1
0
mirror of synced 2024-11-25 22:36:04 +03:00
Commit Graph

159 Commits

Author SHA1 Message Date
hwdsl2
4174ffa3ef Improve VPN setup
- Improve download of VPN helper scripts during setup.
  Note: https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/...
  redirects to
  https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/...
  Use the latter directly so that Wget can reuse the same connection
  for all 3 helper scripts.
- For Ubuntu 18.04, improve download of NSS packages and add fallback URLs.
2022-10-22 23:55:06 -05:00
hwdsl2
780f815540 Improve VPN setup
- For Ubuntu 18.04, download NSS packages from GitHub for improved
  reliability.
- Check and skip installing NSS packages if already installed.
2022-10-21 23:37:47 -05:00
hwdsl2
fef608a91a Update IKEv2 script
- Cleanup
2022-10-19 00:31:52 -05:00
hwdsl2
3dc675ba37 Add client validity option
- For IKEv2 mode, add a new variable VPN_CLIENT_VALIDITY for specifying
  the client certificate validity period (in months). Must be an integer
  between 1 and 120. Default value is 120. Users can define it as an
  environment variable when setting up IKEv2 in auto mode, or when
  adding a new IKEv2 client using "--addclient".
2022-10-16 00:45:45 -05:00
hwdsl2
cc99e18123 Cleanup 2022-09-24 18:56:27 -05:00
hwdsl2
32faed40d5 Improve IP check
- Instead of finding the server's public IP, use the IP address
  on the default route if it is not a private IP. This makes VPN
  setup slightly faster by skipping IP detection.
- Add a fallback URL for finding the server's public IP.
- Cleanup
2022-09-24 00:58:16 -05:00
hwdsl2
8912e6ec8e Update IKEv2 script
- Cleanup
2022-09-11 00:17:26 -05:00
hwdsl2
098a6b4e5d Update IKEv2 script
- When revoking or deleting an existing client, remove previously
  generated client config files for the client.
- Cleanup
2022-09-09 23:03:07 -05:00
hwdsl2
6a872207f4 Update IKEv2 script
- Add a note about changing IKEv2 server address.
2022-08-11 00:02:42 -05:00
hwdsl2
4995ec03f5 Improve OS support
- Make the VPN setup scripts work on Kali Linux (based on Debian).
- Update IKEv2 helper script to check for OpenSSL 3 first when
  exporting the .p12 file.
2022-08-10 23:25:58 -05:00
hwdsl2
e2f211c678 Improve OS detection
- Improve OS detection and clean up
2022-08-10 22:41:55 -05:00
hwdsl2
1dbf897500 Cleanup
- Fix OS checking: Don't show errors for /etc/redhat-release.
- Fixes #1211.
2022-08-09 19:34:32 -05:00
hwdsl2
10d54262fb Add CentOS 9
- Add support for version 9 of CentOS Stream, RHEL, Rocky Linux
  and AlmaLinux.
2022-07-30 02:59:49 -05:00
hwdsl2
6b6ad1cbd8 Update IKEv2 script
- Add a check for OpenSSL 3 when creating client configuration.
2022-07-26 23:55:14 -05:00
hwdsl2
5efff22b1a Update IKEv2 script
- Update NSS workaround for Ubuntu 18.04 with new package versions
2022-07-09 22:29:35 -05:00
hwdsl2
39bdb36484 Update IKEv2 script
- Add Alpine Linux 3.16 and remove 3.14.
2022-06-19 22:17:13 -05:00
hwdsl2
001b363a07 Update IKEv2 script
- Disable MOBIKE when running on Synology NAS. MOBIKE is not supported
  on these systems and prevents IKEv2 from working if enabled.
  Ref: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/298
2022-06-18 01:27:17 -05:00
hwdsl2
8cf4cc3825 Update IKEv2 script
- Update workaround for newer NSS and openssl versions to include
  Debian testing in addition to Ubuntu 22.04.
  Ref: #1184
2022-06-18 01:20:49 -05:00
hwdsl2
d36c435c95 Improve IPsec config
- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
  keep the VPN connection open if the client's network is unstable.
2022-06-15 00:28:21 -05:00
hwdsl2
0e24f8b086 Cleanup 2022-06-09 13:44:16 -05:00
hwdsl2
41d37e808e Cleanup 2022-06-07 00:37:31 -05:00
hwdsl2
7b9813d562 Cleanup 2022-05-27 01:12:37 -05:00
hwdsl2
ffb22c4858 Cleanup 2022-05-23 22:08:30 -05:00
hwdsl2
dce25ada28 Update IKEv2 script
- Add a note about OpenVPN and WireGuard which can be optionally
  installed alongside IPsec VPN.
2022-05-23 08:22:53 -05:00
hwdsl2
1aa2d87e01 Update IKEv2 script
- Update NSS workaround for Ubuntu 18.04 with new package versions
2022-05-13 09:27:22 -05:00
hwdsl2
81d26c08fa Update IKEv2 script
- Add a check for IKEv2-only mode before removing IKEv2.
2022-05-08 02:59:28 -05:00
hwdsl2
c66ca577f3 Update links
- Update links due to git.io deprecation.
  Ref: https://github.blog/changelog/2022-04-25-git-io-deprecation/
2022-04-29 22:32:22 -05:00
hwdsl2
cc709766e9 Update links
- Update links due to git.io deprecation.
  Ref: https://github.blog/changelog/2022-04-25-git-io-deprecation/
2022-04-28 08:24:22 -05:00
hwdsl2
b2626dc921 Cleanup 2022-04-27 00:05:45 -05:00
hwdsl2
78517c43c9 Update IKEv2 script
- New: Delete an IKEv2 client certificate using the IKEv2 helper script.
- Cleanup
2022-04-06 22:49:20 -05:00
hwdsl2
37b2ba3559 Update IKEv2 script
- Show total when listing IKEv2 clients
- Cleanup
2022-04-05 23:38:43 -05:00
hwdsl2
629b39d3b3 Add Oracle Linux
- Add support for Oracle Linux 8 and 7.
2022-03-20 23:10:11 -05:00
hwdsl2
9e58aace48 Cleanup 2022-03-20 10:06:25 -05:00
hwdsl2
3a5d46653d Update IKEv2 script
- Add a workaround for Ubuntu 22.04 "password is incorrect" issue
  when importing IKEv2 client config files into iOS and macOS devices.
- Ubuntu 22.04 uses OpenSSL 3, which has a default "openssl pkcs12"
  encoding algorithm that is incompatible with iOS and macOS devices.
  Ref: https://developer.apple.com/forums/thread/697030?answerId=701291022#701291022
2022-03-20 02:49:09 -05:00
hwdsl2
d794fe0772 Cleanup 2022-03-20 00:14:25 -05:00
hwdsl2
742e43ffcd Cleanup 2022-03-18 21:52:20 -05:00
hwdsl2
e5703d8aaa Cleanup 2022-03-07 21:29:13 -06:00
hwdsl2
6850aa7f3b Update IKEv2 script
- Change the warning for parameter "--auto" to an error, in cases
  that IKEv2 is already set up on the server.
2022-03-02 21:46:15 -06:00
hwdsl2
f7c5ecf504 Update IKEv2 script
- Create a client config README file under certain circumstances,
  such as when setting up IKEv2 automatically and users might not
  see the script's output.
2022-02-25 23:25:34 -06:00
hwdsl2
32a55ec06a Update IKEv2 script
- Make IKEv2 client address pool customizable using VPN_XAUTH_POOL,
  similar to vpnsetup.sh. This is for advanced users only.
2022-02-25 21:17:09 -06:00
hwdsl2
88c86c0191 Update IKEv2 script
- Show the option to protect IKEv2 client config files only during
  IKEv2 setup, not when adding or exporting a client.
- Cleanup
2022-02-20 21:45:11 -06:00
hwdsl2
58e82552ae Update IKEv2 script
- Minor improvements and cleanup
2022-02-17 21:36:19 -06:00
hwdsl2
3d817c7fd4 Update IKEv2 script
- Cleanup
2022-02-15 21:17:47 -06:00
hwdsl2
4bc8fba344 Update IKEv2 script
- Display a note if no password is required when importing client
  config files.
- Advanced users can now define VPN_PROTECT_CONFIG=yes when setting up
  IKEv2, if they want to protect client config files with a password.
2022-02-15 21:15:08 -06:00
hwdsl2
f072e8312a Update IKEv2 script
- Cleanup
2022-02-14 23:45:13 -06:00
hwdsl2
7c0d08442e Update IKEv2 script
- Improve backward compatibility: Protect IKEv2 client config files
  using a password if one was previously generated.
- Ref: dbc3527
2022-02-14 03:46:06 -06:00
hwdsl2
f815d6810a Update IKEv2 script
- Minor improvement for IKEv2 config passwords
2022-02-12 16:16:46 -06:00
hwdsl2
fb85eae7ba Update IKEv2 script
- Add an option to protect IKEv2 client config files using a password,
  which users can select when customizing IKEv2 or client options
  Ref: dbc3527
- Change the default action to 'continue' when confirming IKEv2 setup
  options
- Other minor improvements
2022-02-12 12:12:51 -06:00
hwdsl2
dbc3527448 Simplify IKEv2 import
- Simplify IKEv2 configuration import: Remove passwords for IKEv2
  client config files. When importing, it is no longer required to
  enter a config file password.
- For macOS and iOS, .mobileconfig files require a password to work.
  The password is now included so there is no need to manually enter.
- Note: Client config files should be securely transferred from
  the VPN server to VPN client device(s) for import.
2022-02-12 01:21:12 -06:00
hwdsl2
d20f82e6f2 Update IKEv2 script
- Minor improvement to IKEv2 config password retrieval
2022-02-11 21:50:00 -06:00