diff --git a/.travis.yml b/.travis.yml
index 096b835..de395f2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,6 @@
language: bash
sudo: required
-dist: trusty
addons:
apt:
diff --git a/README-zh.md b/README-zh.md
index 13b4a0b..7e28b0a 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -37,18 +37,22 @@
## 系统要求
-一个新创建的 Amazon EC2 实例,使用这些 AMI: (详细步骤 看这里)
+一个新创建的 Amazon EC2 实例,使用这些 AMI 之一:
- Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)
- Debian 8 (Jessie) EC2 Images
- CentOS 7 (x86_64) with Updates
- CentOS 6 (x86_64) with Updates
+请参见 详细步骤 以及 EC2 定价细节。
+
**-或者-**
一个专用服务器或者虚拟专用服务器 (VPS),全新安装以上操作系统之一。另外也可使用 Debian 7 (Wheezy),但是必须首先运行另一个脚本。 OpenVZ VPS 不受支持,用户可以尝试使用 ShadowsocksR 或者 OpenVPN。
这也包括各种云计算服务中的 Linux 虚拟机,比如 Google Compute Engine, Amazon EC2, Microsoft Azure, IBM SoftLayer, VMware vCloud Air, Rackspace, DigitalOcean, Vultr 和 Linode。
+
+
**» 我想建立并使用自己的 VPN ,但是没有可用的服务器**
:warning: **不要** 在你的 PC 或者 Mac 上运行这些脚本!它们只能用在服务器上!
@@ -87,7 +91,7 @@ VPN_USER='你的VPN用户名' \
VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
```
-如需在 DigitalOcean 上安装,可以参考这个分步指南,由 Tony Tran 编写。
+DigitalOcean 用户可以参考这个分步指南,由 Tony Tran 编写。
**注:** 如果无法通过 `wget` 下载,你也可以打开 vpnsetup.sh (或者 vpnsetup_centos.sh),然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选, `Ctrl-C` 复制,然后粘贴到你喜欢的编辑器。
@@ -130,8 +134,8 @@ VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
## 问题和反馈
-- 有问题需要提问?请先搜索已有的留言,在这个 Gist 以及我的博客。
-- Libreswan (IPsec) 的相关问题可在邮件列表提问。也可以参见这些文章:[1] [2] [3] [4] [5]。
+- 有问题需要提问?请先搜索已有的留言,在 这个 Gist 以及 我的博客。
+- VPN 的相关问题可在这些邮件列表提问: [1] [2],或者看相关文章: [1] [2] [3]。
- 如果你发现了一个可重复的程序漏洞,请提交一个 GitHub Issue。
## 卸载说明
@@ -148,6 +152,7 @@ VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
- VPN Deploy Playbook
- Insta VPN
- One Key IKEv2 VPN
+- Setup Strongswan
## 作者
diff --git a/README.md b/README.md
index 9c2b90c..f4fc670 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# IPsec VPN Server Auto Setup Scripts [](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
+# IPsec VPN Server Auto Setup Scripts [](https://travis-ci.org/hwdsl2/setup-ipsec-vpn)
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
@@ -37,39 +37,22 @@ We will use Libreswan as th
## Requirements
-Microsoft Azure Subscription
-
-
-
-The Template will create a fully working VPN server on the Microsoft Azure Cloud. Pricing details
-
-Customizable with the following options:
-
- - Username
- - Password
- - Pre-Shared Key
- - Operating System Image (Debian 8 or Ubuntu 16.04 LTS)
- - The size of the virtual machine. Default: Standard_A0
-
-
-
- 
-
-
-**-OR-**
-
-A newly created Amazon EC2 instance, using these AMIs: (See instructions)
+A newly created Amazon EC2 instance, using one of these AMIs:
- Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)
- Debian 8 (Jessie) EC2 Images
- CentOS 7 (x86_64) with Updates
- CentOS 6 (x86_64) with Updates
+Please refer to detailed instructions and EC2 pricing.
+
**-OR-**
-A dedicated server or Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with this workaround. OpenVZ VPS is not supported, users could instead try OpenVPN.
+A dedicated server or Virtual Private Server (VPS), freshly installed with one of the above OS. In addition, Debian 7 (Wheezy) can also be used with this workaround. OpenVZ VPS is NOT supported, users could instead try OpenVPN.
This also includes Linux VMs in public clouds such as Google Compute Engine, Amazon EC2, Microsoft Azure, IBM SoftLayer, VMware vCloud Air, Rackspace, DigitalOcean, Vultr and Linode.
+
+
**» I want to run my own VPN but don't have a server for that**
:warning: **DO NOT** run these scripts on your PC or Mac! They should only be used on a server!
@@ -108,7 +91,7 @@ VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' sh vpnsetup.sh
```
-For installation on DigitalOcean, check out this step-by-step guide by Tony Tran.
+DigitalOcean users may refer to this step-by-step guide by Tony Tran.
**Note:** If unable to download via `wget`, you may also open vpnsetup.sh (or vpnsetup_centos.sh) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
@@ -152,7 +135,7 @@ The additional scripts vpnupgrade
## Bugs & Questions
- Got a question? Please first search other people's comments in this Gist and on my blog.
-- Ask Libreswan (IPsec) related questions on the mailing list, or read these articles: [1] [2] [3] [4] [5].
+- Ask VPN related questions on these mailing lists: [1] [2], or read related articles: [1] [2] [3].
- If you found a reproducible bug, open a GitHub Issue to submit a bug report.
## Uninstallation
@@ -169,6 +152,7 @@ Please refer to Uninstall the VPNVPN Deploy Playbook
- Insta VPN
- One Key IKEv2 VPN
+- Setup Strongswan
## Author
diff --git a/azure/README-zh.md b/azure/README-zh.md
new file mode 100644
index 0000000..62f275e
--- /dev/null
+++ b/azure/README-zh.md
@@ -0,0 +1,27 @@
+# 在 Microsoft Azure 上部署
+
+*其他语言版本: [English](README.md), [简体中文](README-zh.md).*
+
+使用这个模板,你可以在 Microsoft Azure Cloud 上快速搭建一个 VPN 服务器 (定价细节)。
+
+根据你的偏好设置以下选项:
+
+ - Username for VPN and SSH (VPN 和 SSH 用户名)
+ - Password for VPN and SSH (VPN 和 SSH 密码)
+ - IPsec Pre-Shared Key (IPsec 预共享密钥)
+ - Operating System Image (操作系统镜像,Debian 8 或 Ubuntu 16.04 LTS)
+ - Virtual Machine Size (虚拟机大小,默认值: Standard_A0)
+
+请点击以下按钮开始:
+
+
+ 
+
+
+屏幕截图:
+
+
+
+## 作者
+
+- Daniel Falkner (https://github.com/derdanu)
diff --git a/azure/README.md b/azure/README.md
new file mode 100644
index 0000000..af2f2d8
--- /dev/null
+++ b/azure/README.md
@@ -0,0 +1,27 @@
+# Deploy to Microsoft Azure
+
+*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
+
+This template will create a fully working VPN server on the Microsoft Azure Cloud (pricing details).
+
+Customizable with the following options:
+
+ - Username for VPN and SSH
+ - Password for VPN and SSH
+ - IPsec Pre-Shared Key
+ - Operating System Image (Debian 8 or Ubuntu 16.04 LTS)
+ - Virtual Machine Size (Default: Standard_A0)
+
+Press this button to start:
+
+
+
+
+
+Screenshot:
+
+
+
+## Author
+
+- Daniel Falkner (https://github.com/derdanu)
diff --git a/azure/install.sh b/azure/install.sh
index 6f7ece6..e61c903 100644
--- a/azure/install.sh
+++ b/azure/install.sh
@@ -1,4 +1,4 @@
-#/bin/bash
+#!/bin/bash
export VPN_IPSEC_PSK=$1
export VPN_USER=$2
export VPN_PASSWORD=$3
diff --git a/docs/clients-xauth-zh.md b/docs/clients-xauth-zh.md
index 54bafe7..3155d3a 100644
--- a/docs/clients-xauth-zh.md
+++ b/docs/clients-xauth-zh.md
@@ -81,7 +81,10 @@ VPN 连接成功后,会在 VPN Connect 状态窗口中显示 **tunnel enabled*
1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接**。
-**注:** Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(更多信息)
+**注:** 如果你使用 Android 6 (Marshmallow) 并且无法连接,请尝试以下解决方案:
+
+1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到下一步。
+1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(参见)
VPN 连接成功后,会在通知栏显示图标。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
diff --git a/docs/clients-xauth.md b/docs/clients-xauth.md
index 38bad1e..db6989e 100644
--- a/docs/clients-xauth.md
+++ b/docs/clients-xauth.md
@@ -81,7 +81,10 @@ To connect to the VPN: Use the menu bar icon, or go to the Network section of Sy
1. Check the **Save account information** checkbox.
1. Tap **Connect**.
-**Note:** Android 6 (Marshmallow) users should edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. When finished, run `service ipsec restart`. (Reference)
+**Note:** If you are using Android 6 (Marshmallow) and unable to connect, try these workarounds:
+
+1. Click the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to the next step.
+1. Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Save the file and run `service ipsec restart`. (Ref)
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`".
diff --git a/docs/clients-zh.md b/docs/clients-zh.md
index 398aebf..551f10d 100644
--- a/docs/clients-zh.md
+++ b/docs/clients-zh.md
@@ -117,7 +117,10 @@
1. 选中 **保存帐户信息** 复选框。
1. 单击 **连接**。
-**注:** Android 6 (Marshmallow) 用户需要编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(更多信息)
+**注:** 如果你使用 Android 6 (Marshmallow) 并且无法连接,请尝试以下解决方案:
+
+1. 单击 VPN 连接右边的设置按钮,选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在,请启用它并重试连接。如果不存在,请跳到下一步。
+1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`,并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(参见)
VPN 连接成功后,会在通知栏显示图标。最后你可以到这里检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
@@ -160,10 +163,17 @@ VPN 连接成功后,网络状态图标上会出现 VPN 指示。最后你可
1. 在文件 `xl2tpd.conf` 中,删除这一行 `# your vpn server goes here`。
1. 在文件 `options.l2tpd.client` 中,将 `require-mschap-v2` 换成 `require-chap`。
+1. 替换 `sudo echo "c XXX-YOUR-CONNECTION-NAME-XXX " > /var/run/xl2tpd/l2tp-control` 为:
+
+ ```
+ echo "c XXX-YOUR-CONNECTION-NAME-XXX " | sudo tee /var/run/xl2tpd/l2tp-control
+ ```
+
1. 替换最后一个命令 `sudo route add -net default gw ` 为:
-```
-sudo route add default dev ppp0
-```
+
+ ```
+ sudo route add default dev ppp0
+ ```
如果遇到错误,请检查 `ifconfig` 的输出并将上面的 `ppp0` 换成 `ppp1`,等等。
@@ -211,7 +221,7 @@ sudo route del default dev ppp0
1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框,并且取消选中所有其它项。
1. 单击 **确定** 保存 VPN 连接的详细信息。
-
+
### 其它错误
diff --git a/docs/clients.md b/docs/clients.md
index e0790d7..05ec75b 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -117,7 +117,10 @@ To connect to the VPN: Use the menu bar icon, or go to the Network section of Sy
1. Check the **Save account information** checkbox.
1. Tap **Connect**.
-**Note:** Android 6 (Marshmallow) users should edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. When finished, run `service ipsec restart`. (Reference)
+**Note:** If you are using Android 6 (Marshmallow) and unable to connect, try these workarounds:
+
+1. Click the settings icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, skip to the next step.
+1. Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Save the file and run `service ipsec restart`. (Ref)
Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`".
@@ -160,10 +163,17 @@ Follow the steps in " > /var/run/xl2tpd/l2tp-control` with:
+
+ ```
+ echo "c XXX-YOUR-CONNECTION-NAME-XXX " | sudo tee /var/run/xl2tpd/l2tp-control
+ ```
+
1. Replace the last command `sudo route add -net default gw ` with:
-```
-sudo route add default dev ppp0
-```
+
+ ```
+ sudo route add default dev ppp0
+ ```
If there is an error, check the output of `ifconfig` and replace `ppp0` above with `ppp1`, etc.
@@ -211,7 +221,7 @@ To fix this error, please follow these steps:
1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others.
1. Click **OK** to save the VPN connection details.
-
+
### Other Errors
diff --git a/docs/images/azure-deploy-button.png b/docs/images/azure-deploy-button.png
new file mode 100644
index 0000000..e81f2c1
Binary files /dev/null and b/docs/images/azure-deploy-button.png differ
diff --git a/docs/images/do-install-button.png b/docs/images/do-install-button.png
new file mode 100644
index 0000000..375959e
Binary files /dev/null and b/docs/images/do-install-button.png differ
diff --git a/docs/images/linode-deploy-button.png b/docs/images/linode-deploy-button.png
new file mode 100644
index 0000000..5a394a2
Binary files /dev/null and b/docs/images/linode-deploy-button.png differ
diff --git a/docs/images/vpn-properties-zh.png b/docs/images/vpn-properties-zh.png
new file mode 100644
index 0000000..d8e9cda
Binary files /dev/null and b/docs/images/vpn-properties-zh.png differ
diff --git a/docs/images/vpn-properties.png b/docs/images/vpn-properties.png
new file mode 100644
index 0000000..31b3a68
Binary files /dev/null and b/docs/images/vpn-properties.png differ
diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index 9b81ea1..5d99503 100644
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -21,7 +21,7 @@ exiterr() { echo "Error: ${1}" >&2; exit 1; }
exiterr2() { echo "Error: 'apt-get install' failed." >&2; exit 1; }
os_type="$(lsb_release -si 2>/dev/null)"
-if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
+if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ] && [ "$os_type" != "Raspbian" ]; then
exiterr "This script only supports Ubuntu/Debian."
fi
diff --git a/vpnsetup.sh b/vpnsetup.sh
index 1c92d3a..2f8ed07 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -37,7 +37,7 @@ exiterr() { echo "Error: ${1}" >&2; exit 1; }
exiterr2() { echo "Error: 'apt-get install' failed." >&2; exit 1; }
os_type="$(lsb_release -si 2>/dev/null)"
-if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
+if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ] && [ "$os_type" != "Raspbian" ]; then
exiterr "This script only supports Ubuntu/Debian."
fi
@@ -120,8 +120,8 @@ PUBLIC_IP=${VPN_PUBLIC_IP:-''}
PRIVATE_IP=${VPN_PRIVATE_IP:-''}
# In Amazon EC2, these two variables will be retrieved from metadata
-[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
-[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
+[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 5 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
+[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget -t 3 -T 5 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
# Try to find IPs for non-EC2 servers
[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short)
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 6710120..08c421d 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -107,8 +107,8 @@ PUBLIC_IP=${VPN_PUBLIC_IP:-''}
PRIVATE_IP=${VPN_PRIVATE_IP:-''}
# In Amazon EC2, these two variables will be retrieved from metadata
-[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
-[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
+[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 5 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
+[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget -t 3 -T 5 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
# Try to find IPs for non-EC2 servers
[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short)