mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 21:16:02 +03:00
Code Issues Projects Releases Wiki Activity
815 Commits 1 Branch 0 Tags 20 MiB
742161124c
Commit Graph

815 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
hwdsl2
7e20055671 Update docs 2021-01-24 15:55:26 -06:00
hwdsl2
7e3a38ca54 Update IKEv2 script 
- New: Users can now specify '--listclients' to list the names of
  existing IKEv2 clients
- Other minor improvements
 2021-01-24 15:54:44 -06:00
hwdsl2
625ddd3d32 Update IKEv2 script 
- New: Users can now specify '--addclient [client name]' or
  '--exportclient [client name]' command-line arguments to automatically
  add or export an IKEv2 client using default options.
- Show script usage when '-h' or '--help' is specified.
- Other minor improvements
 2021-01-24 13:53:55 -06:00
hwdsl2
83d7309147 Cleanup 2021-01-23 18:20:49 -06:00
hwdsl2
d67c546000 Update tests 2021-01-23 16:09:43 -06:00
hwdsl2
2864473576 Update docs 2021-01-23 16:05:51 -06:00
hwdsl2
f0c1f3bcb1 Update IKEv2 script 
- New: Create .sswan files to simplify Android IKEv2 client setup and
  improve VPN performance
- Cleanup
 2021-01-23 16:02:59 -06:00
hwdsl2
3611ed5981 Update IKEv2 script 
- Minor fix: Set permission for the generated .mobileconfig file to 600,
  same as the exported .p12 file.
 2021-01-23 00:20:09 -06:00
hwdsl2
2b6586cf1b Increase IKE lifetime 
- Set both "ikelifetime" and "salifetime" to 24 hours, which is
  recommended since we have "rekey=no" on the server. VPN clients will
  normally initiate rekey with a shorter interval.
  Ref: https://github.com/libreswan/libreswan/issues/405#issuecomment-765109809
       https://libreswan.org/man/ipsec.conf.5.html
 2021-01-21 23:24:41 -06:00
hwdsl2
1c975c8410 Update docs 2021-01-21 23:11:20 -06:00
hwdsl2
47b5cd01c1 Update IKEv2 script 
- For the Ubuntu 18.04 NSS bug fix, use mirrors.kernel.org, which
  is an Ubuntu mirror that supports HTTPS, instead of HTTP-only
  security.ubuntu.com
- Minor fix: When uninstalling IKEv2, delete keys in addition to
  certificates from the IPsec database
 2021-01-21 23:07:24 -06:00
hwdsl2
0199df0369 Update IKEv2 docs 2021-01-21 01:39:15 -06:00
hwdsl2
5e1b3e1ae9 Update IKEv2 script 
- Apply fix for NSS bug on Ubuntu 18.04. Ubuntu 18.04 has NSS (libnss3)
  version 3.35, which has a bug with iteration counts that results in
  "incorrect password" errors when trying to import a generated ".p12"
  file to Windows. To fix this, we install newer versions of libnss3
  related packages from the official Ubuntu repo.
  Ref: #414
  https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes
  https://packages.ubuntu.com/focal/amd64/libnss3
- Other minor improvements
 2021-01-21 00:24:07 -06:00
hwdsl2
7d9f2c6603 Fix IKEv2 
- Fix an issue with IKEv2 disconnecting after one hour due to IKE SA
  expiration, by setting ikelifetime and salifetime to 24h.
  Ref: #913 #844 https://libreswan.org/man/ipsec.conf.5.html
 2021-01-20 01:39:07 -06:00
hwdsl2
27dc3d25f2 Update docs 2021-01-19 01:42:29 -06:00
hwdsl2
f5abf8493c Update tests 2021-01-19 01:42:13 -06:00
hwdsl2
9bf2b630ca Update IKEv2 script 
- Add option to remove IKEv2
 2021-01-19 01:05:06 -06:00
hwdsl2
bac2c9cf4c Update docs 2021-01-18 22:49:55 -06:00
hwdsl2
888175bca5 Update tests 2021-01-18 22:01:39 -06:00
hwdsl2
819ff8a2b3 Update IKEv2 script 
- New feature: Export configuration for an existing IKEv2 client
- If IKEv2 has already been set up, users can now choose from a menu to
  either add a new client or export configuration for an existing client
 2021-01-18 21:57:09 -06:00
hwdsl2
215c9030ba Update docs 2021-01-18 11:03:39 -06:00
hwdsl2
a3dae331b8 Update docs 2021-01-18 00:02:04 -06:00
hwdsl2
ef93a9867b Update IKEv2 script 
- New feature: The IKEv2 helper script can now be run in "auto mode",
  which sets up IKEv2 using default options, no user input needed.
  To use this mode, add command-line parameter "--auto"
- Refactor entire script to remove duplicate code, improve structure
  and make it easier to read and maintain
- Add check for Libreswan version
- Update tests
 2021-01-18 00:01:46 -06:00
hwdsl2
b17ec88a0d Update IKEv2 script 
- Add the option for users to specify their own password to protect the
  exported VPN client configuration files
- Update tests
 2021-01-15 23:26:25 -06:00
hwdsl2
927e0ca7e3 Update docs 
- Update IKEv2 docs for .mobileconfig support
 2021-01-14 23:58:20 -06:00
hwdsl2
75acaa1ee4 Update tests 2021-01-14 23:22:31 -06:00
hwdsl2
b004aaaf7c Support .mobileconfig for IKEv2 
- New feature: For macOS and iOS clients, the IKEv2 helper script
  can now create .mobileconfig files to simplify client setup
  and improve VPN performance with ciphers such as AES-GCM.
- New feature: VPN On Demand is now supported on macOS and iOS.
  See https://git.io/ikev2 for more details.
- The script no longer exports the IKEv2 VPN CA certificate, since
  .mobileconfig support has been added.
- A random password is now generated for the .p12 and .mobileconfig
  files, and displayed on the screen when finished. User input is
  no longer required for this password.
 2021-01-14 23:21:52 -06:00
hwdsl2
91b7e53004 Update IKEv2 script 
- Improve check for MOBIKE support
 2021-01-13 09:58:17 -06:00
hwdsl2
c0a212bfc8 Update IKEv2 script 
- Improve OS detection and Libreswan version handling
- Cleanup
 2021-01-10 18:28:52 -06:00
hwdsl2
bdfd0be345 Update AWS docs 
- Add a note on cleaning up the key pair(s)
 2021-01-09 14:43:37 -06:00
hwdsl2
2b80fb4ad8 Update AWS template 
- Add a prefix to the key pair name
 2021-01-09 14:25:13 -06:00
hwdsl2
6c55c19b44 Update docs 
- Update Linux VPN client command-line instructions
 2021-01-08 01:29:05 -06:00
haleyrom
5d9929c8c7
Update Ubuntu VPN client instructions (#615) 
- Update instructions for configuring Ubuntu (and Deepin) VPN clients
- Fixes #906
 2021-01-08 00:54:30 -06:00
hwdsl2
3b90d2d394 Cleanup 2021-01-07 12:02:44 -06:00
hwdsl2
0a8470da38 Update docs 
- Update Linux VPN client instructions. Ref: #876
 2021-01-05 23:53:07 -06:00
hwdsl2
346e862ebb Update docs 
- Closes #905
 2021-01-05 09:59:31 -06:00
hwdsl2
fdd220b7a3 Update docs 2021-01-03 15:20:27 -06:00
hwdsl2
a5a1f4adb1 Cleanup 2021-01-03 14:05:13 -06:00
hwdsl2
dabf765978 Update year 2021-01-03 00:35:24 -06:00
hwdsl2
0119de50ad Update tests 2021-01-02 23:44:12 -06:00
hwdsl2
40b8561962 Update AWS docs 2021-01-02 14:29:12 -06:00
hwdsl2
de7a529c6c Cleanup 
- Remove Debian 8 from VPN upgrade script, which is EOL on 06/30/2020
- Include OS arch when checking Libreswan version
- Other minor improvements
 2021-01-02 14:25:50 -06:00
hwdsl2
753bf5a387 Update AWS template 
- Minor cleanup
 2021-01-02 11:43:19 -06:00
S. X. Liang
f205ecd6f8
Add CentOS 7/8 and Amazon Linux 2 support to Cloudformation template (#901) 
Add CentOS 7/8 and Amazon Linux 2 support to Cloudformation template.
See #901 for details.

Co-authored-by: Scottpedia
 2021-01-02 11:40:04 -06:00
hwdsl2
5f1ca68350 Update docs 2020-12-31 23:10:10 -06:00
hwdsl2
b3ad82fd48 Cleanup 2020-12-31 23:09:58 -06:00
hwdsl2
cac5191155 Add version check 
- Check for latest supported Libreswan version, and remind users who use
  a non-latest version of the VPN scripts that they can upgrade
- Other minor improvements
 2020-12-31 18:24:41 -06:00
hwdsl2
313502293f Update IKEv2 script 
- Add check for existing certificates for the VPN server and client
- Other minor improvements
 2020-12-30 22:53:19 -06:00
hwdsl2
88764568d2 Update docs 2020-12-29 16:36:44 -06:00
hwdsl2
8c859e7c43 Update tests 
- Add tests for Amazon Linux 2
- Other minor improvements
 2020-12-28 00:45:59 -06:00