Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-19 20:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
[ci skip]
This commit is contained in:
hwdsl2 2016-06-11 15:38:30 -05:00
parent 59c7227587
commit 990f8cdf24
2 changed files with 24 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
README-zh.md
View File

@ -25,8 +25,8 @@
## 功能特性
- **NEW:** 新增支持更高效的 `IPsec/XAuth ("Cisco IPsec")` 模式
- **NEW:** 现在可以下载 VPN 服务器的预构建 <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">Docker 映像</a>
- :new: 新增支持更高效的 `IPsec/XAuth ("Cisco IPsec")` 模式
- :new: 现在可以下载 VPN 服务器的预构建 <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">Docker 镜像</a>
- 全自动的 IPsec VPN 服务器配置,无需用户输入
- 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持
- 可直接作为 Amazon EC2 实例创建时的用户数据使用
@ -56,18 +56,18 @@
首先,更新你的系统: 运行 `apt-get update && apt-get dist-upgrade` 并重启。这一步是可选的,但推荐。
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 (会在屏幕上显示):
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 完成后会在屏幕上显示):
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
**选项 2:** 输入你自己的 VPN 登录凭证,或者将它们定义为环境变量
**选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh
[修改为你自己的值: VPN_IPSEC_PSK, VPN_USER 和 VPN_PASSWORD]
nano -w vpnsetup.sh # 或者使用你喜欢的编辑器
[替换为你自己的值: YOUR_IPSEC_PSK, YOUR_USERNAME 和 YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
@ -75,22 +75,9 @@ sudo sh vpnsetup.sh
首先,更新你的系统: 运行 `yum update` 并重启。这一步是可选的,但推荐。
**选项 1:** 使用脚本随机生成的 VPN 登录凭证 (会在屏幕上显示):
然后按照与上面相同的步骤,但是将 `https://git.io/vpnsetup` 换成 `https://git.io/vpnsetup-centos`
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh && sudo sh vpnsetup_centos.sh
```
**选项 2:** 输入你自己的 VPN 登录凭证,或者将它们定义为环境变量:
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh
[修改为你自己的值: VPN_IPSEC_PSK, VPN_USER 和 VPN_PASSWORD]
sudo sh vpnsetup_centos.sh
```
如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
注: 如果无法通过 `wget` 下载,你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (或者 <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
## 下一步
@ -103,11 +90,11 @@ sudo sh vpnsetup_centos.sh
## 重要提示
**Windows 用户** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外请打开 VPN 连接属性的"安全"选项卡,并确保<a href="https://cloud.githubusercontent.com/assets/5704064/14538812/96b4f930-024b-11e6-9d81-fa3d3db1ce33.png" target="_blank">仅选中 "CHAP" 选项</a>
**Windows 用户** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到 `错误 628`请打开 VPN 连接属性的 "安全" 选项卡,并确保<a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-182571109" target="_blank">仅选中 "CHAP" 选项</a>
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: <a href="docs/clients-zh.md#android" target="_blank">配置 IPsec/L2TP VPN 客户端</a>
如果需要添加,编辑或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>
如果需要添加,编辑或者删除 VPN 用户账户,请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>
在 VPN 已连接时,客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果要使用另外的 DNS 服务商,可以编辑文件 `options.xl2tpd``ipsec.conf` 并用新的服务器替换 `8.8.8.8``8.8.4.4`。然后重新启动系统。
@ -121,9 +108,9 @@ sudo sh vpnsetup_centos.sh
## 问题和反馈
- 有问题需要提问?请先搜索其他用户的留言,在<a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">这个 GitHub Gist</a> 以及<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">我的博客文章</a>
- 有问题需要提问?请先搜索已有的留言,在<a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">这个 Gist</a> 以及<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">我的博客</a>
- Libreswan (IPsec) 的相关问题可在<a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">邮件列表</a>提问。也可以参见这些文章:<a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://help.ubuntu.com/community/L2TPServer" target="_blank">[4]</a> <a href="https://libreswan.org/man/ipsec.conf.5.html" target="_blank">[5]</a>
- 如果你发现了一个可重复的程序漏洞,请提交一个 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues" target="_blank">GitHub Issue</a>
- 如果你发现了一个可重复的程序漏洞,请提交一个 <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue" target="_blank">GitHub Issue</a>
## 另见

37
README.md
View File

@ -25,8 +25,8 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
## Features
- **NEW:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported
- **NEW:** A pre-built <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">Docker image</a> of the VPN server is now available
- :new: The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported
- :new: A pre-built <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server" target="_blank">Docker image</a> of the VPN server is now available
- Fully automated IPsec VPN server setup, no user input needed
- Encapsulates all VPN traffic in UDP - does not need ESP protocol
- Can be directly used as "user-data" for a new Amazon EC2 instance
@ -44,7 +44,7 @@ A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2
**-OR-**
A dedicated server or KVM/Xen-based Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used after applying <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS users should instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>.
A dedicated server or KVM/Xen-based Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with <a href="extras/vpnsetup-debian-7-workaround.sh" target="_blank">this workaround</a>. OpenVZ VPS users should instead try <a href="https://github.com/Nyr/openvpn-install" target="_blank">OpenVPN</a>.
<a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; I want to run my own VPN but don't have a server for that**</a>
@ -56,18 +56,18 @@ A dedicated server or KVM/Xen-based Virtual Private Server (VPS), freshly instal
First, update your system with `apt-get update && apt-get dist-upgrade` and reboot. This is optional, but recommended.
**Option 1:** Have the script generate random VPN credentials for you (will be displayed on the screen):
**Option 1:** Have the script generate random VPN credentials for you (will be displayed when finished):
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
```
**Option 2:** Enter your own VPN credentials, or define them as environment variables:
**Option 2:** Edit the script and provide your own VPN credentials:
```bash
wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh
[Replace with your own values: VPN_IPSEC_PSK, VPN_USER and VPN_PASSWORD]
nano -w vpnsetup.sh # or use your favorite editor
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
sudo sh vpnsetup.sh
```
@ -75,22 +75,9 @@ sudo sh vpnsetup.sh
First, update your system with `yum update` and reboot. This is optional, but recommended.
**Option 1:** Have the script generate random VPN credentials for you (will be displayed on the screen):
Then follow the same steps as above, but replace `https://git.io/vpnsetup` with `https://git.io/vpnsetup-centos`.
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh && sudo sh vpnsetup_centos.sh
```
**Option 2:** Enter your own VPN credentials, or define them as environment variables:
```bash
wget https://git.io/vpnsetup-centos -O vpnsetup_centos.sh
nano -w vpnsetup_centos.sh
[Replace with your own values: VPN_IPSEC_PSK, VPN_USER and VPN_PASSWORD]
sudo sh vpnsetup_centos.sh
```
If unable to download via `wget`, you may alternatively open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
Note: If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
## Next Steps
@ -103,7 +90,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
## Important Notes
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). In addition, open the "Security" tab of VPN connection properties and make sure <a href="https://cloud.githubusercontent.com/assets/5704064/14538812/96b4f930-024b-11e6-9d81-fa3d3db1ce33.png" target="_blank">only "CHAP" is selected</a>.
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Also, if you see `Error 628`, open the "Security" tab of VPN connection properties and make sure <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues/7#issuecomment-182571109" target="_blank">only "CHAP" is selected</a>.
**Android 6 (Marshmallow) users**: Please see notes in <a href="docs/clients.md#android" target="_blank">Configure IPsec/L2TP VPN Clients</a>.
@ -121,9 +108,9 @@ The additional scripts <a href="extras/vpnupgrade_Libreswan.sh" target="_blank">
## Bugs & Questions
- Got a question? Please first search other people's comments <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">in this GitHub Gist</a> and <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">on my blog</a>.
- Got a question? Please first search other people's comments <a href="https://gist.github.com/hwdsl2/9030462#comments" target="_blank">in this Gist</a> and <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#disqus_thread" target="_blank">on my blog</a>.
- Ask Libreswan (IPsec) related questions <a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">on the mailing list</a>, or read these articles: <a href="https://libreswan.org/wiki/Main_Page" target="_blank">[1]</a> <a href="https://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server" target="_blank">[2]</a> <a href="https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup" target="_blank">[3]</a> <a href="https://help.ubuntu.com/community/L2TPServer" target="_blank">[4]</a> <a href="https://libreswan.org/man/ipsec.conf.5.html" target="_blank">[5]</a>.
- If you found a reproducible bug, open a <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues" target="_blank">GitHub Issue</a> to submit a bug report.
- If you found a reproducible bug, open a <a href="https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue" target="_blank">GitHub Issue</a> to submit a bug report.
## See Also