Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-20 12:46:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Minor corrections to docs

Browse Source 
[ci skip]
This commit is contained in:
hwdsl2 2016-06-22 02:27:38 -05:00
parent de6f4a45ad
commit 993f962261
4 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/clients-xauth-zh.md
View File

@ -4,7 +4,7 @@
*如需使用 IPsec/L2TP 模式连接,请参见: [配置 IPsec/L2TP VPN 客户端](clients-zh.md)*
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/XAuth 在 Android, iOS 和 OS X 上均受支持无需安装额外的软件。Windows 用户可以使用免费的 <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft 客户端</a>。如果无法连接,请首先检查是否输入了正确的用户名和密码
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/XAuth 在 Android, iOS 和 OS X 上均受支持无需安装额外的软件。Windows 用户可以使用免费的 <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft 客户端</a>。如果无法连接,请首先检查是否输入了正确的 VPN 登录信息
`IPsec/XAuth` 模式也称为 `Cisco IPsec`。和 `IPsec/L2TP` 相比较,它通常能够更高效地传输数据。
@ -35,7 +35,7 @@
VPN 连接成功后,会在 VPN Connect 状态窗口中显示 **tunnel enabled** 字样。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
**注:** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。请参照链接文章中的说明,或者打开<a href="http://windows.microsoft.com/zh-cn/windows/command-prompt-faq#1TC=windows-7" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重新启动计算机。
- 适用于 Windows Vista 及以上版本
- 适用于 Windows Vista, 7, 8 和 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
@ -81,7 +81,7 @@ VPN 连接成功后,会在 VPN Connect 状态窗口中显示 **tunnel enabled*
1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接**
注: Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 。然后在 `conn shared` 部分增加一行 `sha2-truncbug=yes` (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">参见这里</a>)。每行开头必须空两格。保存修改并运行 `service ipsec restart`
**注:** Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`(<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">更多信息</a>)
VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。

6
docs/clients-xauth.md
View File

@ -35,7 +35,7 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
Once connected, you will see **tunnel enabled** in the VPN Connect status window. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
**Note:** A <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Please refer to the linked page, or run the following from an <a href="http://windows.microsoft.com/en-us/windows/command-prompt-faq#1TC=windows-7" target="_blank">elevated command prompt</a>. You must reboot your computer when done.
- For Windows Vista and newer
- For Windows Vista, 7, 8 and 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
@ -56,7 +56,7 @@ Once connected, you will see **tunnel enabled** in the VPN Connect status window
1. Enter `Your VPN Username` for the **Account Name**.
1. Enter `Your VPN Password` for the **Password**.
1. Click the **Authentication Settings** button.
1. In the **Machine Authentication** section, select the **Shared Secret** radio button and enter `Your VPN IPsec PSK` as its value.
1. In the **Machine Authentication** section, select the **Shared Secret** radio button and enter `Your VPN IPsec PSK`.
1. Leave the **Group Name** field blank.
1. Click **OK**.
1. Check the **Show VPN status in menu bar** checkbox.
@ -81,7 +81,7 @@ You can connect to the VPN using the VPN icon in the menu bar, or by selecting t
1. Check the **Save account information** checkbox.
1. Tap **Connect**.
Note for Android 6 (Marshmallow) users: On the VPN server, edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` under section `conn shared` (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Reference</a>). Indent lines with two spaces. When finished, run `service ipsec restart`.
**Note:** Android 6 (Marshmallow) users should edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. When finished, run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Reference</a>)
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".

12
docs/clients-zh.md
View File

@ -4,7 +4,7 @@
*如需使用 IPsec/XAuth 模式连接,请参见: [配置 IPsec/XAuth VPN 客户端](clients-xauth-zh.md)*
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的用户名和密码
在成功<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建自己的VPN服务器</a>之后你可以按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录信息
---
* 平台名称
@ -28,7 +28,7 @@
1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**
1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性**
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中其它项。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
1. 单击 **高级设置** 按钮。
1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。
1. 单击 **确定** 关闭 **高级设置**
@ -52,11 +52,11 @@
1. 在 **密码** 字段中输入`你的 VPN 密码`。
1. 选中 **记住此密码** 复选框。
1. 单击 **创建**,然后单击 **关闭** 按钮。
1. 右键单击系统托盘中的无线/网络图标,选择 **打开网络与共享中心**。
1. 重复上面的第 1-3 步,打开 **网络与共享中心**。
1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接,并选择 **属性**
1. 单击 **选项** 选项卡,取消选中 **包含Windows登录域** 复选框。
1. 单击 **安全** 选项卡,从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中其它项。
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
1. 单击 **高级设置** 按钮。
1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。
1. 单击 **确定** 关闭 **高级设置**
@ -66,7 +66,7 @@
要连接到 VPN 单击系统托盘中的无线/网络图标,选择新的 VPN 连接,然后单击 **连接**。如果出现提示,在登录窗口中输入 `你的 VPN 用户名``密码` ,并单击 **确定**。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
**注:** 在首次连接之前需要<a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">修改一次注册表</a>,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。请参照链接文章中的说明,或者打开<a href="http://windows.microsoft.com/zh-cn/windows/command-prompt-faq#1TC=windows-7" target="_blank">提升权限命令提示符</a>并运行以下命令。完成后必须重新启动计算机。
- 适用于 Windows Vista 及以上版本
- 适用于 Windows Vista, 7, 8 和 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
@ -112,7 +112,7 @@
1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接**
注: Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf` 并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 。然后在 `conn shared` 部分增加一行 `sha2-truncbug=yes` (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">参见这里</a>)。每行开头必须空两格。保存修改并运行 `service ipsec restart`
**注:** Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=``phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`(<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">更多信息</a>)
VPN 连接成功后,会在通知栏显示图标。最后你可以到<a href="https://www.whatismyip.com" target="_blank">这里</a>检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。

14
docs/clients.md
View File

@ -28,7 +28,7 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
1. Right-click on the wireless/network icon in your system tray, select **Open Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN entry and choose **Properties**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**.
1. Click **Allow these protocols**. Select "Challenge Handshake Authentication Protocol (CHAP)" and deselect others.
1. Click **Allow these protocols**. Select "Challenge Handshake Authentication Protocol (CHAP)" and deselect all others.
1. Click the **Advanced settings** button.
1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
1. Click **OK** to close the **Advanced settings**.
@ -52,11 +52,11 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
1. Enter `Your VPN Password` in the **Password** field.
1. Check the **Remember this password** checkbox.
1. Click **Create**, and then **Close**.
1. Right-click on the wireless/network icon in your system tray, select **Open Network and Sharing Center**.
1. Repeat steps 1-3 above to open **Network and Sharing Center**.
1. On the left, click **Change adapter settings**. Right-click on the new VPN entry and choose **Properties**.
1. Click the **Options** tab and uncheck **Include Windows logon domain**.
1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**.
1. Click **Allow these protocols**. Select "Challenge Handshake Authentication Protocol (CHAP)" and deselect others.
1. Click **Allow these protocols**. Select "Challenge Handshake Authentication Protocol (CHAP)" and deselect all others.
1. Click the **Advanced settings** button.
1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
1. Click **OK** to close the **Advanced settings**.
@ -66,7 +66,7 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
To connect to the VPN: Click on the wireless/network icon in your system tray, select the new VPN entry, and click **Connect**. If prompted, enter `Your VPN Username` and `Password`, then click **OK**. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
**Note:** A <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required if the VPN server and/or client is behind NAT (e.g. home router). Please refer to the linked page, or run the following from an <a href="http://windows.microsoft.com/en-us/windows/command-prompt-faq#1TC=windows-7" target="_blank">elevated command prompt</a>. You must reboot your computer when done.
- For Windows Vista and newer
- For Windows Vista, 7, 8 and 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
@ -86,8 +86,8 @@ To connect to the VPN: Click on the wireless/network icon in your system tray, s
1. Enter `Your VPN Server IP` for the **Server Address**.
1. Enter `Your VPN Username` for the **Account Name**.
1. Click the **Authentication Settings** button.
1. In the **User Authentication** section, select the **Password** radio button and enter `Your VPN Password` as its value.
1. In the **Machine Authentication** section, select the **Shared Secret** radio button and enter `Your VPN IPsec PSK` as its value.
1. In the **User Authentication** section, select the **Password** radio button and enter `Your VPN Password`.
1. In the **Machine Authentication** section, select the **Shared Secret** radio button and enter `Your VPN IPsec PSK`.
1. Click **OK**.
1. Check the **Show VPN status in menu bar** checkbox.
1. Click the **Advanced** button and make sure the **Send all traffic over VPN connection** checkbox is selected.
@ -112,7 +112,7 @@ You can connect to the VPN using the VPN icon in the menu bar, or by selecting t
1. Check the **Save account information** checkbox.
1. Tap **Connect**.
Note for Android 6 (Marshmallow) users: On the VPN server, edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` under section `conn shared` (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Reference</a>). Indent lines with two spaces. When finished, run `service ipsec restart`.
**Note:** Android 6 (Marshmallow) users should edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. When finished, run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Reference</a>)
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".