mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 21:16:02 +03:00
Code Issues Projects Releases Wiki Activity
553 Commits 1 Branch 0 Tags 20 MiB
5d8932e411
Commit Graph

68 Commits

Author SHA1 Message Date
hwdsl2
5d8932e411 Update IKEv2 docs 2020-07-12 14:42:04 -05:00
hwdsl2
71dc5bab01 Update IKEv2 docs 
- Connecting multiple IKEv2 clients from behind the same NAT
  requires setting the "local ID" field to match the client name.
  Ref: https://github.com/libreswan/libreswan/issues/237
 2020-07-06 22:42:45 -05:00
hwdsl2
93e89919ac Update IKEv2 docs 2020-07-04 01:35:10 -05:00
hwdsl2
50ac87c7b3 Update docs 2020-06-11 01:37:47 -05:00
hwdsl2
8ea8bbfa4e Update IKEv2 docs 
- Add instructions for add/revoke client certificates
 2020-06-06 23:09:58 -05:00
hwdsl2
f3a93e17fc Update IKEv2 docs 2020-06-05 00:44:33 -05:00
hwdsl2
99e87f5287 Update IKEv2 docs 2020-05-31 17:37:49 -05:00
hwdsl2
204904abf4 Update IKEv2 docs 2020-05-30 23:13:14 -05:00
hwdsl2
09c68fda01 Update docs 
- Add troubleshooting section for Android MTU/MSS issues
- Remove "Access VPN server's subnet". This seems to work fine using
  the default configuration, without additional IPTables rules
 2020-05-16 23:35:52 -05:00
hwdsl2
d44b09d577 Update docs 2020-05-11 23:23:38 -05:00
hwdsl2
ace41ebc29 Add IKEv2 script 
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
 2020-05-11 01:18:34 -05:00
hwdsl2
9e6b26b1b2 Update docs 2020-05-03 01:59:37 -05:00
hwdsl2
7076376aac Update IKEv2 docs 
- For users running Libreswan 3.31, the "Use RSA/PSS signatures" option
  needs to be enabled in the strongSwan Android VPN client.
- Ref: https://lists.libreswan.org/pipermail/swan/2020/003440.html
 2020-04-30 01:13:39 -05:00
hwdsl2
4b28ce5de9 Update IKEv2 docs 
- Update macOS and iOS IKEv2 instructions
 2019-11-10 19:32:29 -08:00
hwdsl2
0dfe0d3021 Update IKEv2 docs 
- Add new IKEv2 instructions for Android 10
  Ref: https://wiki.strongswan.org/issues/3196
- Change certificate validity period to 120 months
 2019-11-10 17:23:12 -08:00
hwdsl2
e61efe242e Update IKEv2 docs 
- Add a known issue (#543)
 2019-03-15 23:13:30 -05:00
hwdsl2
0679c66071 Update docs 2019-02-09 16:24:19 -06:00
hwdsl2
d153a90fc3 Update docs 
- Add a known issue to IKEv2 docs. Ref: #414
- Cleanup
 2019-02-05 00:24:32 -06:00
hwdsl2
ddaa0ee99c Improve DNS servers 
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
  only one or both alternative DNS servers
 2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e Improve VPN ciphers 
- Optimize order of VPN ciphers for performance
 2018-11-24 10:30:42 -06:00
hwdsl2
582f98d18c Update docs 2018-11-23 11:52:38 -06:00
hwdsl2
ed997dd190 Update docs 2018-11-16 13:05:29 -06:00
hwdsl2
4ee2814358 Update IKEv2 docs 2018-11-04 11:43:46 -06:00
hwdsl2
23458655ac Update IKEv2 docs 
- Add "pfs=no" to fix IKEv2 disconnect issues (at 8 mins) on iOS/macOS
- Replace "fragmentation" with "ike-frag" for compatibility
- Fixes #474
- Ref: https://github.com/libreswan/libreswan/issues/222
- Ref: http://www.openradar.appspot.com/29821241
 2018-11-04 00:59:01 -05:00
hwdsl2
f1c8c06af1 Improve VPN ciphers 
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
  improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
 2018-11-02 01:54:49 -05:00
hwdsl2
ce895e7116 Update IKEv2 docs 
- Change 'mobike' from 'yes' to 'no' by default, because it is not
  available on Ubuntu and can prevent the IKEv2 config from loading
 2018-11-02 01:30:11 -05:00
hwdsl2
e797493a17 Update IKEv2 docs 2018-10-30 00:00:08 -05:00
hwdsl2
732ad1e941 Improve VPN ciphers 
- Optimize VPN ciphers and their order for improved security and
  compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
 2018-10-27 00:53:19 -05:00
hwdsl2
2f9f5c39de Update IKEv2 docs 
- Add known issue about multiple IKEv2 clients from behind the same NAT
- Ref: #469
 2018-10-26 15:16:39 -05:00
hwdsl2
f05bf90dbc Update IKEv2 docs 
- Enable MOBIKE option for Libreswan 3.23 and newer
- Add AES-GCM cipher for improved performance
 2018-10-25 01:07:56 -05:00
hwdsl2
0442d25217 Update IKEv2 docs 2018-10-21 20:52:05 -05:00
hwdsl2
804211c101 Cleanup 2018-10-21 00:20:54 -05:00
hwdsl2
599eb1aa8a Update IKEv2 docs 
- Add IKEv2 instructions for OS X (macOS) clients
- Cleanup
 2018-10-16 20:29:07 -05:00
hwdsl2
9c529435cf Fix IKEv2 docs 
- Fixed an issue with address pool clashing by reverting to
  rightaddresspool=192.168.43.10-192.168.43.250
- Replaced "Example" with "IKEv2 VPN" for clarity
- Closes #465
 2018-10-14 23:53:06 -05:00
hwdsl2
26ef49b099 Update IKEv2 docs 
- Add instructions for iOS (iPhone/iPad). Thanks @zzuzjl for the
  suggestion!
- Change IKEv2 address pool to 192.168.43.150-192.168.43.250 to help
  avoid conflict with IPsec/XAuth
- Closes #453. Closes #461
- Cleanup
 2018-10-13 14:26:09 -05:00
hwdsl2
20f57975b3 Update docs 
- Add notes for the faster IPsec/XAuth and IKEv2 modes
- Cleanup
 2018-09-30 18:36:42 -05:00
hwdsl2
7d4ac79259 Update IKEv2 docs 
- Re-add Android instructions to IKEv2 docs because it is fixed in
  Libreswan 3.26
- Ref: 964b793 #307
- Cleanup
 2018-09-22 01:58:58 -05:00
hwdsl2
5d3f4eb7e6 Update docs 
- Update README and IKEv2 docs for Libreswan 3.26
 2018-09-21 23:56:16 -05:00
hwdsl2
7ce65083af Update IKEv2 docs 
- Skip the "random keystrokes" step when generating certificates
  (use /dev/urandom instead)
- Cleanup
 2018-09-06 00:22:31 -05:00
hwdsl2
89e105fcda Update docs 
- Closes #433
 2018-09-04 00:51:58 -05:00
hwdsl2
94ca6536c8 Update docs 
- Fix/Update links
- Add reg files for Windows Error 809 fix
- Move Linux client instructions
 2018-05-13 15:26:14 -05:00
hwdsl2
964b7934aa Update IKEv2 docs 
- Add rightid=%fromcert to ipsec.conf
- Remove strongSwan Android VPN client instructions due to issues (#307)
 2018-05-08 03:11:48 -05:00
hwdsl2
17ca2ee87f Update docs 2018-05-05 19:37:33 -05:00
hwdsl2
36208fa4ca Update docs 2018-02-17 10:05:34 -06:00
hwdsl2
43dbac6c3c Update docs 2018-02-11 00:37:00 -06:00
hwdsl2
bc0324f957 Improve IKEv2 docs 
- Make it clear how to use the VPN server's DNS name to connect
 2017-06-03 14:53:45 -05:00
hwdsl2
47a9015135 Improve VPN ciphers 
- Add 3des-sha2 to allowed VPN ciphers, and clean up
 2017-06-02 14:24:55 -05:00
hwdsl2
f58afbc84b Update VPN ciphers 
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
 2017-04-12 10:17:08 -05:00
hwdsl2
fec47196d6 Update docs 2017-03-19 22:10:49 -05:00
hwdsl2
03007079e6 Improve VPN IPs 
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
 2017-02-10 18:00:29 -06:00