mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-23 05:26:02 +03:00
Code Issues Projects Releases Wiki Activity
439 Commits 1 Branch 0 Tags 20 MiB
23458655ac
Commit Graph

439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
hwdsl2
9cd6cb50b7 Clean up packages 
- Remove libunbound-dev / unbound-devel (these packages are not needed
  because we are not enabling DNSSEC)
  Ref: https://github.com/libreswan/libreswan/issues/117
 2017-10-02 20:33:24 -05:00
hwdsl2
23c4a287d3 Use parallel make 
- Speed up Libreswan compilation using parallel make ("-j" option)
 2017-09-28 01:11:03 -05:00
hwdsl2
f46e18cffc Skip building manpages 
- Skip building manpages for Libreswan
- No longer need/install "xmlto" package
- Reduce Libreswan compilation time by ~30%
 2017-09-28 00:15:08 -05:00
hwdsl2
536ac8f54b Update ipsec.conf 
- Replace obsolete keyword "virtual_private" with "virtual-private"
 2017-09-27 21:41:24 -05:00
hwdsl2
f8414c40f6 Update images 
- Update VPN properties screenshots for MS-CHAP v2
 2017-09-25 18:59:04 -05:00
hwdsl2
82da3121b1 Enable MS-CHAP v2 
- Allow MS-CHAP v2 for better compatibility with the built-in Windows 10
  VPN client. Thanks @remini1998!
 2017-09-25 00:28:10 -05:00
hwdsl2
98a3f29407 Improve RPi fix 
- Minor improvement to Raspberry Pi fix
 2017-09-23 14:26:55 -05:00
hwdsl2
dc71db3451 Fixes for Raspberry Pi 
- Change "start" to "restart", so that the 15-second delay actually works
  (wait for network interfaces to initialize)
- Workaround for Raspbian 9 (requires left=$PRIVATE_IP in ipsec.conf)
 2017-09-21 02:00:44 -05:00
hwdsl2
3f2b2cbc0b Remove Debian 7 
- Remove support for Debian 7 (Wheezy)
- Libreswan 3.21 no longer compiles on Debian 7 or Ubuntu 12.04
- Fix tests by switching to Ubuntu 14.04
 2017-08-20 11:50:46 -05:00
hwdsl2
caf9293b8a New Libreswan version 3.21 2017-08-20 10:52:28 -05:00
hwdsl2
a6480995f8 Update docs 
- Remove Ubuntu 12.04 from README (EOL as of April 2017)
 2017-06-22 00:50:50 -05:00
hwdsl2
8ac1573106 Minor clean up 2017-06-21 11:59:07 -05:00
hwdsl2
6255c43e93 Update docs 2017-06-21 11:26:00 -05:00
hwdsl2
cf595eaee7 Improve services on boot 
- Systemd may run rc.local early during system boot
- Insert delay so that services can start correctly
 2017-06-21 00:02:03 -05:00
hwdsl2
5e3689198f Improve network interfaces 
- Better detection of default network interface when the 'route'
  command is not available
 2017-06-20 23:59:13 -05:00
hwdsl2
c01fb79650 Update docs 2017-06-12 02:29:53 -05:00
hwdsl2
bc0324f957 Improve IKEv2 docs 
- Make it clear how to use the VPN server's DNS name to connect
 2017-06-03 14:53:45 -05:00
hwdsl2
47a9015135 Improve VPN ciphers 
- Add 3des-sha2 to allowed VPN ciphers, and clean up
 2017-06-02 14:24:55 -05:00
Lin Song
2c58e65f88 Merge pull request #156 from DL6ER/fix/3des-sha2 
Add 3des-sha2 to both ike= and phase2alg= lines.
 2017-06-02 12:55:25 -05:00
DL6ER
748d89bb4b
Add 3des-sha2 to both ike= and phase2alg= lines. Fixes #154 2017-06-02 18:20:23 +02:00
hwdsl2
0316b0f755 Fix Azure template 
- Switch to version 2 of the Azure Custom Script Extension
- Use default VM size "Basic_A0" for deployments (configurable)
- Clean up install.sh, and other minor improvements
 2017-05-31 14:13:54 -05:00
hwdsl2
654ddcdfa4 Update docs 2017-05-30 15:01:26 -05:00
hwdsl2
f403dbeaf7 Improve tests 2017-05-28 21:47:17 -05:00
hwdsl2
8fb4bf7897 Minor clean up 2017-05-22 11:46:28 -05:00
hwdsl2
f93ecd60d2 Improve tests 2017-05-17 17:44:19 -05:00
hwdsl2
d711e2aee6 Improve network interfaces 
- Try to auto detect server's default network interface
- Display a warning if the default interface is wlan*
 2017-05-17 17:24:19 -05:00
hwdsl2
d437f7044d Update docs 
- Add troubleshooting notes for Chromebook users
- Closes #147
 2017-05-16 16:05:25 -05:00
hwdsl2
7aeae4c8b8 Update docs 2017-05-05 10:37:45 -05:00
hwdsl2
4c6aa6e3a1 Update docs 2017-05-02 16:55:54 -05:00
hwdsl2
db834c146f Update Azure template 2017-05-01 20:08:02 -05:00
hwdsl2
cf75c2bb86 Improve network interfaces 
- Use eth0 instead of eth+ throughout for consistency
- Improve error messages when eth0 is unavailable
 2017-04-30 17:16:33 -05:00
hwdsl2
cebf9f4361 Minor clean up 2017-04-12 10:38:57 -05:00
hwdsl2
f58afbc84b Update VPN ciphers 
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
 2017-04-12 10:17:08 -05:00
hwdsl2
67474fddc9 Improve VPN variables 
- Check VPN credentials for non-ASCII characters
- Ref: #130
 2017-04-07 13:55:46 -05:00
hwdsl2
222acbf5ae New Libreswan version 
- New Libreswan version 3.20
- Use GitHub as primary download source
 2017-03-23 13:55:51 -05:00
hwdsl2
6d9eb9a2fa Improve OS detection 
- Fix OS detection on Debian when lsb_release is not available
- Closes #123
 2017-03-23 12:39:01 -05:00
hwdsl2
fec47196d6 Update docs 2017-03-19 22:10:49 -05:00
hwdsl2
6f1dc6db1c Remove fail2ban workaround 
- The fail2ban bug on CentOS 7 has been fixed. Remove workaround.
- Ref: 320e17a, https://bugzilla.redhat.com/show_bug.cgi?id=1422500
 2017-03-06 11:03:33 -06:00
hwdsl2
347f3fdbfe Improve IPTables rules 
- Improve blocking of unencrypted L2TP without IPsec
- Closes #116. Thanks @ryt51V!
 2017-02-18 08:53:00 -06:00
hwdsl2
43d11fe35a Fix xl2tpd on CentOS 7 for Linode 
- Fix xl2tpd on CentOS 7 for providers such as Linode,
  where kernel module "l2tp_ppp" is unavailable
- Closes: #114
 2017-02-16 12:39:21 -06:00
hwdsl2
320e17a61d Workaround for fail2ban bug 
- Temporary workaround for fail2ban bug on CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1422500
 2017-02-16 12:14:13 -06:00
hwdsl2
08e08c6924 Improve customization 
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
 2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6 Improve VPN IPs 
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
 2017-02-10 18:00:29 -06:00
hwdsl2
f7961242e4 Update docs 2017-02-10 10:32:24 -06:00
hwdsl2
4a1c0e34c7 Update docs 
- Add link to Justin's blog post (IPsec VPN server on Raspberry Pi 3)
- Closes #112
 2017-02-07 23:40:39 -06:00
hwdsl2
e6b9208eeb Update docs 2017-02-07 21:12:31 -06:00
hwdsl2
e31c378b44 Improve upgrade scripts 
- Better handling of updating ipsec.conf for Libreswan >= 3.19
- Other minor changes
 2017-02-07 20:59:47 -06:00
hwdsl2
8c0940f63b Update docs 
- Improve IKEv2 docs. The strongSwan Android VPN client requires
  an "IP address" in the VPN server certificate's subjectAltName field
  in addition to "DNS name", when connecting using the server's IP.
  The certutil commands have been updated to add this field.
- Other improvements to docs
 2017-02-05 14:48:11 -06:00
hwdsl2
c8d8730fd0 Minor fix 
[ci skip]
 2017-01-26 17:42:13 -06:00
hwdsl2
758f0e1418 Fix IKEv2 docs 
- Windows 8.x and 10 require the IKEv2 machine certificate to have
  "Client Auth" EKU in addition to "Server Auth". Otherwise it gives
  "Error 13806: IKE failed to find valid machine certificate..."
- The IKEv2 documentation has been updated to fix this issue
- Also, this Libreswan wiki page may need to be updated. @letoams
  https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
- Ref: #106. Thanks @evil-shrike!
 2017-01-26 17:15:43 -06:00