1
0
mirror of synced 2024-11-25 14:26:09 +03:00
Commit Graph

139 Commits

Author SHA1 Message Date
hwdsl2
59f817575c Create rundir
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
2018-06-10 16:08:12 -05:00
hwdsl2
1ff393b91c Use Libreswan 3.22
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
  multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502 0cf01c0
2018-06-06 00:40:09 -05:00
hwdsl2
95bcadb2c2 Improve VPN ciphers
- Add back aes256-sha2_512 to phase2alg, required on some Android systems
- Fixes #391
2018-05-23 19:54:37 -05:00
hwdsl2
8e15eb683c Cleanup 2018-05-23 01:39:53 -05:00
hwdsl2
102ccbc17d Clean up VPN ciphers
- Remove aes256-sha2_512
- Change sha2-truncbug to no for newer Android versions
- Fixes #303
2018-05-05 18:51:24 -05:00
hwdsl2
0c6cb4b8a9 Update year 2018-05-05 18:49:38 -05:00
hwdsl2
4c47137e7f Add modecfgdns note 2018-02-11 01:05:13 -06:00
hwdsl2
c982502ad4 Upgrade Libreswan to 3.23
- Remove 'docker-targets.mk' from Makefile to avoid git errors
  during compilation
2018-01-29 01:22:24 -06:00
hwdsl2
cc64a29c01 Re-add RPi workaround
- Libreswan 3.22 may fail to compile on Raspberry Pi w/ Raspbian 9
- Use version 3.21 instead of 3.22 for Raspbian systems
- Ref: d472c65
2017-12-06 04:55:22 -06:00
hwdsl2
3f39255f84 Bug fix for RHEL 6/7
- Fix compatibility with Red Hat Enterprise Linux (RHEL) 6 and 7
- Ref: #273
2017-11-20 00:33:36 -06:00
hwdsl2
2dfa587a71 Fix Libreswan 3.22 bug
- This bug causes Libreswan 3.22 fail to start on a Raspberry Pi
- Apply fix from Libreswan GitHub repo: libreswan/libreswan@e154ae7
- Ref: https://lists.libreswan.org/pipermail/swan/2017/002338.html
2017-11-12 23:51:53 -06:00
hwdsl2
70c6d6b540 Various clean up 2017-11-01 01:01:49 -05:00
hwdsl2
16e437f58e Minor clean up
- Wrap the scripts in a big function which is only called at the very end,
  to protect against the possibility of connection interruptions
- Clean up some variables names
2017-10-29 19:53:35 -05:00
hwdsl2
ef90b6ff19 Upgrade Libreswan to 3.22 2017-10-26 01:48:15 -05:00
hwdsl2
9cd6cb50b7 Clean up packages
- Remove libunbound-dev / unbound-devel (these packages are not needed
  because we are not enabling DNSSEC)
  Ref: https://github.com/libreswan/libreswan/issues/117
2017-10-02 20:33:24 -05:00
hwdsl2
23c4a287d3 Use parallel make
- Speed up Libreswan compilation using parallel make ("-j" option)
2017-09-28 01:11:03 -05:00
hwdsl2
f46e18cffc Skip building manpages
- Skip building manpages for Libreswan
- No longer need/install "xmlto" package
- Reduce Libreswan compilation time by ~30%
2017-09-28 00:15:08 -05:00
hwdsl2
caf9293b8a New Libreswan version 3.21 2017-08-20 10:52:28 -05:00
hwdsl2
47a9015135 Improve VPN ciphers
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
hwdsl2
8fb4bf7897 Minor clean up 2017-05-22 11:46:28 -05:00
hwdsl2
f58afbc84b Update VPN ciphers
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
222acbf5ae New Libreswan version
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
e31c378b44 Improve upgrade scripts
- Better handling of updating ipsec.conf for Libreswan >= 3.19
- Other minor changes
2017-02-07 20:59:47 -06:00
hwdsl2
721f7bfaa0 Minor fix
- Improve sed command in VPN upgrade scripts
2017-01-20 11:25:12 -06:00
hwdsl2
63697214b4 Improve VPN ciphers
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b Bugfix
- Libreswan 3.19 removed MODP1024 from the ike= default list,
  which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101. Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0 Update year 2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70 Minor fix
- Use the "fixed strings" option in "grep" commands for "swan_ver",
  so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287 Upgrade to Libreswan 3.19
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
  https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
61bd1254ed Minor clean up 2016-11-10 13:02:04 -06:00
hwdsl2
6e16712bc5 Minor clean up 2016-10-31 01:59:11 -05:00
hwdsl2
e3d830dfd4 Improve services on boot
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
2016-10-29 18:00:11 -05:00
hwdsl2
6f2818753a Minor improvements and clean up 2016-10-10 22:34:51 -05:00
hwdsl2
335b4035b9 Minor clean up 2016-08-07 14:00:07 -05:00
hwdsl2
077b119274 New Libreswan version 3.18 2016-07-29 12:55:08 -05:00
hwdsl2
1ec957d3be Minor clean up 2016-07-20 13:10:58 -05:00
hwdsl2
004c68f6ad Improve readability and clean up 2016-07-12 22:43:41 -05:00
hwdsl2
7bece1681d Minor improvements and clean up 2016-07-03 21:28:27 -05:00
hwdsl2
9b541c6da3 Update docs
[ci skip]
2016-07-03 10:01:19 -05:00