From b7b3fc31690b5cffe359ca6efecc76da3e07ad37 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Tue, 19 Dec 2023 10:18:36 -0600 Subject: [PATCH] Update docs - Add a section about customizing VPN On Demand rules. --- docs/ikev2-howto-zh.md | 32 ++++++++++++++++++++++++++++++-- docs/ikev2-howto.md | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 60 insertions(+), 4 deletions(-) diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 7cd1d2a..cf9aeca 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -153,7 +153,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来 (可选功能)启用 **VPN On Demand(按需连接)** 以在你的 Mac 连接到 Wi-Fi 时自动启动 VPN 连接。要启用它,选中 VPN 连接的 **按需连接** 复选框,然后单击 **应用**。对于 macOS Ventura 和更新版本,首先单击 VPN 连接右边的 "i" 图标,然后配置该选项。 -你可以自定义按需连接规则,以排除某些 Wi-Fi 网络(例如你的家庭网络)。参见 [:book: Book: 搭建自己的 IPsec VPN, OpenVPN 和 WireGuard 服务器](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-X8X5FVFZC) 中的 "指南:为 macOS 和 iOS 自定义 IKEv2 VPN On Demand 规则"。 +你可以自定义按需连接规则,以排除某些 Wi-Fi 网络(例如你的家庭网络)。有关更多详细信息,请参阅 [:book: Book: 搭建自己的 IPsec VPN, OpenVPN 和 WireGuard 服务器](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-X8X5FVFZC) 中的 "指南:为 macOS 和 iOS 自定义 IKEv2 VPN On Demand 规则" 一章。
@@ -217,8 +217,36 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来 (可选功能)启用 **VPN On Demand(按需连接)** 以在你的 iOS 设备连接到 Wi-Fi 时自动启动 VPN 连接。要启用它,单击 VPN 连接右边的 "i" 图标,然后启用 **按需连接**。 -你可以自定义按需连接规则,以排除某些 Wi-Fi 网络(例如你的家庭网络),或者在 Wi-Fi 和蜂窝网络上都启动 VPN 连接。参见 [:book: Book: 搭建自己的 IPsec VPN, OpenVPN 和 WireGuard 服务器](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-X8X5FVFZC) 中的 "指南:为 macOS 和 iOS 自定义 IKEv2 VPN On Demand 规则"。 +你可以自定义按需连接规则,以排除某些 Wi-Fi 网络(例如你的家庭网络)。有关更多详细信息,请参阅 [:book: Book: 搭建自己的 IPsec VPN, OpenVPN 和 WireGuard 服务器](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-X8X5FVFZC) 中的 "指南:为 macOS 和 iOS 自定义 IKEv2 VPN On Demand 规则" 一章。 +
+ +自定义按需连接规则:在 Wi-Fi 和蜂窝网络上连接。 + + +默认的 VPN On Demand 配置仅在 Wi-Fi 网络上启动 VPN 连接,而不会在蜂窝网络上启动 VPN 连接。如果你希望 VPN 在 Wi-Fi 和蜂窝网络上都启动连接: + +1. 编辑 VPN 服务器上的 `/opt/src/ikev2.sh`。找到以下行: + ``` + + InterfaceTypeMatch + Cellular + Action + Disconnect + + ``` + 并将 "Disconnect" 替换为 "Connect": + ``` + + InterfaceTypeMatch + Cellular + Action + Connect + + ``` +2. 保存文件,然后运行 `sudo ikev2.sh` 为你的 iOS 设备导出更新后的客户端配置文件。 +3. 从你的 iOS 设备中移除之前导入的 VPN 配置文件,然后导入步骤 2 中生成的新 `.mobileconfig` 文件。 +
如果你手动配置 IKEv2 而不是使用辅助脚本,点这里查看步骤。 diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 8fc95e4..bda5a04 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -153,7 +153,7 @@ To connect to the VPN: (Optional feature) Enable **VPN On Demand** to automatically start a VPN connection when your Mac is on Wi-Fi. To enable, check the **Connect on demand** checkbox for the VPN connection, and click **Apply**. To find this setting on macOS Ventura and newer, click on the "i" icon on the right of the VPN connection. -You can customize VPN On Demand rules to exclude certain Wi-Fi network(s) such as your home network. See "Guide: Customize IKEv2 VPN On Demand rules for macOS and iOS" in [:book: Book: Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-O5O7FVF8J). +You can customize VPN On Demand rules to exclude certain Wi-Fi networks (such as your home network). For more information, see the chapter "Guide: Customize IKEv2 VPN On Demand rules for macOS and iOS" in [:book: Book: Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-O5O7FVF8J).
@@ -217,8 +217,36 @@ To connect to the VPN: (Optional feature) Enable **VPN On Demand** to automatically start a VPN connection when your iOS device is on Wi-Fi. To enable, tap the "i" icon on the right of the VPN connection, and enable **Connect On Demand**. -You can customize VPN On Demand rules to exclude certain Wi-Fi network(s) such as your home network, or to start the VPN connection both on Wi-Fi and cellular. See "Guide: Customize IKEv2 VPN On Demand rules for macOS and iOS" in [:book: Book: Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-O5O7FVF8J). +You can customize VPN On Demand rules to exclude certain Wi-Fi networks (such as your home network). For more information, see the chapter "Guide: Customize IKEv2 VPN On Demand rules for macOS and iOS" in [:book: Book: Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server](https://ko-fi.com/post/Support-this-project-and-get-access-to-supporter-o-O5O7FVF8J). +
+ +Customize VPN On Demand rules: Connect on Wi-Fi and cellular networks. + + +The default VPN On Demand configuration only starts a VPN connection on Wi-Fi networks, but not on cellular networks. If you want the VPN to connect on both Wi-Fi and cellular networks: + +1. Edit `/opt/src/ikev2.sh` on the VPN server. Find the lines: + ``` + + InterfaceTypeMatch + Cellular + Action + Disconnect + + ``` + and replace "Disconnect" with "Connect": + ``` + + InterfaceTypeMatch + Cellular + Action + Connect + + ``` +2. Save the file, then run `sudo ikev2.sh` to export updated client config files for your iOS device(s). +3. Remove the previously imported VPN profile from your iOS device(s), then import the new `.mobileconfig` file(s) from step 2. +
If you manually set up IKEv2 without using the helper script, click here for instructions.