hwdsl2
593bb3eea0
Update docs
2018-11-07 00:40:24 -06:00
hwdsl2
273ebe0487
Update docs
2018-11-05 07:47:09 -06:00
hwdsl2
4ee2814358
Update IKEv2 docs
2018-11-04 11:43:46 -06:00
hwdsl2
23458655ac
Update IKEv2 docs
...
- Add "pfs=no" to fix IKEv2 disconnect issues (at 8 mins) on iOS/macOS
- Replace "fragmentation" with "ike-frag" for compatibility
- Fixes #474
- Ref: https://github.com/libreswan/libreswan/issues/222
- Ref: http://www.openradar.appspot.com/29821241
2018-11-04 00:59:01 -05:00
hwdsl2
f1c8c06af1
Improve VPN ciphers
...
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
2018-11-02 01:54:49 -05:00
hwdsl2
ce895e7116
Update IKEv2 docs
...
- Change 'mobike' from 'yes' to 'no' by default, because it is not
available on Ubuntu and can prevent the IKEv2 config from loading
2018-11-02 01:30:11 -05:00
hwdsl2
e797493a17
Update IKEv2 docs
2018-10-30 00:00:08 -05:00
hwdsl2
ccc93a8c96
Update docs
2018-10-29 01:27:04 -05:00
hwdsl2
5f75a7306a
Improve VPN ciphers
...
- Revert 'sha2-truncbug' from 'no' to 'yes' to fix compatibility with
Android versions 6.x and 7.x.
- Remove aes128-sha2_512 algorithm
- Ref: 732ad1e
2018-10-28 00:33:42 -05:00
hwdsl2
e8723245f0
Improve VPN config
...
- Increase auto-generated IPsec PSK length to 20 characters
- Add a note to README
2018-10-27 15:22:53 -05:00
hwdsl2
732ad1e941
Improve VPN ciphers
...
- Optimize VPN ciphers and their order for improved security and
compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
2018-10-27 00:53:19 -05:00
hwdsl2
2f9f5c39de
Update IKEv2 docs
...
- Add known issue about multiple IKEv2 clients from behind the same NAT
- Ref: #469
2018-10-26 15:16:39 -05:00
hwdsl2
9db710090d
Improve VPN ciphers
...
- Add AES-GCM cipher for Chromebook compatibility and performance
2018-10-25 01:25:35 -05:00
hwdsl2
f05bf90dbc
Update IKEv2 docs
...
- Enable MOBIKE option for Libreswan 3.23 and newer
- Add AES-GCM cipher for improved performance
2018-10-25 01:07:56 -05:00
hwdsl2
69d1bfe06f
Improve IPTables on boot
...
- Improve checking for iptables-persistent, and do not add ifupdown
script /etc/network/if-pre-up.d/iptablesload if it is in use
2018-10-24 00:56:37 -05:00
hwdsl2
39a92e52c0
Improve IPTables on boot
...
- For systems with "netplan" (e.g. Ubuntu 18.04), do not create
load-iptables-rules service if iptables-persistent is installed
(to avoid conflicts on boot)
- Ref: cf77372
2018-10-21 22:05:00 -05:00
hwdsl2
0442d25217
Update IKEv2 docs
2018-10-21 20:52:05 -05:00
hwdsl2
804211c101
Cleanup
2018-10-21 00:20:54 -05:00
hwdsl2
cf7737238d
Improve IPTables on boot
...
- Improve loading of IPTables rules on boot for systems with "netplan"
such as Ubuntu 18.04, by creating a systemd service. This is needed
because ifupdown scripts do not run under netplan
2018-10-21 00:05:21 -05:00
hwdsl2
599eb1aa8a
Update IKEv2 docs
...
- Add IKEv2 instructions for OS X (macOS) clients
- Cleanup
2018-10-16 20:29:07 -05:00
hwdsl2
9c529435cf
Fix IKEv2 docs
...
- Fixed an issue with address pool clashing by reverting to
rightaddresspool=192.168.43.10-192.168.43.250
- Replaced "Example" with "IKEv2 VPN" for clarity
- Closes #465
2018-10-14 23:53:06 -05:00
hwdsl2
26ef49b099
Update IKEv2 docs
...
- Add instructions for iOS (iPhone/iPad). Thanks @zzuzjl for the
suggestion!
- Change IKEv2 address pool to 192.168.43.150-192.168.43.250 to help
avoid conflict with IPsec/XAuth
- Closes #453 . Closes #461
- Cleanup
2018-10-13 14:26:09 -05:00
hwdsl2
a04d2d32e8
New Libreswan version
...
- Upgrade Libreswan to 3.27
- Cleanup
2018-10-09 12:32:28 -05:00
hwdsl2
4f41fcba9a
Improve upgrade config
...
- Replace all occurrences when updating /etc/ipsec.conf
- Prompt the user to edit manually if more than one modecfgdns1= or
modecfgdns= line is present
2018-09-30 20:04:21 -05:00
hwdsl2
20f57975b3
Update docs
...
- Add notes for the faster IPsec/XAuth and IKEv2 modes
- Cleanup
2018-09-30 18:36:42 -05:00
hwdsl2
e22664f7a2
Improve upgrade config
...
- Try to automatically update modecfgdns lines in /etc/ipsec.conf
in the Libreswan upgrade scripts
- Cleanup
2018-09-22 12:10:02 -05:00
hwdsl2
7d4ac79259
Update IKEv2 docs
...
- Re-add Android instructions to IKEv2 docs because it is fixed in
Libreswan 3.26
- Ref: 964b793
#307
- Cleanup
2018-09-22 01:58:58 -05:00
hwdsl2
5d3f4eb7e6
Update docs
...
- Update README and IKEv2 docs for Libreswan 3.26
2018-09-21 23:56:16 -05:00
hwdsl2
b803f32b71
New Libreswan version
...
- Upgrade to new Libreswan version 3.26
- Ref: https://github.com/libreswan/libreswan/issues/202
- Cleanup
2018-09-21 23:47:17 -05:00
hwdsl2
95c8a178e7
Improve variables
...
- Move SWAN_VER to the top of the scripts
- Add check for Libreswan version
- Cleanup
2018-09-18 00:57:03 -05:00
hwdsl2
329a5ecf50
Cleanup
...
- Improve display of Libreswan versions in upgrade scripts
- Clean up notes
2018-09-16 21:36:49 -05:00
hwdsl2
dfc5fce92c
Improve version check
...
- Improve Libreswan version check in upgrade scripts, including
checking for supported versions and showing upgrade/downgrade info
- Clean up notes
2018-09-16 01:05:29 -05:00
hwdsl2
716bdad687
Update docs
...
- Add troubleshooting sections for Windows 10 version 1803 and macOS
IPsec/L2TP mode "Send all traffic"
- Cleanup
- Ref: #442 #376
2018-09-14 00:01:00 -05:00
hwdsl2
2fe44b172e
Improve Libreswan versions
...
- Add compilation workarounds specific to Libreswan 3.23/3.25 to the VPN
setup scripts, so that users may install those versions by modifying
SWAN_VER before running the scripts
- Cleanup
2018-09-11 00:03:04 -05:00
hwdsl2
8d90a3877c
Add version note
2018-09-10 01:26:31 -05:00
hwdsl2
7ce65083af
Update IKEv2 docs
...
- Skip the "random keystrokes" step when generating certificates
(use /dev/urandom instead)
- Cleanup
2018-09-06 00:22:31 -05:00
hwdsl2
1227a0ed5d
Improve xl2tpd workaround
...
- Exclude Ubuntu from xl2tpd 1.3.12 workaround (Ref: 3f8e79b
), because
updated xl2tpd packages are now available for Ubuntu 16.04 and 18.04
See: https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796
- Add Linux kernel 4.16 to the list of kernels to work around
- Cleanup
2018-09-04 23:11:59 -05:00
hwdsl2
89e105fcda
Update docs
...
- Closes #433
2018-09-04 00:51:58 -05:00
hwdsl2
c8e1bbe6d0
Update docs
...
- Add note for Windows 10 upgrade issues. Closes #376
- Add note for Android VPN troubleshooting. Ref: #416
2018-07-17 00:23:14 -05:00
hwdsl2
b8088d3934
Improve EPEL repo
...
- Improve handling of the EPEL repository. Although uncommon, some systems
can have epel-release installed but disabled in /etc/yum.repos.d/epel.repo
- Fixes #210
2018-07-04 20:07:32 -05:00
hwdsl2
145f29b477
Improve version check
...
- Add check for some Libreswan versions that are not available
- Include Libreswan 3.25 in multiple IPsec/XAuth clients warning
- Cleanup notes
2018-06-30 00:42:08 -05:00
hwdsl2
41ce696f08
Add new version
...
- Add support for upgrading to new Libreswan version 3.25
- "USE_GLIBC_KERN_FLIP_HEADERS = true" is required for compilation
- Fixes #412
2018-06-28 00:49:49 -05:00
hwdsl2
0c151515fe
Improve upgrade scripts
...
- Add note for users downgrading to 3.22
- Add check for Libreswan 3.25 (not yet supported)
- Print Libreswan versions and improve message
- Cleanup
2018-06-28 00:03:42 -05:00
hwdsl2
59f817575c
Create rundir
...
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
2018-06-10 16:08:12 -05:00
hwdsl2
d5a01f52f2
Update docs
2018-06-06 00:42:58 -05:00
hwdsl2
1ff393b91c
Use Libreswan 3.22
...
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502
0cf01c0
2018-06-06 00:40:09 -05:00
hwdsl2
f838fcfe12
Fix IP parsing
...
- Fix parsing private IP on some systems such as Ubuntu 18.04
2018-06-03 23:24:37 -05:00
hwdsl2
3c84f8e2ab
Update docs
...
- Add support for Ubuntu 18.04
2018-05-24 22:04:27 -05:00
hwdsl2
3452926759
Use xl2tpd 1.3.12
...
- Install xl2tpd 1.3.12 for CentOS 6 with Linux kernel 4.14/4.15
- This version fixes an xl2tpd issue under the above Linux kernels
- Remove Linux kernel check which is no longer needed
- Ref: 3f8e79b
(fix for Ubuntu/Debian)
2018-05-23 20:40:58 -05:00
hwdsl2
95bcadb2c2
Improve VPN ciphers
...
- Add back aes256-sha2_512 to phase2alg, required on some Android systems
- Fixes #391
2018-05-23 19:54:37 -05:00