hwdsl2
3f2b2cbc0b
Remove Debian 7
...
- Remove support for Debian 7 (Wheezy)
- Libreswan 3.21 no longer compiles on Debian 7 or Ubuntu 12.04
- Fix tests by switching to Ubuntu 14.04
2017-08-20 11:50:46 -05:00
hwdsl2
caf9293b8a
New Libreswan version 3.21
2017-08-20 10:52:28 -05:00
hwdsl2
8ac1573106
Minor clean up
2017-06-21 11:59:07 -05:00
hwdsl2
cf595eaee7
Improve services on boot
...
- Systemd may run rc.local early during system boot
- Insert delay so that services can start correctly
2017-06-21 00:02:03 -05:00
hwdsl2
5e3689198f
Improve network interfaces
...
- Better detection of default network interface when the 'route'
command is not available
2017-06-20 23:59:13 -05:00
hwdsl2
47a9015135
Improve VPN ciphers
...
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
DL6ER
748d89bb4b
Add 3des-sha2 to both ike= and phase2alg= lines. Fixes #154
2017-06-02 18:20:23 +02:00
hwdsl2
8fb4bf7897
Minor clean up
2017-05-22 11:46:28 -05:00
hwdsl2
d711e2aee6
Improve network interfaces
...
- Try to auto detect server's default network interface
- Display a warning if the default interface is wlan*
2017-05-17 17:24:19 -05:00
hwdsl2
cf75c2bb86
Improve network interfaces
...
- Use eth0 instead of eth+ throughout for consistency
- Improve error messages when eth0 is unavailable
2017-04-30 17:16:33 -05:00
hwdsl2
cebf9f4361
Minor clean up
2017-04-12 10:38:57 -05:00
hwdsl2
f58afbc84b
Update VPN ciphers
...
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
67474fddc9
Improve VPN variables
...
- Check VPN credentials for non-ASCII characters
- Ref: #130
2017-04-07 13:55:46 -05:00
hwdsl2
222acbf5ae
New Libreswan version
...
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6d9eb9a2fa
Improve OS detection
...
- Fix OS detection on Debian when lsb_release is not available
- Closes #123
2017-03-23 12:39:01 -05:00
hwdsl2
347f3fdbfe
Improve IPTables rules
...
- Improve blocking of unencrypted L2TP without IPsec
- Closes #116 . Thanks @ryt51V!
2017-02-18 08:53:00 -06:00
hwdsl2
08e08c6924
Improve customization
...
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6
Improve VPN IPs
...
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
63697214b4
Improve VPN ciphers
...
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b
Bugfix
...
- Libreswan 3.19 removed MODP1024 from the ike= default list,
which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101 . Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0
Update year
2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70
Minor fix
...
- Use the "fixed strings" option in "grep" commands for "swan_ver",
so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287
Upgrade to Libreswan 3.19
...
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ba0fbb3860
Improve script outputs
2017-01-09 02:50:03 -06:00
hwdsl2
9500da3231
Bugfix
...
- Fix commit ca84aa7
to avoid a possible race condition
when starting ipsec and xl2tpd services on boot
2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13
Improve services on boot
2017-01-04 02:21:09 -06:00
hwdsl2
89d75f7243
Bugfix for Android 6 and 7
...
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2017-01-03 22:40:48 -06:00
hwdsl2
9ea2b50dae
Improve OS detection
...
- Check /etc/lsb-release if command "lsb_release" is missing
2017-01-02 09:16:01 -06:00
hwdsl2
69caa65512
Improve options
...
- Remove some xl2tpd (pppd) options for Ubuntu/Debian
- They are not recognized in the new xl2tpd version 1.3.8
- Ref: 261e472
2016-12-30 16:16:33 -06:00
hwdsl2
6479212c45
Improve workaround
...
- Improve workaround for non-eth0 network interfaces
- Fixed an issue where it cannot be used with sudo
2016-11-28 13:11:57 -06:00
hwdsl2
61bd1254ed
Minor clean up
2016-11-10 13:02:04 -06:00
hwdsl2
6d99a01b0a
Remove SHA2 workaround
...
- Libreswan 3.18 and higher prefers sha2_512 over sha2_256
- The 'sha2-truncbug=yes' workaround is no longer needed
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2016-11-06 14:40:30 -06:00
hwdsl2
6e16712bc5
Minor clean up
2016-10-31 01:59:11 -05:00
hwdsl2
9319ce8ae2
Clean up IPTables rules
...
- Only add the necessary IPTables rules for the VPN
- Other minor clean ups
2016-10-29 18:00:24 -05:00
hwdsl2
e3d830dfd4
Improve services on boot
...
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
2016-10-29 18:00:11 -05:00
hwdsl2
895d46c0c9
Fix for Raspbian
...
- On Raspberry Pis /etc/rc.local can run early during boot
- If the network is not ready, IPsec may fail to start
- A delay has been added as a workaround. Ref: #76
2016-10-25 21:32:52 -05:00
hwdsl2
6f2818753a
Minor improvements and clean up
2016-10-10 22:34:51 -05:00
hwdsl2
4c6de2af29
Improve network interfaces
...
- Better handling of non-eth0 network interfaces
- Now easier to use on servers with new interface names
2016-10-10 16:49:46 -05:00
hwdsl2
0e51150d84
Check VPN credentials
...
- If the provided VPN credentials contain \ " or ', exit with error
- The above special characters can cause issues with the VPN
2016-09-23 14:31:10 -05:00
hwdsl2
cce15b7f08
Improve IP checking
...
- Use a function to simplify code for IP checking
- Remove new lines before matching with IP regex
2016-09-23 00:39:36 -05:00
hwdsl2
7cdd372a6e
Improve IPTables rules
...
- Fixed an uncommon use case where the setup script is run again after
a server IP change. Make sure to update IPTables rules in this case.
- Thanks @larryisthere! Ref: #17
2016-09-21 21:06:22 -05:00
hwdsl2
7937a74469
Improve IP detection
...
- Remove unneeded code for Amazon EC2
- Check IPs for correct format after each try
2016-09-09 15:41:02 -05:00
hwdsl2
96a071ebc5
Improve VPN ciphers
...
- Add stronger cipher options
- Fix for Android 6.0 VPN clients
2016-08-26 00:21:10 -05:00
hwdsl2
14767d354f
Reduce wget timeout
2016-08-11 22:12:22 -05:00
Kenneth Endfinger
d3651890bd
Add support for Raspbian
2016-08-11 15:06:50 -04:00
hwdsl2
335b4035b9
Minor clean up
2016-08-07 14:00:07 -05:00
hwdsl2
077b119274
New Libreswan version 3.18
2016-07-29 12:55:08 -05:00
hwdsl2
004c68f6ad
Improve readability and clean up
2016-07-12 22:43:41 -05:00
hwdsl2
1f76dc169a
Better handling of custom SSH port
2016-07-10 00:47:41 -05:00
hwdsl2
7bece1681d
Minor improvements and clean up
2016-07-03 21:28:27 -05:00