From 4077b0564093e041881c27fbd20fbaadbc68aa04 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sun, 10 Jul 2016 19:15:12 -0500 Subject: [PATCH] Update README.md [ci skip] --- README-zh.md | 12 ++++++------ README.md | 14 +++++++------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README-zh.md b/README-zh.md index 458e0da..127e951 100644 --- a/README-zh.md +++ b/README-zh.md @@ -2,7 +2,7 @@ *其他语言版本: [English](README.md), [简体中文](README-zh.md).* -使用 Linux Shell 脚本一键快速搭建 IPsec VPN 服务器。支持 IPsec/L2TP 和 Cisco IPsec 协议,可用于 Ubuntu,Debian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,然后运行脚本自动完成安装。 +使用 Linux Shell 脚本一键快速搭建 IPsec VPN 服务器。同时支持 IPsec/L2TP 和 Cisco IPsec 协议,可用于 Ubuntu,Debian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,然后运行脚本自动完成安装。 我们将使用 Libreswan 作为 IPsec 服务器,以及 xl2tpd 作为 L2TP 提供者。 @@ -37,7 +37,7 @@ ## 系统要求 -一个新创建的 Amazon EC2 实例,使用这些 AMI: (详细步骤 点这里 ) +一个新创建的 Amazon EC2 实例,使用这些 AMI: (详细步骤 看这里) - Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise) - Debian 8 (Jessie) EC2 Images - CentOS 7 (x86_64) with Updates @@ -45,7 +45,7 @@ **-或者-** -一个专用服务器,或者任何基于 KVM/Xen 的虚拟专用服务器 (VPS),全新安装以上系统之一。另外也可用 Debian 7 (Wheezy),但是必须首先运行 另一个脚本。 OpenVZ VPS 用户可以尝试使用 Shadowsocks ( libev | rss ) 或者 OpenVPN。 +一个专用服务器,或者任何基于 KVM/Xen 的虚拟专用服务器 (VPS),全新安装以上操作系统之一。另外也可以使用 Debian 7 (Wheezy),但是必须首先运行另一个脚本。 OpenVZ VPS 用户可尝试 Shadowsocks ( libev | rss ) 或者 OpenVPN**» 我想建立并使用自己的 VPN ,但是没有可用的服务器** @@ -112,11 +112,11 @@ VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh 在 VPN 已连接时,客户端配置为使用 Google Public DNS。如果偏好其它的域名解析服务,请编辑 `/etc/ppp/options.xl2tpd` 和 `/etc/ipsec.conf` 并替换 `8.8.8.8` 和 `8.8.4.4`。然后重启服务器。 -在使用 `IPsec/L2TP` 连接时,VPN 服务器在虚拟网络 `192.168.42.0/24` 内具有 IP `192.168.42.1`。 - 对于有外部防火墙的服务器(比如 EC2/GCE),请打开 UDP 端口 500 和 4500,以及 TCP 端口 22 (用于 SSH)。 -如果你的服务器配置了自定义 SSH 端口(不是 22)或运行其他服务,请在使用前编辑脚本中的 IPTables 防火墙规则。或者在安装后编辑以下文件并重启: `/etc/iptables.rules`, `/etc/iptables/rules.v4` 和/或 `/etc/sysconfig/iptables`。 +如果需要打开服务器上的其它端口,请编辑 IPTables 防火墙规则: `/etc/iptables.rules` 和/或 `/etc/iptables/rules.v4` (Ubuntu/Debian),或者 `/etc/sysconfig/iptables` (CentOS)。然后重启服务器。 + +在使用 `IPsec/L2TP` 连接时,VPN 服务器在虚拟网络 `192.168.42.0/24` 内具有 IP `192.168.42.1`。 这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。 diff --git a/README.md b/README.md index d2b2aa5..bca3446 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ *Read this in other languages: [English](README.md), [简体中文](README-zh.md).* -Set up your own IPsec VPN server in just a few minutes, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest. +Set up your own IPsec VPN server in just a few minutes, with both IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest. We will use Libreswan as the IPsec server, and xl2tpd as the L2TP provider. @@ -26,7 +26,7 @@ We will use Libreswan as th ## Features -- **New:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is now supported +- **New:** The faster `IPsec/XAuth ("Cisco IPsec")` mode is supported - **New:** A pre-built [Docker image](#see-also) of the VPN server is now available - Fully automated IPsec VPN server setup, no user input needed - Encapsulates all VPN traffic in UDP - does not need ESP protocol @@ -45,7 +45,7 @@ A newly created Amazon EC2 **-OR-** -A dedicated server or any KVM/Xen-based Virtual Private Server (VPS), freshly installed with one of the above systems. Additionally, Debian 7 (Wheezy) can be used with this workaround. OpenVZ VPS users should instead try OpenVPN. +A dedicated server or any KVM- or Xen-based Virtual Private Server (VPS), freshly installed with one of the above systems. Besides those, Debian 7 (Wheezy) can also be used with this workaround. OpenVZ VPS users should instead try OpenVPN. **» I want to run my own VPN but don't have a server for that** @@ -104,7 +104,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: ## Important Notes -For **Windows users**, a one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). If you get an error when trying to connect, see Troubleshooting. +For **Windows users**, this one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). If you get an error when trying to connect, see Troubleshooting. **Android 6 (Marshmallow) users**: Please see notes in Configure IPsec/L2TP VPN Clients. @@ -112,11 +112,11 @@ If you wish to add, edit or remove VPN user accounts, refer to Google Public DNS when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`. Then reboot your server. -When connecting via `IPsec/L2TP`, the VPN server has IP `192.168.42.1` within the VPN subnet `192.168.42.0/24`. - For servers with an external firewall (e.g. EC2/GCE), open UDP ports 500 & 4500, and TCP port 22 (for SSH). -If your server uses a custom SSH port (not 22) or runs other services, edit IPTables rules in the scripts before using. Or edit these files after install and reboot: `/etc/iptables.rules`, `/etc/iptables/rules.v4` and/or `/etc/sysconfig/iptables`. +To open additional ports on the server, edit the IPTables rules in `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS). Then reboot your server. + +When connecting via `IPsec/L2TP`, the VPN server has IP `192.168.42.1` within the VPN subnet `192.168.42.0/24`. The scripts will backup existing config files before making changes, with `.old-date-time` suffix.