hwdsl2
35c23f1144
Improve upgrade scripts
...
- Make specifying Libreswan version optional. Retrieve and install
the latest supported version by default.
- Other minor improvements
2022-01-29 12:34:10 -06:00
hwdsl2
e16151f183
Improve upgrade scripts
...
- Cleanup
2022-01-29 01:47:45 -06:00
hwdsl2
c2d7eef27c
Update IKEv2 script
...
- Cleanup
2022-01-29 01:30:21 -06:00
hwdsl2
0f27ebbfad
Update IKEv2 script
...
- Update Libreswan version check
- Cleanup
2022-01-23 00:05:44 -06:00
hwdsl2
c56ebe9cfe
Improve upgrade scripts
...
- Make specifying Libreswan version optional in vpnupgrade.sh.
Install the latest supported version by default.
- Remove Libreswan version check
2022-01-22 22:30:39 -06:00
hwdsl2
5b1377dcf3
Cleanup
2022-01-22 21:34:53 -06:00
hwdsl2
6393470f46
Cleanup
2022-01-15 23:41:00 -06:00
hwdsl2
62723fe0c6
Update IKEv2 script
...
- When upgrading Libreswan using vpnupgrade.sh, also update the
IKEv2 helper script to the latest version.
2022-01-13 23:47:27 -06:00
hwdsl2
18b830c998
New Libreswan version
...
- Support updating to Libreswan 4.6
2022-01-11 22:47:18 -06:00
hwdsl2
4403c9c241
Update Alpine scripts
...
- Install nss, nss-tools and nss-dev from 3.14/3.15 repository.
It is not necessary to install from edge because the latest
3.14/3.15 nss related packages are already patched to fix
CVE-2021-43527.
Ref: https://git.alpinelinux.org/aports/tree/community/nss?h=3.15-stable
https://git.alpinelinux.org/aports/tree/community/nss?h=3.14-stable
603b198
2022-01-05 19:33:08 -06:00
hwdsl2
34ba47e79b
Update VPN user scripts
...
- Sort VPN usernames when listing users
- Cleanup
2022-01-04 23:11:05 -06:00
hwdsl2
abbf19f296
Update IKEv2 script
...
- Sort IKEv2 client names when listing existing clients
- Cleanup
2022-01-04 23:10:28 -06:00
hwdsl2
c25baaf9a9
Cleanup
2022-01-04 23:01:14 -06:00
hwdsl2
3c22bbbeb6
Update IKEv2 script
...
- Fix IKEv2 "password is incorrect" issue when using Ubuntu 21.10
Fixes #1073 . Ref: #1048 .
- Note: Ubuntu 21.10 is NOT a supported OS for the VPN setup scripts.
Please use e.g. Ubuntu 20.04 instead.
Ref: https://github.com/hwdsl2/setup-ipsec-vpn#requirements
2022-01-02 21:52:47 -06:00
hwdsl2
c0a81ceb5b
Add IKEv2-only mode script
...
- New: Helper script to enable or disable IKEv2-only mode
2022-01-02 01:01:02 -06:00
hwdsl2
c78b398057
Update year
2022-01-02 00:09:03 -06:00
hwdsl2
8f55500f0f
Improve VPN user scripts
...
- Improve helper scripts for managing VPN users.
- Support running add_vpn_user.sh and del_vpn_user.sh interactively
without arguments.
2021-12-30 15:47:49 -06:00
hwdsl2
603b198613
Add Alpine 3.15
...
- Add support for Alpine Linux 3.15
- Install nss, nss-tools and nss-dev packages from edge for CVE-2021-43527
Ref: https://lists.libreswan.org/pipermail/swan-announce/2021/000044.html
2021-12-29 23:12:24 -06:00
hwdsl2
a323b13512
Update IKEv2 script
...
- Update Ubuntu 18.04 NSS fix with newer package versions.
Ref: https://ubuntu.com/security/CVE-2021-43527
2021-12-29 20:28:15 -06:00
hwdsl2
bbdb9b13f9
Update IKEv2 script
...
- Add Alpine Linux 3.15
2021-12-29 18:48:47 -06:00
hwdsl2
bc312e0736
Update IKEv2 script
...
- Show client certificate statuses when listing IKEv2 clients
- Fixes #1038
2021-11-07 00:13:42 -05:00
hwdsl2
dccfa65a08
Update IKEv2 script
...
- Minor fix
2021-10-10 14:30:34 -05:00
hwdsl2
b129339927
Cleanup
2021-09-22 00:04:58 -05:00
hwdsl2
7b6d982875
Improve VPN setup
...
- Remove IKEv2 script when uninstalling
2021-09-22 00:03:20 -05:00
hwdsl2
a47ced7899
Cleanup
2021-09-19 21:51:14 -05:00
hwdsl2
4a8e24a61c
Cleanup
2021-09-18 14:58:06 -05:00
hwdsl2
c8db38f12b
Add container check
...
- Add check for LXC containers. Ref: #1014
2021-09-18 00:53:15 -05:00
hwdsl2
819c537b5e
Improve /dev/ppp check
...
- Show a warning instead of exiting with an error for missing /dev/ppp,
which could happen on Debian 11/10 with certain Linux kernels. Users
can use the IKEv2 or IPsec/XAuth ("Cisco IPsec") mode to connect.
Ref: https://git.io/vpndebian10
2021-09-17 23:47:09 -05:00
hwdsl2
f14d903b97
Bugfix for Alpine Linux
...
- Install coreutils on Alpine Linux for "mktemp"
2021-09-14 00:49:13 -05:00
hwdsl2
1f9939b8cc
Update IKEv2 script
...
- Install uuidgen on Alpine Linux
2021-09-14 00:24:27 -05:00
hwdsl2
ca411d90cd
Cleanup
2021-09-11 22:26:55 -05:00
hwdsl2
3c557c7f22
Add Alpine Linux
2021-09-11 15:00:29 -05:00
hwdsl2
e2a9c4a0c3
Cleanup
2021-09-11 10:07:33 -05:00
hwdsl2
5f9a6fa8ce
Improve VPN setup
...
- Update uninstall script: For CentOS/RHEL 8, try to automatically
restore nftables rules to the version before VPN setup.
- Cleanup
2021-09-09 00:14:26 -05:00
hwdsl2
263ffe97cc
Cleanup
2021-09-07 09:02:22 -05:00
hwdsl2
c91270a18c
Improve VPN setup
...
- Add uninstall script
2021-09-07 02:55:37 -05:00
hwdsl2
217bf2a237
Cleanup
...
- Improve temporary folder creation
2021-08-28 16:07:52 -05:00
hwdsl2
da7697a5b0
Cleanup
...
- Update scripts to use bash instead of sh
- Update docs
2021-08-27 23:35:31 -05:00
hwdsl2
0e8e6a020c
New Libreswan version
...
- Support updating to Libreswan 4.5
2021-08-22 11:49:35 -05:00
hwdsl2
edd124ed9c
Update IKEv2 script
...
- Set display name under server description in iOS VPN settings
to "IKEv2 VPN"
- Ref: #995 . Thanks @Mattz-P!
2021-08-22 10:55:57 -05:00
hwdsl2
52216d8f59
Improve update scripts
...
- Refactor VPN update scripts into functions
- Cleanup
2021-08-22 00:43:14 -05:00
hwdsl2
665349336d
Update IKEv2 script
...
- Cleanup
2021-08-22 00:42:21 -05:00
hwdsl2
fc33e1c451
Cleanup
2021-08-19 01:40:38 -05:00
hwdsl2
87235014ad
Add Debian 11
2021-08-15 00:46:25 -05:00
hwdsl2
8e570129b2
Cleanup
2021-08-14 00:26:27 -05:00
hwdsl2
70873348b9
Add update script
...
- Add a new wrapper script for updating Libreswan on all supported OS.
The previous vpnupgrade.sh has been moved to vpnupgrade_ubuntu.sh.
2021-08-14 00:23:14 -05:00
hwdsl2
cd40f1e2b7
Rename update script
2021-08-13 22:59:41 -05:00
hwdsl2
cfd9128e3f
Improve VPN setup
...
- Wait for apt to be available
- Check for Wget and install it if not found
- Fallback to cURL if Wget fails
- Cleanup
2021-08-13 22:15:11 -05:00
hwdsl2
779a86f933
Cleanup
2021-08-13 02:11:31 -05:00
hwdsl2
21dc90e656
Update IKEv2 script
...
- Cleanup
2021-08-11 00:03:25 -05:00
hwdsl2
c8b5bb87f0
Update interface check
...
- Update network interface check in quickstart.sh so that it is
consistent with vpnsetup.sh.
2021-08-10 23:09:48 -05:00
hwdsl2
50053e3be7
Add quick start script
2021-08-10 02:57:18 -05:00
hwdsl2
6daacff466
Cleanup
2021-08-07 16:12:26 -05:00
hwdsl2
ab50fa7264
Update IKEv2 script
...
- Minor improvements to client name input prompts. Abort and exit
if the user presses Enter without specifying a client name.
- Cleanup
2021-07-31 23:36:43 -05:00
hwdsl2
c928068a20
Update IKEv2 script
...
- Cleanup
2021-07-31 15:31:13 -05:00
hwdsl2
2c3f4e20a5
Update IKEv2 script
...
- Cleanup
2021-07-30 08:47:10 -05:00
hwdsl2
2e17ef68ce
Update OS detection
2021-07-27 00:59:15 -05:00
hwdsl2
8d26e0b6c9
Update IKEv2 script
...
- Improve checking for MOBIKE support. Linux kernels on QNAP systems
do not support MOBIKE.
Ref: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/247
- Switch to use /etc/ipsec.d/.vpnconfig to store generated password
for IKEv2 client config files, instead of vpnclient.p12.password.
Migrate to use .vpnconfig if the older config file is found.
Ref: 45ee41d
2021-07-25 20:55:40 -05:00
hwdsl2
45ee41d930
Update IKEv2 script
...
- Improve IKEv2 setup: Save generated password for IKEv2 client
configuration files to vpnclient.p12.password, so that it can
be re-used for later runs of the helper script. Previously,
a different password is generated each time the script is run.
2021-07-24 15:58:48 -05:00
hwdsl2
855a285cff
Update IKEv2 script
...
- Cleanup
2021-07-23 00:22:51 -05:00
hwdsl2
a0409b4399
Cleanup
...
- In rare cases, if a parent process traps SIGPIPE, the 'tr'
command in the VPN setup scripts could output an error
'tr: write error: Broken pipe'. This is a cosmetic error
that does NOT affect the functionality of the scripts. This
commit hides the error in such cases.
2021-07-21 23:12:06 -05:00
hwdsl2
7afbca94a5
Cleanup
2021-07-17 00:52:04 -05:00
hwdsl2
5d43404beb
Update IKEv2 script
...
- Simplify IKEv2 setup: Use an auto-generated password to protect
client configuration files. Remove the steps for user input.
- Cleanup
2021-07-13 22:09:25 -05:00
hwdsl2
a90caf428b
Update IKEv2 script
...
- Add support for Alpine Linux in a Docker container. See:
https://github.com/hwdsl2/docker-ipsec-vpn-server
2021-07-12 23:41:33 -05:00
hwdsl2
61025818bb
Optimize binary size
...
- Use the gcc "-s" option when compiling Libreswan. This reduces
binary size by ~80%.
2021-07-10 01:57:11 -05:00
hwdsl2
64eb0e1f49
Cleanup
2021-06-09 00:42:28 -05:00
hwdsl2
811ce6a9aa
Update IKEv2 script
...
- Check certificate status when exporting a client configuration
using --exportclient
2021-06-01 23:35:19 -05:00
hwdsl2
ea52ab4683
Update IKEv2 script
...
- New: Revoke a client certificate using the helper script. Users can
also manually revoke a client certificate, see https://git.io/ikev2
- Check for certificate validity when exporting client configurations
- Delete CRL from IPsec database when removing IKEv2
- Cleanup
2021-06-01 02:30:51 -05:00
hwdsl2
3014143e15
Update IKEv2 script
...
- Advanced users can specify the server's IP address using variable
VPN_PUBLIC_IP instead of auto-detect
2021-05-11 09:59:29 -05:00
hwdsl2
ee409250d8
Improve IKEv2 setup
...
- Increase RSA key size from the default 2048 bits to 3072 bits
- Use fixed delay between certutil calls, a random delay is not needed
- Update docs
2021-05-01 14:46:12 -05:00
hwdsl2
e850fca9c3
Update IKEv2 script
...
- Remove MODP1024 from IKEv2 ciphers for improved security. Windows users
will need to make a one-time registry change before connecting for the
first time. Refer to https://git.io/ikev2 .
2021-04-24 22:34:48 -05:00
hwdsl2
ac0bde54bb
New Libreswan version
...
- Use new Libreswan version 4.4
- Support updating to Libreswan 4.4
- Other small improvements and cleanup
2021-04-24 16:15:05 -05:00
hwdsl2
d90c6121b6
Improve OS detection
2021-04-20 00:09:00 -05:00
hwdsl2
10f09bbab6
Cleanup
2021-04-18 14:27:52 -05:00
hwdsl2
f35ea9ed0d
Update IKEv2 script
...
- Improve output for auto mode when custom options are specified
2021-04-11 13:53:38 -05:00
hwdsl2
5076f9ec03
Update IKEv2 script
...
- Add an option to specify the name of the first IKEv2 client when
running the script in auto mode. The default is "vpnclient".
- Cleanup
2021-04-10 16:24:49 -05:00
hwdsl2
804856064b
Minor fix and cleanup
...
- Minor fix for CentOS 8 for the uncommon scenario where the server has
"nftables" service enabled
- Cleanup
2021-04-01 23:06:36 -05:00
hwdsl2
7ac343db4d
Update IKEv2 script
...
- Improve output
2021-03-30 23:47:59 -05:00
hwdsl2
e6c2cbcd96
Update IKEv2 script
2021-03-28 23:39:04 -05:00
hwdsl2
cd3a0c1bed
Update IKEv2 script
...
- Remove support for Libreswan 3.22 and older in the IKEv2 script. Users
should update to a newer version before setting up IKEv2.
- Cleanup
2021-03-19 23:58:06 -05:00
hwdsl2
eb8daa3a40
Update helper scripts
...
- Cleanup and minor improvements to the helper scripts for managing
VPN users
2021-03-12 00:07:48 -06:00
hwdsl2
35c85526b6
Update IKEv2 script
...
- Minor improvement to client config message
2021-03-08 23:23:00 -06:00
hwdsl2
d54b2ac57a
Cleanup
2021-03-07 23:38:38 -06:00
hwdsl2
8fa3bfac80
Cleanup
2021-03-07 00:12:46 -06:00
hwdsl2
1abcd704be
Update IKEv2 config
...
- Use the AES_GCM128 cipher for improved performance
Ref: https://libreswan.org/wiki/Benchmarking_and_Performance_testing
- Update docs
2021-03-06 14:07:07 -06:00
hwdsl2
11f8502e3a
Improve IKEv2 setup
...
- Use default key size (2048 bits) when generating key pairs using
certutil. This significantly reduces IKEv2 setup time on servers
with less powerful CPUs, such as Raspberry Pis, while still providing
sufficient security.
- Update docs
2021-03-05 21:33:41 -06:00
hwdsl2
2e7b3f1bf4
Update IKEv2 script
...
- Make it easier for users to update Libreswan when the script is not
running in auto mode
2021-02-26 00:42:02 -06:00
hwdsl2
1972501725
New Libreswan version
...
- Use new Libreswan version 4.3
- Support updating to Libreswan 4.3
- Other small improvements
- Update tests
2021-02-21 23:54:37 -06:00
hwdsl2
70e8acc0e7
Update IKEv2 script
...
- Cleanup
2021-02-18 00:43:55 -06:00
hwdsl2
52151ffdfe
Cleanup
2021-02-14 01:20:17 -06:00
hwdsl2
4deb437562
Fix permissions
...
- Set the executable bit for .sh files. Ref: #910 . Thanks @reuixiy!
2021-02-13 14:40:48 -06:00
hwdsl2
7982ddf763
Update IKEv2 script
...
- Minor fix: When used inside a Docker container, do not restart the
IPsec service if it is not currently running.
2021-02-12 01:08:49 -06:00
hwdsl2
256b7e5063
Update IKEv2 script
...
- Add variables VPN_DNS_SRV1 and VPN_DNS_SRV2, for specifying custom DNS
servers when running the IKEv2 script in auto mode. Example:
VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 bash ikev2.sh --auto
2021-02-10 01:19:17 -06:00
hwdsl2
c83148245b
Update IKEv2 script
...
- Add a variable VPN_DNS_NAME, which can be defined when running the
IKEv2 script in auto mode, to set up IKEv2 using a DNS name instead
of an IP address for the VPN server. The DNS name must be a fully
qualified domain name (FQDN). Example:
VPN_DNS_NAME=vpn.example.com bash ikev2.sh --auto
- Minor cleanup
2021-02-09 22:32:26 -06:00
hwdsl2
5779b2e6c8
Improve output
...
- Improve output for the VPN setup and upgrade scripts. The outputs
of the scripts are now significantly reduced and only include the
most useful information for users.
- Other minor cleanup
2021-02-05 21:49:35 -06:00
hwdsl2
89eaacc0b8
Update IKEv2 script
...
- Improve output and clean up
2021-02-04 23:41:48 -06:00
hwdsl2
1808095bb7
New Libreswan version
...
- Use new Libreswan version 4.2
- Support updating to Libreswan 4.2 from older versions. The upgrade
scripts can now install one of these versions: 3.32, 4.1 or 4.2.
- Other small improvements
- Update tests
2021-02-04 01:47:04 -06:00
hwdsl2
5510e1f9d2
Update IKEv2 script
...
- Remove date/time suffix from client config file names
2021-02-03 21:35:56 -06:00
hwdsl2
4d1af3afcb
Update IKEv2 script
...
- Add an option to list the names of existing IKEv2 clients
2021-02-01 22:38:42 -06:00
hwdsl2
954b2acb7c
Fix for IKEv2
...
- Fix an issue where multiple IKEv2 clients behind the same NAT cannot
connect simultaneously to the VPN server. Note that before this fix,
this issue only occurs when using an IP address (instead of a DNS name)
for IKEv2 for the VPN server.
- This issue is found to be related to Libreswan's matching of local IDs
when checking connections. A local ID with '@' prefix has type ID_FQDN,
which does not match the ID_IPV4_ADDR type that the peer expects. This
prevents connection switching from working correctly for the scenario
above. Removing the prefix fixed the issue.
- Fixes #924
2021-02-01 21:42:31 -06:00