mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 21:16:02 +03:00
Code Issues Projects Releases Wiki Activity

Improve VPN ciphers

Browse Source 
- Remove unsupported ESP algorithm on Raspbian
This commit is contained in:
hwdsl2 2017-11-13 00:12:16 -06:00
parent 2dfa587a71
commit 8b40709d4d
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
extras/vpnupgrade.sh
View File

@ -183,6 +183,9 @@ fi
# Update ipsec.conf for Libreswan 3.19 and newer # Update ipsec.conf for Libreswan 3.19 and newer
IKE_NEW=" ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512" IKE_NEW=" ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512"
PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512" PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512"
if grep -qs raspbian /etc/os-release; then
PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2"
fi
sed -i".old-$(date +%F-%T)" \ sed -i".old-$(date +%F-%T)" \
-e "s/^[[:space:]]\+auth=esp\$/ phase2=esp/" \ -e "s/^[[:space:]]\+auth=esp\$/ phase2=esp/" \
-e "s/^[[:space:]]\+forceencaps=yes\$/ encapsulation=yes/" \ -e "s/^[[:space:]]\+forceencaps=yes\$/ encapsulation=yes/" \

5
vpnsetup.sh
View File

@ -279,6 +279,11 @@ if grep -qs 'Raspbian GNU/Linux 9' /etc/os-release; then
check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf
fi fi
# Remove unsupported ESP algorithm on Raspbian
if grep -qs raspbian /etc/os-release; then
sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
fi
# Specify IPsec PSK # Specify IPsec PSK
conf_bk "/etc/ipsec.secrets" conf_bk "/etc/ipsec.secrets"
cat > /etc/ipsec.secrets <<EOF cat > /etc/ipsec.secrets <<EOF