1
0
mirror of synced 2024-11-27 07:16:05 +03:00
Commit Graph

664 Commits

Author SHA1 Message Date
hwdsl2
d711e2aee6 Improve network interfaces
- Try to auto detect server's default network interface
- Display a warning if the default interface is wlan*
2017-05-17 17:24:19 -05:00
hwdsl2
d437f7044d Update docs
- Add troubleshooting notes for Chromebook users
- Closes #147
2017-05-16 16:05:25 -05:00
hwdsl2
7aeae4c8b8 Update docs 2017-05-05 10:37:45 -05:00
hwdsl2
4c6aa6e3a1 Update docs 2017-05-02 16:55:54 -05:00
hwdsl2
db834c146f Update Azure template 2017-05-01 20:08:02 -05:00
hwdsl2
cf75c2bb86 Improve network interfaces
- Use eth0 instead of eth+ throughout for consistency
- Improve error messages when eth0 is unavailable
2017-04-30 17:16:33 -05:00
hwdsl2
cebf9f4361 Minor clean up 2017-04-12 10:38:57 -05:00
hwdsl2
f58afbc84b Update VPN ciphers
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
67474fddc9 Improve VPN variables
- Check VPN credentials for non-ASCII characters
- Ref: #130
2017-04-07 13:55:46 -05:00
hwdsl2
222acbf5ae New Libreswan version
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6d9eb9a2fa Improve OS detection
- Fix OS detection on Debian when lsb_release is not available
- Closes #123
2017-03-23 12:39:01 -05:00
hwdsl2
fec47196d6 Update docs 2017-03-19 22:10:49 -05:00
hwdsl2
6f1dc6db1c Remove fail2ban workaround
- The fail2ban bug on CentOS 7 has been fixed. Remove workaround.
- Ref: 320e17a, https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-03-06 11:03:33 -06:00
hwdsl2
347f3fdbfe Improve IPTables rules
- Improve blocking of unencrypted L2TP without IPsec
- Closes #116. Thanks @ryt51V!
2017-02-18 08:53:00 -06:00
hwdsl2
43d11fe35a Fix xl2tpd on CentOS 7 for Linode
- Fix xl2tpd on CentOS 7 for providers such as Linode,
  where kernel module "l2tp_ppp" is unavailable
- Closes: #114
2017-02-16 12:39:21 -06:00
hwdsl2
320e17a61d Workaround for fail2ban bug
- Temporary workaround for fail2ban bug on CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-02-16 12:14:13 -06:00
hwdsl2
08e08c6924 Improve customization
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6 Improve VPN IPs
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
f7961242e4 Update docs 2017-02-10 10:32:24 -06:00
hwdsl2
4a1c0e34c7 Update docs
- Add link to Justin's blog post (IPsec VPN server on Raspberry Pi 3)
- Closes #112
2017-02-07 23:40:39 -06:00
hwdsl2
e6b9208eeb Update docs 2017-02-07 21:12:31 -06:00
hwdsl2
e31c378b44 Improve upgrade scripts
- Better handling of updating ipsec.conf for Libreswan >= 3.19
- Other minor changes
2017-02-07 20:59:47 -06:00
hwdsl2
8c0940f63b Update docs
- Improve IKEv2 docs. The strongSwan Android VPN client requires
  an "IP address" in the VPN server certificate's subjectAltName field
  in addition to "DNS name", when connecting using the server's IP.
  The certutil commands have been updated to add this field.
- Other improvements to docs
2017-02-05 14:48:11 -06:00
hwdsl2
c8d8730fd0 Minor fix
[ci skip]
2017-01-26 17:42:13 -06:00
hwdsl2
758f0e1418 Fix IKEv2 docs
- Windows 8.x and 10 require the IKEv2 machine certificate to have
  "Client Auth" EKU in addition to "Server Auth". Otherwise it gives
  "Error 13806: IKE failed to find valid machine certificate..."
- The IKEv2 documentation has been updated to fix this issue
- Also, this Libreswan wiki page may need to be updated. @letoams
  https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
- Ref: #106. Thanks @evil-shrike!
2017-01-26 17:15:43 -06:00
hwdsl2
a156a1f5f3 Update docs
[ci skip]
2017-01-25 13:12:47 -06:00
hwdsl2
0c8f117fd9 Update docs
[ci skip]
2017-01-21 12:13:27 -06:00
hwdsl2
721f7bfaa0 Minor fix
- Improve sed command in VPN upgrade scripts
2017-01-20 11:25:12 -06:00
hwdsl2
63697214b4 Improve VPN ciphers
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b Bugfix
- Libreswan 3.19 removed MODP1024 from the ike= default list,
  which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101. Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
5cbadb643b Update docs
[ci skip]
2017-01-18 16:31:42 -06:00
hwdsl2
c8bfb7c741 Update docs
[ci skip]
2017-01-18 01:50:43 -06:00
hwdsl2
e767b462a5 Fix docs
- Further improve IKEv2 config for Windows 7/8/10
- Ref: 9455b19
2017-01-17 11:31:40 -06:00
hwdsl2
9455b19119 Fix docs
- Libreswan 3.19 requires configuration changes in ipsec.conf
  for IKEv2, so that Windows 7/8/10 clients can connect
2017-01-17 02:22:46 -06:00
hwdsl2
2727f1a1a0 Update year 2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70 Minor fix
- Use the "fixed strings" option in "grep" commands for "swan_ver",
  so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
3735530015 Update docs
[ci skip]
2017-01-16 17:27:08 -06:00
hwdsl2
2dbdee1287 Upgrade to Libreswan 3.19
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
  https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ad8295721d Minor clean up 2017-01-09 10:39:26 -06:00
hwdsl2
ba0fbb3860 Improve script outputs 2017-01-09 02:50:03 -06:00
hwdsl2
c23d5c972a Update docs
[ci skip]
2017-01-08 11:44:58 -06:00
hwdsl2
efeff51f3a Improve tests 2017-01-06 16:12:36 -06:00
hwdsl2
9500da3231 Bugfix
- Fix commit ca84aa7 to avoid a possible race condition
  when starting ipsec and xl2tpd services on boot
2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13 Improve services on boot 2017-01-04 02:21:09 -06:00
hwdsl2
e41cf78b53 Update docs
[ci skip]
2017-01-03 23:31:56 -06:00
hwdsl2
89d75f7243 Bugfix for Android 6 and 7
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
  on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2017-01-03 22:40:48 -06:00
hwdsl2
525f39d141 Fix tests 2017-01-02 09:17:59 -06:00
hwdsl2
9ea2b50dae Improve OS detection
- Check /etc/lsb-release if command "lsb_release" is missing
2017-01-02 09:16:01 -06:00
hwdsl2
3dbf3a9c09 Remove xl2tpd workaround
- Updated xl2tpd package is now available in EPEL
- This workaround is no longer needed
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
- Ref: 8cc1362
2016-12-31 16:36:04 -06:00
hwdsl2
e6ebdeaaf8 Update docs
[ci skip]
2016-12-30 16:24:47 -06:00