diff --git a/docs/advanced-usage-zh.md b/docs/advanced-usage-zh.md index ebae5f7..100d986 100644 --- a/docs/advanced-usage-zh.md +++ b/docs/advanced-usage-zh.md @@ -281,11 +281,11 @@ iptables -t nat -A PREROUTING -i "$netif" ! -s 192.168.43.0/24 -p udp --dport 12 ## VPN 分流 -在启用 VPN 分流 (split tunneling) 时,VPN 客户端将仅通过 VPN 隧道发送特定目标子网的流量。其他流量 **不会** 通过 VPN 隧道。VPN 分流有一些局限性,而且并非所有的 VPN 客户端都支持。 +在启用 VPN 分流 (split tunneling) 时,VPN 客户端将仅通过 VPN 隧道发送特定目标子网的流量。其他流量 **不会** 通过 VPN 隧道。这允许你通过 VPN 安全访问指定的网络,而无需通过 VPN 发送所有客户端的流量。VPN 分流有一些局限性,而且并非所有的 VPN 客户端都支持。 -高级用户可以为 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 和/或 [IKEv2](ikev2-howto-zh.md) 模式启用 VPN 分流。这是可选的。IPsec/L2TP 模式不支持此功能(Windows 除外,见下文)。 +高级用户可以为 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 和/或 [IKEv2](ikev2-howto-zh.md) 模式启用 VPN 分流。这是可选的。展开查看详情。IPsec/L2TP 模式不支持此功能(Windows 除外,见下文)。 -
+
IPsec/XAuth ("Cisco IPsec") 模式:启用 VPN 分流 (split tunneling) @@ -302,7 +302,7 @@ IPsec/XAuth ("Cisco IPsec") 模式:启用 VPN 分流 (split tunneling) ```
-
+
IKEv2 模式:启用 VPN 分流 (split tunneling) @@ -332,7 +332,7 @@ IKEv2 模式:启用 VPN 分流 (split tunneling) 1. 单击 **高级**,然后取消选中 **在远程网络上使用默认网关**。 1. 单击 **确定** 以关闭 **属性** 对话框。 1. **(重要)** 断开 VPN 连接,然后重新连接。 -1. 假设你想要 VPN 客户端通过 VPN 隧道发送流量的子网是 `10.123.123.0/24`。打开[提升权限命令提示符](http://www.cnblogs.com/xxcanghai/p/4610054.html)并运行以下命令。 +1. 假设你想要 VPN 客户端通过 VPN 隧道发送流量的子网是 `10.123.123.0/24`。打开[提升权限命令提示符](http://www.cnblogs.com/xxcanghai/p/4610054.html)并运行以下命令之一。 对于 IKEv2 和 IPsec/XAuth ("Cisco IPsec") 模式: ``` route add -p 10.123.123.0 mask 255.255.255.0 192.168.43.1 diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 83c94d4..1dbb8eb 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -281,11 +281,11 @@ If you want the rules to persist after reboot, you may add these commands to `/e ## Split tunneling -With split tunneling, VPN clients will only send traffic for a specific destination subnet through the VPN tunnel. Other traffic will NOT go through the VPN tunnel. Split tunneling has some limitations, and is not supported by all VPN clients. +With split tunneling, VPN clients will only send traffic for a specific destination subnet through the VPN tunnel. Other traffic will NOT go through the VPN tunnel. This allows you to gain secure access to a network through your VPN, without routing all your client's traffic through the VPN. Split tunneling has some limitations, and is not supported by all VPN clients. -Advanced users can optionally enable split tunneling for the [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) and/or [IKEv2](ikev2-howto.md) modes. IPsec/L2TP mode does not support this feature (except on Windows, see below). +Advanced users can optionally enable split tunneling for the [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) and/or [IKEv2](ikev2-howto.md) modes. Expand for details. IPsec/L2TP mode does not support this feature (except on Windows, see below). -
+
IPsec/XAuth ("Cisco IPsec") mode: Enable split tunneling @@ -302,7 +302,7 @@ The example below **ONLY** applies to IPsec/XAuth ("Cisco IPsec") mode. Commands ```
-
+
IKEv2 mode: Enable split tunneling @@ -332,7 +332,7 @@ Alternatively, Windows users can enable split tunneling by manually adding route 1. Click **Advanced**. Uncheck **Use default gateway on remote network**. 1. Click **OK** to close the **Properties** window. 1. **(Important)** Disconnect the VPN, then re-connect. -1. Assume that the subnet you want VPN clients to send traffic through the VPN tunnel is `10.123.123.0/24`. Open an [elevated command prompt](http://www.winhelponline.com/blog/open-elevated-command-prompt-windows/) and run the following commands: +1. Assume that the subnet you want VPN clients to send traffic through the VPN tunnel is `10.123.123.0/24`. Open an [elevated command prompt](http://www.winhelponline.com/blog/open-elevated-command-prompt-windows/) and run one of the following commands: For IKEv2 and IPsec/XAuth ("Cisco IPsec") modes: ``` route add -p 10.123.123.0 mask 255.255.255.0 192.168.43.1