hwdsl2
ace41ebc29
Add IKEv2 script
...
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
2020-05-11 01:18:34 -05:00
hwdsl2
9e6b26b1b2
Update docs
2020-05-03 01:59:37 -05:00
hwdsl2
7076376aac
Update IKEv2 docs
...
- For users running Libreswan 3.31, the "Use RSA/PSS signatures" option
needs to be enabled in the strongSwan Android VPN client.
- Ref: https://lists.libreswan.org/pipermail/swan/2020/003440.html
2020-04-30 01:13:39 -05:00
hwdsl2
4b28ce5de9
Update IKEv2 docs
...
- Update macOS and iOS IKEv2 instructions
2019-11-10 19:32:29 -08:00
hwdsl2
0dfe0d3021
Update IKEv2 docs
...
- Add new IKEv2 instructions for Android 10
Ref: https://wiki.strongswan.org/issues/3196
- Change certificate validity period to 120 months
2019-11-10 17:23:12 -08:00
hwdsl2
e61efe242e
Update IKEv2 docs
...
- Add a known issue (#543 )
2019-03-15 23:13:30 -05:00
hwdsl2
0679c66071
Update docs
2019-02-09 16:24:19 -06:00
hwdsl2
d153a90fc3
Update docs
...
- Add a known issue to IKEv2 docs. Ref: #414
- Cleanup
2019-02-05 00:24:32 -06:00
hwdsl2
ddaa0ee99c
Improve DNS servers
...
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
only one or both alternative DNS servers
2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e
Improve VPN ciphers
...
- Optimize order of VPN ciphers for performance
2018-11-24 10:30:42 -06:00
hwdsl2
582f98d18c
Update docs
2018-11-23 11:52:38 -06:00
hwdsl2
ed997dd190
Update docs
2018-11-16 13:05:29 -06:00
hwdsl2
4ee2814358
Update IKEv2 docs
2018-11-04 11:43:46 -06:00
hwdsl2
23458655ac
Update IKEv2 docs
...
- Add "pfs=no" to fix IKEv2 disconnect issues (at 8 mins) on iOS/macOS
- Replace "fragmentation" with "ike-frag" for compatibility
- Fixes #474
- Ref: https://github.com/libreswan/libreswan/issues/222
- Ref: http://www.openradar.appspot.com/29821241
2018-11-04 00:59:01 -05:00
hwdsl2
f1c8c06af1
Improve VPN ciphers
...
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
2018-11-02 01:54:49 -05:00
hwdsl2
ce895e7116
Update IKEv2 docs
...
- Change 'mobike' from 'yes' to 'no' by default, because it is not
available on Ubuntu and can prevent the IKEv2 config from loading
2018-11-02 01:30:11 -05:00
hwdsl2
e797493a17
Update IKEv2 docs
2018-10-30 00:00:08 -05:00
hwdsl2
732ad1e941
Improve VPN ciphers
...
- Optimize VPN ciphers and their order for improved security and
compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
2018-10-27 00:53:19 -05:00
hwdsl2
2f9f5c39de
Update IKEv2 docs
...
- Add known issue about multiple IKEv2 clients from behind the same NAT
- Ref: #469
2018-10-26 15:16:39 -05:00
hwdsl2
f05bf90dbc
Update IKEv2 docs
...
- Enable MOBIKE option for Libreswan 3.23 and newer
- Add AES-GCM cipher for improved performance
2018-10-25 01:07:56 -05:00
hwdsl2
0442d25217
Update IKEv2 docs
2018-10-21 20:52:05 -05:00
hwdsl2
804211c101
Cleanup
2018-10-21 00:20:54 -05:00
hwdsl2
599eb1aa8a
Update IKEv2 docs
...
- Add IKEv2 instructions for OS X (macOS) clients
- Cleanup
2018-10-16 20:29:07 -05:00
hwdsl2
9c529435cf
Fix IKEv2 docs
...
- Fixed an issue with address pool clashing by reverting to
rightaddresspool=192.168.43.10-192.168.43.250
- Replaced "Example" with "IKEv2 VPN" for clarity
- Closes #465
2018-10-14 23:53:06 -05:00
hwdsl2
26ef49b099
Update IKEv2 docs
...
- Add instructions for iOS (iPhone/iPad). Thanks @zzuzjl for the
suggestion!
- Change IKEv2 address pool to 192.168.43.150-192.168.43.250 to help
avoid conflict with IPsec/XAuth
- Closes #453 . Closes #461
- Cleanup
2018-10-13 14:26:09 -05:00
hwdsl2
20f57975b3
Update docs
...
- Add notes for the faster IPsec/XAuth and IKEv2 modes
- Cleanup
2018-09-30 18:36:42 -05:00
hwdsl2
7d4ac79259
Update IKEv2 docs
...
- Re-add Android instructions to IKEv2 docs because it is fixed in
Libreswan 3.26
- Ref: 964b793
#307
- Cleanup
2018-09-22 01:58:58 -05:00
hwdsl2
5d3f4eb7e6
Update docs
...
- Update README and IKEv2 docs for Libreswan 3.26
2018-09-21 23:56:16 -05:00
hwdsl2
7ce65083af
Update IKEv2 docs
...
- Skip the "random keystrokes" step when generating certificates
(use /dev/urandom instead)
- Cleanup
2018-09-06 00:22:31 -05:00
hwdsl2
89e105fcda
Update docs
...
- Closes #433
2018-09-04 00:51:58 -05:00
hwdsl2
94ca6536c8
Update docs
...
- Fix/Update links
- Add reg files for Windows Error 809 fix
- Move Linux client instructions
2018-05-13 15:26:14 -05:00
hwdsl2
964b7934aa
Update IKEv2 docs
...
- Add rightid=%fromcert to ipsec.conf
- Remove strongSwan Android VPN client instructions due to issues (#307 )
2018-05-08 03:11:48 -05:00
hwdsl2
17ca2ee87f
Update docs
2018-05-05 19:37:33 -05:00
hwdsl2
36208fa4ca
Update docs
2018-02-17 10:05:34 -06:00
hwdsl2
43dbac6c3c
Update docs
2018-02-11 00:37:00 -06:00
hwdsl2
bc0324f957
Improve IKEv2 docs
...
- Make it clear how to use the VPN server's DNS name to connect
2017-06-03 14:53:45 -05:00
hwdsl2
47a9015135
Improve VPN ciphers
...
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
hwdsl2
f58afbc84b
Update VPN ciphers
...
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
fec47196d6
Update docs
2017-03-19 22:10:49 -05:00
hwdsl2
03007079e6
Improve VPN IPs
...
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
e6b9208eeb
Update docs
2017-02-07 21:12:31 -06:00
hwdsl2
8c0940f63b
Update docs
...
- Improve IKEv2 docs. The strongSwan Android VPN client requires
an "IP address" in the VPN server certificate's subjectAltName field
in addition to "DNS name", when connecting using the server's IP.
The certutil commands have been updated to add this field.
- Other improvements to docs
2017-02-05 14:48:11 -06:00
hwdsl2
c8d8730fd0
Minor fix
...
[ci skip]
2017-01-26 17:42:13 -06:00
hwdsl2
758f0e1418
Fix IKEv2 docs
...
- Windows 8.x and 10 require the IKEv2 machine certificate to have
"Client Auth" EKU in addition to "Server Auth". Otherwise it gives
"Error 13806: IKE failed to find valid machine certificate..."
- The IKEv2 documentation has been updated to fix this issue
- Also, this Libreswan wiki page may need to be updated. @letoams
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
- Ref: #106 . Thanks @evil-shrike!
2017-01-26 17:15:43 -06:00
hwdsl2
63697214b4
Improve VPN ciphers
...
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b
Bugfix
...
- Libreswan 3.19 removed MODP1024 from the ike= default list,
which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101 . Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
5cbadb643b
Update docs
...
[ci skip]
2017-01-18 16:31:42 -06:00
hwdsl2
c8bfb7c741
Update docs
...
[ci skip]
2017-01-18 01:50:43 -06:00
hwdsl2
e767b462a5
Fix docs
...
- Further improve IKEv2 config for Windows 7/8/10
- Ref: 9455b19
2017-01-17 11:31:40 -06:00
hwdsl2
9455b19119
Fix docs
...
- Libreswan 3.19 requires configuration changes in ipsec.conf
for IKEv2, so that Windows 7/8/10 clients can connect
2017-01-17 02:22:46 -06:00