hwdsl2
41142ee915
Remove CentOS 6
...
- CentOS 6 was EOL as of Nov. 30, 2020, and the default yum repos are
no longer available for installing new packages
Ref: https://wiki.centos.org/About/Product
2020-12-02 23:40:54 -06:00
hwdsl2
427e50a9ed
Update upgrade scripts
...
- Set sha2-truncbug to "no" when upgrading. This is required for
iOS 13/14 and macOS 10.15/11 VPN clients to connect.
- References: 3353888
#882
2020-11-27 11:16:12 -06:00
hwdsl2
cf1865a66e
Improve RPi detection
...
- Add check for 64-bit versions of Raspberry Pi OS, e.g. Ubuntu 20.04
on Raspberry Pi 4
- Ref: #852
2020-11-24 21:27:40 -06:00
hwdsl2
ccd072541b
Update Debian check
...
- Add check for Debian 10. See: https://git.io/vpndebian10
- Remove Debian 7 check
2020-11-17 00:50:35 -06:00
hwdsl2
b57678b893
Update upgrade scripts
...
- Remove support for upgrading to old Libreswan versions 3.19-3.25
- Minor improvements
2020-11-15 11:47:14 -06:00
hwdsl2
ecd99a6bba
Fix version detection
...
- Fix Libreswan version detection in upgrade scripts
2020-11-12 10:25:09 -06:00
hwdsl2
694679b59c
Update upgrade scripts
...
- Replace the obsolete ike-frag option in ikev2.conf (if exists),
which was removed in Libreswan 4.1.
2020-11-12 00:39:20 -06:00
hwdsl2
5a13026701
Apply Libreswan fix
...
- Fix detection for sysvinit initsystem:
cfe4dabab4
2020-11-11 23:05:29 -06:00
hwdsl2
1dee0d4262
Update upgrade scripts
...
- Support upgrading to Libreswan 4.1
2020-11-11 01:10:27 -06:00
hwdsl2
afb8a7acce
New Libreswan version
...
- Upgrade Libreswan from 3.32 to 4.1
2020-11-11 00:27:44 -06:00
hwdsl2
4fa17ce958
Fix for EPEL repo
...
- Remove workaround for EPEL repo issues (bff3fe5
)
- "yum makecache" may have higher disk space requirements that could
cause issues on systems with low free disk space
2020-09-30 22:49:49 -05:00
hwdsl2
5e090770c8
Update IKEv2 script
...
- Allow specifying custom DNS servers
- Add notes about the IKEv2 MOBIKE extension
- Cleanup
2020-07-12 17:14:30 -05:00
hwdsl2
bff3fe5a4b
Fix for EPEL repo
...
- Add workaround for EPEL repo issues
2020-07-06 23:03:13 -05:00
hwdsl2
012c19fed1
Update IKEv2 script
...
- Allow specifying the validity period of client certificates
2020-07-02 11:48:35 -05:00
hwdsl2
cf2ed17ae6
Update IKEv2 script
...
- Improve error handling and move ikev2 config to the last step
2020-06-11 01:32:31 -05:00
hwdsl2
b7293e95da
Cleanup
2020-06-05 11:00:23 -05:00
hwdsl2
333a63850e
Update IKEv2 script
...
- Support adding IKEv2 VPN clients
- Users can specify name for the first VPN client
2020-06-05 00:29:15 -05:00
hwdsl2
e1e1b67afd
Improve IKEv2 setup
...
- Use /etc/ipsec.d/ikev2.conf for IKEv2 configuration
- Allow running from inside a container, so that it can be used with:
https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 23:09:32 -05:00
hwdsl2
5894ea2e1f
Update IKEv2 script
...
- Allow running from inside a container, so that it can be used with:
https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 17:35:27 -05:00
hwdsl2
5fe5f04835
Update upgrade scripts
...
- Ref: 71d67ae
2020-05-25 13:40:04 -05:00
hwdsl2
0a0607feb9
Update IKEv2 script
...
- Save client configuration to home folder
2020-05-17 18:09:40 -05:00
hwdsl2
b028661f6f
Update IKEv2 script
...
- Raspberry Pi (Raspbian) kernels do not support MOBIKE
2020-05-16 22:11:01 -05:00
hwdsl2
f38e2ea4f2
Cleanup
2020-05-14 23:07:47 -05:00
hwdsl2
5bf8b86192
Update IKEv2 script
...
- Fix CentOS detection
- Set MOBIKE question default to 'yes'
2020-05-11 23:15:05 -05:00
hwdsl2
6a285499e3
Update upgrade scripts
...
- Support upgrading to Libreswan 3.32
- Update ikev2 setup helper script
2020-05-11 11:28:37 -05:00
hwdsl2
ace41ebc29
Add IKEv2 script
...
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
2020-05-11 01:18:34 -05:00
hwdsl2
f15db57ea5
Fix upgrade bug
...
- Fixed an issue where the upgrade script could break the IKEv2 section
of /etc/ipsec.conf for users who manually added IKEv2
2020-04-30 00:12:56 -05:00
hwdsl2
dae0c03356
Improve output
...
- Inhibit warning messages from Libreswan compilation
2020-04-29 11:00:25 -05:00
hwdsl2
5983c79904
Fix IKEv2
...
- Apply fix for an IKEv2 regression in Libreswan
- Ref: https://github.com/libreswan/libreswan/commit/90f8a09
https://github.com/libreswan/libreswan/issues/333
https://github.com/libreswan/libreswan/issues/329
2020-04-26 16:27:00 -05:00
hwdsl2
dbb3c6b436
Improve RPi workaround
...
- Newer Raspbian kernels now support SHA512
2020-04-26 00:32:54 -05:00
hwdsl2
48d9b06bab
Update upgrade scripts
...
- Support upgrading to Libreswan 3.31
2020-04-12 00:28:00 -05:00
hwdsl2
53a4bbb06a
Add install note
2020-01-13 00:09:30 -08:00
hwdsl2
4360737eaf
Improve OS detection
2020-01-13 00:07:39 -08:00
hwdsl2
99e194e683
Add CentOS 8
...
- Add support for CentOS/RHEL 8
2019-11-01 13:31:23 -07:00
hwdsl2
609f24257d
New Libreswan version
...
- Upgrade Libreswan to 3.29
2019-06-10 21:05:51 -05:00
hwdsl2
6c0c006d24
Cleanup
2019-06-09 00:14:33 -05:00
hwdsl2
62d9b845d6
Cleanup
2019-06-03 22:02:14 -05:00
hwdsl2
1659d0336c
Support Libreswan 3.28
...
- Support upgrading to new Libreswan version 3.28
- Patch applied for Debian 9/8. See:
https://lists.libreswan.org/pipermail/swan/2019/003210.html
- Patch applied for CentOS 6. See:
5db185497d
and 4b93354f35
2019-06-02 21:08:43 -05:00
hwdsl2
d382350bde
Improve VPN users
...
- Check VPN users for duplicates in the helper script
2019-01-13 11:51:47 -06:00
hwdsl2
6fb35e25cb
Update year
2019-01-12 11:34:10 -06:00
hwdsl2
997cacdaeb
Cleanup
2019-01-12 01:08:04 -06:00
hwdsl2
03e587d834
Cleanup
2018-12-19 00:14:31 -06:00
hwdsl2
ddaa0ee99c
Improve DNS servers
...
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
only one or both alternative DNS servers
2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e
Improve VPN ciphers
...
- Optimize order of VPN ciphers for performance
2018-11-24 10:30:42 -06:00
hwdsl2
83b0663318
Add more helper scripts
...
- Create additional helper scripts for managing VPN users
- Update docs
- Closes : #355
2018-11-22 16:49:56 -06:00
hwdsl2
b979d1f15d
Add helper script
...
- Create a helper script for updating VPN users
- Update docs
2018-11-22 02:46:28 -06:00
hwdsl2
f1c8c06af1
Improve VPN ciphers
...
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
2018-11-02 01:54:49 -05:00
hwdsl2
5f75a7306a
Improve VPN ciphers
...
- Revert 'sha2-truncbug' from 'no' to 'yes' to fix compatibility with
Android versions 6.x and 7.x.
- Remove aes128-sha2_512 algorithm
- Ref: 732ad1e
2018-10-28 00:33:42 -05:00
hwdsl2
732ad1e941
Improve VPN ciphers
...
- Optimize VPN ciphers and their order for improved security and
compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
2018-10-27 00:53:19 -05:00
hwdsl2
9db710090d
Improve VPN ciphers
...
- Add AES-GCM cipher for Chromebook compatibility and performance
2018-10-25 01:25:35 -05:00
hwdsl2
804211c101
Cleanup
2018-10-21 00:20:54 -05:00
hwdsl2
a04d2d32e8
New Libreswan version
...
- Upgrade Libreswan to 3.27
- Cleanup
2018-10-09 12:32:28 -05:00
hwdsl2
4f41fcba9a
Improve upgrade config
...
- Replace all occurrences when updating /etc/ipsec.conf
- Prompt the user to edit manually if more than one modecfgdns1= or
modecfgdns= line is present
2018-09-30 20:04:21 -05:00
hwdsl2
e22664f7a2
Improve upgrade config
...
- Try to automatically update modecfgdns lines in /etc/ipsec.conf
in the Libreswan upgrade scripts
- Cleanup
2018-09-22 12:10:02 -05:00
hwdsl2
b803f32b71
New Libreswan version
...
- Upgrade to new Libreswan version 3.26
- Ref: https://github.com/libreswan/libreswan/issues/202
- Cleanup
2018-09-21 23:47:17 -05:00
hwdsl2
95c8a178e7
Improve variables
...
- Move SWAN_VER to the top of the scripts
- Add check for Libreswan version
- Cleanup
2018-09-18 00:57:03 -05:00
hwdsl2
329a5ecf50
Cleanup
...
- Improve display of Libreswan versions in upgrade scripts
- Clean up notes
2018-09-16 21:36:49 -05:00
hwdsl2
dfc5fce92c
Improve version check
...
- Improve Libreswan version check in upgrade scripts, including
checking for supported versions and showing upgrade/downgrade info
- Clean up notes
2018-09-16 01:05:29 -05:00
hwdsl2
b8088d3934
Improve EPEL repo
...
- Improve handling of the EPEL repository. Although uncommon, some systems
can have epel-release installed but disabled in /etc/yum.repos.d/epel.repo
- Fixes #210
2018-07-04 20:07:32 -05:00
hwdsl2
145f29b477
Improve version check
...
- Add check for some Libreswan versions that are not available
- Include Libreswan 3.25 in multiple IPsec/XAuth clients warning
- Cleanup notes
2018-06-30 00:42:08 -05:00
hwdsl2
41ce696f08
Add new version
...
- Add support for upgrading to new Libreswan version 3.25
- "USE_GLIBC_KERN_FLIP_HEADERS = true" is required for compilation
- Fixes #412
2018-06-28 00:49:49 -05:00
hwdsl2
0c151515fe
Improve upgrade scripts
...
- Add note for users downgrading to 3.22
- Add check for Libreswan 3.25 (not yet supported)
- Print Libreswan versions and improve message
- Cleanup
2018-06-28 00:03:42 -05:00
hwdsl2
59f817575c
Create rundir
...
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
2018-06-10 16:08:12 -05:00
hwdsl2
1ff393b91c
Use Libreswan 3.22
...
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502
0cf01c0
2018-06-06 00:40:09 -05:00
hwdsl2
95bcadb2c2
Improve VPN ciphers
...
- Add back aes256-sha2_512 to phase2alg, required on some Android systems
- Fixes #391
2018-05-23 19:54:37 -05:00
hwdsl2
8e15eb683c
Cleanup
2018-05-23 01:39:53 -05:00
hwdsl2
73a97f2ba4
Cleanup
2018-05-10 21:18:58 -05:00
hwdsl2
102ccbc17d
Clean up VPN ciphers
...
- Remove aes256-sha2_512
- Change sha2-truncbug to no for newer Android versions
- Fixes #303
2018-05-05 18:51:24 -05:00
hwdsl2
0c6cb4b8a9
Update year
2018-05-05 18:49:38 -05:00
hwdsl2
4c47137e7f
Add modecfgdns note
2018-02-11 01:05:13 -06:00
hwdsl2
21228a8caf
Improve RPi workarounds
...
- Improve workarounds for systems with ARM CPU (e.g. Raspberry Pi)
- Check for ARM architecture instead of checking for Raspbian
2018-02-03 16:55:54 -06:00
hwdsl2
3d2b6fc861
Remove RPi workaround
2018-01-29 02:06:08 -06:00
hwdsl2
c982502ad4
Upgrade Libreswan to 3.23
...
- Remove 'docker-targets.mk' from Makefile to avoid git errors
during compilation
2018-01-29 01:22:24 -06:00
hwdsl2
cc64a29c01
Re-add RPi workaround
...
- Libreswan 3.22 may fail to compile on Raspberry Pi w/ Raspbian 9
- Use version 3.21 instead of 3.22 for Raspbian systems
- Ref: d472c65
2017-12-06 04:55:22 -06:00
hwdsl2
3f39255f84
Bug fix for RHEL 6/7
...
- Fix compatibility with Red Hat Enterprise Linux (RHEL) 6 and 7
- Ref: #273
2017-11-20 00:33:36 -06:00
hwdsl2
d472c65f8c
Remove RPi workaround
...
- No longer needed with fix 2dfa587
and 8b40709
- Ref: 1488ac0
2017-11-13 00:19:21 -06:00
hwdsl2
8b40709d4d
Improve VPN ciphers
...
- Remove unsupported ESP algorithm on Raspbian
2017-11-13 00:12:16 -06:00
hwdsl2
2dfa587a71
Fix Libreswan 3.22 bug
...
- This bug causes Libreswan 3.22 fail to start on a Raspberry Pi
- Apply fix from Libreswan GitHub repo: libreswan/libreswan@e154ae7
- Ref: https://lists.libreswan.org/pipermail/swan/2017/002338.html
2017-11-12 23:51:53 -06:00
hwdsl2
70c6d6b540
Various clean up
2017-11-01 01:01:49 -05:00
hwdsl2
16e437f58e
Minor clean up
...
- Wrap the scripts in a big function which is only called at the very end,
to protect against the possibility of connection interruptions
- Clean up some variables names
2017-10-29 19:53:35 -05:00
hwdsl2
1488ac0ce8
Workaround for Raspberry Pi
...
- Libreswan version 3.22 does not start on Raspberry Pi
- Install version 3.21 on these systems as a workaround
2017-10-27 00:14:38 -05:00
hwdsl2
ef90b6ff19
Upgrade Libreswan to 3.22
2017-10-26 01:48:15 -05:00
hwdsl2
9cd6cb50b7
Clean up packages
...
- Remove libunbound-dev / unbound-devel (these packages are not needed
because we are not enabling DNSSEC)
Ref: https://github.com/libreswan/libreswan/issues/117
2017-10-02 20:33:24 -05:00
hwdsl2
23c4a287d3
Use parallel make
...
- Speed up Libreswan compilation using parallel make ("-j" option)
2017-09-28 01:11:03 -05:00
hwdsl2
f46e18cffc
Skip building manpages
...
- Skip building manpages for Libreswan
- No longer need/install "xmlto" package
- Reduce Libreswan compilation time by ~30%
2017-09-28 00:15:08 -05:00
hwdsl2
3f2b2cbc0b
Remove Debian 7
...
- Remove support for Debian 7 (Wheezy)
- Libreswan 3.21 no longer compiles on Debian 7 or Ubuntu 12.04
- Fix tests by switching to Ubuntu 14.04
2017-08-20 11:50:46 -05:00
hwdsl2
caf9293b8a
New Libreswan version 3.21
2017-08-20 10:52:28 -05:00
hwdsl2
47a9015135
Improve VPN ciphers
...
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
hwdsl2
8fb4bf7897
Minor clean up
2017-05-22 11:46:28 -05:00
hwdsl2
f58afbc84b
Update VPN ciphers
...
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
222acbf5ae
New Libreswan version
...
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6d9eb9a2fa
Improve OS detection
...
- Fix OS detection on Debian when lsb_release is not available
- Closes #123
2017-03-23 12:39:01 -05:00
hwdsl2
e31c378b44
Improve upgrade scripts
...
- Better handling of updating ipsec.conf for Libreswan >= 3.19
- Other minor changes
2017-02-07 20:59:47 -06:00
hwdsl2
721f7bfaa0
Minor fix
...
- Improve sed command in VPN upgrade scripts
2017-01-20 11:25:12 -06:00
hwdsl2
63697214b4
Improve VPN ciphers
...
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b
Bugfix
...
- Libreswan 3.19 removed MODP1024 from the ike= default list,
which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101 . Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0
Update year
2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70
Minor fix
...
- Use the "fixed strings" option in "grep" commands for "swan_ver",
so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287
Upgrade to Libreswan 3.19
...
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ba0fbb3860
Improve script outputs
2017-01-09 02:50:03 -06:00
hwdsl2
9ea2b50dae
Improve OS detection
...
- Check /etc/lsb-release if command "lsb_release" is missing
2017-01-02 09:16:01 -06:00
hwdsl2
61bd1254ed
Minor clean up
2016-11-10 13:02:04 -06:00
hwdsl2
6e16712bc5
Minor clean up
2016-10-31 01:59:11 -05:00
hwdsl2
e3d830dfd4
Improve services on boot
...
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
2016-10-29 18:00:11 -05:00
hwdsl2
6f2818753a
Minor improvements and clean up
2016-10-10 22:34:51 -05:00
hwdsl2
0c3b2851f5
Add support for Raspbian
...
[ci skip]
2016-08-11 15:14:52 -05:00
hwdsl2
335b4035b9
Minor clean up
2016-08-07 14:00:07 -05:00
hwdsl2
077b119274
New Libreswan version 3.18
2016-07-29 12:55:08 -05:00
hwdsl2
1ec957d3be
Minor clean up
2016-07-20 13:10:58 -05:00
hwdsl2
004c68f6ad
Improve readability and clean up
2016-07-12 22:43:41 -05:00
hwdsl2
7bece1681d
Minor improvements and clean up
2016-07-03 21:28:27 -05:00
hwdsl2
9b541c6da3
Update docs
...
[ci skip]
2016-07-03 10:01:19 -05:00
hwdsl2
ac91fa9b79
Improve error output
2016-06-29 03:22:21 -05:00
hwdsl2
c28f9b0928
Prepare for new requirements
...
- New requirements in Libreswan 3.18 (not released yet)
- libsystemd-dev (Ubuntu/Debian) or systemd-devel (CentOS)
- Applies only to systemd-based Linux distributions
2016-06-28 17:49:18 -05:00
hwdsl2
de6f4a45ad
Minor improvements and clean up
2016-06-21 03:54:47 -05:00
hwdsl2
e3bdaeba52
Improve error output and clean up
...
- Output all error messages to STDERR
- Minor improvements and clean up
2016-06-07 19:29:30 -05:00
hwdsl2
6aaf6240c1
Re-add support for 32-bit CentOS
...
Refer to commit: 1cc1e89
2016-06-06 12:04:52 -05:00
hwdsl2
6643a8cd87
Add fallback URL for Libreswan
2016-06-05 18:24:15 -05:00
hwdsl2
371b5c3e7f
Minor improvements and clean up
2016-06-05 00:26:56 -05:00
hwdsl2
96d6f4b3e3
Improve Debian 7 workaround note
2016-06-02 11:09:17 -05:00
hwdsl2
1cc1e89963
Use Libevent2 from CentOS 6 repo
...
- Libevent2 is newly available in CentOS 6 as of May 12
- No longer need to install from download.libreswan.org
- Remove libevent-devel before install to avoid conflicts
- Thanks to Thomas C for reporting this issue
2016-05-26 18:16:24 -05:00
hwdsl2
9e300f3907
Use lowercase variable names
2016-05-21 05:34:19 -05:00
hwdsl2
8628301d28
Minor improvements and clean up
2016-05-21 03:59:08 -05:00
hwdsl2
b25e88c1b1
Minor improvements and clean up
2016-05-19 11:10:36 -05:00
hwdsl2
f38f8a7a36
Reduce output verbosity and clean up
2016-05-17 00:13:16 -05:00
hwdsl2
018309a328
Improve Debian 7 workaround
2016-05-11 17:18:18 -05:00
hwdsl2
81a731eb5d
Set PATH to avoid issues on some systems
...
Reference: #19
2016-05-11 16:36:07 -05:00
hwdsl2
bbdca10ee7
Add Debian 7 workaround script
2016-05-10 23:50:04 -05:00
hwdsl2
51207bac76
Move upgrade scripts to extras
2016-05-10 23:47:44 -05:00