mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 21:16:02 +03:00
Code Issues Projects Releases Wiki Activity
530 Commits 1 Branch 0 Tags 20 MiB
204904abf4
Commit Graph

61 Commits

Author SHA1 Message Date
hwdsl2
204904abf4 Update IKEv2 docs 2020-05-30 23:13:14 -05:00
hwdsl2
09c68fda01 Update docs 
- Add troubleshooting section for Android MTU/MSS issues
- Remove "Access VPN server's subnet". This seems to work fine using
  the default configuration, without additional IPTables rules
 2020-05-16 23:35:52 -05:00
hwdsl2
d44b09d577 Update docs 2020-05-11 23:23:38 -05:00
hwdsl2
ace41ebc29 Add IKEv2 script 
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
 2020-05-11 01:18:34 -05:00
hwdsl2
9e6b26b1b2 Update docs 2020-05-03 01:59:37 -05:00
hwdsl2
7076376aac Update IKEv2 docs 
- For users running Libreswan 3.31, the "Use RSA/PSS signatures" option
  needs to be enabled in the strongSwan Android VPN client.
- Ref: https://lists.libreswan.org/pipermail/swan/2020/003440.html
 2020-04-30 01:13:39 -05:00
hwdsl2
4b28ce5de9 Update IKEv2 docs 
- Update macOS and iOS IKEv2 instructions
 2019-11-10 19:32:29 -08:00
hwdsl2
0dfe0d3021 Update IKEv2 docs 
- Add new IKEv2 instructions for Android 10
  Ref: https://wiki.strongswan.org/issues/3196
- Change certificate validity period to 120 months
 2019-11-10 17:23:12 -08:00
hwdsl2
e61efe242e Update IKEv2 docs 
- Add a known issue (#543)
 2019-03-15 23:13:30 -05:00
hwdsl2
0679c66071 Update docs 2019-02-09 16:24:19 -06:00
hwdsl2
d153a90fc3 Update docs 
- Add a known issue to IKEv2 docs. Ref: #414
- Cleanup
 2019-02-05 00:24:32 -06:00
hwdsl2
ddaa0ee99c Improve DNS servers 
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
  only one or both alternative DNS servers
 2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e Improve VPN ciphers 
- Optimize order of VPN ciphers for performance
 2018-11-24 10:30:42 -06:00
hwdsl2
582f98d18c Update docs 2018-11-23 11:52:38 -06:00
hwdsl2
ed997dd190 Update docs 2018-11-16 13:05:29 -06:00
hwdsl2
4ee2814358 Update IKEv2 docs 2018-11-04 11:43:46 -06:00
hwdsl2
23458655ac Update IKEv2 docs 
- Add "pfs=no" to fix IKEv2 disconnect issues (at 8 mins) on iOS/macOS
- Replace "fragmentation" with "ike-frag" for compatibility
- Fixes #474
- Ref: https://github.com/libreswan/libreswan/issues/222
- Ref: http://www.openradar.appspot.com/29821241
 2018-11-04 00:59:01 -05:00
hwdsl2
f1c8c06af1 Improve VPN ciphers 
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
  improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
 2018-11-02 01:54:49 -05:00
hwdsl2
ce895e7116 Update IKEv2 docs 
- Change 'mobike' from 'yes' to 'no' by default, because it is not
  available on Ubuntu and can prevent the IKEv2 config from loading
 2018-11-02 01:30:11 -05:00
hwdsl2
e797493a17 Update IKEv2 docs 2018-10-30 00:00:08 -05:00
hwdsl2
732ad1e941 Improve VPN ciphers 
- Optimize VPN ciphers and their order for improved security and
  compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
 2018-10-27 00:53:19 -05:00
hwdsl2
2f9f5c39de Update IKEv2 docs 
- Add known issue about multiple IKEv2 clients from behind the same NAT
- Ref: #469
 2018-10-26 15:16:39 -05:00
hwdsl2
f05bf90dbc Update IKEv2 docs 
- Enable MOBIKE option for Libreswan 3.23 and newer
- Add AES-GCM cipher for improved performance
 2018-10-25 01:07:56 -05:00
hwdsl2
0442d25217 Update IKEv2 docs 2018-10-21 20:52:05 -05:00
hwdsl2
804211c101 Cleanup 2018-10-21 00:20:54 -05:00
hwdsl2
599eb1aa8a Update IKEv2 docs 
- Add IKEv2 instructions for OS X (macOS) clients
- Cleanup
 2018-10-16 20:29:07 -05:00
hwdsl2
9c529435cf Fix IKEv2 docs 
- Fixed an issue with address pool clashing by reverting to
  rightaddresspool=192.168.43.10-192.168.43.250
- Replaced "Example" with "IKEv2 VPN" for clarity
- Closes #465
 2018-10-14 23:53:06 -05:00
hwdsl2
26ef49b099 Update IKEv2 docs 
- Add instructions for iOS (iPhone/iPad). Thanks @zzuzjl for the
  suggestion!
- Change IKEv2 address pool to 192.168.43.150-192.168.43.250 to help
  avoid conflict with IPsec/XAuth
- Closes #453. Closes #461
- Cleanup
 2018-10-13 14:26:09 -05:00
hwdsl2
20f57975b3 Update docs 
- Add notes for the faster IPsec/XAuth and IKEv2 modes
- Cleanup
 2018-09-30 18:36:42 -05:00
hwdsl2
7d4ac79259 Update IKEv2 docs 
- Re-add Android instructions to IKEv2 docs because it is fixed in
  Libreswan 3.26
- Ref: 964b793 #307
- Cleanup
 2018-09-22 01:58:58 -05:00
hwdsl2
5d3f4eb7e6 Update docs 
- Update README and IKEv2 docs for Libreswan 3.26
 2018-09-21 23:56:16 -05:00
hwdsl2
7ce65083af Update IKEv2 docs 
- Skip the "random keystrokes" step when generating certificates
  (use /dev/urandom instead)
- Cleanup
 2018-09-06 00:22:31 -05:00
hwdsl2
89e105fcda Update docs 
- Closes #433
 2018-09-04 00:51:58 -05:00
hwdsl2
94ca6536c8 Update docs 
- Fix/Update links
- Add reg files for Windows Error 809 fix
- Move Linux client instructions
 2018-05-13 15:26:14 -05:00
hwdsl2
964b7934aa Update IKEv2 docs 
- Add rightid=%fromcert to ipsec.conf
- Remove strongSwan Android VPN client instructions due to issues (#307)
 2018-05-08 03:11:48 -05:00
hwdsl2
17ca2ee87f Update docs 2018-05-05 19:37:33 -05:00
hwdsl2
36208fa4ca Update docs 2018-02-17 10:05:34 -06:00
hwdsl2
43dbac6c3c Update docs 2018-02-11 00:37:00 -06:00
hwdsl2
bc0324f957 Improve IKEv2 docs 
- Make it clear how to use the VPN server's DNS name to connect
 2017-06-03 14:53:45 -05:00
hwdsl2
47a9015135 Improve VPN ciphers 
- Add 3des-sha2 to allowed VPN ciphers, and clean up
 2017-06-02 14:24:55 -05:00
hwdsl2
f58afbc84b Update VPN ciphers 
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
 2017-04-12 10:17:08 -05:00
hwdsl2
fec47196d6 Update docs 2017-03-19 22:10:49 -05:00
hwdsl2
03007079e6 Improve VPN IPs 
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
 2017-02-10 18:00:29 -06:00
hwdsl2
e6b9208eeb Update docs 2017-02-07 21:12:31 -06:00
hwdsl2
8c0940f63b Update docs 
- Improve IKEv2 docs. The strongSwan Android VPN client requires
  an "IP address" in the VPN server certificate's subjectAltName field
  in addition to "DNS name", when connecting using the server's IP.
  The certutil commands have been updated to add this field.
- Other improvements to docs
 2017-02-05 14:48:11 -06:00
hwdsl2
758f0e1418 Fix IKEv2 docs 
- Windows 8.x and 10 require the IKEv2 machine certificate to have
  "Client Auth" EKU in addition to "Server Auth". Otherwise it gives
  "Error 13806: IKE failed to find valid machine certificate..."
- The IKEv2 documentation has been updated to fix this issue
- Also, this Libreswan wiki page may need to be updated. @letoams
  https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
- Ref: #106. Thanks @evil-shrike!
 2017-01-26 17:15:43 -06:00
hwdsl2
63697214b4 Improve VPN ciphers 
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
 2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b Bugfix 
- Libreswan 3.19 removed MODP1024 from the ike= default list,
  which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101. Thanks @keijodputt!
 2017-01-18 20:10:43 -06:00
hwdsl2
5cbadb643b Update docs 
[ci skip]
 2017-01-18 16:31:42 -06:00
hwdsl2
c8bfb7c741 Update docs 
[ci skip]
 2017-01-18 01:50:43 -06:00