Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-20 04:36:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
hwdsl2 2020-12-27 00:16:49 -06:00
parent 7006fb3fa5
commit 8adead17b7
8 changed files with 314 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
README-zh.md
View File

@ -28,15 +28,39 @@ IPsec VPN 可以加密你的网络流量,以防止在通过因特网传送时
## 快速开始
首先,在你的 Linux 服务器[\*](#quick-start-note) 上全新安装一个 Ubuntu LTS, Debian 或者 CentOS 系统
首先,在你的 Linux 服务器[\*](#quick-start-note) 上全新安装以下系统之一
使用以下命令快速搭建 IPsec VPN 服务器:
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
如果使用 CentOS请将上面的地址换成 `https://git.io/vpnsetup-centos`
<details>
<summary>
CentOS & RHEL
</summary>
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
你的 VPN 登录凭证将会被自动随机生成,并在安装完成后显示在屏幕上。
@ -85,57 +109,137 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
## 安装说明
### Ubuntu & Debian
首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
首先,更新你的系统:运行 `apt-get update && apt-get dist-upgrade` (Ubuntu/Debian) 或者 `yum update` (CentOS/RHEL/Amazon Linux 2) 并重启。这一步是可选的,但推荐。
要安装 VPN请从以下选项中选择一个
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 (完成后会在屏幕上显示):
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
CentOS & RHEL
</summary>
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
**选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证:
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
CentOS & RHEL
</summary>
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup.sh
nano -w vpnsetup.sh
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
nano -w vpnsetup.sh
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
</details>
**注:** 一个安全的 IPsec PSK 应该至少包含 20 个随机字符。
**选项 3:** 将你自己的 VPN 登录凭证定义为环境变量:
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
# 所有变量值必须用 '单引号' 括起来
# *不要* 在值中使用这些字符: \ " '
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
VPN_IPSEC_PSK='你的IPsec预共享密钥' \
wget https://git.io/vpnsetup -O vpnsetup.sh
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
VPN_USER='你的VPN用户名' \
VPN_PASSWORD='你的VPN密码' \
sh vpnsetup.sh
```
</details>
<details>
<summary>
CentOS & RHEL
</summary>
```bash
# 所有变量值必须用 '单引号' 括起来
# *不要* 在值中使用这些字符: \ " '
wget https://git.io/vpnsetup-centos -O vpnsetup.sh
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
VPN_USER='你的VPN用户名' \
VPN_PASSWORD='你的VPN密码' \
sh vpnsetup.sh
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
# 所有变量值必须用 '单引号' 括起来
# *不要* 在值中使用这些字符: \ " '
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
sudo VPN_IPSEC_PSK='你的IPsec预共享密钥' \
VPN_USER='你的VPN用户名' \
VPN_PASSWORD='你的VPN密码' \
sh vpnsetup.sh
```
</details>
**注:** 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a>,然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
### CentOS & RHEL
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://git.io/vpnsetup-centos`
### Amazon Linux 2
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://bit.ly/vpnsetup-amzn`
**注:** 在阅读本项目的文档时,对于 Amazon Linux 2 请参见 CentOS/RHEL 部分。
## 下一步
配置你的计算机或其它设备使用 VPN 。请参见:
@ -178,14 +282,35 @@ sh vpnsetup.sh
<a href="extras/" target="_blank">extras/</a> 目录提供额外的脚本,可用于升级 <a href="https://libreswan.org" target="_blank">Libreswan</a><a href="https://github.com/libreswan/libreswan/blob/master/CHANGES" target="_blank">更新日志</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">通知列表</a>)。请在运行前根据需要修改 `SWAN_VER` 变量。查看已安装版本: `ipsec --version`.
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
# Ubuntu & Debian
wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh vpnupgrade.sh
# CentOS & RHEL
```
</details>
<details>
<summary>
CentOS & RHEL
</summary>
```bash
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sudo sh vpnupgrade.sh
# Amazon Linux 2
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
wget https://bit.ly/vpnupgrade-amzn -O vpnupgrade.sh && sudo sh vpnupgrade.sh
```
</details>
## 问题和反馈

173
README.md
View File

@ -28,15 +28,39 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
## Quick start
First, prepare your Linux server[\*](#quick-start-note) with a fresh install of Ubuntu LTS, Debian or CentOS.
First, prepare your Linux server[\*](#quick-start-note) with a fresh install of one of the following OS.
Use this one-liner to set up an IPsec VPN server:
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
If using CentOS, replace the link above with `https://git.io/vpnsetup-centos`.
<details>
<summary>
CentOS & RHEL
</summary>
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
Your VPN login details will be randomly generated, and displayed on the screen when finished.
@ -85,57 +109,137 @@ Advanced users can set up the VPN server on a $35 <a href="https://www.raspberry
## Installation
### Ubuntu & Debian
First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended.
First, update your system with `apt-get update && apt-get dist-upgrade` (Ubuntu/Debian) or `yum update` (CentOS/RHEL/Amazon Linux 2) and reboot. This is optional, but recommended.
To install the VPN, please choose one of the following options:
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished):
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
CentOS & RHEL
</summary>
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh && sudo sh vpnsetup.sh
```
</details>
**Option 2:** Edit the script and provide your own VPN credentials:
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
CentOS & RHEL
</summary>
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup.sh
nano -w vpnsetup.sh
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
nano -w vpnsetup.sh
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
</details>
**Note:** A secure IPsec PSK should consist of at least 20 random characters.
**Option 3:** Define your VPN credentials as environment variables:
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
# All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
wget https://git.io/vpnsetup -O vpnsetup.sh
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' \
sh vpnsetup.sh
```
</details>
<details>
<summary>
CentOS & RHEL
</summary>
```bash
# All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
wget https://git.io/vpnsetup-centos -O vpnsetup.sh
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' \
sh vpnsetup.sh
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
# All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
wget https://bit.ly/vpnsetup-amzn -O vpnsetup.sh
sudo VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' \
sh vpnsetup.sh
```
</details>
**Note:** If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
### CentOS & RHEL
First, update your system with `yum update` and reboot. This is optional, but recommended.
Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://git.io/vpnsetup-centos`.
### Amazon Linux 2
First, update your system with `yum update` and reboot. This is optional, but recommended.
Follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://bit.ly/vpnsetup-amzn`.
**Note:** When reading documentation in this project, refer to the CentOS/RHEL sections for Amazon Linux 2.
## Next steps
Get your computer or device to use the VPN. Please refer to:
@ -178,14 +282,35 @@ The scripts will backup existing config files before making changes, with `.old-
The additional scripts in <a href="extras/" target="_blank">extras/</a> can be used to upgrade <a href="https://libreswan.org" target="_blank">Libreswan</a> (<a href="https://github.com/libreswan/libreswan/blob/master/CHANGES" target="_blank">changelog</a> | <a href="https://lists.libreswan.org/mailman/listinfo/swan-announce" target="_blank">announce</a>). Edit the `SWAN_VER` variable as necessary. Check which version is installed: `ipsec --version`.
<details open>
<summary>
Ubuntu & Debian
</summary>
```bash
# Ubuntu & Debian
wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh vpnupgrade.sh
# CentOS & RHEL
```
</details>
<details>
<summary>
CentOS & RHEL
</summary>
```bash
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sudo sh vpnupgrade.sh
# Amazon Linux 2
```
</details>
<details>
<summary>
Amazon Linux 2
</summary>
```bash
wget https://bit.ly/vpnupgrade-amzn -O vpnupgrade.sh && sudo sh vpnupgrade.sh
```
</details>
## Bugs & Questions

2
docs/clients-zh.md
View File

@ -374,7 +374,7 @@ service xl2tpd restart
grep pluto /var/log/auth.log
grep xl2tpd /var/log/syslog
# CentOS & RHEL
# CentOS/RHEL & Amazon Linux 2
grep pluto /var/log/secure
grep xl2tpd /var/log/messages
```

2
docs/clients.md
View File

@ -373,7 +373,7 @@ Check the Libreswan (IPsec) and xl2tpd logs for errors:
grep pluto /var/log/auth.log
grep xl2tpd /var/log/syslog
# CentOS & RHEL
# CentOS/RHEL & Amazon Linux 2
grep pluto /var/log/secure
grep xl2tpd /var/log/messages
```

7
docs/ikev2-howto-zh.md
View File

@ -2,9 +2,6 @@
*其他语言版本: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
**注:** 本指南适用于**高级用户**。其他用户请使用 [IPsec/L2TP](clients-zh.md) 或者 [IPsec/XAuth](clients-xauth-zh.md) 模式。
---
* [导言](#导言)
* [使用辅助脚本](#使用辅助脚本)
* [手动在 VPN 服务器上配置 IKEv2](#手动在-vpn-服务器上配置-ikev2)
@ -25,6 +22,8 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
- Android 4.x 和更新版本(使用 strongSwan VPN 客户端)
- iOS (iPhone/iPad)
在按照本指南操作之后,你将可以选择三种模式中的任意一种连接到 VPNIKEv2以及已有的 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式。
## 使用辅助脚本
**重要:** 作为使用本指南的先决条件,在继续之前,你必须确保你已经成功地 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a>,并且(可选但推荐)将 Libreswan <a href="../README-zh.md#升级libreswan" target="_blank">升级</a> 到最新版本。**Docker 用户请看 <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#配置并使用-ikev2-vpn" target="_blank">这里</a>**。
@ -107,7 +106,7 @@ wget https://bit.ly/ikev2setup -O ikev2.sh && sudo bash ikev2.sh
EOF
```
**注:** 如果你的服务器(或者 Docker 主机)运行 Debian 或者 CentOS/RHEL,并且你想要启用 MOBIKE 支持,可以将上面命令中的 `mobike=no` 换成 `mobike=yes`。**不要** 在 Ubuntu 系统或者 Raspberry Pi 上启用该选项。
**注:** 如果你的服务器(或者 Docker 主机)运行 Debian, CentOS/RHEL 或者 Amazon Linux 2,并且你想要启用 MOBIKE 支持,可以将上面命令中的 `mobike=no` 换成 `mobike=yes`。**不要** 在 Ubuntu 系统或者 Raspberry Pi 上启用该选项。
如果是 Libreswan 3.19-3.22

7
docs/ikev2-howto.md
View File

@ -2,9 +2,6 @@
*Read this in other languages: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
**Note:** This guide is for **advanced users**. Other users please use [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode.
---
* [Introduction](#introduction)
* [Using helper scripts](#using-helper-scripts)
* [Manually set up IKEv2 on the VPN server](#manually-set-up-ikev2-on-the-vpn-server)
@ -25,6 +22,8 @@ Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certifica
- Android 4.x and newer (using the strongSwan VPN client)
- iOS (iPhone/iPad)
After following this guide, you will be able to connect to the VPN using IKEv2 in addition to the existing [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes.
## Using helper scripts
**Important:** As a prerequisite to using this guide, and before continuing, you must make sure that you have successfully <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">set up your own VPN server</a>, and (optional but recommended) <a href="../README.md#upgrade-libreswan" target="_blank">upgraded Libreswan</a> to the latest version. **Docker users, see <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#configure-and-use-ikev2-vpn" target="_blank">here</a>**.
@ -107,7 +106,7 @@ The following example shows how to manually configure IKEv2 with Libreswan. Comm
EOF
```
**Note:** If your server (or Docker host) runs Debian or CentOS/RHEL and you wish to enable MOBIKE support, replace `mobike=no` with `mobike=yes` in the command above. **DO NOT** enable this option on Ubuntu systems or Raspberry Pis.
**Note:** If your server (or Docker host) runs Debian, CentOS/RHEL or Amazon Linux 2, and you wish to enable MOBIKE support, replace `mobike=no` with `mobike=yes` in the command above. **DO NOT** enable this option on Ubuntu systems or Raspberry Pis.
For Libreswan 3.19-3.22:

8
docs/uninstall-zh.md
View File

@ -25,21 +25,21 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
## 第二步
### Ubuntu/Debian
### Ubuntu & Debian
`apt-get purge xl2tpd`
### CentOS/RHEL
### CentOS/RHEL & Amazon Linux 2
`yum remove xl2tpd`
## 第三步
### Ubuntu/Debian
### Ubuntu & Debian
编辑 `/etc/iptables.rules` 并删除不需要的规则。你之前的防火墙规则(如果有)备份在 `/etc/iptables.rules.old-日期-时间`。另外如果文件 `/etc/iptables/rules.v4` 存在,请编辑它。
### CentOS/RHEL
### CentOS/RHEL & Amazon Linux 2
编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。你之前的防火墙规则(如果有)备份在 `/etc/sysconfig/iptables.old-日期-时间`

8
docs/uninstall.md
View File

@ -25,21 +25,21 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
## Second step
### Ubuntu/Debian
### Ubuntu & Debian
`apt-get purge xl2tpd`
### CentOS/RHEL
### CentOS/RHEL & Amazon Linux 2
`yum remove xl2tpd`
## Third step
### Ubuntu/Debian
### Ubuntu & Debian
Edit `/etc/iptables.rules` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`. In addition, edit `/etc/iptables/rules.v4` if the file exists.
### CentOS/RHEL
### CentOS/RHEL & Amazon Linux 2
Edit `/etc/sysconfig/iptables` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.