LLZ
c455786b8f
Add alternative download sources for strongSwan Android VPN client ( #1032 )
2021-10-08 23:41:12 -05:00
hwdsl2
297f2739b9
Update docs
2021-09-26 22:28:49 -05:00
hwdsl2
742161124c
Update docs
2021-08-15 11:38:27 -05:00
hwdsl2
6daacff466
Cleanup
2021-08-07 16:12:26 -05:00
hwdsl2
f18c3c0207
Update docs
2021-07-25 20:55:54 -05:00
hwdsl2
02bdbeb9a2
Update docs
2021-07-24 16:26:20 -05:00
hwdsl2
99dd5702e7
Update docs
2021-06-06 15:27:56 -05:00
hwdsl2
7376fc02d2
Update docs
2021-06-04 17:27:21 -05:00
hwdsl2
d6088751b9
Update docs
2021-06-01 02:31:14 -05:00
hwdsl2
55b468bb1f
Update docs
2021-05-24 01:20:32 -05:00
hwdsl2
ee409250d8
Improve IKEv2 setup
...
- Increase RSA key size from the default 2048 bits to 3072 bits
- Use fixed delay between certutil calls, a random delay is not needed
- Update docs
2021-05-01 14:46:12 -05:00
hwdsl2
21a72d6232
Update docs
2021-04-30 09:42:36 -05:00
hwdsl2
9bd716dda8
Update docs
2021-04-26 22:59:30 -05:00
hwdsl2
5d5bcf6857
Update IKEv2 docs
2021-04-24 22:56:51 -05:00
hwdsl2
740f6d92d0
Update docs
2021-04-24 16:16:29 -05:00
hwdsl2
dc1bcb21f9
Update docs
2021-04-18 14:28:00 -05:00
hwdsl2
55aac9ad37
Update IKEv2 docs
2021-04-11 15:44:03 -05:00
hwdsl2
848ff7ba0a
Update IKEv2 docs
2021-04-10 16:25:13 -05:00
hwdsl2
356a5bd130
Update docs
2021-03-29 15:05:45 -05:00
hwdsl2
191e0af9ff
Update docs
2021-03-27 22:59:59 -05:00
hwdsl2
9437be8553
Update docs
2021-03-27 14:51:18 -05:00
hwdsl2
de2acaabc5
Update IKEv2 docs
...
- Add Linux instructions for IKEv2
2021-03-27 00:48:09 -05:00
hwdsl2
bf0f557416
Update docs
2021-03-21 14:48:44 -05:00
hwdsl2
ff38c87632
Update docs
2021-03-20 00:06:31 -05:00
hwdsl2
8fa3bfac80
Cleanup
2021-03-07 00:12:46 -06:00
hwdsl2
1abcd704be
Update IKEv2 config
...
- Use the AES_GCM128 cipher for improved performance
Ref: https://libreswan.org/wiki/Benchmarking_and_Performance_testing
- Update docs
2021-03-06 14:07:07 -06:00
hwdsl2
11f8502e3a
Improve IKEv2 setup
...
- Use default key size (2048 bits) when generating key pairs using
certutil. This significantly reduces IKEv2 setup time on servers
with less powerful CPUs, such as Raspberry Pis, while still providing
sufficient security.
- Update docs
2021-03-05 21:33:41 -06:00
hwdsl2
e7e9bf2dc0
Update docs
2021-03-01 10:12:46 -06:00
hwdsl2
ac86c8831c
Update docs
...
- Add new section for advanced usage
- Clean up important notes section
- Update IKEv2 docs
2021-02-28 15:54:58 -06:00
hwdsl2
78a9f608e5
Update IKEv2 docs
...
- Update Windows IKEv2 client instructions. Ref: #940 .
2021-02-21 14:57:37 -06:00
hwdsl2
12fdc8c11d
Update docs
2021-02-10 10:26:18 -06:00
hwdsl2
ad1c635ca3
Update IKEv2 docs
...
- Android 6.0 and older devices require additional instructions
for IKEv2. Ref: #930
2021-02-06 15:18:01 -06:00
hwdsl2
97624bf292
Update docs
2021-02-04 21:43:03 -06:00
hwdsl2
1327f9123e
Update docs
2021-02-02 10:45:05 -06:00
hwdsl2
954b2acb7c
Fix for IKEv2
...
- Fix an issue where multiple IKEv2 clients behind the same NAT cannot
connect simultaneously to the VPN server. Note that before this fix,
this issue only occurs when using an IP address (instead of a DNS name)
for IKEv2 for the VPN server.
- This issue is found to be related to Libreswan's matching of local IDs
when checking connections. A local ID with '@' prefix has type ID_FQDN,
which does not match the ID_IPV4_ADDR type that the peer expects. This
prevents connection switching from working correctly for the scenario
above. Removing the prefix fixed the issue.
- Fixes #924
2021-02-01 21:42:31 -06:00
hwdsl2
c6182d76bb
Update docs
2021-01-31 00:30:33 -06:00
hwdsl2
f6b8d13b05
Update docs
2021-01-30 14:31:37 -06:00
hwdsl2
cd588a07ae
Update docs
2021-01-29 00:05:16 -06:00
hwdsl2
ec5dda8c1c
Update IKEv2 docs
...
- Update Windows IKEv2 client instructions, with steps to import
the .p12 file using certutil, and add the VPN connection using
Windows PowerShell for improved security and performance.
2021-01-28 02:13:05 -06:00
hwdsl2
0ed9015a6b
Update docs
2021-01-25 22:51:04 -06:00
hwdsl2
8c286df143
Cleanup
2021-01-24 20:01:40 -06:00
hwdsl2
7e20055671
Update docs
2021-01-24 15:55:26 -06:00
hwdsl2
2864473576
Update docs
2021-01-23 16:05:51 -06:00
hwdsl2
1c975c8410
Update docs
2021-01-21 23:11:20 -06:00
hwdsl2
0199df0369
Update IKEv2 docs
2021-01-21 01:39:15 -06:00
hwdsl2
7d9f2c6603
Fix IKEv2
...
- Fix an issue with IKEv2 disconnecting after one hour due to IKE SA
expiration, by setting ikelifetime and salifetime to 24h.
Ref: #913 #844 https://libreswan.org/man/ipsec.conf.5.html
2021-01-20 01:39:07 -06:00
hwdsl2
27dc3d25f2
Update docs
2021-01-19 01:42:29 -06:00
hwdsl2
bac2c9cf4c
Update docs
2021-01-18 22:49:55 -06:00
hwdsl2
215c9030ba
Update docs
2021-01-18 11:03:39 -06:00
hwdsl2
a3dae331b8
Update docs
2021-01-18 00:02:04 -06:00
hwdsl2
927e0ca7e3
Update docs
...
- Update IKEv2 docs for .mobileconfig support
2021-01-14 23:58:20 -06:00
hwdsl2
5f1ca68350
Update docs
2020-12-31 23:10:10 -06:00
hwdsl2
88764568d2
Update docs
2020-12-29 16:36:44 -06:00
hwdsl2
8adead17b7
Update docs
2020-12-27 00:16:49 -06:00
hwdsl2
7006fb3fa5
Update docs
2020-12-26 15:19:21 -06:00
hwdsl2
95a7f9cde5
Update IKEv2 docs
2020-12-20 01:14:40 -06:00
hwdsl2
cf96051d6f
Update docs
2020-12-13 15:52:27 -06:00
hwdsl2
c424228658
Update IKEv2 docs
2020-12-01 00:42:11 -06:00
hwdsl2
afb8a7acce
New Libreswan version
...
- Upgrade Libreswan from 3.32 to 4.1
2020-11-11 00:27:44 -06:00
hwdsl2
bff8e6cbc8
Update docs
2020-11-08 11:19:26 -06:00
Fuchen Shi
ba0d3f8dbd
Update ikev2-howto-zh.md ( #867 )
2020-11-08 11:09:47 -06:00
hwdsl2
5d8932e411
Update IKEv2 docs
2020-07-12 14:42:04 -05:00
hwdsl2
71dc5bab01
Update IKEv2 docs
...
- Connecting multiple IKEv2 clients from behind the same NAT
requires setting the "local ID" field to match the client name.
Ref: https://github.com/libreswan/libreswan/issues/237
2020-07-06 22:42:45 -05:00
hwdsl2
93e89919ac
Update IKEv2 docs
2020-07-04 01:35:10 -05:00
hwdsl2
50ac87c7b3
Update docs
2020-06-11 01:37:47 -05:00
hwdsl2
8ea8bbfa4e
Update IKEv2 docs
...
- Add instructions for add/revoke client certificates
2020-06-06 23:09:58 -05:00
hwdsl2
f3a93e17fc
Update IKEv2 docs
2020-06-05 00:44:33 -05:00
hwdsl2
99e87f5287
Update IKEv2 docs
2020-05-31 17:37:49 -05:00
hwdsl2
204904abf4
Update IKEv2 docs
2020-05-30 23:13:14 -05:00
hwdsl2
09c68fda01
Update docs
...
- Add troubleshooting section for Android MTU/MSS issues
- Remove "Access VPN server's subnet". This seems to work fine using
the default configuration, without additional IPTables rules
2020-05-16 23:35:52 -05:00
hwdsl2
d44b09d577
Update docs
2020-05-11 23:23:38 -05:00
hwdsl2
ace41ebc29
Add IKEv2 script
...
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
2020-05-11 01:18:34 -05:00
hwdsl2
9e6b26b1b2
Update docs
2020-05-03 01:59:37 -05:00
hwdsl2
7076376aac
Update IKEv2 docs
...
- For users running Libreswan 3.31, the "Use RSA/PSS signatures" option
needs to be enabled in the strongSwan Android VPN client.
- Ref: https://lists.libreswan.org/pipermail/swan/2020/003440.html
2020-04-30 01:13:39 -05:00
hwdsl2
4b28ce5de9
Update IKEv2 docs
...
- Update macOS and iOS IKEv2 instructions
2019-11-10 19:32:29 -08:00
hwdsl2
0dfe0d3021
Update IKEv2 docs
...
- Add new IKEv2 instructions for Android 10
Ref: https://wiki.strongswan.org/issues/3196
- Change certificate validity period to 120 months
2019-11-10 17:23:12 -08:00
hwdsl2
e61efe242e
Update IKEv2 docs
...
- Add a known issue (#543 )
2019-03-15 23:13:30 -05:00
hwdsl2
0679c66071
Update docs
2019-02-09 16:24:19 -06:00
hwdsl2
d153a90fc3
Update docs
...
- Add a known issue to IKEv2 docs. Ref: #414
- Cleanup
2019-02-05 00:24:32 -06:00
hwdsl2
ddaa0ee99c
Improve DNS servers
...
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
only one or both alternative DNS servers
2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e
Improve VPN ciphers
...
- Optimize order of VPN ciphers for performance
2018-11-24 10:30:42 -06:00
hwdsl2
582f98d18c
Update docs
2018-11-23 11:52:38 -06:00
hwdsl2
ed997dd190
Update docs
2018-11-16 13:05:29 -06:00
hwdsl2
4ee2814358
Update IKEv2 docs
2018-11-04 11:43:46 -06:00
hwdsl2
23458655ac
Update IKEv2 docs
...
- Add "pfs=no" to fix IKEv2 disconnect issues (at 8 mins) on iOS/macOS
- Replace "fragmentation" with "ike-frag" for compatibility
- Fixes #474
- Ref: https://github.com/libreswan/libreswan/issues/222
- Ref: http://www.openradar.appspot.com/29821241
2018-11-04 00:59:01 -05:00
hwdsl2
f1c8c06af1
Improve VPN ciphers
...
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
2018-11-02 01:54:49 -05:00
hwdsl2
ce895e7116
Update IKEv2 docs
...
- Change 'mobike' from 'yes' to 'no' by default, because it is not
available on Ubuntu and can prevent the IKEv2 config from loading
2018-11-02 01:30:11 -05:00
hwdsl2
e797493a17
Update IKEv2 docs
2018-10-30 00:00:08 -05:00
hwdsl2
732ad1e941
Improve VPN ciphers
...
- Optimize VPN ciphers and their order for improved security and
compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
2018-10-27 00:53:19 -05:00
hwdsl2
2f9f5c39de
Update IKEv2 docs
...
- Add known issue about multiple IKEv2 clients from behind the same NAT
- Ref: #469
2018-10-26 15:16:39 -05:00
hwdsl2
f05bf90dbc
Update IKEv2 docs
...
- Enable MOBIKE option for Libreswan 3.23 and newer
- Add AES-GCM cipher for improved performance
2018-10-25 01:07:56 -05:00
hwdsl2
0442d25217
Update IKEv2 docs
2018-10-21 20:52:05 -05:00
hwdsl2
804211c101
Cleanup
2018-10-21 00:20:54 -05:00
hwdsl2
599eb1aa8a
Update IKEv2 docs
...
- Add IKEv2 instructions for OS X (macOS) clients
- Cleanup
2018-10-16 20:29:07 -05:00
hwdsl2
9c529435cf
Fix IKEv2 docs
...
- Fixed an issue with address pool clashing by reverting to
rightaddresspool=192.168.43.10-192.168.43.250
- Replaced "Example" with "IKEv2 VPN" for clarity
- Closes #465
2018-10-14 23:53:06 -05:00
hwdsl2
26ef49b099
Update IKEv2 docs
...
- Add instructions for iOS (iPhone/iPad). Thanks @zzuzjl for the
suggestion!
- Change IKEv2 address pool to 192.168.43.150-192.168.43.250 to help
avoid conflict with IPsec/XAuth
- Closes #453 . Closes #461
- Cleanup
2018-10-13 14:26:09 -05:00
hwdsl2
20f57975b3
Update docs
...
- Add notes for the faster IPsec/XAuth and IKEv2 modes
- Cleanup
2018-09-30 18:36:42 -05:00
hwdsl2
7d4ac79259
Update IKEv2 docs
...
- Re-add Android instructions to IKEv2 docs because it is fixed in
Libreswan 3.26
- Ref: 964b793
#307
- Cleanup
2018-09-22 01:58:58 -05:00
hwdsl2
5d3f4eb7e6
Update docs
...
- Update README and IKEv2 docs for Libreswan 3.26
2018-09-21 23:56:16 -05:00
hwdsl2
7ce65083af
Update IKEv2 docs
...
- Skip the "random keystrokes" step when generating certificates
(use /dev/urandom instead)
- Cleanup
2018-09-06 00:22:31 -05:00