Marown
/
setup-ipsec-vpn
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update docs 

- Add a section about customizing VPN On Demand rules.
This commit is contained in:
hwdsl2 2023-12-19 10:18:36 -06:00
parent 18d51449ed
commit b7b3fc3169
2 changed files with 60 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
docs/ikev2-howto-zh.md
View File

@ -153,7 +153,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
(可选功能)启用 **VPN On Demand按需连接** 以在你的 Mac 连接到 Wi-Fi 时自动启动 VPN 连接。要启用它,选中 VPN 连接的 **按需连接** 复选框,然后单击 **应用**。对于 macOS Ventura 和更新版本,首先单击 VPN 连接右边的 "i" 图标,然后配置该选项。
你可以自定义按需连接规则,以排除某些 Wi-Fi 网络(例如你的家庭网络)。参见 [:book: Book: 搭建自己的 IPsec VPN, OpenVPN 和 WireGuard 服务器](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-X8X5FVFZC) 中的 "指南:为 macOS 和 iOS 自定义 IKEv2 VPN On Demand 规则"。
你可以自定义按需连接规则,以排除某些 Wi-Fi 网络(例如你的家庭网络)。有关更多详细信息,请参阅 [:book: Book: 搭建自己的 IPsec VPN, OpenVPN 和 WireGuard 服务器](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-X8X5FVFZC) 中的 "指南:为 macOS 和 iOS 自定义 IKEv2 VPN On Demand 规则" 一章
<details>
<summary>
@ -217,8 +217,36 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
(可选功能)启用 **VPN On Demand按需连接** 以在你的 iOS 设备连接到 Wi-Fi 时自动启动 VPN 连接。要启用它,单击 VPN 连接右边的 "i" 图标,然后启用 **按需连接**
你可以自定义按需连接规则,以排除某些 Wi-Fi 网络(例如你的家庭网络),或者在 Wi-Fi 和蜂窝网络上都启动 VPN 连接。参见 [:book: Book: 搭建自己的 IPsec VPN, OpenVPN 和 WireGuard 服务器](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-X8X5FVFZC) 中的 "指南:为 macOS 和 iOS 自定义 IKEv2 VPN On Demand 规则"。
你可以自定义按需连接规则,以排除某些 Wi-Fi 网络(例如你的家庭网络)。有关更多详细信息,请参阅 [:book: Book: 搭建自己的 IPsec VPN, OpenVPN 和 WireGuard 服务器](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-X8X5FVFZC) 中的 "指南:为 macOS 和 iOS 自定义 IKEv2 VPN On Demand 规则" 一章
<details>
<summary>
自定义按需连接规则:在 Wi-Fi 和蜂窝网络上连接。
</summary>
默认的 VPN On Demand 配置仅在 Wi-Fi 网络上启动 VPN 连接,而不会在蜂窝网络上启动 VPN 连接。如果你希望 VPN 在 Wi-Fi 和蜂窝网络上都启动连接:
1. 编辑 VPN 服务器上的 `/opt/src/ikev2.sh`。找到以下行:
```
<dict>
<key>InterfaceTypeMatch</key>
<string>Cellular</string>
<key>Action</key>
<string>Disconnect</string>
</dict>
```
并将 "Disconnect" 替换为 "Connect"
```
<dict>
<key>InterfaceTypeMatch</key>
<string>Cellular</string>
<key>Action</key>
<string>Connect</string>
</dict>
```
2. 保存文件,然后运行 `sudo ikev2.sh` 为你的 iOS 设备导出更新后的客户端配置文件。
3. 从你的 iOS 设备中移除之前导入的 VPN 配置文件,然后导入步骤 2 中生成的新 `.mobileconfig` 文件。
</details>
<details>
<summary>
如果你手动配置 IKEv2 而不是使用辅助脚本,点这里查看步骤。

32
docs/ikev2-howto.md
View File

@ -153,7 +153,7 @@ To connect to the VPN:
(Optional feature) Enable **VPN On Demand** to automatically start a VPN connection when your Mac is on Wi-Fi. To enable, check the **Connect on demand** checkbox for the VPN connection, and click **Apply**. To find this setting on macOS Ventura and newer, click on the "i" icon on the right of the VPN connection.
You can customize VPN On Demand rules to exclude certain Wi-Fi network(s) such as your home network. See "Guide: Customize IKEv2 VPN On Demand rules for macOS and iOS" in [:book: Book: Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-O5O7FVF8J).
You can customize VPN On Demand rules to exclude certain Wi-Fi networks (such as your home network). For more information, see the chapter "Guide: Customize IKEv2 VPN On Demand rules for macOS and iOS" in [:book: Book: Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-O5O7FVF8J).
<details>
<summary>
@ -217,8 +217,36 @@ To connect to the VPN:
(Optional feature) Enable **VPN On Demand** to automatically start a VPN connection when your iOS device is on Wi-Fi. To enable, tap the "i" icon on the right of the VPN connection, and enable **Connect On Demand**.
You can customize VPN On Demand rules to exclude certain Wi-Fi network(s) such as your home network, or to start the VPN connection both on Wi-Fi and cellular. See "Guide: Customize IKEv2 VPN On Demand rules for macOS and iOS" in [:book: Book: Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-O5O7FVF8J).
You can customize VPN On Demand rules to exclude certain Wi-Fi networks (such as your home network). For more information, see the chapter "Guide: Customize IKEv2 VPN On Demand rules for macOS and iOS" in [:book: Book: Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-O5O7FVF8J).
<details>
<summary>
Customize VPN On Demand rules: Connect on Wi-Fi and cellular networks.
</summary>
The default VPN On Demand configuration only starts a VPN connection on Wi-Fi networks, but not on cellular networks. If you want the VPN to connect on both Wi-Fi and cellular networks:
1. Edit `/opt/src/ikev2.sh` on the VPN server. Find the lines:
```
<dict>
<key>InterfaceTypeMatch</key>
<string>Cellular</string>
<key>Action</key>
<string>Disconnect</string>
</dict>
```
and replace "Disconnect" with "Connect":
```
<dict>
<key>InterfaceTypeMatch</key>
<string>Cellular</string>
<key>Action</key>
<string>Connect</string>
</dict>
```
2. Save the file, then run `sudo ikev2.sh` to export updated client config files for your iOS device(s).
3. Remove the previously imported VPN profile from your iOS device(s), then import the new `.mobileconfig` file(s) from step 2.
</details>
<details>
<summary>
If you manually set up IKEv2 without using the helper script, click here for instructions.