hwdsl2
5f9a6fa8ce
Improve VPN setup
...
- Update uninstall script: For CentOS/RHEL 8, try to automatically
restore nftables rules to the version before VPN setup.
- Cleanup
2021-09-09 00:14:26 -05:00
hwdsl2
263ffe97cc
Cleanup
2021-09-07 09:02:22 -05:00
hwdsl2
c91270a18c
Improve VPN setup
...
- Add uninstall script
2021-09-07 02:55:37 -05:00
hwdsl2
217bf2a237
Cleanup
...
- Improve temporary folder creation
2021-08-28 16:07:52 -05:00
hwdsl2
da7697a5b0
Cleanup
...
- Update scripts to use bash instead of sh
- Update docs
2021-08-27 23:35:31 -05:00
hwdsl2
0e8e6a020c
New Libreswan version
...
- Support updating to Libreswan 4.5
2021-08-22 11:49:35 -05:00
hwdsl2
edd124ed9c
Update IKEv2 script
...
- Set display name under server description in iOS VPN settings
to "IKEv2 VPN"
- Ref: #995 . Thanks @Mattz-P!
2021-08-22 10:55:57 -05:00
hwdsl2
52216d8f59
Improve update scripts
...
- Refactor VPN update scripts into functions
- Cleanup
2021-08-22 00:43:14 -05:00
hwdsl2
665349336d
Update IKEv2 script
...
- Cleanup
2021-08-22 00:42:21 -05:00
hwdsl2
fc33e1c451
Cleanup
2021-08-19 01:40:38 -05:00
hwdsl2
87235014ad
Add Debian 11
2021-08-15 00:46:25 -05:00
hwdsl2
8e570129b2
Cleanup
2021-08-14 00:26:27 -05:00
hwdsl2
70873348b9
Add update script
...
- Add a new wrapper script for updating Libreswan on all supported OS.
The previous vpnupgrade.sh has been moved to vpnupgrade_ubuntu.sh.
2021-08-14 00:23:14 -05:00
hwdsl2
cd40f1e2b7
Rename update script
2021-08-13 22:59:41 -05:00
hwdsl2
cfd9128e3f
Improve VPN setup
...
- Wait for apt to be available
- Check for Wget and install it if not found
- Fallback to cURL if Wget fails
- Cleanup
2021-08-13 22:15:11 -05:00
hwdsl2
779a86f933
Cleanup
2021-08-13 02:11:31 -05:00
hwdsl2
21dc90e656
Update IKEv2 script
...
- Cleanup
2021-08-11 00:03:25 -05:00
hwdsl2
c8b5bb87f0
Update interface check
...
- Update network interface check in quickstart.sh so that it is
consistent with vpnsetup.sh.
2021-08-10 23:09:48 -05:00
hwdsl2
50053e3be7
Add quick start script
2021-08-10 02:57:18 -05:00
hwdsl2
6daacff466
Cleanup
2021-08-07 16:12:26 -05:00
hwdsl2
ab50fa7264
Update IKEv2 script
...
- Minor improvements to client name input prompts. Abort and exit
if the user presses Enter without specifying a client name.
- Cleanup
2021-07-31 23:36:43 -05:00
hwdsl2
c928068a20
Update IKEv2 script
...
- Cleanup
2021-07-31 15:31:13 -05:00
hwdsl2
2c3f4e20a5
Update IKEv2 script
...
- Cleanup
2021-07-30 08:47:10 -05:00
hwdsl2
2e17ef68ce
Update OS detection
2021-07-27 00:59:15 -05:00
hwdsl2
8d26e0b6c9
Update IKEv2 script
...
- Improve checking for MOBIKE support. Linux kernels on QNAP systems
do not support MOBIKE.
Ref: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/247
- Switch to use /etc/ipsec.d/.vpnconfig to store generated password
for IKEv2 client config files, instead of vpnclient.p12.password.
Migrate to use .vpnconfig if the older config file is found.
Ref: 45ee41d
2021-07-25 20:55:40 -05:00
hwdsl2
45ee41d930
Update IKEv2 script
...
- Improve IKEv2 setup: Save generated password for IKEv2 client
configuration files to vpnclient.p12.password, so that it can
be re-used for later runs of the helper script. Previously,
a different password is generated each time the script is run.
2021-07-24 15:58:48 -05:00
hwdsl2
855a285cff
Update IKEv2 script
...
- Cleanup
2021-07-23 00:22:51 -05:00
hwdsl2
a0409b4399
Cleanup
...
- In rare cases, if a parent process traps SIGPIPE, the 'tr'
command in the VPN setup scripts could output an error
'tr: write error: Broken pipe'. This is a cosmetic error
that does NOT affect the functionality of the scripts. This
commit hides the error in such cases.
2021-07-21 23:12:06 -05:00
hwdsl2
7afbca94a5
Cleanup
2021-07-17 00:52:04 -05:00
hwdsl2
5d43404beb
Update IKEv2 script
...
- Simplify IKEv2 setup: Use an auto-generated password to protect
client configuration files. Remove the steps for user input.
- Cleanup
2021-07-13 22:09:25 -05:00
hwdsl2
a90caf428b
Update IKEv2 script
...
- Add support for Alpine Linux in a Docker container. See:
https://github.com/hwdsl2/docker-ipsec-vpn-server
2021-07-12 23:41:33 -05:00
hwdsl2
61025818bb
Optimize binary size
...
- Use the gcc "-s" option when compiling Libreswan. This reduces
binary size by ~80%.
2021-07-10 01:57:11 -05:00
hwdsl2
64eb0e1f49
Cleanup
2021-06-09 00:42:28 -05:00
hwdsl2
811ce6a9aa
Update IKEv2 script
...
- Check certificate status when exporting a client configuration
using --exportclient
2021-06-01 23:35:19 -05:00
hwdsl2
ea52ab4683
Update IKEv2 script
...
- New: Revoke a client certificate using the helper script. Users can
also manually revoke a client certificate, see https://git.io/ikev2
- Check for certificate validity when exporting client configurations
- Delete CRL from IPsec database when removing IKEv2
- Cleanup
2021-06-01 02:30:51 -05:00
hwdsl2
3014143e15
Update IKEv2 script
...
- Advanced users can specify the server's IP address using variable
VPN_PUBLIC_IP instead of auto-detect
2021-05-11 09:59:29 -05:00
hwdsl2
ee409250d8
Improve IKEv2 setup
...
- Increase RSA key size from the default 2048 bits to 3072 bits
- Use fixed delay between certutil calls, a random delay is not needed
- Update docs
2021-05-01 14:46:12 -05:00
hwdsl2
e850fca9c3
Update IKEv2 script
...
- Remove MODP1024 from IKEv2 ciphers for improved security. Windows users
will need to make a one-time registry change before connecting for the
first time. Refer to https://git.io/ikev2 .
2021-04-24 22:34:48 -05:00
hwdsl2
ac0bde54bb
New Libreswan version
...
- Use new Libreswan version 4.4
- Support updating to Libreswan 4.4
- Other small improvements and cleanup
2021-04-24 16:15:05 -05:00
hwdsl2
d90c6121b6
Improve OS detection
2021-04-20 00:09:00 -05:00
hwdsl2
10f09bbab6
Cleanup
2021-04-18 14:27:52 -05:00
hwdsl2
f35ea9ed0d
Update IKEv2 script
...
- Improve output for auto mode when custom options are specified
2021-04-11 13:53:38 -05:00
hwdsl2
5076f9ec03
Update IKEv2 script
...
- Add an option to specify the name of the first IKEv2 client when
running the script in auto mode. The default is "vpnclient".
- Cleanup
2021-04-10 16:24:49 -05:00
hwdsl2
804856064b
Minor fix and cleanup
...
- Minor fix for CentOS 8 for the uncommon scenario where the server has
"nftables" service enabled
- Cleanup
2021-04-01 23:06:36 -05:00
hwdsl2
7ac343db4d
Update IKEv2 script
...
- Improve output
2021-03-30 23:47:59 -05:00
hwdsl2
e6c2cbcd96
Update IKEv2 script
2021-03-28 23:39:04 -05:00
hwdsl2
cd3a0c1bed
Update IKEv2 script
...
- Remove support for Libreswan 3.22 and older in the IKEv2 script. Users
should update to a newer version before setting up IKEv2.
- Cleanup
2021-03-19 23:58:06 -05:00
hwdsl2
eb8daa3a40
Update helper scripts
...
- Cleanup and minor improvements to the helper scripts for managing
VPN users
2021-03-12 00:07:48 -06:00
hwdsl2
35c85526b6
Update IKEv2 script
...
- Minor improvement to client config message
2021-03-08 23:23:00 -06:00
hwdsl2
d54b2ac57a
Cleanup
2021-03-07 23:38:38 -06:00
hwdsl2
8fa3bfac80
Cleanup
2021-03-07 00:12:46 -06:00
hwdsl2
1abcd704be
Update IKEv2 config
...
- Use the AES_GCM128 cipher for improved performance
Ref: https://libreswan.org/wiki/Benchmarking_and_Performance_testing
- Update docs
2021-03-06 14:07:07 -06:00
hwdsl2
11f8502e3a
Improve IKEv2 setup
...
- Use default key size (2048 bits) when generating key pairs using
certutil. This significantly reduces IKEv2 setup time on servers
with less powerful CPUs, such as Raspberry Pis, while still providing
sufficient security.
- Update docs
2021-03-05 21:33:41 -06:00
hwdsl2
2e7b3f1bf4
Update IKEv2 script
...
- Make it easier for users to update Libreswan when the script is not
running in auto mode
2021-02-26 00:42:02 -06:00
hwdsl2
1972501725
New Libreswan version
...
- Use new Libreswan version 4.3
- Support updating to Libreswan 4.3
- Other small improvements
- Update tests
2021-02-21 23:54:37 -06:00
hwdsl2
70e8acc0e7
Update IKEv2 script
...
- Cleanup
2021-02-18 00:43:55 -06:00
hwdsl2
52151ffdfe
Cleanup
2021-02-14 01:20:17 -06:00
hwdsl2
4deb437562
Fix permissions
...
- Set the executable bit for .sh files. Ref: #910 . Thanks @reuixiy!
2021-02-13 14:40:48 -06:00
hwdsl2
7982ddf763
Update IKEv2 script
...
- Minor fix: When used inside a Docker container, do not restart the
IPsec service if it is not currently running.
2021-02-12 01:08:49 -06:00
hwdsl2
256b7e5063
Update IKEv2 script
...
- Add variables VPN_DNS_SRV1 and VPN_DNS_SRV2, for specifying custom DNS
servers when running the IKEv2 script in auto mode. Example:
VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto
2021-02-10 01:19:17 -06:00
hwdsl2
c83148245b
Update IKEv2 script
...
- Add a variable VPN_DNS_NAME, which can be defined when running the
IKEv2 script in auto mode, to set up IKEv2 using a DNS name instead
of an IP address for the VPN server. The DNS name must be a fully
qualified domain name (FQDN). Example:
VPN_DNS_NAME=vpn.example.com bash ikev2.sh --auto
- Minor cleanup
2021-02-09 22:32:26 -06:00
hwdsl2
5779b2e6c8
Improve output
...
- Improve output for the VPN setup and upgrade scripts. The outputs
of the scripts are now significantly reduced and only include the
most useful information for users.
- Other minor cleanup
2021-02-05 21:49:35 -06:00
hwdsl2
89eaacc0b8
Update IKEv2 script
...
- Improve output and clean up
2021-02-04 23:41:48 -06:00
hwdsl2
1808095bb7
New Libreswan version
...
- Use new Libreswan version 4.2
- Support updating to Libreswan 4.2 from older versions. The upgrade
scripts can now install one of these versions: 3.32, 4.1 or 4.2.
- Other small improvements
- Update tests
2021-02-04 01:47:04 -06:00
hwdsl2
5510e1f9d2
Update IKEv2 script
...
- Remove date/time suffix from client config file names
2021-02-03 21:35:56 -06:00
hwdsl2
4d1af3afcb
Update IKEv2 script
...
- Add an option to list the names of existing IKEv2 clients
2021-02-01 22:38:42 -06:00
hwdsl2
954b2acb7c
Fix for IKEv2
...
- Fix an issue where multiple IKEv2 clients behind the same NAT cannot
connect simultaneously to the VPN server. Note that before this fix,
this issue only occurs when using an IP address (instead of a DNS name)
for IKEv2 for the VPN server.
- This issue is found to be related to Libreswan's matching of local IDs
when checking connections. A local ID with '@' prefix has type ID_FQDN,
which does not match the ID_IPV4_ADDR type that the peer expects. This
prevents connection switching from working correctly for the scenario
above. Removing the prefix fixed the issue.
- Fixes #924
2021-02-01 21:42:31 -06:00
hwdsl2
a44c1ea473
Update IKEv2 script
...
- Improvement: If the script is run using sudo, export the VPN client
config files to the user's home directory instead of "/root", and set
owner/group so that users can more easily download the config files.
2021-01-30 14:24:01 -06:00
hwdsl2
08d0ca372e
Update IKEv2 script
...
- Add a command-line option to remove IKEv2
- Change the error to a warning when option '--auto' is specified after
IKEv2 setup
- Other minor improvements
2021-01-25 22:32:32 -06:00
hwdsl2
8c286df143
Cleanup
2021-01-24 20:01:40 -06:00
hwdsl2
7e3a38ca54
Update IKEv2 script
...
- New: Users can now specify '--listclients' to list the names of
existing IKEv2 clients
- Other minor improvements
2021-01-24 15:54:44 -06:00
hwdsl2
625ddd3d32
Update IKEv2 script
...
- New: Users can now specify '--addclient [client name]' or
'--exportclient [client name]' command-line arguments to automatically
add or export an IKEv2 client using default options.
- Show script usage when '-h' or '--help' is specified.
- Other minor improvements
2021-01-24 13:53:55 -06:00
hwdsl2
83d7309147
Cleanup
2021-01-23 18:20:49 -06:00
hwdsl2
f0c1f3bcb1
Update IKEv2 script
...
- New: Create .sswan files to simplify Android IKEv2 client setup and
improve VPN performance
- Cleanup
2021-01-23 16:02:59 -06:00
hwdsl2
3611ed5981
Update IKEv2 script
...
- Minor fix: Set permission for the generated .mobileconfig file to 600,
same as the exported .p12 file.
2021-01-23 00:20:09 -06:00
hwdsl2
47b5cd01c1
Update IKEv2 script
...
- For the Ubuntu 18.04 NSS bug fix, use mirrors.kernel.org, which
is an Ubuntu mirror that supports HTTPS, instead of HTTP-only
security.ubuntu.com
- Minor fix: When uninstalling IKEv2, delete keys in addition to
certificates from the IPsec database
2021-01-21 23:07:24 -06:00
hwdsl2
5e1b3e1ae9
Update IKEv2 script
...
- Apply fix for NSS bug on Ubuntu 18.04. Ubuntu 18.04 has NSS (libnss3)
version 3.35, which has a bug with iteration counts that results in
"incorrect password" errors when trying to import a generated ".p12"
file to Windows. To fix this, we install newer versions of libnss3
related packages from the official Ubuntu repo.
Ref: #414
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes
https://packages.ubuntu.com/focal/amd64/libnss3
- Other minor improvements
2021-01-21 00:24:07 -06:00
hwdsl2
7d9f2c6603
Fix IKEv2
...
- Fix an issue with IKEv2 disconnecting after one hour due to IKE SA
expiration, by setting ikelifetime and salifetime to 24h.
Ref: #913 #844 https://libreswan.org/man/ipsec.conf.5.html
2021-01-20 01:39:07 -06:00
hwdsl2
9bf2b630ca
Update IKEv2 script
...
- Add option to remove IKEv2
2021-01-19 01:05:06 -06:00
hwdsl2
819ff8a2b3
Update IKEv2 script
...
- New feature: Export configuration for an existing IKEv2 client
- If IKEv2 has already been set up, users can now choose from a menu to
either add a new client or export configuration for an existing client
2021-01-18 21:57:09 -06:00
hwdsl2
ef93a9867b
Update IKEv2 script
...
- New feature: The IKEv2 helper script can now be run in "auto mode",
which sets up IKEv2 using default options, no user input needed.
To use this mode, add command-line parameter "--auto"
- Refactor entire script to remove duplicate code, improve structure
and make it easier to read and maintain
- Add check for Libreswan version
- Update tests
2021-01-18 00:01:46 -06:00
hwdsl2
b17ec88a0d
Update IKEv2 script
...
- Add the option for users to specify their own password to protect the
exported VPN client configuration files
- Update tests
2021-01-15 23:26:25 -06:00
hwdsl2
b004aaaf7c
Support .mobileconfig for IKEv2
...
- New feature: For macOS and iOS clients, the IKEv2 helper script
can now create .mobileconfig files to simplify client setup
and improve VPN performance with ciphers such as AES-GCM.
- New feature: VPN On Demand is now supported on macOS and iOS.
See https://git.io/ikev2 for more details.
- The script no longer exports the IKEv2 VPN CA certificate, since
.mobileconfig support has been added.
- A random password is now generated for the .p12 and .mobileconfig
files, and displayed on the screen when finished. User input is
no longer required for this password.
2021-01-14 23:21:52 -06:00
hwdsl2
91b7e53004
Update IKEv2 script
...
- Improve check for MOBIKE support
2021-01-13 09:58:17 -06:00
hwdsl2
c0a212bfc8
Update IKEv2 script
...
- Improve OS detection and Libreswan version handling
- Cleanup
2021-01-10 18:28:52 -06:00
hwdsl2
3b90d2d394
Cleanup
2021-01-07 12:02:44 -06:00
hwdsl2
a5a1f4adb1
Cleanup
2021-01-03 14:05:13 -06:00
hwdsl2
dabf765978
Update year
2021-01-03 00:35:24 -06:00
hwdsl2
de7a529c6c
Cleanup
...
- Remove Debian 8 from VPN upgrade script, which is EOL on 06/30/2020
- Include OS arch when checking Libreswan version
- Other minor improvements
2021-01-02 14:25:50 -06:00
hwdsl2
b3ad82fd48
Cleanup
2020-12-31 23:09:58 -06:00
hwdsl2
cac5191155
Add version check
...
- Check for latest supported Libreswan version, and remind users who use
a non-latest version of the VPN scripts that they can upgrade
- Other minor improvements
2020-12-31 18:24:41 -06:00
hwdsl2
313502293f
Update IKEv2 script
...
- Add check for existing certificates for the VPN server and client
- Other minor improvements
2020-12-30 22:53:19 -06:00
hwdsl2
e7bbb50670
Add Amazon Linux 2
2020-12-26 00:19:50 -06:00
hwdsl2
76c9d9c293
Update IKEv2 script
2020-12-20 01:15:00 -06:00
hwdsl2
3b1403668d
Update upgrade scripts
...
- Clean up Libreswan build flags for CentOS
- Minor improvements
2020-12-14 23:12:15 -06:00
hwdsl2
f9d84216d6
Fix Libreswan flags
...
- Fix Libreswan flags on e.g. Raspbian 10
2020-12-14 14:17:54 -06:00
hwdsl2
599c1dab15
Update IKEv2 script
...
- Minor improvements
2020-12-13 15:52:03 -06:00
hwdsl2
c1fb45f942
Fix for CentOS 8
...
- The repository ID "powertools" is now lower case in the latest
CentOS release. Update to work in both cases.
2020-12-07 11:37:48 -06:00
hwdsl2
027c70edb0
Update Debian check
...
- Update upgrade scripts to work on Debian 8 for now. Debian 8 (Jessie)
is EOL and users should upgrade to a newer Debian version.
2020-12-07 10:28:28 -06:00
hwdsl2
8a3f22ba65
Update Debian check
...
- Add check for Debian 8 (not supported)
2020-12-04 23:39:35 -06:00
hwdsl2
00f9d2ba86
Clean up build flags
...
- Clean up build flags for Libreswan. In Libreswan 4.1, these flags are
now set automatically based on Ubuntu/Debian versions, and no longer
needed for CentOS/RHEL 7 and 8.
- Ref: https://github.com/libreswan/libreswan/blob/main/mk/defaults/linux.mk
https://github.com/libreswan/libreswan/commit/c01ffcc1
2020-12-04 23:36:53 -06:00
hwdsl2
41142ee915
Remove CentOS 6
...
- CentOS 6 was EOL as of Nov. 30, 2020, and the default yum repos are
no longer available for installing new packages
Ref: https://wiki.centos.org/About/Product
2020-12-02 23:40:54 -06:00
hwdsl2
427e50a9ed
Update upgrade scripts
...
- Set sha2-truncbug to "no" when upgrading. This is required for
iOS 13/14 and macOS 10.15/11 VPN clients to connect.
- References: 3353888
#882
2020-11-27 11:16:12 -06:00
hwdsl2
cf1865a66e
Improve RPi detection
...
- Add check for 64-bit versions of Raspberry Pi OS, e.g. Ubuntu 20.04
on Raspberry Pi 4
- Ref: #852
2020-11-24 21:27:40 -06:00
hwdsl2
ccd072541b
Update Debian check
...
- Add check for Debian 10. See: https://git.io/vpndebian10
- Remove Debian 7 check
2020-11-17 00:50:35 -06:00
hwdsl2
b57678b893
Update upgrade scripts
...
- Remove support for upgrading to old Libreswan versions 3.19-3.25
- Minor improvements
2020-11-15 11:47:14 -06:00
hwdsl2
ecd99a6bba
Fix version detection
...
- Fix Libreswan version detection in upgrade scripts
2020-11-12 10:25:09 -06:00
hwdsl2
694679b59c
Update upgrade scripts
...
- Replace the obsolete ike-frag option in ikev2.conf (if exists),
which was removed in Libreswan 4.1.
2020-11-12 00:39:20 -06:00
hwdsl2
5a13026701
Apply Libreswan fix
...
- Fix detection for sysvinit initsystem:
cfe4dabab4
2020-11-11 23:05:29 -06:00
hwdsl2
1dee0d4262
Update upgrade scripts
...
- Support upgrading to Libreswan 4.1
2020-11-11 01:10:27 -06:00
hwdsl2
afb8a7acce
New Libreswan version
...
- Upgrade Libreswan from 3.32 to 4.1
2020-11-11 00:27:44 -06:00
hwdsl2
4fa17ce958
Fix for EPEL repo
...
- Remove workaround for EPEL repo issues (bff3fe5
)
- "yum makecache" may have higher disk space requirements that could
cause issues on systems with low free disk space
2020-09-30 22:49:49 -05:00
hwdsl2
5e090770c8
Update IKEv2 script
...
- Allow specifying custom DNS servers
- Add notes about the IKEv2 MOBIKE extension
- Cleanup
2020-07-12 17:14:30 -05:00
hwdsl2
bff3fe5a4b
Fix for EPEL repo
...
- Add workaround for EPEL repo issues
2020-07-06 23:03:13 -05:00
hwdsl2
012c19fed1
Update IKEv2 script
...
- Allow specifying the validity period of client certificates
2020-07-02 11:48:35 -05:00
hwdsl2
cf2ed17ae6
Update IKEv2 script
...
- Improve error handling and move ikev2 config to the last step
2020-06-11 01:32:31 -05:00
hwdsl2
b7293e95da
Cleanup
2020-06-05 11:00:23 -05:00
hwdsl2
333a63850e
Update IKEv2 script
...
- Support adding IKEv2 VPN clients
- Users can specify name for the first VPN client
2020-06-05 00:29:15 -05:00
hwdsl2
e1e1b67afd
Improve IKEv2 setup
...
- Use /etc/ipsec.d/ikev2.conf for IKEv2 configuration
- Allow running from inside a container, so that it can be used with:
https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 23:09:32 -05:00
hwdsl2
5894ea2e1f
Update IKEv2 script
...
- Allow running from inside a container, so that it can be used with:
https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 17:35:27 -05:00
hwdsl2
5fe5f04835
Update upgrade scripts
...
- Ref: 71d67ae
2020-05-25 13:40:04 -05:00
hwdsl2
0a0607feb9
Update IKEv2 script
...
- Save client configuration to home folder
2020-05-17 18:09:40 -05:00
hwdsl2
b028661f6f
Update IKEv2 script
...
- Raspberry Pi (Raspbian) kernels do not support MOBIKE
2020-05-16 22:11:01 -05:00
hwdsl2
f38e2ea4f2
Cleanup
2020-05-14 23:07:47 -05:00
hwdsl2
5bf8b86192
Update IKEv2 script
...
- Fix CentOS detection
- Set MOBIKE question default to 'yes'
2020-05-11 23:15:05 -05:00
hwdsl2
6a285499e3
Update upgrade scripts
...
- Support upgrading to Libreswan 3.32
- Update ikev2 setup helper script
2020-05-11 11:28:37 -05:00
hwdsl2
ace41ebc29
Add IKEv2 script
...
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
2020-05-11 01:18:34 -05:00
hwdsl2
f15db57ea5
Fix upgrade bug
...
- Fixed an issue where the upgrade script could break the IKEv2 section
of /etc/ipsec.conf for users who manually added IKEv2
2020-04-30 00:12:56 -05:00
hwdsl2
dae0c03356
Improve output
...
- Inhibit warning messages from Libreswan compilation
2020-04-29 11:00:25 -05:00
hwdsl2
5983c79904
Fix IKEv2
...
- Apply fix for an IKEv2 regression in Libreswan
- Ref: https://github.com/libreswan/libreswan/commit/90f8a09
https://github.com/libreswan/libreswan/issues/333
https://github.com/libreswan/libreswan/issues/329
2020-04-26 16:27:00 -05:00
hwdsl2
dbb3c6b436
Improve RPi workaround
...
- Newer Raspbian kernels now support SHA512
2020-04-26 00:32:54 -05:00
hwdsl2
48d9b06bab
Update upgrade scripts
...
- Support upgrading to Libreswan 3.31
2020-04-12 00:28:00 -05:00
hwdsl2
53a4bbb06a
Add install note
2020-01-13 00:09:30 -08:00
hwdsl2
4360737eaf
Improve OS detection
2020-01-13 00:07:39 -08:00
hwdsl2
99e194e683
Add CentOS 8
...
- Add support for CentOS/RHEL 8
2019-11-01 13:31:23 -07:00
hwdsl2
609f24257d
New Libreswan version
...
- Upgrade Libreswan to 3.29
2019-06-10 21:05:51 -05:00
hwdsl2
6c0c006d24
Cleanup
2019-06-09 00:14:33 -05:00
hwdsl2
62d9b845d6
Cleanup
2019-06-03 22:02:14 -05:00
hwdsl2
1659d0336c
Support Libreswan 3.28
...
- Support upgrading to new Libreswan version 3.28
- Patch applied for Debian 9/8. See:
https://lists.libreswan.org/pipermail/swan/2019/003210.html
- Patch applied for CentOS 6. See:
5db185497d
and 4b93354f35
2019-06-02 21:08:43 -05:00
hwdsl2
d382350bde
Improve VPN users
...
- Check VPN users for duplicates in the helper script
2019-01-13 11:51:47 -06:00
hwdsl2
6fb35e25cb
Update year
2019-01-12 11:34:10 -06:00
hwdsl2
997cacdaeb
Cleanup
2019-01-12 01:08:04 -06:00
hwdsl2
03e587d834
Cleanup
2018-12-19 00:14:31 -06:00
hwdsl2
ddaa0ee99c
Improve DNS servers
...
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
only one or both alternative DNS servers
2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e
Improve VPN ciphers
...
- Optimize order of VPN ciphers for performance
2018-11-24 10:30:42 -06:00
hwdsl2
83b0663318
Add more helper scripts
...
- Create additional helper scripts for managing VPN users
- Update docs
- Closes : #355
2018-11-22 16:49:56 -06:00
hwdsl2
b979d1f15d
Add helper script
...
- Create a helper script for updating VPN users
- Update docs
2018-11-22 02:46:28 -06:00
hwdsl2
f1c8c06af1
Improve VPN ciphers
...
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
2018-11-02 01:54:49 -05:00
hwdsl2
5f75a7306a
Improve VPN ciphers
...
- Revert 'sha2-truncbug' from 'no' to 'yes' to fix compatibility with
Android versions 6.x and 7.x.
- Remove aes128-sha2_512 algorithm
- Ref: 732ad1e
2018-10-28 00:33:42 -05:00
hwdsl2
732ad1e941
Improve VPN ciphers
...
- Optimize VPN ciphers and their order for improved security and
compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
2018-10-27 00:53:19 -05:00
hwdsl2
9db710090d
Improve VPN ciphers
...
- Add AES-GCM cipher for Chromebook compatibility and performance
2018-10-25 01:25:35 -05:00
hwdsl2
804211c101
Cleanup
2018-10-21 00:20:54 -05:00
hwdsl2
a04d2d32e8
New Libreswan version
...
- Upgrade Libreswan to 3.27
- Cleanup
2018-10-09 12:32:28 -05:00
hwdsl2
4f41fcba9a
Improve upgrade config
...
- Replace all occurrences when updating /etc/ipsec.conf
- Prompt the user to edit manually if more than one modecfgdns1= or
modecfgdns= line is present
2018-09-30 20:04:21 -05:00
hwdsl2
e22664f7a2
Improve upgrade config
...
- Try to automatically update modecfgdns lines in /etc/ipsec.conf
in the Libreswan upgrade scripts
- Cleanup
2018-09-22 12:10:02 -05:00
hwdsl2
b803f32b71
New Libreswan version
...
- Upgrade to new Libreswan version 3.26
- Ref: https://github.com/libreswan/libreswan/issues/202
- Cleanup
2018-09-21 23:47:17 -05:00
hwdsl2
95c8a178e7
Improve variables
...
- Move SWAN_VER to the top of the scripts
- Add check for Libreswan version
- Cleanup
2018-09-18 00:57:03 -05:00
hwdsl2
329a5ecf50
Cleanup
...
- Improve display of Libreswan versions in upgrade scripts
- Clean up notes
2018-09-16 21:36:49 -05:00
hwdsl2
dfc5fce92c
Improve version check
...
- Improve Libreswan version check in upgrade scripts, including
checking for supported versions and showing upgrade/downgrade info
- Clean up notes
2018-09-16 01:05:29 -05:00
hwdsl2
b8088d3934
Improve EPEL repo
...
- Improve handling of the EPEL repository. Although uncommon, some systems
can have epel-release installed but disabled in /etc/yum.repos.d/epel.repo
- Fixes #210
2018-07-04 20:07:32 -05:00
hwdsl2
145f29b477
Improve version check
...
- Add check for some Libreswan versions that are not available
- Include Libreswan 3.25 in multiple IPsec/XAuth clients warning
- Cleanup notes
2018-06-30 00:42:08 -05:00
hwdsl2
41ce696f08
Add new version
...
- Add support for upgrading to new Libreswan version 3.25
- "USE_GLIBC_KERN_FLIP_HEADERS = true" is required for compilation
- Fixes #412
2018-06-28 00:49:49 -05:00
hwdsl2
0c151515fe
Improve upgrade scripts
...
- Add note for users downgrading to 3.22
- Add check for Libreswan 3.25 (not yet supported)
- Print Libreswan versions and improve message
- Cleanup
2018-06-28 00:03:42 -05:00
hwdsl2
59f817575c
Create rundir
...
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
2018-06-10 16:08:12 -05:00
hwdsl2
1ff393b91c
Use Libreswan 3.22
...
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502
0cf01c0
2018-06-06 00:40:09 -05:00
hwdsl2
95bcadb2c2
Improve VPN ciphers
...
- Add back aes256-sha2_512 to phase2alg, required on some Android systems
- Fixes #391
2018-05-23 19:54:37 -05:00
hwdsl2
8e15eb683c
Cleanup
2018-05-23 01:39:53 -05:00
hwdsl2
73a97f2ba4
Cleanup
2018-05-10 21:18:58 -05:00
hwdsl2
102ccbc17d
Clean up VPN ciphers
...
- Remove aes256-sha2_512
- Change sha2-truncbug to no for newer Android versions
- Fixes #303
2018-05-05 18:51:24 -05:00
hwdsl2
0c6cb4b8a9
Update year
2018-05-05 18:49:38 -05:00
hwdsl2
4c47137e7f
Add modecfgdns note
2018-02-11 01:05:13 -06:00
hwdsl2
21228a8caf
Improve RPi workarounds
...
- Improve workarounds for systems with ARM CPU (e.g. Raspberry Pi)
- Check for ARM architecture instead of checking for Raspbian
2018-02-03 16:55:54 -06:00
hwdsl2
3d2b6fc861
Remove RPi workaround
2018-01-29 02:06:08 -06:00
hwdsl2
c982502ad4
Upgrade Libreswan to 3.23
...
- Remove 'docker-targets.mk' from Makefile to avoid git errors
during compilation
2018-01-29 01:22:24 -06:00
hwdsl2
cc64a29c01
Re-add RPi workaround
...
- Libreswan 3.22 may fail to compile on Raspberry Pi w/ Raspbian 9
- Use version 3.21 instead of 3.22 for Raspbian systems
- Ref: d472c65
2017-12-06 04:55:22 -06:00
hwdsl2
3f39255f84
Bug fix for RHEL 6/7
...
- Fix compatibility with Red Hat Enterprise Linux (RHEL) 6 and 7
- Ref: #273
2017-11-20 00:33:36 -06:00
hwdsl2
d472c65f8c
Remove RPi workaround
...
- No longer needed with fix 2dfa587
and 8b40709
- Ref: 1488ac0
2017-11-13 00:19:21 -06:00
hwdsl2
8b40709d4d
Improve VPN ciphers
...
- Remove unsupported ESP algorithm on Raspbian
2017-11-13 00:12:16 -06:00
hwdsl2
2dfa587a71
Fix Libreswan 3.22 bug
...
- This bug causes Libreswan 3.22 fail to start on a Raspberry Pi
- Apply fix from Libreswan GitHub repo: libreswan/libreswan@e154ae7
- Ref: https://lists.libreswan.org/pipermail/swan/2017/002338.html
2017-11-12 23:51:53 -06:00
hwdsl2
70c6d6b540
Various clean up
2017-11-01 01:01:49 -05:00
hwdsl2
16e437f58e
Minor clean up
...
- Wrap the scripts in a big function which is only called at the very end,
to protect against the possibility of connection interruptions
- Clean up some variables names
2017-10-29 19:53:35 -05:00
hwdsl2
1488ac0ce8
Workaround for Raspberry Pi
...
- Libreswan version 3.22 does not start on Raspberry Pi
- Install version 3.21 on these systems as a workaround
2017-10-27 00:14:38 -05:00
hwdsl2
ef90b6ff19
Upgrade Libreswan to 3.22
2017-10-26 01:48:15 -05:00
hwdsl2
9cd6cb50b7
Clean up packages
...
- Remove libunbound-dev / unbound-devel (these packages are not needed
because we are not enabling DNSSEC)
Ref: https://github.com/libreswan/libreswan/issues/117
2017-10-02 20:33:24 -05:00
hwdsl2
23c4a287d3
Use parallel make
...
- Speed up Libreswan compilation using parallel make ("-j" option)
2017-09-28 01:11:03 -05:00
hwdsl2
f46e18cffc
Skip building manpages
...
- Skip building manpages for Libreswan
- No longer need/install "xmlto" package
- Reduce Libreswan compilation time by ~30%
2017-09-28 00:15:08 -05:00
hwdsl2
3f2b2cbc0b
Remove Debian 7
...
- Remove support for Debian 7 (Wheezy)
- Libreswan 3.21 no longer compiles on Debian 7 or Ubuntu 12.04
- Fix tests by switching to Ubuntu 14.04
2017-08-20 11:50:46 -05:00
hwdsl2
caf9293b8a
New Libreswan version 3.21
2017-08-20 10:52:28 -05:00
hwdsl2
47a9015135
Improve VPN ciphers
...
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
hwdsl2
8fb4bf7897
Minor clean up
2017-05-22 11:46:28 -05:00
hwdsl2
f58afbc84b
Update VPN ciphers
...
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
222acbf5ae
New Libreswan version
...
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6d9eb9a2fa
Improve OS detection
...
- Fix OS detection on Debian when lsb_release is not available
- Closes #123
2017-03-23 12:39:01 -05:00
hwdsl2
e31c378b44
Improve upgrade scripts
...
- Better handling of updating ipsec.conf for Libreswan >= 3.19
- Other minor changes
2017-02-07 20:59:47 -06:00
hwdsl2
721f7bfaa0
Minor fix
...
- Improve sed command in VPN upgrade scripts
2017-01-20 11:25:12 -06:00
hwdsl2
63697214b4
Improve VPN ciphers
...
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b
Bugfix
...
- Libreswan 3.19 removed MODP1024 from the ike= default list,
which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101 . Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0
Update year
2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70
Minor fix
...
- Use the "fixed strings" option in "grep" commands for "swan_ver",
so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287
Upgrade to Libreswan 3.19
...
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00