hwdsl2
39bdb36484
Update IKEv2 script
...
- Add Alpine Linux 3.16 and remove 3.14.
2022-06-19 22:17:13 -05:00
hwdsl2
001b363a07
Update IKEv2 script
...
- Disable MOBIKE when running on Synology NAS. MOBIKE is not supported
on these systems and prevents IKEv2 from working if enabled.
Ref: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/298
2022-06-18 01:27:17 -05:00
hwdsl2
8cf4cc3825
Update IKEv2 script
...
- Update workaround for newer NSS and openssl versions to include
Debian testing in addition to Ubuntu 22.04.
Ref: #1184
2022-06-18 01:20:49 -05:00
hwdsl2
d36c435c95
Improve IPsec config
...
- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
keep the VPN connection open if the client's network is unstable.
2022-06-15 00:28:21 -05:00
hwdsl2
0e24f8b086
Cleanup
2022-06-09 13:44:16 -05:00
hwdsl2
593f726c80
Cleanup
2022-06-07 22:48:40 -05:00
hwdsl2
41d37e808e
Cleanup
2022-06-07 00:37:31 -05:00
hwdsl2
6e6d01dcf7
Improve IPTables rules
...
- Improve IPTables rules for IPsec VPN setup on systems such as CentOS 8.
Do not add a DROP rule to the IPTables FORWARD chain if firewalld is
active, so that existing firewalld FORWARD rules can continue to work.
2022-06-05 00:02:22 -05:00
hwdsl2
7b9813d562
Cleanup
2022-05-27 01:12:37 -05:00
hwdsl2
34d9ad06d5
New Libreswan version
...
- Support upgrading to Libreswan 4.7.
2022-05-25 23:59:21 -05:00
hwdsl2
ffb22c4858
Cleanup
2022-05-23 22:08:30 -05:00
hwdsl2
dce25ada28
Update IKEv2 script
...
- Add a note about OpenVPN and WireGuard which can be optionally
installed alongside IPsec VPN.
2022-05-23 08:22:53 -05:00
hwdsl2
0e08b79342
Improve VPN setup
...
- When uninstalling, leave IP forwarding enabled if OpenVPN
or WireGuard is installed on the system.
2022-05-20 20:05:10 -05:00
hwdsl2
1aa2d87e01
Update IKEv2 script
...
- Update NSS workaround for Ubuntu 18.04 with new package versions
2022-05-13 09:27:22 -05:00
hwdsl2
62d85490de
Improve VPN setup
...
- On Alpine Linux, update crontabs when uninstalling the VPN.
These cron jobs are for restarting the ipsec service on failure.
Ref: 15d8651
2022-05-13 09:26:08 -05:00
hwdsl2
9ab949d61d
Cleanup
2022-05-10 09:03:00 -05:00
hwdsl2
932e05985f
Improve VPN setup
...
- Remove the reboot recommendation when uninstalling using
the helper script.
- Set net.ipv4.conf.all.rp_filter to 1 in vpnuninstall.sh.
Ref: https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
2022-05-08 08:31:14 -05:00
hwdsl2
81d26c08fa
Update IKEv2 script
...
- Add a check for IKEv2-only mode before removing IKEv2.
2022-05-08 02:59:28 -05:00
hwdsl2
eed8e236a3
Cleanup
2022-05-08 02:43:47 -05:00
hwdsl2
c66ca577f3
Update links
...
- Update links due to git.io deprecation.
Ref: https://github.blog/changelog/2022-04-25-git-io-deprecation/
2022-04-29 22:32:22 -05:00
hwdsl2
cc709766e9
Update links
...
- Update links due to git.io deprecation.
Ref: https://github.blog/changelog/2022-04-25-git-io-deprecation/
2022-04-28 08:24:22 -05:00
hwdsl2
b2626dc921
Cleanup
2022-04-27 00:05:45 -05:00
hwdsl2
a1ab13d9a9
Improve VPN setup
...
- Add fallback URLs for improved reliability
2022-04-11 22:36:43 -05:00
hwdsl2
78517c43c9
Update IKEv2 script
...
- New: Delete an IKEv2 client certificate using the IKEv2 helper script.
- Cleanup
2022-04-06 22:49:20 -05:00
hwdsl2
3bd9acf6ea
Cleanup
2022-04-05 23:39:42 -05:00
hwdsl2
37b2ba3559
Update IKEv2 script
...
- Show total when listing IKEv2 clients
- Cleanup
2022-04-05 23:38:43 -05:00
hwdsl2
629b39d3b3
Add Oracle Linux
...
- Add support for Oracle Linux 8 and 7.
2022-03-20 23:10:11 -05:00
hwdsl2
9e58aace48
Cleanup
2022-03-20 10:06:25 -05:00
hwdsl2
3a5d46653d
Update IKEv2 script
...
- Add a workaround for Ubuntu 22.04 "password is incorrect" issue
when importing IKEv2 client config files into iOS and macOS devices.
- Ubuntu 22.04 uses OpenSSL 3, which has a default "openssl pkcs12"
encoding algorithm that is incompatible with iOS and macOS devices.
Ref: https://developer.apple.com/forums/thread/697030?answerId=701291022#701291022
2022-03-20 02:49:09 -05:00
hwdsl2
d794fe0772
Cleanup
2022-03-20 00:14:25 -05:00
hwdsl2
742e43ffcd
Cleanup
2022-03-18 21:52:20 -05:00
hwdsl2
be02488fcd
Improve VPN setup
...
- Remove add/delete user helper scripts during VPN uninstall.
2022-03-13 18:15:52 -05:00
hwdsl2
a891b7613c
Fix for Alpine Linux
...
- Fix IPsec service on Alpine Linux. Fixes #1123 .
- Clean up unneeded /etc/rc.local code for this OS.
2022-03-12 23:55:32 -06:00
hwdsl2
d2321d76af
Check VPN subnets
...
- Check for custom VPN subnet(s) in the uninstall script. This is for
the uncommon cases where VPN subnet(s) were customized during setup.
2022-03-12 17:08:00 -06:00
hwdsl2
beb756f1f2
Remove CentOS 8
...
- Remove support for CentOS Linux 8, which is EOL.
Ref: https://www.centos.org/centos-linux-eol/
2022-03-08 21:39:19 -06:00
hwdsl2
e5703d8aaa
Cleanup
2022-03-07 21:29:13 -06:00
hwdsl2
65b3f54ff9
Cleanup
2022-03-06 09:38:38 -06:00
hwdsl2
6f4080bab4
Improve VPN setup
...
- Refactor VPN scripts to move IKEv2 setup inside vpnsetup_*.sh
2022-03-03 22:05:09 -06:00
hwdsl2
6850aa7f3b
Update IKEv2 script
...
- Change the warning for parameter "--auto" to an error, in cases
that IKEv2 is already set up on the server.
2022-03-02 21:46:15 -06:00
hwdsl2
d37a2fb811
Improve quick start script
...
- The VPN quick start script now supports most of the environment
variables (such as VPN_DNS_SRV1) that are currently supported by
vpnsetup.sh and ikev2.sh. This change enables customization by
advanced users when running the quick start script.
2022-02-25 23:41:49 -06:00
hwdsl2
f7c5ecf504
Update IKEv2 script
...
- Create a client config README file under certain circumstances,
such as when setting up IKEv2 automatically and users might not
see the script's output.
2022-02-25 23:25:34 -06:00
hwdsl2
32a55ec06a
Update IKEv2 script
...
- Make IKEv2 client address pool customizable using VPN_XAUTH_POOL,
similar to vpnsetup.sh. This is for advanced users only.
2022-02-25 21:17:09 -06:00
hwdsl2
88c86c0191
Update IKEv2 script
...
- Show the option to protect IKEv2 client config files only during
IKEv2 setup, not when adding or exporting a client.
- Cleanup
2022-02-20 21:45:11 -06:00
hwdsl2
42c8d288e2
Cleanup
...
- Improve backup of VPN config files
2022-02-18 21:42:37 -06:00
hwdsl2
58e82552ae
Update IKEv2 script
...
- Minor improvements and cleanup
2022-02-17 21:36:19 -06:00
hwdsl2
3d817c7fd4
Update IKEv2 script
...
- Cleanup
2022-02-15 21:17:47 -06:00
hwdsl2
4bc8fba344
Update IKEv2 script
...
- Display a note if no password is required when importing client
config files.
- Advanced users can now define VPN_PROTECT_CONFIG=yes when setting up
IKEv2, if they want to protect client config files with a password.
2022-02-15 21:15:08 -06:00
hwdsl2
f072e8312a
Update IKEv2 script
...
- Cleanup
2022-02-14 23:45:13 -06:00
hwdsl2
7c0d08442e
Update IKEv2 script
...
- Improve backward compatibility: Protect IKEv2 client config files
using a password if one was previously generated.
- Ref: dbc3527
2022-02-14 03:46:06 -06:00
hwdsl2
444403ba10
Add IKEv2 change address helper script
...
- New: IKEv2 change address helper script. This script can be used
to change the IKEv2 VPN server's address.
2022-02-13 23:41:35 -06:00
hwdsl2
f815d6810a
Update IKEv2 script
...
- Minor improvement for IKEv2 config passwords
2022-02-12 16:16:46 -06:00
hwdsl2
5c85b5693c
Cleanup
...
- Change the default action to 'continue' in VPN scripts
2022-02-12 12:24:26 -06:00
hwdsl2
fb85eae7ba
Update IKEv2 script
...
- Add an option to protect IKEv2 client config files using a password,
which users can select when customizing IKEv2 or client options
Ref: dbc3527
- Change the default action to 'continue' when confirming IKEv2 setup
options
- Other minor improvements
2022-02-12 12:12:51 -06:00
hwdsl2
dbc3527448
Simplify IKEv2 import
...
- Simplify IKEv2 configuration import: Remove passwords for IKEv2
client config files. When importing, it is no longer required to
enter a config file password.
- For macOS and iOS, .mobileconfig files require a password to work.
The password is now included so there is no need to manually enter.
- Note: Client config files should be securely transferred from
the VPN server to VPN client device(s) for import.
2022-02-12 01:21:12 -06:00
hwdsl2
d20f82e6f2
Update IKEv2 script
...
- Minor improvement to IKEv2 config password retrieval
2022-02-11 21:50:00 -06:00
hwdsl2
1da1493f53
Cleanup
2022-02-10 21:49:49 -06:00
hwdsl2
6dbc47e0db
Improve upgrade scripts
...
- Stop IPsec service before updating Libreswan
2022-02-08 23:46:11 -06:00
hwdsl2
86d4f2f93c
Improve VPN setup
...
- Retry certain 'apt-get' and 'yum' commands on failure
2022-02-08 23:24:46 -06:00
hwdsl2
4ebe582d36
Update IKEv2 script
...
- Fix function name
2022-01-29 17:33:42 -06:00
hwdsl2
40d8a26713
Update IKEv2-only mode script
...
- Improve Libreswan version test
2022-01-29 14:46:10 -06:00
hwdsl2
2270d66e02
Update IKEv2 script
...
- Improve Libreswan version test
2022-01-29 14:12:50 -06:00
hwdsl2
14af993d6a
Update IKEv2 script
...
- Cleanup
2022-01-29 12:36:03 -06:00
hwdsl2
35c23f1144
Improve upgrade scripts
...
- Make specifying Libreswan version optional. Retrieve and install
the latest supported version by default.
- Other minor improvements
2022-01-29 12:34:10 -06:00
hwdsl2
e16151f183
Improve upgrade scripts
...
- Cleanup
2022-01-29 01:47:45 -06:00
hwdsl2
c2d7eef27c
Update IKEv2 script
...
- Cleanup
2022-01-29 01:30:21 -06:00
hwdsl2
0f27ebbfad
Update IKEv2 script
...
- Update Libreswan version check
- Cleanup
2022-01-23 00:05:44 -06:00
hwdsl2
c56ebe9cfe
Improve upgrade scripts
...
- Make specifying Libreswan version optional in vpnupgrade.sh.
Install the latest supported version by default.
- Remove Libreswan version check
2022-01-22 22:30:39 -06:00
hwdsl2
5b1377dcf3
Cleanup
2022-01-22 21:34:53 -06:00
hwdsl2
6393470f46
Cleanup
2022-01-15 23:41:00 -06:00
hwdsl2
62723fe0c6
Update IKEv2 script
...
- When upgrading Libreswan using vpnupgrade.sh, also update the
IKEv2 helper script to the latest version.
2022-01-13 23:47:27 -06:00
hwdsl2
18b830c998
New Libreswan version
...
- Support updating to Libreswan 4.6
2022-01-11 22:47:18 -06:00
hwdsl2
4403c9c241
Update Alpine scripts
...
- Install nss, nss-tools and nss-dev from 3.14/3.15 repository.
It is not necessary to install from edge because the latest
3.14/3.15 nss related packages are already patched to fix
CVE-2021-43527.
Ref: https://git.alpinelinux.org/aports/tree/community/nss?h=3.15-stable
https://git.alpinelinux.org/aports/tree/community/nss?h=3.14-stable
603b198
2022-01-05 19:33:08 -06:00
hwdsl2
34ba47e79b
Update VPN user scripts
...
- Sort VPN usernames when listing users
- Cleanup
2022-01-04 23:11:05 -06:00
hwdsl2
abbf19f296
Update IKEv2 script
...
- Sort IKEv2 client names when listing existing clients
- Cleanup
2022-01-04 23:10:28 -06:00
hwdsl2
c25baaf9a9
Cleanup
2022-01-04 23:01:14 -06:00
hwdsl2
3c22bbbeb6
Update IKEv2 script
...
- Fix IKEv2 "password is incorrect" issue when using Ubuntu 21.10
Fixes #1073 . Ref: #1048 .
- Note: Ubuntu 21.10 is NOT a supported OS for the VPN setup scripts.
Please use e.g. Ubuntu 20.04 instead.
Ref: https://github.com/hwdsl2/setup-ipsec-vpn#requirements
2022-01-02 21:52:47 -06:00
hwdsl2
c0a81ceb5b
Add IKEv2-only mode script
...
- New: Helper script to enable or disable IKEv2-only mode
2022-01-02 01:01:02 -06:00
hwdsl2
c78b398057
Update year
2022-01-02 00:09:03 -06:00
hwdsl2
8f55500f0f
Improve VPN user scripts
...
- Improve helper scripts for managing VPN users.
- Support running add_vpn_user.sh and del_vpn_user.sh interactively
without arguments.
2021-12-30 15:47:49 -06:00
hwdsl2
603b198613
Add Alpine 3.15
...
- Add support for Alpine Linux 3.15
- Install nss, nss-tools and nss-dev packages from edge for CVE-2021-43527
Ref: https://lists.libreswan.org/pipermail/swan-announce/2021/000044.html
2021-12-29 23:12:24 -06:00
hwdsl2
a323b13512
Update IKEv2 script
...
- Update Ubuntu 18.04 NSS fix with newer package versions.
Ref: https://ubuntu.com/security/CVE-2021-43527
2021-12-29 20:28:15 -06:00
hwdsl2
bbdb9b13f9
Update IKEv2 script
...
- Add Alpine Linux 3.15
2021-12-29 18:48:47 -06:00
hwdsl2
bc312e0736
Update IKEv2 script
...
- Show client certificate statuses when listing IKEv2 clients
- Fixes #1038
2021-11-07 00:13:42 -05:00
hwdsl2
dccfa65a08
Update IKEv2 script
...
- Minor fix
2021-10-10 14:30:34 -05:00
hwdsl2
b129339927
Cleanup
2021-09-22 00:04:58 -05:00
hwdsl2
7b6d982875
Improve VPN setup
...
- Remove IKEv2 script when uninstalling
2021-09-22 00:03:20 -05:00
hwdsl2
a47ced7899
Cleanup
2021-09-19 21:51:14 -05:00
hwdsl2
4a8e24a61c
Cleanup
2021-09-18 14:58:06 -05:00
hwdsl2
c8db38f12b
Add container check
...
- Add check for LXC containers. Ref: #1014
2021-09-18 00:53:15 -05:00
hwdsl2
819c537b5e
Improve /dev/ppp check
...
- Show a warning instead of exiting with an error for missing /dev/ppp,
which could happen on Debian 11/10 with certain Linux kernels. Users
can use the IKEv2 or IPsec/XAuth ("Cisco IPsec") mode to connect.
Ref: https://git.io/vpndebian10
2021-09-17 23:47:09 -05:00
hwdsl2
f14d903b97
Bugfix for Alpine Linux
...
- Install coreutils on Alpine Linux for "mktemp"
2021-09-14 00:49:13 -05:00
hwdsl2
1f9939b8cc
Update IKEv2 script
...
- Install uuidgen on Alpine Linux
2021-09-14 00:24:27 -05:00
hwdsl2
ca411d90cd
Cleanup
2021-09-11 22:26:55 -05:00
hwdsl2
3c557c7f22
Add Alpine Linux
2021-09-11 15:00:29 -05:00
hwdsl2
e2a9c4a0c3
Cleanup
2021-09-11 10:07:33 -05:00
hwdsl2
5f9a6fa8ce
Improve VPN setup
...
- Update uninstall script: For CentOS/RHEL 8, try to automatically
restore nftables rules to the version before VPN setup.
- Cleanup
2021-09-09 00:14:26 -05:00
hwdsl2
263ffe97cc
Cleanup
2021-09-07 09:02:22 -05:00
hwdsl2
c91270a18c
Improve VPN setup
...
- Add uninstall script
2021-09-07 02:55:37 -05:00
hwdsl2
217bf2a237
Cleanup
...
- Improve temporary folder creation
2021-08-28 16:07:52 -05:00
hwdsl2
da7697a5b0
Cleanup
...
- Update scripts to use bash instead of sh
- Update docs
2021-08-27 23:35:31 -05:00