Skip to content

Commit

Permalink
Update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
hwdsl2 committed Sep 7, 2024
1 parent 2974f8b commit b50583a
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 23 deletions.
6 changes: 3 additions & 3 deletions README-zh.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,8 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
- Ubuntu 24.04, 22.04 或者 20.04
- Debian 12 或者 11
- CentOS Stream 9
- Rocky Linux 或者 AlmaLinux 9/8
- Oracle Linux 9, 8 或者 7
- Rocky Linux 或者 AlmaLinux
- Oracle Linux
- Amazon Linux 2

<details>
Expand Down Expand Up @@ -294,7 +294,7 @@ sudo VPN_PROTECT_CONFIG=yes sh vpn.sh

\* 这些 IKEv2 参数适用于 IKEv2 模式。
\*\* 在运行 vpn(setup).sh 时,或者在自动模式下配置 IKEv2 时 (`sudo ikev2.sh --auto`) 将这些定义为环境变量。
\*\*\* 可以在交互式配置 IKEv2 期间自定义 (`sudo ikev2.sh`)。参见上面的选项 2
\*\*\* 可以在交互式配置 IKEv2 期间自定义 (`sudo ikev2.sh`)。参见上面的选项 1
\*\*\*\* 使用 `VPN_CLIENT_VALIDITY` 定义客户端证书的有效期(单位:月)。它必须是 1 到 120 之间的整数。

除了这些参数,高级用户还可以在安装时 [自定义 VPN 子网](docs/advanced-usage-zh.md#自定义-vpn-子网)
Expand Down
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,8 @@ A cloud server, virtual private server (VPS) or dedicated server, with an instal
- Ubuntu 24.04, 22.04 or 20.04
- Debian 12 or 11
- CentOS Stream 9
- Rocky Linux or AlmaLinux 9/8
- Oracle Linux 9, 8 or 7
- Rocky Linux or AlmaLinux
- Oracle Linux
- Amazon Linux 2

<details>
Expand Down Expand Up @@ -294,7 +294,7 @@ For reference: List of IKEv1 and IKEv2 parameters.

\* These IKEv2 parameters are for IKEv2 mode.
\*\* Define these as environment variables when running vpn(setup).sh, or when setting up IKEv2 in auto mode (`sudo ikev2.sh --auto`).
\*\*\* Can be customized during interactive IKEv2 setup (`sudo ikev2.sh`). Refer to option 2 above.
\*\*\* Can be customized during interactive IKEv2 setup (`sudo ikev2.sh`). Refer to option 1 above.
\*\*\*\* Use `VPN_CLIENT_VALIDITY` to specify the client cert validity period in months. Must be an integer between 1 and 120.

In addition to these parameters, advanced users can also [customize VPN subnets](docs/advanced-usage.md#customize-vpn-subnets) during VPN setup.
Expand Down
8 changes: 1 addition & 7 deletions docs/advanced-usage-zh.md
Original file line number Diff line number Diff line change
Expand Up @@ -238,11 +238,6 @@ iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o "$netif" -j SNAT --to 192.0

**重要:** 你只能在 **初始 VPN 安装时** 指定自定义子网。如果 IPsec VPN 已安装,你 **必须** 首先 [卸载 VPN](uninstall-zh.md),然后指定自定义子网并重新安装。否则,VPN 可能会停止工作。

<details>
<summary>
首先,请阅读上面的重要说明。然后点这里查看示例。
</summary>

```
# 示例:为 IPsec/L2TP 模式指定自定义 VPN 子网
# 注:必须指定所有三个变量。
Expand All @@ -261,7 +256,6 @@ sh vpn.sh
```

在上面的例子中,`VPN_L2TP_LOCAL` 是在 IPsec/L2TP 模式下的 VPN 服务器的内网 IP。`VPN_L2TP_POOL``VPN_XAUTH_POOL` 是为 VPN 客户端自动分配的 IP 地址池。
</details>

## 转发端口到 VPN 客户端

Expand Down Expand Up @@ -396,7 +390,7 @@ iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o "$netif" -j MASQUERADE

如果你想要在安装后更改 IPTables 规则,请编辑 `/etc/iptables.rules` 和/或 `/etc/iptables/rules.v4` (Ubuntu/Debian),或者 `/etc/sysconfig/iptables` (CentOS/RHEL)。然后重启服务器。

**注:** 如果使用 Rocky Linux, AlmaLinux, Oracle Linux 8 或者 CentOS/RHEL 8 并且在安装 VPN 时 firewalld 正在运行,则可能已配置 nftables。在这种情况下,编辑 `/etc/sysconfig/nftables.conf` 而不是 `/etc/sysconfig/iptables`
**注:** 如果你的服务器运行 CentOS Linux(或类似系统),并且在安装 VPN 时 firewalld 处于活动状态,则可能已配置 nftables。在这种情况下,编辑 `/etc/sysconfig/nftables.conf` 而不是 `/etc/sysconfig/iptables`

## 部署 Google BBR 拥塞控制

Expand Down
10 changes: 2 additions & 8 deletions docs/advanced-usage.md
Original file line number Diff line number Diff line change
Expand Up @@ -238,11 +238,6 @@ For most use cases, it is NOT necessary and NOT recommended to customize these s

**Important:** You may only specify custom subnets **during initial VPN install**. If the IPsec VPN is already installed, you **must** first [uninstall the VPN](uninstall.md), then specify custom subnets and re-install. Otherwise, the VPN may stop working.

<details>
<summary>
First, read the important note above. Then click here for examples.
</summary>

```
# Example: Specify custom VPN subnet for IPsec/L2TP mode
# Note: All three variables must be specified.
Expand All @@ -261,7 +256,6 @@ sh vpn.sh
```

In the examples above, `VPN_L2TP_LOCAL` is the VPN server's internal IP for IPsec/L2TP mode. `VPN_L2TP_POOL` and `VPN_XAUTH_POOL` are the pools of auto-assigned IP addresses for VPN clients.
</details>

## Port forwarding to VPN clients

Expand Down Expand Up @@ -395,9 +389,9 @@ Learn more about internal VPN IPs in [Internal VPN IPs and traffic](#internal-vp

## Modify IPTables rules

If you want to modify the IPTables rules after install, edit `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS/RHEL). Then reboot your server.
If you want to modify IPTables rules after install, edit `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS/RHEL). Then reboot your server.

**Note:** If using Rocky Linux, AlmaLinux, Oracle Linux 8 or CentOS/RHEL 8 and firewalld was active during VPN setup, nftables may be configured. In this case, edit `/etc/sysconfig/nftables.conf` instead of `/etc/sysconfig/iptables`.
**Note:** If your server runs CentOS Linux (or similar), and firewalld was active during VPN setup, nftables may be configured. In this case, edit `/etc/sysconfig/nftables.conf` instead of `/etc/sysconfig/iptables`.

## Deploy Google BBR congestion control

Expand Down
2 changes: 1 addition & 1 deletion docs/clients-zh.md
Original file line number Diff line number Diff line change
Expand Up @@ -587,7 +587,7 @@ ipsec trafficstatus

### Windows DNS 泄漏和 IPv6

Windows 8, 10 和 11 默认使用 "smart multi-homed name resolution" (智能多宿主名称解析)。如果你的因特网适配器的 DNS 服务器在本地网段上,在使用 Windows 自带的 IPsec VPN 客户端时可能会导致 "DNS 泄漏"。要解决这个问题,你可以 [禁用智能多宿主名称解析](https://www.neowin.net/news/guide-prevent-dns-leakage-while-using-a-vpn-on-windows-10-and-windows-8/),或者配置你的因特网适配器以使用在你的本地网段之外的 DNS 服务器(比如 8.8.8.8 和 8.8.4.4)。在完成后[清除 DNS 缓存](https://support.opendns.com/hc/en-us/articles/227988627-How-to-clear-the-DNS-Cache-)并且重启计算机
Windows 8, 10 和 11 默认使用 "smart multi-homed name resolution" (智能多宿主名称解析)。如果你的因特网适配器的 DNS 服务器在本地网段上,在使用 Windows 自带的 IPsec VPN 客户端时可能会导致 "DNS 泄漏"。要解决这个问题,你可以 [禁用智能多宿主名称解析](https://www.neowin.net/news/guide-prevent-dns-leakage-while-using-a-vpn-on-windows-10-and-windows-8/),或者配置你的因特网适配器以使用在你的本地网段之外的 DNS 服务器(比如 8.8.8.8 和 8.8.4.4)。在完成后重启计算机

另外,如果你的计算机启用了 IPv6,所有的 IPv6 流量(包括 DNS 请求)都将绕过 VPN。要在 Windows 上禁用 IPv6,请看[这里](https://support.microsoft.com/zh-cn/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users)。如果你需要支持 IPv6 的 VPN,可以另外尝试 [OpenVPN](https://github.com/hwdsl2/openvpn-install/blob/master/README-zh.md)

Expand Down
2 changes: 1 addition & 1 deletion docs/clients.md
Original file line number Diff line number Diff line change
Expand Up @@ -585,7 +585,7 @@ After upgrading Windows 10/11 version (e.g. from 21H2 to 22H2), you may need to

### Windows DNS leaks and IPv6

Windows 8, 10 and 11 use "smart multi-homed name resolution" by default, which may cause "DNS leaks" when using the native IPsec VPN client if your DNS servers on the Internet adapter are from the local network segment. To fix, you may either [disable smart multi-homed name resolution](https://www.neowin.net/news/guide-prevent-dns-leakage-while-using-a-vpn-on-windows-10-and-windows-8/), or configure your Internet adapter to use DNS servers outside your local network (e.g. 8.8.8.8 and 8.8.4.4). When finished, [clear the DNS cache](https://support.opendns.com/hc/en-us/articles/227988627-How-to-clear-the-DNS-Cache-) and reboot your PC.
Windows 8, 10 and 11 use "smart multi-homed name resolution" by default, which may cause "DNS leaks" when using the native IPsec VPN client if your DNS servers on the Internet adapter are from the local network segment. To fix, you may either [disable smart multi-homed name resolution](https://www.neowin.net/news/guide-prevent-dns-leakage-while-using-a-vpn-on-windows-10-and-windows-8/), or configure your Internet adapter to use DNS servers outside your local network (e.g. 8.8.8.8 and 8.8.4.4). When finished, reboot your PC.

In addition, if your computer has IPv6 enabled, all IPv6 traffic (including DNS queries) will bypass the VPN. Learn how to [disable IPv6](https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users) in Windows. If you need a VPN with IPv6 support, you could instead try [OpenVPN](https://github.com/hwdsl2/openvpn-install).

Expand Down

0 comments on commit b50583a

Please sign in to comment.