1
0
mirror of synced 2024-11-27 23:36:02 +03:00
Commit Graph

1412 Commits

Author SHA1 Message Date
hwdsl2
2623d1bc07 Update tests 2023-01-04 02:16:17 -06:00
hwdsl2
3d05e96115 Update docs 2023-01-04 01:38:44 -06:00
hwdsl2
46b55ee737 Update docs 2022-12-23 20:51:54 -06:00
hwdsl2
8f76ffbdb6 Update docs 2022-12-19 00:50:49 -06:00
hwdsl2
217c3af7c4 Update docs 2022-12-17 01:08:33 -06:00
hwdsl2
fec1b7c7a2 Update IKEv2 script
- Improve MOBIKE detection by checking whether the IKEv2 connection
  is successfully loaded. If not, the server's Linux kernel may not
  support MOBIKE, and we disable it in ikev2.conf.
- This will help prevent the issue where the IKEv2 connection fails
  to load on some systems due to lack of MOBIKE support. Note that
  the script already has checks for MOBIKE support that cover common
  cases.
- Related issues:
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/330
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/298
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/247
2022-12-01 21:45:57 -06:00
hwdsl2
fad9e0d34d Update IKEv2 setup log
- When using the IKEv2 change server address script on Docker,
  update the IKEv2 setup log with the new server address, so that
  it can be displayed in the container logs after a restart.
2022-12-01 21:25:41 -06:00
hwdsl2
8817e6f924 Update docs
- Update IKEv2 instructions for Linux clients.
  Ref: #1282
2022-11-26 10:51:01 -06:00
hwdsl2
651c404bf6 Improve sysctl settings
- For enabling TCP BBR congestion control, add a check to make sure
  tcp_congestion_control exists.
2022-11-20 15:01:44 -06:00
hwdsl2
fc16499d28 Update docs 2022-11-19 10:23:17 -06:00
hwdsl2
94e005c7aa Update docs 2022-11-14 03:13:08 -06:00
hwdsl2
9188cd5b82 Update docs 2022-11-10 03:14:30 -06:00
hwdsl2
f558f26520 Update docs
- Add a troubleshooting section for IKEv2 "parameter is incorrect"
  error.
- Fixes #1268. See also #873.
2022-11-07 23:20:01 -06:00
hwdsl2
4835154f84 Update docs 2022-11-06 01:33:12 -05:00
hwdsl2
46640c01b1 Update docs 2022-11-06 00:28:28 -05:00
hwdsl2
edd05df89c Update IKEv2 script
- Improve the optional VPN On Demand feature on macOS and iOS.
  Connect only on WiFi networks (instead of any network), with
  captive portal detection. This is the most common use case.
2022-10-30 15:45:11 -05:00
hwdsl2
cbd356ac1a Update docs 2022-10-29 14:21:25 -05:00
hwdsl2
117d76b309 Update docs
- Add instructions for Chrome OS (Chromebook) for IKEv2 mode
- Update instructions for Chrome OS for IPsec/L2TP mode
- Cleanup
2022-10-29 01:16:04 -05:00
hwdsl2
5943b2a041 Update docs 2022-10-28 22:13:05 -05:00
hwdsl2
4f8a19d337 Update OS check
- Add a check for Ubuntu 18.04 on architectures other than x86_64,
  which is not supported by the VPN scripts for Libreswan 4.9.
2022-10-24 18:50:51 -05:00
hwdsl2
19d4ea067f Update docs 2022-10-23 15:10:00 -05:00
hwdsl2
2bd37ccf66 Cleanup
- Save a redirect and make VPN setup slightly faster by using
  raw.githubusercontent.com directly instead of
  https://github.com/hwdsl2/setup-ipsec-vpn/raw/...
2022-10-23 14:05:57 -05:00
hwdsl2
5732125abf Update docs 2022-10-23 11:21:29 -05:00
hwdsl2
4174ffa3ef Improve VPN setup
- Improve download of VPN helper scripts during setup.
  Note: https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/...
  redirects to
  https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/...
  Use the latter directly so that Wget can reuse the same connection
  for all 3 helper scripts.
- For Ubuntu 18.04, improve download of NSS packages and add fallback URLs.
2022-10-22 23:55:06 -05:00
hwdsl2
780f815540 Improve VPN setup
- For Ubuntu 18.04, download NSS packages from GitHub for improved
  reliability.
- Check and skip installing NSS packages if already installed.
2022-10-21 23:37:47 -05:00
hwdsl2
1b5030b8da Update tests 2022-10-21 00:11:47 -05:00
hwdsl2
ed9eb5183c Update docs 2022-10-21 00:11:30 -05:00
hwdsl2
d1da04b1d4 New Libreswan version
- Support upgrading to Libreswan 4.9.
- Compilation of Libreswan 4.9 on Ubuntu 18.04 requires newer
  versions of NSS packages. They are installed in a similar way
  as apply_ubuntu1804_nss_fix in ikev2setup.sh.
  Ref: https://github.com/libreswan/libreswan/issues/892
2022-10-21 00:11:15 -05:00
hwdsl2
28d1f494f0 New Libreswan version
- Use new Libreswan version 4.9.
- Compilation of Libreswan 4.9 on Ubuntu 18.04 requires newer
  versions of NSS packages. They are installed in a similar way
  as apply_ubuntu1804_nss_fix in ikev2setup.sh.
  Ref: https://github.com/libreswan/libreswan/issues/892
2022-10-21 00:10:58 -05:00
hwdsl2
f82e65d871 Update docs 2022-10-20 01:02:29 -05:00
hwdsl2
fef608a91a Update IKEv2 script
- Cleanup
2022-10-19 00:31:52 -05:00
hwdsl2
2ce20e792c Update docs 2022-10-16 22:59:43 -05:00
hwdsl2
24bc89149a Update docs 2022-10-16 00:50:54 -05:00
hwdsl2
3dc675ba37 Add client validity option
- For IKEv2 mode, add a new variable VPN_CLIENT_VALIDITY for specifying
  the client certificate validity period (in months). Must be an integer
  between 1 and 120. Default value is 120. Users can define it as an
  environment variable when setting up IKEv2 in auto mode, or when
  adding a new IKEv2 client using "--addclient".
2022-10-16 00:45:45 -05:00
hwdsl2
0d4934c439 Update docs 2022-10-14 23:35:22 -05:00
hwdsl2
ad2883fa74 Update tests 2022-10-14 01:24:39 -05:00
hwdsl2
194d188313 Update docs 2022-10-14 00:36:09 -05:00
hwdsl2
e12ffa2222 Update docs 2022-10-10 08:54:52 -05:00
hwdsl2
ed359619bb Cleanup 2022-10-10 00:29:25 -05:00
hwdsl2
bd291e91a1 Cleanup 2022-10-07 00:19:00 -05:00
hwdsl2
3bf17a75db Improve interface check
- Install iproute (for the "ip" command) in the unlikely cases that
  both "route" and "ip" commands are unavailable.
2022-10-04 22:52:37 -05:00
hwdsl2
6e596825e2 Improve VPN ciphers
- Improve security by removing support for modp1536 (DH group 5),
  which is less secure and rarely used by VPN clients. To do this,
  we specify modp2048 on the "ike=" line in ipsec.conf.
2022-09-30 01:11:18 -05:00
hwdsl2
4b15a5d2f9 Update docs 2022-09-30 01:04:50 -05:00
hwdsl2
025387df91 Improve VPN ciphers
- Improve security by removing support for modp1024 (DH group 2),
  which is less secure and no longer enabled in Libreswan by default.
- The native VPN client on Android devices uses modp1024 for the
  IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. After this change,
  Android users should instead connect using IKEv2 mode (recommended).
2022-09-29 22:52:40 -05:00
hwdsl2
8ae26b832f Update docs 2022-09-25 14:33:51 -05:00
hwdsl2
c87dfdb0d8 Improve VPN setup
- When uninstalling the VPN, remove the two TCP BBR related lines
  from /etc/sysctl.conf, if they were added during VPN setup.
2022-09-25 10:43:15 -05:00
hwdsl2
28a7b595ec Update docs 2022-09-24 18:56:38 -05:00
hwdsl2
cc99e18123 Cleanup 2022-09-24 18:56:27 -05:00
hwdsl2
32faed40d5 Improve IP check
- Instead of finding the server's public IP, use the IP address
  on the default route if it is not a private IP. This makes VPN
  setup slightly faster by skipping IP detection.
- Add a fallback URL for finding the server's public IP.
- Cleanup
2022-09-24 00:58:16 -05:00
hwdsl2
6ba4618351 Update docs 2022-09-23 00:34:42 -05:00