1
0
mirror of synced 2024-11-25 22:36:04 +03:00
Commit Graph

301 Commits

Author SHA1 Message Date
hwdsl2
347f3fdbfe Improve IPTables rules
- Improve blocking of unencrypted L2TP without IPsec
- Closes #116. Thanks @ryt51V!
2017-02-18 08:53:00 -06:00
hwdsl2
43d11fe35a Fix xl2tpd on CentOS 7 for Linode
- Fix xl2tpd on CentOS 7 for providers such as Linode,
  where kernel module "l2tp_ppp" is unavailable
- Closes: #114
2017-02-16 12:39:21 -06:00
hwdsl2
320e17a61d Workaround for fail2ban bug
- Temporary workaround for fail2ban bug on CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-02-16 12:14:13 -06:00
hwdsl2
08e08c6924 Improve customization
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6 Improve VPN IPs
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
f7961242e4 Update docs 2017-02-10 10:32:24 -06:00
hwdsl2
4a1c0e34c7 Update docs
- Add link to Justin's blog post (IPsec VPN server on Raspberry Pi 3)
- Closes #112
2017-02-07 23:40:39 -06:00
hwdsl2
e6b9208eeb Update docs 2017-02-07 21:12:31 -06:00
hwdsl2
e31c378b44 Improve upgrade scripts
- Better handling of updating ipsec.conf for Libreswan >= 3.19
- Other minor changes
2017-02-07 20:59:47 -06:00
hwdsl2
8c0940f63b Update docs
- Improve IKEv2 docs. The strongSwan Android VPN client requires
  an "IP address" in the VPN server certificate's subjectAltName field
  in addition to "DNS name", when connecting using the server's IP.
  The certutil commands have been updated to add this field.
- Other improvements to docs
2017-02-05 14:48:11 -06:00
hwdsl2
c8d8730fd0 Minor fix
[ci skip]
2017-01-26 17:42:13 -06:00
hwdsl2
758f0e1418 Fix IKEv2 docs
- Windows 8.x and 10 require the IKEv2 machine certificate to have
  "Client Auth" EKU in addition to "Server Auth". Otherwise it gives
  "Error 13806: IKE failed to find valid machine certificate..."
- The IKEv2 documentation has been updated to fix this issue
- Also, this Libreswan wiki page may need to be updated. @letoams
  https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
- Ref: #106. Thanks @evil-shrike!
2017-01-26 17:15:43 -06:00
hwdsl2
a156a1f5f3 Update docs
[ci skip]
2017-01-25 13:12:47 -06:00
hwdsl2
0c8f117fd9 Update docs
[ci skip]
2017-01-21 12:13:27 -06:00
hwdsl2
721f7bfaa0 Minor fix
- Improve sed command in VPN upgrade scripts
2017-01-20 11:25:12 -06:00
hwdsl2
63697214b4 Improve VPN ciphers
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b Bugfix
- Libreswan 3.19 removed MODP1024 from the ike= default list,
  which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101. Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
5cbadb643b Update docs
[ci skip]
2017-01-18 16:31:42 -06:00
hwdsl2
c8bfb7c741 Update docs
[ci skip]
2017-01-18 01:50:43 -06:00
hwdsl2
e767b462a5 Fix docs
- Further improve IKEv2 config for Windows 7/8/10
- Ref: 9455b19
2017-01-17 11:31:40 -06:00
hwdsl2
9455b19119 Fix docs
- Libreswan 3.19 requires configuration changes in ipsec.conf
  for IKEv2, so that Windows 7/8/10 clients can connect
2017-01-17 02:22:46 -06:00
hwdsl2
2727f1a1a0 Update year 2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70 Minor fix
- Use the "fixed strings" option in "grep" commands for "swan_ver",
  so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
3735530015 Update docs
[ci skip]
2017-01-16 17:27:08 -06:00
hwdsl2
2dbdee1287 Upgrade to Libreswan 3.19
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
  https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ad8295721d Minor clean up 2017-01-09 10:39:26 -06:00
hwdsl2
ba0fbb3860 Improve script outputs 2017-01-09 02:50:03 -06:00
hwdsl2
c23d5c972a Update docs
[ci skip]
2017-01-08 11:44:58 -06:00
hwdsl2
efeff51f3a Improve tests 2017-01-06 16:12:36 -06:00
hwdsl2
9500da3231 Bugfix
- Fix commit ca84aa7 to avoid a possible race condition
  when starting ipsec and xl2tpd services on boot
2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13 Improve services on boot 2017-01-04 02:21:09 -06:00
hwdsl2
e41cf78b53 Update docs
[ci skip]
2017-01-03 23:31:56 -06:00
hwdsl2
89d75f7243 Bugfix for Android 6 and 7
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
  on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2017-01-03 22:40:48 -06:00
hwdsl2
525f39d141 Fix tests 2017-01-02 09:17:59 -06:00
hwdsl2
9ea2b50dae Improve OS detection
- Check /etc/lsb-release if command "lsb_release" is missing
2017-01-02 09:16:01 -06:00
hwdsl2
3dbf3a9c09 Remove xl2tpd workaround
- Updated xl2tpd package is now available in EPEL
- This workaround is no longer needed
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
- Ref: 8cc1362
2016-12-31 16:36:04 -06:00
hwdsl2
e6ebdeaaf8 Update docs
[ci skip]
2016-12-30 16:24:47 -06:00
hwdsl2
69caa65512 Improve options
- Remove some xl2tpd (pppd) options for Ubuntu/Debian
- They are not recognized in the new xl2tpd version 1.3.8
- Ref: 261e472
2016-12-30 16:16:33 -06:00
hwdsl2
261e472e3e Bugfix
- In xl2tpd version 1.3.8, which was pushed to the EPEL repository
  in Dec. 2016, the options "crtscts" and "lock" are no longer
  recognized in "/etc/ppp/options.xl2tpd" and generates an error.
- This commit fixes the VPN on CentOS by removing those options.
- Ref: https://github.com/xelerance/xl2tpd/issues/108
2016-12-30 00:56:38 -06:00
hwdsl2
b59389a03f Use L2TP kernel support
- Use L2TP kernel support on CentOS 6
- This could improve L2TP performance
2016-12-29 00:53:30 -06:00
hwdsl2
9b3eeed571 Improve tests 2016-12-28 13:24:17 -06:00
hwdsl2
8cc1362d17 Workaround for xl2tpd bug
- Temporary workaround for an xl2tpd bug which affects CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
2016-12-28 13:23:27 -06:00
hwdsl2
eba1e4e08e Update docs
[ci skip]
2016-12-22 10:27:56 -06:00
hwdsl2
72f5ddf145 Improve tests 2016-12-13 13:49:55 -06:00
hwdsl2
6479212c45 Improve workaround
- Improve workaround for non-eth0 network interfaces
- Fixed an issue where it cannot be used with sudo
2016-11-28 13:11:57 -06:00
hwdsl2
af1af539aa Update docs
[ci skip]
2016-11-23 20:19:05 -06:00
hwdsl2
61bd1254ed Minor clean up 2016-11-10 13:02:04 -06:00
hwdsl2
6d99a01b0a Remove SHA2 workaround
- Libreswan 3.18 and higher prefers sha2_512 over sha2_256
- The 'sha2-truncbug=yes' workaround is no longer needed
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2016-11-06 14:40:30 -06:00
hwdsl2
6e16712bc5 Minor clean up 2016-10-31 01:59:11 -05:00
hwdsl2
75bcdfae75 Update docs
[ci skip]
2016-10-29 18:36:58 -05:00