From 3fb024e1e224d2edad14888ad7e349d9cbac4f57 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Tue, 19 Jan 2021 01:37:00 -0600 Subject: [PATCH] Update docs --- docs/ikev2-howto-zh.md | 12 +++++++++++- docs/ikev2-howto.md | 16 +++++++++++++--- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 0ec54e2e23..38efcc5e6c 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -499,7 +499,14 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto ## 移除 IKEv2 -如果你想要从 VPN 服务器移除 IKEv2,但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,按照以下步骤操作。这些命令必须用 `root` 账户运行。请注意,这将删除所有的 IKEv2 配置,并且**不可撤销**! +如果你想要从 VPN 服务器移除 IKEv2,但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,请重新运行 [辅助脚本](#使用辅助脚本) 并选择 "Remove IKEv2" 选项。请注意,这将删除所有的 IKEv2 配置(包括证书),并且**不可撤销**! + +
+ +另外,你也可以手动移除 IKEv2。点这里查看步骤。 + + +要手动从 VPN 服务器移除 IKEv2,但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式,按照以下步骤操作。这些命令必须用 `root` 账户运行。请注意,这将删除所有的 IKEv2 配置(包括证书),并且**不可撤销**! 1. 重命名(或者删除)IKEv2 配置文件: @@ -507,6 +514,8 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto mv /etc/ipsec.d/ikev2.conf /etc/ipsec.d/ikev2.conf.bak ``` + **注:** 如果你使用了较旧版本(2020-05-31 之前)的 IKEv2 辅助脚本或者配置说明,文件 `/etc/ipsec.d/ikev2.conf` 可能不存在。在该情况下,请移除文件 `/etc/ipsec.conf` 中的 `conn ikev2-cp` 部分。 + 1. **(重要)重启 IPsec 服务**: ```bash @@ -535,6 +544,7 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto ```bash certutil -D -d sql:/etc/ipsec.d -n "Nickname" ``` +
## 参考链接 diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index f4ef09205d..307127f21d 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -88,7 +88,7 @@ First, securely transfer the generated `.mobileconfig` file to your Mac, then do
-If you manually set up IKEv2 without using the helper script, click here to see instructions. +If you manually set up IKEv2 without using the helper script, click here for instructions. First, securely transfer the generated `.p12` file to your Mac, then double-click to import into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. Close the dialog using the red "X" on the top-left corner. When prompted, use Touch ID or enter your password and click "Update Settings". @@ -134,7 +134,7 @@ When finished, check to make sure "IKEv2 VPN configuration" is listed under Sett
-If you manually set up IKEv2 without using the helper script, click here to see instructions. +If you manually set up IKEv2 without using the helper script, click here for instructions. First, securely transfer the generated `ikev2vpnca.cer` and `.p12` files to your iOS device, then import them one by one as iOS profiles. To transfer the files, you may use: @@ -499,7 +499,14 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th ## Remove IKEv2 -If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration and **cannot be undone**! +If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, run the [helper script](#using-helper-scripts) again and select the "Remove IKEv2" option. Note that this will delete all IKEv2 configuration including certificates, and **cannot be undone**! + +
+ +Alternatively, you can manually remove IKEv2. Click here for instructions. + + +To manually remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration including certificates, and **cannot be undone**! 1. Rename (or delete) the IKEv2 config file: @@ -507,6 +514,8 @@ If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clien mv /etc/ipsec.d/ikev2.conf /etc/ipsec.d/ikev2.conf.bak ``` + **Note:** If you used an older version (before 2020-05-31) of the IKEv2 helper script or instructions, file `/etc/ipsec.d/ikev2.conf` may not exist. In this case, please instead remove the `conn ikev2-cp` section from file `/etc/ipsec.conf`. + 1. **(Important) Restart the IPsec service**: ```bash @@ -535,6 +544,7 @@ If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clien ```bash certutil -D -d sql:/etc/ipsec.d -n "Nickname" ``` +
## References