diff --git a/README-zh.md b/README-zh.md index c26a9c5..20c4a61 100644 --- a/README-zh.md +++ b/README-zh.md @@ -223,9 +223,9 @@ wget https://git.io/vpnupgrade -qO vpnup.sh && sudo sh vpnup.sh 请参见 [管理 VPN 用户](docs/manage-users-zh.md)。 -- [查看或更改 IPsec PSK](docs/manage-users-zh.md#查看或更改-ipsec-psk) -- [查看 VPN 用户](docs/manage-users-zh.md#查看-vpn-用户) - [使用辅助脚本管理 VPN 用户](docs/manage-users-zh.md#使用辅助脚本管理-vpn-用户) +- [查看 VPN 用户](docs/manage-users-zh.md#查看-vpn-用户) +- [查看或更改 IPsec PSK](docs/manage-users-zh.md#查看或更改-ipsec-psk) - [手动管理 VPN 用户](docs/manage-users-zh.md#手动管理-vpn-用户) ## 高级用法 @@ -240,7 +240,7 @@ wget https://git.io/vpnupgrade -qO vpnup.sh && sudo sh vpnup.sh - [VPN 分流](docs/advanced-usage-zh.md#vpn-分流) - [访问 VPN 服务器的网段](docs/advanced-usage-zh.md#访问-vpn-服务器的网段) - [更改 IPTables 规则](docs/advanced-usage-zh.md#更改-iptables-规则) -- [部署 Google BBR 拥塞控制算法](docs/advanced-usage-zh.md#部署-google-bbr-拥塞控制算法) +- [部署 Google BBR 拥塞控制](docs/advanced-usage-zh.md#部署-google-bbr-拥塞控制) ## 卸载说明 diff --git a/README.md b/README.md index 3271154..1d3654f 100644 --- a/README.md +++ b/README.md @@ -221,16 +221,16 @@ The latest supported Libreswan version is `4.6`. Check installed version: `ipsec ## Manage VPN users -See [Manage VPN users](docs/manage-users.md). 请参见 [管理 VPN 用户](docs/manage-users-zh.md)。 +See [Manage VPN users](docs/manage-users.md). -- [View or update the IPsec PSK](docs/manage-users.md#view-or-update-the-ipsec-psk) -- [View VPN users](docs/manage-users.md#view-vpn-users) - [Manage VPN users using helper scripts](docs/manage-users.md#manage-vpn-users-using-helper-scripts) +- [View VPN users](docs/manage-users.md#view-vpn-users) +- [View or update the IPsec PSK](docs/manage-users.md#view-or-update-the-ipsec-psk) - [Manually manage VPN users](docs/manage-users.md#manually-manage-vpn-users) ## Advanced usage -See [Advanced usage](docs/advanced-usage.md). 请参见 [高级用法](docs/advanced-usage-zh.md)。 +See [Advanced usage](docs/advanced-usage.md). - [Use alternative DNS servers](docs/advanced-usage.md#use-alternative-dns-servers) - [DNS name and server IP changes](docs/advanced-usage.md#dns-name-and-server-ip-changes) @@ -240,11 +240,11 @@ See [Advanced usage](docs/advanced-usage.md). 请参见 [高级用法](docs/adva - [Split tunneling](docs/advanced-usage.md#split-tunneling) - [Access VPN server's subnet](docs/advanced-usage.md#access-vpn-servers-subnet) - [Modify IPTables rules](docs/advanced-usage.md#modify-iptables-rules) -- [Deploy Google BBR congestion control algorithm](docs/advanced-usage.md#deploy-google-bbr-congestion-control-algorithm) +- [Deploy Google BBR congestion control](docs/advanced-usage.md#deploy-google-bbr-congestion-control) ## Uninstallation -See [Uninstall the VPN](docs/uninstall.md). 请参见 [卸载 VPN](docs/uninstall-zh.md)。 +See [Uninstall the VPN](docs/uninstall.md). - [Uninstall using helper script](docs/uninstall.md#uninstall-using-helper-script) - [Manually uninstall the VPN](docs/uninstall.md#manually-uninstall-the-vpn) diff --git a/docs/advanced-usage-zh.md b/docs/advanced-usage-zh.md index b9fea51..bc9bd47 100644 --- a/docs/advanced-usage-zh.md +++ b/docs/advanced-usage-zh.md @@ -10,7 +10,7 @@ * [VPN 分流](#vpn-分流) * [访问 VPN 服务器的网段](#访问-vpn-服务器的网段) * [更改 IPTables 规则](#更改-iptables-规则) -* [部署 Google BBR 拥塞控制算法](#部署-google-bbr-拥塞控制算法) +* [部署 Google BBR 拥塞控制](#部署-google-bbr-拥塞控制) ## 使用其他的 DNS 服务器 @@ -279,7 +279,7 @@ iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o "$netif" -j MASQUERADE **注:** 如果使用 Rocky Linux, AlmaLinux 或者 CentOS/RHEL 8 并且在安装 VPN 时 firewalld 正在运行,则可能已配置 nftables。在这种情况下,编辑 `/etc/sysconfig/nftables.conf` 而不是 `/etc/sysconfig/iptables`。 -## 部署 Google BBR 拥塞控制算法 +## 部署 Google BBR 拥塞控制 VPN 服务器搭建完成后,可以通过部署 Google BBR 拥塞控制算法提升性能。 diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 2db9b19..78a69f4 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -10,7 +10,7 @@ * [Split tunneling](#split-tunneling) * [Access VPN server's subnet](#access-vpn-servers-subnet) * [Modify IPTables rules](#modify-iptables-rules) -* [Deploy Google BBR congestion control algorithm](#deploy-google-bbr-congestion-control-algorithm) +* [Deploy Google BBR congestion control](#deploy-google-bbr-congestion-control) ## Use alternative DNS servers @@ -280,7 +280,7 @@ If you want to modify the IPTables rules after install, edit `/etc/iptables.rule **Note:** If using Rocky Linux, AlmaLinux or CentOS/RHEL 8 and firewalld was active during VPN setup, nftables may be configured. In this case, edit `/etc/sysconfig/nftables.conf` instead of `/etc/sysconfig/iptables`. -## Deploy Google BBR congestion control algorithm +## Deploy Google BBR congestion control After the VPN server is set up, the performance can be improved by deploying the Google BBR congestion control algorithm. diff --git a/docs/manage-users-zh.md b/docs/manage-users-zh.md index cdf8bf7..3fb5055 100644 --- a/docs/manage-users-zh.md +++ b/docs/manage-users-zh.md @@ -4,44 +4,15 @@ 在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要查看或管理 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户,请阅读本文档。对于 IKEv2,参见 [管理客户端证书](ikev2-howto-zh.md#管理客户端证书)。 -* [查看或更改 IPsec PSK](#查看或更改-ipsec-psk) -* [查看 VPN 用户](#查看-vpn-用户) * [使用辅助脚本管理 VPN 用户](#使用辅助脚本管理-vpn-用户) +* [查看 VPN 用户](#查看-vpn-用户) +* [查看或更改 IPsec PSK](#查看或更改-ipsec-psk) * [手动管理 VPN 用户](#手动管理-vpn-用户) -## 查看或更改 IPsec PSK - -IPsec PSK(预共享密钥)保存在文件 `/etc/ipsec.secrets`。所有的 VPN 用户将共享同一个 IPsec PSK。该文件的格式如下: - -```bash -%any %any : PSK "你的IPsec预共享密钥" -``` - -如果要更换一个新的 PSK,可以编辑此文件。**不要**在值中使用这些字符:`\ " '` - -完成后必须重启服务: - -```bash -service ipsec restart -service xl2tpd restart -``` - -## 查看 VPN 用户 - -在默认情况下,VPN 安装脚本将为 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式创建相同的用户。 - -对于 IPsec/L2TP,VPN 用户信息保存在文件 `/etc/ppp/chap-secrets`。该文件的格式如下: - -```bash -"用户名1" l2tpd "密码1" * -"用户名2" l2tpd "密码2" * -... ... -``` - -对于 IPsec/XAuth ("Cisco IPsec"),VPN 用户信息保存在文件 `/etc/ipsec.d/passwd`。这个文件中的密码以加盐哈希值的形式保存。更多详情请见 [手动管理 VPN 用户](#手动管理-vpn-用户)。 - ## 使用辅助脚本管理 VPN 用户 +*其他语言版本: [English](manage-users.md#manage-vpn-users-using-helper-scripts), [简体中文](manage-users-zh.md#使用辅助脚本管理-vpn-用户)。* + 你可以使用辅助脚本 [添加](../extras/add_vpn_user.sh), [删除](../extras/del_vpn_user.sh) 或者 [更新所有的](../extras/update_vpn_users.sh) VPN 用户。它们将同时更新 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户。对于 IKEv2 模式,请另外参见 [管理客户端证书](ikev2-howto-zh.md#管理客户端证书)。 **注:** 将下面的命令的参数换成你自己的值。VPN 用户信息保存在文件 `/etc/ppp/chap-secrets` 和 `/etc/ipsec.d/passwd`。脚本在修改这些文件之前会先做备份,使用 `.old-日期-时间` 为后缀。 @@ -148,6 +119,37 @@ VPN_PASSWORDS='密码1 密码2 ...' \ bash updatevpnusers.sh ``` +## 查看 VPN 用户 + +在默认情况下,VPN 安装脚本将为 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式创建相同的用户。 + +对于 IPsec/L2TP,VPN 用户信息保存在文件 `/etc/ppp/chap-secrets`。该文件的格式如下: + +```bash +"用户名1" l2tpd "密码1" * +"用户名2" l2tpd "密码2" * +... ... +``` + +对于 IPsec/XAuth ("Cisco IPsec"),VPN 用户信息保存在文件 `/etc/ipsec.d/passwd`。这个文件中的密码以加盐哈希值的形式保存。更多详情请见 [手动管理 VPN 用户](#手动管理-vpn-用户)。 + +## 查看或更改 IPsec PSK + +IPsec PSK(预共享密钥)保存在文件 `/etc/ipsec.secrets`。所有的 VPN 用户将共享同一个 IPsec PSK。该文件的格式如下: + +```bash +%any %any : PSK "你的IPsec预共享密钥" +``` + +如果要更换一个新的 PSK,可以编辑此文件。**不要**在值中使用这些字符:`\ " '` + +完成后必须重启服务: + +```bash +service ipsec restart +service xl2tpd restart +``` + ## 手动管理 VPN 用户 对于 IPsec/L2TP,VPN 用户信息保存在文件 `/etc/ppp/chap-secrets`。该文件的格式如下: diff --git a/docs/manage-users.md b/docs/manage-users.md index 48ede0e..23ff482 100644 --- a/docs/manage-users.md +++ b/docs/manage-users.md @@ -4,44 +4,15 @@ By default, a single user account for VPN login is created. If you wish to view or manage users for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes, read this document. For IKEv2, see [Manage client certificates](ikev2-howto.md#manage-client-certificates). -* [View or update the IPsec PSK](#view-or-update-the-ipsec-psk) -* [View VPN users](#view-vpn-users) * [Manage VPN users using helper scripts](#manage-vpn-users-using-helper-scripts) +* [View VPN users](#view-vpn-users) +* [View or update the IPsec PSK](#view-or-update-the-ipsec-psk) * [Manually manage VPN users](#manually-manage-vpn-users) -## View or update the IPsec PSK - -The IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. All VPN users will share the same IPsec PSK. The format of this file is: - -```bash -%any %any : PSK "your_ipsec_pre_shared_key" -``` - -To change to a new PSK, just edit this file. DO NOT use these special characters within values: `\ " '` - -You must restart services when finished: - -```bash -service ipsec restart -service xl2tpd restart -``` - -## View VPN users - -By default, the VPN setup scripts will create the same VPN user for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. - -For IPsec/L2TP, VPN users are specified in `/etc/ppp/chap-secrets`. The format of this file is: - -```bash -"username1" l2tpd "password1" * -"username2" l2tpd "password2" * -... ... -``` - -For IPsec/XAuth ("Cisco IPsec"), VPN users are specified in `/etc/ipsec.d/passwd`. Passwords in this file are salted and hashed. See [Manually manage VPN users](#manually-manage-vpn-users) for more details. - ## Manage VPN users using helper scripts +*Read this in other languages: [English](manage-users.md#manage-vpn-users-using-helper-scripts), [简体中文](manage-users-zh.md#使用辅助脚本管理-vpn-用户).* + You may use helper scripts to [add](../extras/add_vpn_user.sh), [delete](../extras/del_vpn_user.sh) or [update all](../extras/update_vpn_users.sh) VPN users for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. For IKEv2 mode, please instead see [Manage client certificates](ikev2-howto.md#manage-client-certificates). **Note:** Replace command arguments below with your own values. VPN users are stored in `/etc/ppp/chap-secrets` and `/etc/ipsec.d/passwd`. The scripts will backup these files before making changes, with `.old-date-time` suffix. @@ -148,6 +119,37 @@ VPN_PASSWORDS='password1 password2 ...' \ bash updatevpnusers.sh ``` +## View VPN users + +By default, the VPN setup scripts will create the same VPN user for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. + +For IPsec/L2TP, VPN users are specified in `/etc/ppp/chap-secrets`. The format of this file is: + +```bash +"username1" l2tpd "password1" * +"username2" l2tpd "password2" * +... ... +``` + +For IPsec/XAuth ("Cisco IPsec"), VPN users are specified in `/etc/ipsec.d/passwd`. Passwords in this file are salted and hashed. See [Manually manage VPN users](#manually-manage-vpn-users) for more details. + +## View or update the IPsec PSK + +The IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. All VPN users will share the same IPsec PSK. The format of this file is: + +```bash +%any %any : PSK "your_ipsec_pre_shared_key" +``` + +To change to a new PSK, just edit this file. DO NOT use these special characters within values: `\ " '` + +You must restart services when finished: + +```bash +service ipsec restart +service xl2tpd restart +``` + ## Manually manage VPN users For IPsec/L2TP, VPN users are specified in `/etc/ppp/chap-secrets`. The format of this file is: