></a>
If you encountered an error when connecting, see <a href="#troubleshooting">Troubleshooting</a>.
**Note:** A <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Please refer to the linked page, or run the following from an <a href="http://windows.microsoft.com/en-us/windows/command-prompt-faq#1TC=windows-7" target="_blank">elevated command prompt</a>. You must reboot your computer when done.
- For Windows Vista, 7, 8 and 10
```console
@ -100,6 +103,32 @@ Once connected, you will see a VPN icon in the notification bar. You can verify
Once connected, you will see a VPN icon in the status bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
## Troubleshooting
### Windows Error 809
> The network connection between your computer and the VPN server could not be established because the remote server is not responding.
To fix this error, follow <a href="#regkey">the steps above</a> to add a registry key and reboot your computer.
### Windows Error 628
> The connection was terminated by the remote computer before it could be completed.
To fix this error, please follow these steps:
1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**.
1. Click **Allow these protocols**. Select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox, and deselect all others.
1. Click **OK** to save the VPN connection details.
![Select only CHAP in VPN connection properties](https://cloud.githubusercontent.com/assets/5104323/16024310/b113e9b6-3186-11e6-9e03-12f5455487ba.png)
### Other Errors
Please refer to <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues" target="_blank">this document</a> for more troubleshooting tips.
## Credits
This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project by Joshua Lund and contributors.

30
docs/clients-zh.md
View File

@ -62,9 +62,11 @@
1. 单击 **确定** 关闭 **高级设置**
1. 单击 **确定** 保存 VPN 连接的详细信息。
<a id="regkey"></a>
要连接到 VPN 单击系统托盘中的无线/网络图标,选择新的 VPN 连接,然后单击 **连接**。如果出现提示,在登录窗口中输入 `你的 VPN 用户名``密码` ,并单击 **确定**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
<a id="regkey"></a>
如果在连接过程中遇到错误,请参见 <a href="#故障排除">故障排除</a>
**注:** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。请参照链接文章中的说明,或者打开<a href="http://windows.microsoft.com/zh-cn/windows/command-prompt-faq#1TC=windows-7" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重新启动计算机。
- 适用于 Windows Vista, 7, 8 和 10
```console
@ -147,6 +149,32 @@ VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="h
VPN 连接成功后,网络状态图标上会出现 VPN 指示。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
## 故障排除
### Windows 错误 809
> 无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应。
要解决此错误,请按照<a href="#regkey">上面的步骤</a>添加注册表键并重启计算机。
### Windows 错误 628
> 在连接完成前,连接被远程计算机终止。
要解决此错误,请按以下步骤操作:
1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**
1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性**
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
1. 单击 **确定** 保存 VPN 连接的详细信息。
![Select only CHAP in VPN connection properties-2](https://cloud.githubusercontent.com/assets/5104323/16026263/cbda945a-3192-11e6-96a6-ff18c5dd9a48.png)
### 其它错误
更多的故障排除信息请参见 <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues" target="_blank">这个文档</a>
## 致谢
本文档是在 <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> 项目文档基础上翻译和修改。该项目由 Joshua Lund 和其他开发者维护。

30
docs/clients.md
View File

@ -62,9 +62,11 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
1. Click **OK** to close the **Advanced settings**.
1. Click **OK** to save the VPN connection details.
<a id="regkey"></a>
To connect to the VPN: Click on the wireless/network icon in your system tray, select the new VPN entry, and click **Connect**. If prompted, enter `Your VPN Username` and `Password`, then click **OK**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
<a id="regkey"></a>
If you encountered an error when connecting, see <a href="#troubleshooting">Troubleshooting</a>.
**Note:** A <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Please refer to the linked page, or run the following from an <a href="http://windows.microsoft.com/en-us/windows/command-prompt-faq#1TC=windows-7" target="_blank">elevated command prompt</a>. You must reboot your computer when done.
- For Windows Vista, 7, 8 and 10
```console
@ -147,6 +149,32 @@ Once connected, you will see a VPN icon in the status bar. You can verify that y
Once connected, you will see a VPN icon overlay on the network status icon. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
## Troubleshooting
### Windows Error 809
> The network connection between your computer and the VPN server could not be established because the remote server is not responding.
To fix this error, follow <a href="#regkey">the steps above</a> to add a registry key and reboot your computer.
### Windows Error 628
> The connection was terminated by the remote computer before it could be completed.
To fix this error, please follow these steps:
1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**.
1. Click **Allow these protocols**. Select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox, and deselect all others.
1. Click **OK** to save the VPN connection details.
![Select only CHAP in VPN connection properties](https://cloud.githubusercontent.com/assets/5104323/16024310/b113e9b6-3186-11e6-9e03-12f5455487ba.png)
### Other Errors
Please refer to <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues" target="_blank">this document</a> for more troubleshooting tips.
## Credits
This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project by Joshua Lund and contributors.