- For IKEv2 mode, add a new variable VPN_CLIENT_VALIDITY for specifying
the client certificate validity period (in months). Must be an integer
between 1 and 120. Default value is 120. Users can define it as an
environment variable when setting up IKEv2 in auto mode, or when
adding a new IKEv2 client using "--addclient".
- Instead of finding the server's public IP, use the IP address
on the default route if it is not a private IP. This makes VPN
setup slightly faster by skipping IP detection.
- Add a fallback URL for finding the server's public IP.
- Cleanup
- Make the VPN setup scripts work on Kali Linux (based on Debian).
- Update IKEv2 helper script to check for OpenSSL 3 first when
exporting the .p12 file.
- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
keep the VPN connection open if the client's network is unstable.
- Add a workaround for Ubuntu 22.04 "password is incorrect" issue
when importing IKEv2 client config files into iOS and macOS devices.
- Ubuntu 22.04 uses OpenSSL 3, which has a default "openssl pkcs12"
encoding algorithm that is incompatible with iOS and macOS devices.
Ref: https://developer.apple.com/forums/thread/697030?answerId=701291022#701291022
- Create a client config README file under certain circumstances,
such as when setting up IKEv2 automatically and users might not
see the script's output.
- Display a note if no password is required when importing client
config files.
- Advanced users can now define VPN_PROTECT_CONFIG=yes when setting up
IKEv2, if they want to protect client config files with a password.
- Add an option to protect IKEv2 client config files using a password,
which users can select when customizing IKEv2 or client options
Ref: dbc3527
- Change the default action to 'continue' when confirming IKEv2 setup
options
- Other minor improvements
- Simplify IKEv2 configuration import: Remove passwords for IKEv2
client config files. When importing, it is no longer required to
enter a config file password.
- For macOS and iOS, .mobileconfig files require a password to work.
The password is now included so there is no need to manually enter.
- Note: Client config files should be securely transferred from
the VPN server to VPN client device(s) for import.
