1
0
mirror of synced 2024-11-30 00:26:04 +03:00
Commit Graph

135 Commits

Author SHA1 Message Date
hwdsl2
fa5abe7825 Remove unneeded check on CentOS 2018-02-03 16:10:09 -06:00
hwdsl2
0cf01c0eb8 Update ipsec.conf
- Switch to new keyword 'modecfgdns' in Libreswan 3.23
2018-01-29 02:11:16 -06:00
hwdsl2
c982502ad4 Upgrade Libreswan to 3.23
- Remove 'docker-targets.mk' from Makefile to avoid git errors
  during compilation
2018-01-29 01:22:24 -06:00
hwdsl2
cc64a29c01 Re-add RPi workaround
- Libreswan 3.22 may fail to compile on Raspberry Pi w/ Raspbian 9
- Use version 3.21 instead of 3.22 for Raspbian systems
- Ref: d472c65
2017-12-06 04:55:22 -06:00
hwdsl2
3f39255f84 Bug fix for RHEL 6/7
- Fix compatibility with Red Hat Enterprise Linux (RHEL) 6 and 7
- Ref: #273
2017-11-20 00:33:36 -06:00
hwdsl2
2dfa587a71 Fix Libreswan 3.22 bug
- This bug causes Libreswan 3.22 fail to start on a Raspberry Pi
- Apply fix from Libreswan GitHub repo: libreswan/libreswan@e154ae7
- Ref: https://lists.libreswan.org/pipermail/swan/2017/002338.html
2017-11-12 23:51:53 -06:00
hwdsl2
7190577c99 Minor clean up 2017-11-01 22:15:56 -05:00
hwdsl2
70c6d6b540 Various clean up 2017-11-01 01:01:49 -05:00
hwdsl2
16e437f58e Minor clean up
- Wrap the scripts in a big function which is only called at the very end,
  to protect against the possibility of connection interruptions
- Clean up some variables names
2017-10-29 19:53:35 -05:00
hwdsl2
05c2cb911b Improve sysctl settings
- Fix kernel.shmmax and kernel.shmall on 32-bit Linux. Thanks @komanshidaruma!
- Clean up other sysctl settings
2017-10-28 15:40:24 -05:00
hwdsl2
ef90b6ff19 Upgrade Libreswan to 3.22 2017-10-26 01:48:15 -05:00
hwdsl2
47e1c92051 Clean up ipsec.conf
- Remove unneeded option nhelpers=0
2017-10-26 01:48:15 -05:00
hwdsl2
9cd6cb50b7 Clean up packages
- Remove libunbound-dev / unbound-devel (these packages are not needed
  because we are not enabling DNSSEC)
  Ref: https://github.com/libreswan/libreswan/issues/117
2017-10-02 20:33:24 -05:00
hwdsl2
23c4a287d3 Use parallel make
- Speed up Libreswan compilation using parallel make ("-j" option)
2017-09-28 01:11:03 -05:00
hwdsl2
f46e18cffc Skip building manpages
- Skip building manpages for Libreswan
- No longer need/install "xmlto" package
- Reduce Libreswan compilation time by ~30%
2017-09-28 00:15:08 -05:00
hwdsl2
536ac8f54b Update ipsec.conf
- Replace obsolete keyword "virtual_private" with "virtual-private"
2017-09-27 21:41:24 -05:00
hwdsl2
82da3121b1 Enable MS-CHAP v2
- Allow MS-CHAP v2 for better compatibility with the built-in Windows 10
  VPN client. Thanks @remini1998!
2017-09-25 00:28:10 -05:00
hwdsl2
caf9293b8a New Libreswan version 3.21 2017-08-20 10:52:28 -05:00
hwdsl2
8ac1573106 Minor clean up 2017-06-21 11:59:07 -05:00
hwdsl2
cf595eaee7 Improve services on boot
- Systemd may run rc.local early during system boot
- Insert delay so that services can start correctly
2017-06-21 00:02:03 -05:00
hwdsl2
5e3689198f Improve network interfaces
- Better detection of default network interface when the 'route'
  command is not available
2017-06-20 23:59:13 -05:00
hwdsl2
47a9015135 Improve VPN ciphers
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
DL6ER
748d89bb4b
Add 3des-sha2 to both ike= and phase2alg= lines. Fixes #154 2017-06-02 18:20:23 +02:00
hwdsl2
8fb4bf7897 Minor clean up 2017-05-22 11:46:28 -05:00
hwdsl2
d711e2aee6 Improve network interfaces
- Try to auto detect server's default network interface
- Display a warning if the default interface is wlan*
2017-05-17 17:24:19 -05:00
hwdsl2
cf75c2bb86 Improve network interfaces
- Use eth0 instead of eth+ throughout for consistency
- Improve error messages when eth0 is unavailable
2017-04-30 17:16:33 -05:00
hwdsl2
cebf9f4361 Minor clean up 2017-04-12 10:38:57 -05:00
hwdsl2
f58afbc84b Update VPN ciphers
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
67474fddc9 Improve VPN variables
- Check VPN credentials for non-ASCII characters
- Ref: #130
2017-04-07 13:55:46 -05:00
hwdsl2
222acbf5ae New Libreswan version
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6f1dc6db1c Remove fail2ban workaround
- The fail2ban bug on CentOS 7 has been fixed. Remove workaround.
- Ref: 320e17a, https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-03-06 11:03:33 -06:00
hwdsl2
347f3fdbfe Improve IPTables rules
- Improve blocking of unencrypted L2TP without IPsec
- Closes #116. Thanks @ryt51V!
2017-02-18 08:53:00 -06:00
hwdsl2
43d11fe35a Fix xl2tpd on CentOS 7 for Linode
- Fix xl2tpd on CentOS 7 for providers such as Linode,
  where kernel module "l2tp_ppp" is unavailable
- Closes: #114
2017-02-16 12:39:21 -06:00
hwdsl2
320e17a61d Workaround for fail2ban bug
- Temporary workaround for fail2ban bug on CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-02-16 12:14:13 -06:00
hwdsl2
08e08c6924 Improve customization
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6 Improve VPN IPs
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
63697214b4 Improve VPN ciphers
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b Bugfix
- Libreswan 3.19 removed MODP1024 from the ike= default list,
  which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101. Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0 Update year 2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70 Minor fix
- Use the "fixed strings" option in "grep" commands for "swan_ver",
  so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287 Upgrade to Libreswan 3.19
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
  https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ad8295721d Minor clean up 2017-01-09 10:39:26 -06:00
hwdsl2
ba0fbb3860 Improve script outputs 2017-01-09 02:50:03 -06:00
hwdsl2
9500da3231 Bugfix
- Fix commit ca84aa7 to avoid a possible race condition
  when starting ipsec and xl2tpd services on boot
2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13 Improve services on boot 2017-01-04 02:21:09 -06:00
hwdsl2
89d75f7243 Bugfix for Android 6 and 7
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
  on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2017-01-03 22:40:48 -06:00
hwdsl2
3dbf3a9c09 Remove xl2tpd workaround
- Updated xl2tpd package is now available in EPEL
- This workaround is no longer needed
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
- Ref: 8cc1362
2016-12-31 16:36:04 -06:00
hwdsl2
261e472e3e Bugfix
- In xl2tpd version 1.3.8, which was pushed to the EPEL repository
  in Dec. 2016, the options "crtscts" and "lock" are no longer
  recognized in "/etc/ppp/options.xl2tpd" and generates an error.
- This commit fixes the VPN on CentOS by removing those options.
- Ref: https://github.com/xelerance/xl2tpd/issues/108
2016-12-30 00:56:38 -06:00
hwdsl2
b59389a03f Use L2TP kernel support
- Use L2TP kernel support on CentOS 6
- This could improve L2TP performance
2016-12-29 00:53:30 -06:00
hwdsl2
8cc1362d17 Workaround for xl2tpd bug
- Temporary workaround for an xl2tpd bug which affects CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
2016-12-28 13:23:27 -06:00