1
0
mirror of synced 2024-11-22 21:16:02 +03:00
Commit Graph

94 Commits

Author SHA1 Message Date
hwdsl2
b3ad82fd48 Cleanup 2020-12-31 23:09:58 -06:00
hwdsl2
cac5191155 Add version check
- Check for latest supported Libreswan version, and remind users who use
  a non-latest version of the VPN scripts that they can upgrade
- Other minor improvements
2020-12-31 18:24:41 -06:00
hwdsl2
3b1403668d Update upgrade scripts
- Clean up Libreswan build flags for CentOS
- Minor improvements
2020-12-14 23:12:15 -06:00
hwdsl2
f9d84216d6 Fix Libreswan flags
- Fix Libreswan flags on e.g. Raspbian 10
2020-12-14 14:17:54 -06:00
hwdsl2
027c70edb0 Update Debian check
- Update upgrade scripts to work on Debian 8 for now. Debian 8 (Jessie)
  is EOL and users should upgrade to a newer Debian version.
2020-12-07 10:28:28 -06:00
hwdsl2
8a3f22ba65 Update Debian check
- Add check for Debian 8 (not supported)
2020-12-04 23:39:35 -06:00
hwdsl2
00f9d2ba86 Clean up build flags
- Clean up build flags for Libreswan. In Libreswan 4.1, these flags are
  now set automatically based on Ubuntu/Debian versions, and no longer
  needed for CentOS/RHEL 7 and 8.
- Ref: https://github.com/libreswan/libreswan/blob/main/mk/defaults/linux.mk
       https://github.com/libreswan/libreswan/commit/c01ffcc1
2020-12-04 23:36:53 -06:00
hwdsl2
427e50a9ed Update upgrade scripts
- Set sha2-truncbug to "no" when upgrading. This is required for
  iOS 13/14 and macOS 10.15/11 VPN clients to connect.
- References: 3353888 #882
2020-11-27 11:16:12 -06:00
hwdsl2
ccd072541b Update Debian check
- Add check for Debian 10. See: https://git.io/vpndebian10
- Remove Debian 7 check
2020-11-17 00:50:35 -06:00
hwdsl2
b57678b893 Update upgrade scripts
- Remove support for upgrading to old Libreswan versions 3.19-3.25
- Minor improvements
2020-11-15 11:47:14 -06:00
hwdsl2
ecd99a6bba Fix version detection
- Fix Libreswan version detection in upgrade scripts
2020-11-12 10:25:09 -06:00
hwdsl2
694679b59c Update upgrade scripts
- Replace the obsolete ike-frag option in ikev2.conf (if exists),
  which was removed in Libreswan 4.1.
2020-11-12 00:39:20 -06:00
hwdsl2
5a13026701 Apply Libreswan fix
- Fix detection for sysvinit initsystem:
  cfe4dabab4
2020-11-11 23:05:29 -06:00
hwdsl2
1dee0d4262 Update upgrade scripts
- Support upgrading to Libreswan 4.1
2020-11-11 01:10:27 -06:00
hwdsl2
5fe5f04835 Update upgrade scripts
- Ref: 71d67ae
2020-05-25 13:40:04 -05:00
hwdsl2
f38e2ea4f2 Cleanup 2020-05-14 23:07:47 -05:00
hwdsl2
6a285499e3 Update upgrade scripts
- Support upgrading to Libreswan 3.32
- Update ikev2 setup helper script
2020-05-11 11:28:37 -05:00
hwdsl2
f15db57ea5 Fix upgrade bug
- Fixed an issue where the upgrade script could break the IKEv2 section
  of /etc/ipsec.conf for users who manually added IKEv2
2020-04-30 00:12:56 -05:00
hwdsl2
dae0c03356 Improve output
- Inhibit warning messages from Libreswan compilation
2020-04-29 11:00:25 -05:00
hwdsl2
5983c79904 Fix IKEv2
- Apply fix for an IKEv2 regression in Libreswan
- Ref: https://github.com/libreswan/libreswan/commit/90f8a09
  https://github.com/libreswan/libreswan/issues/333
  https://github.com/libreswan/libreswan/issues/329
2020-04-26 16:27:00 -05:00
hwdsl2
dbb3c6b436 Improve RPi workaround
- Newer Raspbian kernels now support SHA512
2020-04-26 00:32:54 -05:00
hwdsl2
48d9b06bab Update upgrade scripts
- Support upgrading to Libreswan 3.31
2020-04-12 00:28:00 -05:00
hwdsl2
53a4bbb06a Add install note 2020-01-13 00:09:30 -08:00
hwdsl2
4360737eaf Improve OS detection 2020-01-13 00:07:39 -08:00
hwdsl2
609f24257d New Libreswan version
- Upgrade Libreswan to 3.29
2019-06-10 21:05:51 -05:00
hwdsl2
6c0c006d24 Cleanup 2019-06-09 00:14:33 -05:00
hwdsl2
62d9b845d6 Cleanup 2019-06-03 22:02:14 -05:00
hwdsl2
1659d0336c Support Libreswan 3.28
- Support upgrading to new Libreswan version 3.28
- Patch applied for Debian 9/8. See:
  https://lists.libreswan.org/pipermail/swan/2019/003210.html
- Patch applied for CentOS 6. See:
  5db185497d
  and 4b93354f35
2019-06-02 21:08:43 -05:00
hwdsl2
6fb35e25cb Update year 2019-01-12 11:34:10 -06:00
hwdsl2
997cacdaeb Cleanup 2019-01-12 01:08:04 -06:00
hwdsl2
03e587d834 Cleanup 2018-12-19 00:14:31 -06:00
hwdsl2
ddaa0ee99c Improve DNS servers
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
  only one or both alternative DNS servers
2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e Improve VPN ciphers
- Optimize order of VPN ciphers for performance
2018-11-24 10:30:42 -06:00
hwdsl2
f1c8c06af1 Improve VPN ciphers
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
  improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
2018-11-02 01:54:49 -05:00
hwdsl2
5f75a7306a Improve VPN ciphers
- Revert 'sha2-truncbug' from 'no' to 'yes' to fix compatibility with
  Android versions 6.x and 7.x.
- Remove aes128-sha2_512 algorithm
- Ref: 732ad1e
2018-10-28 00:33:42 -05:00
hwdsl2
732ad1e941 Improve VPN ciphers
- Optimize VPN ciphers and their order for improved security and
  compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
2018-10-27 00:53:19 -05:00
hwdsl2
9db710090d Improve VPN ciphers
- Add AES-GCM cipher for Chromebook compatibility and performance
2018-10-25 01:25:35 -05:00
hwdsl2
804211c101 Cleanup 2018-10-21 00:20:54 -05:00
hwdsl2
a04d2d32e8 New Libreswan version
- Upgrade Libreswan to 3.27
- Cleanup
2018-10-09 12:32:28 -05:00
hwdsl2
4f41fcba9a Improve upgrade config
- Replace all occurrences when updating /etc/ipsec.conf
- Prompt the user to edit manually if more than one modecfgdns1= or
  modecfgdns= line is present
2018-09-30 20:04:21 -05:00
hwdsl2
e22664f7a2 Improve upgrade config
- Try to automatically update modecfgdns lines in /etc/ipsec.conf
  in the Libreswan upgrade scripts
- Cleanup
2018-09-22 12:10:02 -05:00
hwdsl2
b803f32b71 New Libreswan version
- Upgrade to new Libreswan version 3.26
- Ref: https://github.com/libreswan/libreswan/issues/202
- Cleanup
2018-09-21 23:47:17 -05:00
hwdsl2
95c8a178e7 Improve variables
- Move SWAN_VER to the top of the scripts
- Add check for Libreswan version
- Cleanup
2018-09-18 00:57:03 -05:00
hwdsl2
329a5ecf50 Cleanup
- Improve display of Libreswan versions in upgrade scripts
- Clean up notes
2018-09-16 21:36:49 -05:00
hwdsl2
dfc5fce92c Improve version check
- Improve Libreswan version check in upgrade scripts, including
  checking for supported versions and showing upgrade/downgrade info
- Clean up notes
2018-09-16 01:05:29 -05:00
hwdsl2
145f29b477 Improve version check
- Add check for some Libreswan versions that are not available
- Include Libreswan 3.25 in multiple IPsec/XAuth clients warning
- Cleanup notes
2018-06-30 00:42:08 -05:00
hwdsl2
41ce696f08 Add new version
- Add support for upgrading to new Libreswan version 3.25
- "USE_GLIBC_KERN_FLIP_HEADERS = true" is required for compilation
- Fixes #412
2018-06-28 00:49:49 -05:00
hwdsl2
0c151515fe Improve upgrade scripts
- Add note for users downgrading to 3.22
- Add check for Libreswan 3.25 (not yet supported)
- Print Libreswan versions and improve message
- Cleanup
2018-06-28 00:03:42 -05:00
hwdsl2
59f817575c Create rundir
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
2018-06-10 16:08:12 -05:00
hwdsl2
1ff393b91c Use Libreswan 3.22
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
  multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502 0cf01c0
2018-06-06 00:40:09 -05:00