1
0
mirror of synced 2024-11-22 13:06:02 +03:00
Commit Graph

266 Commits

Author SHA1 Message Date
hwdsl2
d36c435c95 Improve IPsec config
- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
  keep the VPN connection open if the client's network is unstable.
2022-06-15 00:28:21 -05:00
hwdsl2
0e24f8b086 Cleanup 2022-06-09 13:44:16 -05:00
hwdsl2
593f726c80 Cleanup 2022-06-07 22:48:40 -05:00
hwdsl2
41d37e808e Cleanup 2022-06-07 00:37:31 -05:00
hwdsl2
6e6d01dcf7 Improve IPTables rules
- Improve IPTables rules for IPsec VPN setup on systems such as CentOS 8.
  Do not add a DROP rule to the IPTables FORWARD chain if firewalld is
  active, so that existing firewalld FORWARD rules can continue to work.
2022-06-05 00:02:22 -05:00
hwdsl2
7b9813d562 Cleanup 2022-05-27 01:12:37 -05:00
hwdsl2
5f1f444a8f New Libreswan version
- Use new Libreswan version 4.7.
  Ref: https://lists.libreswan.org/pipermail/swan-announce/2022/000047.html
2022-05-25 23:57:30 -05:00
hwdsl2
c2a01e966c Cleanup 2022-05-22 00:36:47 -05:00
hwdsl2
a0f2345c3b Improve subnet check
- Improve check for custom VPN subnets.
  Ref: 95d9fc4
2022-05-16 21:43:56 -05:00
hwdsl2
857c6b9bea Add LXC check 2022-05-10 09:02:46 -05:00
hwdsl2
95d9fc4e03 Add subnet check
- Add a check for custom VPN subnets. Those can only be specified
  during initial VPN install.
  Ref: 1834b79
2022-05-10 08:47:59 -05:00
hwdsl2
c66ca577f3 Update links
- Update links due to git.io deprecation.
  Ref: https://github.blog/changelog/2022-04-25-git-io-deprecation/
2022-04-29 22:32:22 -05:00
hwdsl2
b2626dc921 Cleanup 2022-04-27 00:05:45 -05:00
hwdsl2
24ce5bedd8 Cleanup 2022-04-23 00:30:26 -05:00
hwdsl2
9458735d2c Improve Libreswan check 2022-04-23 00:07:46 -05:00
hwdsl2
a1ab13d9a9 Improve VPN setup
- Add fallback URLs for improved reliability
2022-04-11 22:36:43 -05:00
hwdsl2
629b39d3b3 Add Oracle Linux
- Add support for Oracle Linux 8 and 7.
2022-03-20 23:10:11 -05:00
hwdsl2
742e43ffcd Cleanup 2022-03-18 21:52:20 -05:00
hwdsl2
d182d9651a Improve VPN setup
- Download the add/delete VPN user helper scripts during setup,
  so users can use them directly without manual download.
2022-03-13 15:03:28 -05:00
hwdsl2
beb756f1f2 Remove CentOS 8
- Remove support for CentOS Linux 8, which is EOL.
  Ref: https://www.centos.org/centos-linux-eol/
2022-03-08 21:39:19 -06:00
hwdsl2
46a83e4f9f Cleanup 2022-03-08 21:17:16 -06:00
hwdsl2
e5703d8aaa Cleanup 2022-03-07 21:29:13 -06:00
hwdsl2
40859c5f7f Improve VPN setup
- Display a message if IKEv2 is already set up on the VPN server.
2022-03-06 22:41:29 -06:00
hwdsl2
b6c54c316f Improve VPN setup
- Skip Libreswan install if it has already been installed recently.
2022-03-06 22:36:20 -06:00
hwdsl2
6f4080bab4 Improve VPN setup
- Refactor VPN scripts to move IKEv2 setup inside vpnsetup_*.sh
2022-03-03 22:05:09 -06:00
hwdsl2
79a344ec46 Cleanup 2022-02-24 09:18:39 -06:00
hwdsl2
a4e452e9df Cleanup 2022-02-23 00:08:45 -06:00
hwdsl2
06c5e27080 Fix for GCP MTU size
- This fix is specifically for Google Cloud Platform (GCP) VMs.
  The default MTU size on GCP, 1460 bytes, could cause network issues
  such as "cannot open websites" with IKEv2 VPN clients.
  This issue was brought up multiple times in this repo, e.g. #1000.
- The fix changes the MTU to 1500 (the default that is widely used),
  and updates dhclient.conf so that it is not reverted to 1460 by DHCP.
- Refs: https://cloud.google.com/vpc/docs/vpc#mtu
        https://cloud.google.com/compute/docs/instances/detect-compute-engine
        https://linuxhint.com/how-to-change-mtu-size-in-linux/
        https://git.io/ikev2#cannot-open-websites-after-connecting-to-ikev2
2022-02-23 00:07:33 -06:00
hwdsl2
86d4f2f93c Improve VPN setup
- Retry certain 'apt-get' and 'yum' commands on failure
2022-02-08 23:24:46 -06:00
hwdsl2
2bb938416c Cleanup 2022-01-29 12:35:51 -06:00
hwdsl2
c04d056be6 Cleanup 2022-01-29 01:28:56 -06:00
hwdsl2
5b1377dcf3 Cleanup 2022-01-22 21:34:53 -06:00
hwdsl2
9022caf9f4 Improve VPN setup
- Retrieve latest supported Libreswan version before install
- Cleanup
2022-01-22 21:31:55 -06:00
hwdsl2
2ffad259af New Libreswan version
- Use new Libreswan version 4.6.
- Libreswan 4.6 contains a fix for CVE-2022-23094. See the following
  links for more information.
  https://lists.libreswan.org/pipermail/swan-announce/2022/000046.html
  https://libreswan.org/security/
2022-01-11 22:20:57 -06:00
hwdsl2
c25baaf9a9 Cleanup 2022-01-04 23:01:14 -06:00
hwdsl2
c78b398057 Update year 2022-01-02 00:09:03 -06:00
hwdsl2
a47ced7899 Cleanup 2021-09-19 21:51:14 -05:00
hwdsl2
e2a9c4a0c3 Cleanup 2021-09-11 10:07:33 -05:00
hwdsl2
263ffe97cc Cleanup 2021-09-07 09:02:22 -05:00
hwdsl2
df6c02bf95 Improve Libreswan install
- Skip downloading and installing Libreswan if the same version
  is already installed.
2021-08-29 15:12:17 -05:00
hwdsl2
da7697a5b0 Cleanup
- Update scripts to use bash instead of sh
- Update docs
2021-08-27 23:35:31 -05:00
hwdsl2
c2236b6e34 New Libreswan version
- Use new Libreswan version 4.5
2021-08-22 11:50:14 -05:00
hwdsl2
9336c1c2c2 Improve VPN setup
- Refactor VPN setup scripts into functions
- Cleanup
2021-08-19 02:01:34 -05:00
hwdsl2
8e570129b2 Cleanup 2021-08-14 00:26:27 -05:00
hwdsl2
779a86f933 Cleanup 2021-08-13 02:11:31 -05:00
hwdsl2
2e17ef68ce Update OS detection 2021-07-27 00:59:15 -05:00
hwdsl2
a0409b4399 Cleanup
- In rare cases, if a parent process traps SIGPIPE, the 'tr'
  command in the VPN setup scripts could output an error
  'tr: write error: Broken pipe'. This is a cosmetic error
  that does NOT affect the functionality of the scripts. This
  commit hides the error in such cases.
2021-07-21 23:12:06 -05:00
hwdsl2
61025818bb Optimize binary size
- Use the gcc "-s" option when compiling Libreswan. This reduces
  binary size by ~80%.
2021-07-10 01:57:11 -05:00
hwdsl2
02b6d05c82 Update IPTables rules
- Allow traffic from IKEv2 and IPsec/XAuth ("Cisco IPsec") clients to
  IPsec/L2TP clients. Ref: #983
- Cleanup
- Update docs
2021-06-20 15:02:33 -05:00
hwdsl2
de2d49d3a6 Improve IKEv2 setup
- Add a link to /usr/bin for the IKEv2 helper script
2021-05-24 01:14:32 -05:00