1
0
mirror of synced 2024-11-24 22:06:07 +03:00
Commit Graph

379 Commits

Author SHA1 Message Date
hwdsl2
41142ee915 Remove CentOS 6
- CentOS 6 was EOL as of Nov. 30, 2020, and the default yum repos are
  no longer available for installing new packages
  Ref: https://wiki.centos.org/About/Product
2020-12-02 23:40:54 -06:00
hwdsl2
427e50a9ed Update upgrade scripts
- Set sha2-truncbug to "no" when upgrading. This is required for
  iOS 13/14 and macOS 10.15/11 VPN clients to connect.
- References: 3353888 #882
2020-11-27 11:16:12 -06:00
hwdsl2
cf1865a66e Improve RPi detection
- Add check for 64-bit versions of Raspberry Pi OS, e.g. Ubuntu 20.04
  on Raspberry Pi 4
- Ref: #852
2020-11-24 21:27:40 -06:00
hwdsl2
ccd072541b Update Debian check
- Add check for Debian 10. See: https://git.io/vpndebian10
- Remove Debian 7 check
2020-11-17 00:50:35 -06:00
hwdsl2
b57678b893 Update upgrade scripts
- Remove support for upgrading to old Libreswan versions 3.19-3.25
- Minor improvements
2020-11-15 11:47:14 -06:00
hwdsl2
ecd99a6bba Fix version detection
- Fix Libreswan version detection in upgrade scripts
2020-11-12 10:25:09 -06:00
hwdsl2
694679b59c Update upgrade scripts
- Replace the obsolete ike-frag option in ikev2.conf (if exists),
  which was removed in Libreswan 4.1.
2020-11-12 00:39:20 -06:00
hwdsl2
5a13026701 Apply Libreswan fix
- Fix detection for sysvinit initsystem:
  cfe4dabab4
2020-11-11 23:05:29 -06:00
hwdsl2
1dee0d4262 Update upgrade scripts
- Support upgrading to Libreswan 4.1
2020-11-11 01:10:27 -06:00
hwdsl2
afb8a7acce New Libreswan version
- Upgrade Libreswan from 3.32 to 4.1
2020-11-11 00:27:44 -06:00
hwdsl2
4fa17ce958 Fix for EPEL repo
- Remove workaround for EPEL repo issues (bff3fe5)
- "yum makecache" may have higher disk space requirements that could
  cause issues on systems with low free disk space
2020-09-30 22:49:49 -05:00
hwdsl2
5e090770c8 Update IKEv2 script
- Allow specifying custom DNS servers
- Add notes about the IKEv2 MOBIKE extension
- Cleanup
2020-07-12 17:14:30 -05:00
hwdsl2
bff3fe5a4b Fix for EPEL repo
- Add workaround for EPEL repo issues
2020-07-06 23:03:13 -05:00
hwdsl2
012c19fed1 Update IKEv2 script
- Allow specifying the validity period of client certificates
2020-07-02 11:48:35 -05:00
hwdsl2
cf2ed17ae6 Update IKEv2 script
- Improve error handling and move ikev2 config to the last step
2020-06-11 01:32:31 -05:00
hwdsl2
b7293e95da Cleanup 2020-06-05 11:00:23 -05:00
hwdsl2
333a63850e Update IKEv2 script
- Support adding IKEv2 VPN clients
- Users can specify name for the first VPN client
2020-06-05 00:29:15 -05:00
hwdsl2
e1e1b67afd Improve IKEv2 setup
- Use /etc/ipsec.d/ikev2.conf for IKEv2 configuration
- Allow running from inside a container, so that it can be used with:
  https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 23:09:32 -05:00
hwdsl2
5894ea2e1f Update IKEv2 script
- Allow running from inside a container, so that it can be used with:
  https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 17:35:27 -05:00
hwdsl2
5fe5f04835 Update upgrade scripts
- Ref: 71d67ae
2020-05-25 13:40:04 -05:00
hwdsl2
0a0607feb9 Update IKEv2 script
- Save client configuration to home folder
2020-05-17 18:09:40 -05:00
hwdsl2
b028661f6f Update IKEv2 script
- Raspberry Pi (Raspbian) kernels do not support MOBIKE
2020-05-16 22:11:01 -05:00
hwdsl2
f38e2ea4f2 Cleanup 2020-05-14 23:07:47 -05:00
hwdsl2
5bf8b86192 Update IKEv2 script
- Fix CentOS detection
- Set MOBIKE question default to 'yes'
2020-05-11 23:15:05 -05:00
hwdsl2
6a285499e3 Update upgrade scripts
- Support upgrading to Libreswan 3.32
- Update ikev2 setup helper script
2020-05-11 11:28:37 -05:00
hwdsl2
ace41ebc29 Add IKEv2 script
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
2020-05-11 01:18:34 -05:00
hwdsl2
f15db57ea5 Fix upgrade bug
- Fixed an issue where the upgrade script could break the IKEv2 section
  of /etc/ipsec.conf for users who manually added IKEv2
2020-04-30 00:12:56 -05:00
hwdsl2
dae0c03356 Improve output
- Inhibit warning messages from Libreswan compilation
2020-04-29 11:00:25 -05:00
hwdsl2
5983c79904 Fix IKEv2
- Apply fix for an IKEv2 regression in Libreswan
- Ref: https://github.com/libreswan/libreswan/commit/90f8a09
  https://github.com/libreswan/libreswan/issues/333
  https://github.com/libreswan/libreswan/issues/329
2020-04-26 16:27:00 -05:00
hwdsl2
dbb3c6b436 Improve RPi workaround
- Newer Raspbian kernels now support SHA512
2020-04-26 00:32:54 -05:00
hwdsl2
48d9b06bab Update upgrade scripts
- Support upgrading to Libreswan 3.31
2020-04-12 00:28:00 -05:00
hwdsl2
53a4bbb06a Add install note 2020-01-13 00:09:30 -08:00
hwdsl2
4360737eaf Improve OS detection 2020-01-13 00:07:39 -08:00
hwdsl2
99e194e683 Add CentOS 8
- Add support for CentOS/RHEL 8
2019-11-01 13:31:23 -07:00
hwdsl2
609f24257d New Libreswan version
- Upgrade Libreswan to 3.29
2019-06-10 21:05:51 -05:00
hwdsl2
6c0c006d24 Cleanup 2019-06-09 00:14:33 -05:00
hwdsl2
62d9b845d6 Cleanup 2019-06-03 22:02:14 -05:00
hwdsl2
1659d0336c Support Libreswan 3.28
- Support upgrading to new Libreswan version 3.28
- Patch applied for Debian 9/8. See:
  https://lists.libreswan.org/pipermail/swan/2019/003210.html
- Patch applied for CentOS 6. See:
  5db185497d
  and 4b93354f35
2019-06-02 21:08:43 -05:00
hwdsl2
d382350bde Improve VPN users
- Check VPN users for duplicates in the helper script
2019-01-13 11:51:47 -06:00
hwdsl2
6fb35e25cb Update year 2019-01-12 11:34:10 -06:00
hwdsl2
997cacdaeb Cleanup 2019-01-12 01:08:04 -06:00
hwdsl2
03e587d834 Cleanup 2018-12-19 00:14:31 -06:00
hwdsl2
ddaa0ee99c Improve DNS servers
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
  only one or both alternative DNS servers
2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e Improve VPN ciphers
- Optimize order of VPN ciphers for performance
2018-11-24 10:30:42 -06:00
hwdsl2
83b0663318 Add more helper scripts
- Create additional helper scripts for managing VPN users
- Update docs
- Closes: #355
2018-11-22 16:49:56 -06:00
hwdsl2
b979d1f15d Add helper script
- Create a helper script for updating VPN users
- Update docs
2018-11-22 02:46:28 -06:00
hwdsl2
f1c8c06af1 Improve VPN ciphers
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
  improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
2018-11-02 01:54:49 -05:00
hwdsl2
5f75a7306a Improve VPN ciphers
- Revert 'sha2-truncbug' from 'no' to 'yes' to fix compatibility with
  Android versions 6.x and 7.x.
- Remove aes128-sha2_512 algorithm
- Ref: 732ad1e
2018-10-28 00:33:42 -05:00
hwdsl2
732ad1e941 Improve VPN ciphers
- Optimize VPN ciphers and their order for improved security and
  compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
2018-10-27 00:53:19 -05:00
hwdsl2
9db710090d Improve VPN ciphers
- Add AES-GCM cipher for Chromebook compatibility and performance
2018-10-25 01:25:35 -05:00
hwdsl2
804211c101 Cleanup 2018-10-21 00:20:54 -05:00
hwdsl2
a04d2d32e8 New Libreswan version
- Upgrade Libreswan to 3.27
- Cleanup
2018-10-09 12:32:28 -05:00
hwdsl2
4f41fcba9a Improve upgrade config
- Replace all occurrences when updating /etc/ipsec.conf
- Prompt the user to edit manually if more than one modecfgdns1= or
  modecfgdns= line is present
2018-09-30 20:04:21 -05:00
hwdsl2
e22664f7a2 Improve upgrade config
- Try to automatically update modecfgdns lines in /etc/ipsec.conf
  in the Libreswan upgrade scripts
- Cleanup
2018-09-22 12:10:02 -05:00
hwdsl2
b803f32b71 New Libreswan version
- Upgrade to new Libreswan version 3.26
- Ref: https://github.com/libreswan/libreswan/issues/202
- Cleanup
2018-09-21 23:47:17 -05:00
hwdsl2
95c8a178e7 Improve variables
- Move SWAN_VER to the top of the scripts
- Add check for Libreswan version
- Cleanup
2018-09-18 00:57:03 -05:00
hwdsl2
329a5ecf50 Cleanup
- Improve display of Libreswan versions in upgrade scripts
- Clean up notes
2018-09-16 21:36:49 -05:00
hwdsl2
dfc5fce92c Improve version check
- Improve Libreswan version check in upgrade scripts, including
  checking for supported versions and showing upgrade/downgrade info
- Clean up notes
2018-09-16 01:05:29 -05:00
hwdsl2
b8088d3934 Improve EPEL repo
- Improve handling of the EPEL repository. Although uncommon, some systems
  can have epel-release installed but disabled in /etc/yum.repos.d/epel.repo
- Fixes #210
2018-07-04 20:07:32 -05:00
hwdsl2
145f29b477 Improve version check
- Add check for some Libreswan versions that are not available
- Include Libreswan 3.25 in multiple IPsec/XAuth clients warning
- Cleanup notes
2018-06-30 00:42:08 -05:00
hwdsl2
41ce696f08 Add new version
- Add support for upgrading to new Libreswan version 3.25
- "USE_GLIBC_KERN_FLIP_HEADERS = true" is required for compilation
- Fixes #412
2018-06-28 00:49:49 -05:00
hwdsl2
0c151515fe Improve upgrade scripts
- Add note for users downgrading to 3.22
- Add check for Libreswan 3.25 (not yet supported)
- Print Libreswan versions and improve message
- Cleanup
2018-06-28 00:03:42 -05:00
hwdsl2
59f817575c Create rundir
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
2018-06-10 16:08:12 -05:00
hwdsl2
1ff393b91c Use Libreswan 3.22
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
  multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502 0cf01c0
2018-06-06 00:40:09 -05:00
hwdsl2
95bcadb2c2 Improve VPN ciphers
- Add back aes256-sha2_512 to phase2alg, required on some Android systems
- Fixes #391
2018-05-23 19:54:37 -05:00
hwdsl2
8e15eb683c Cleanup 2018-05-23 01:39:53 -05:00
hwdsl2
73a97f2ba4 Cleanup 2018-05-10 21:18:58 -05:00
hwdsl2
102ccbc17d Clean up VPN ciphers
- Remove aes256-sha2_512
- Change sha2-truncbug to no for newer Android versions
- Fixes #303
2018-05-05 18:51:24 -05:00
hwdsl2
0c6cb4b8a9 Update year 2018-05-05 18:49:38 -05:00
hwdsl2
4c47137e7f Add modecfgdns note 2018-02-11 01:05:13 -06:00
hwdsl2
21228a8caf Improve RPi workarounds
- Improve workarounds for systems with ARM CPU (e.g. Raspberry Pi)
- Check for ARM architecture instead of checking for Raspbian
2018-02-03 16:55:54 -06:00
hwdsl2
3d2b6fc861 Remove RPi workaround 2018-01-29 02:06:08 -06:00
hwdsl2
c982502ad4 Upgrade Libreswan to 3.23
- Remove 'docker-targets.mk' from Makefile to avoid git errors
  during compilation
2018-01-29 01:22:24 -06:00
hwdsl2
cc64a29c01 Re-add RPi workaround
- Libreswan 3.22 may fail to compile on Raspberry Pi w/ Raspbian 9
- Use version 3.21 instead of 3.22 for Raspbian systems
- Ref: d472c65
2017-12-06 04:55:22 -06:00
hwdsl2
3f39255f84 Bug fix for RHEL 6/7
- Fix compatibility with Red Hat Enterprise Linux (RHEL) 6 and 7
- Ref: #273
2017-11-20 00:33:36 -06:00
hwdsl2
d472c65f8c Remove RPi workaround
- No longer needed with fix 2dfa587 and 8b40709
- Ref: 1488ac0
2017-11-13 00:19:21 -06:00
hwdsl2
8b40709d4d Improve VPN ciphers
- Remove unsupported ESP algorithm on Raspbian
2017-11-13 00:12:16 -06:00
hwdsl2
2dfa587a71 Fix Libreswan 3.22 bug
- This bug causes Libreswan 3.22 fail to start on a Raspberry Pi
- Apply fix from Libreswan GitHub repo: libreswan/libreswan@e154ae7
- Ref: https://lists.libreswan.org/pipermail/swan/2017/002338.html
2017-11-12 23:51:53 -06:00
hwdsl2
70c6d6b540 Various clean up 2017-11-01 01:01:49 -05:00
hwdsl2
16e437f58e Minor clean up
- Wrap the scripts in a big function which is only called at the very end,
  to protect against the possibility of connection interruptions
- Clean up some variables names
2017-10-29 19:53:35 -05:00
hwdsl2
1488ac0ce8 Workaround for Raspberry Pi
- Libreswan version 3.22 does not start on Raspberry Pi
- Install version 3.21 on these systems as a workaround
2017-10-27 00:14:38 -05:00
hwdsl2
ef90b6ff19 Upgrade Libreswan to 3.22 2017-10-26 01:48:15 -05:00
hwdsl2
9cd6cb50b7 Clean up packages
- Remove libunbound-dev / unbound-devel (these packages are not needed
  because we are not enabling DNSSEC)
  Ref: https://github.com/libreswan/libreswan/issues/117
2017-10-02 20:33:24 -05:00
hwdsl2
23c4a287d3 Use parallel make
- Speed up Libreswan compilation using parallel make ("-j" option)
2017-09-28 01:11:03 -05:00
hwdsl2
f46e18cffc Skip building manpages
- Skip building manpages for Libreswan
- No longer need/install "xmlto" package
- Reduce Libreswan compilation time by ~30%
2017-09-28 00:15:08 -05:00
hwdsl2
3f2b2cbc0b Remove Debian 7
- Remove support for Debian 7 (Wheezy)
- Libreswan 3.21 no longer compiles on Debian 7 or Ubuntu 12.04
- Fix tests by switching to Ubuntu 14.04
2017-08-20 11:50:46 -05:00
hwdsl2
caf9293b8a New Libreswan version 3.21 2017-08-20 10:52:28 -05:00
hwdsl2
47a9015135 Improve VPN ciphers
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
hwdsl2
8fb4bf7897 Minor clean up 2017-05-22 11:46:28 -05:00
hwdsl2
f58afbc84b Update VPN ciphers
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
222acbf5ae New Libreswan version
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6d9eb9a2fa Improve OS detection
- Fix OS detection on Debian when lsb_release is not available
- Closes #123
2017-03-23 12:39:01 -05:00
hwdsl2
e31c378b44 Improve upgrade scripts
- Better handling of updating ipsec.conf for Libreswan >= 3.19
- Other minor changes
2017-02-07 20:59:47 -06:00
hwdsl2
721f7bfaa0 Minor fix
- Improve sed command in VPN upgrade scripts
2017-01-20 11:25:12 -06:00
hwdsl2
63697214b4 Improve VPN ciphers
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b Bugfix
- Libreswan 3.19 removed MODP1024 from the ike= default list,
  which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101. Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0 Update year 2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70 Minor fix
- Use the "fixed strings" option in "grep" commands for "swan_ver",
  so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287 Upgrade to Libreswan 3.19
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
  https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ba0fbb3860 Improve script outputs 2017-01-09 02:50:03 -06:00
hwdsl2
9ea2b50dae Improve OS detection
- Check /etc/lsb-release if command "lsb_release" is missing
2017-01-02 09:16:01 -06:00
hwdsl2
61bd1254ed Minor clean up 2016-11-10 13:02:04 -06:00
hwdsl2
6e16712bc5 Minor clean up 2016-10-31 01:59:11 -05:00
hwdsl2
e3d830dfd4 Improve services on boot
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
2016-10-29 18:00:11 -05:00
hwdsl2
6f2818753a Minor improvements and clean up 2016-10-10 22:34:51 -05:00
hwdsl2
0c3b2851f5 Add support for Raspbian
[ci skip]
2016-08-11 15:14:52 -05:00
hwdsl2
335b4035b9 Minor clean up 2016-08-07 14:00:07 -05:00
hwdsl2
077b119274 New Libreswan version 3.18 2016-07-29 12:55:08 -05:00
hwdsl2
1ec957d3be Minor clean up 2016-07-20 13:10:58 -05:00
hwdsl2
004c68f6ad Improve readability and clean up 2016-07-12 22:43:41 -05:00
hwdsl2
7bece1681d Minor improvements and clean up 2016-07-03 21:28:27 -05:00
hwdsl2
9b541c6da3 Update docs
[ci skip]
2016-07-03 10:01:19 -05:00
hwdsl2
ac91fa9b79 Improve error output 2016-06-29 03:22:21 -05:00
hwdsl2
c28f9b0928 Prepare for new requirements
- New requirements in Libreswan 3.18 (not released yet)
- libsystemd-dev (Ubuntu/Debian) or systemd-devel (CentOS)
- Applies only to systemd-based Linux distributions
2016-06-28 17:49:18 -05:00
hwdsl2
de6f4a45ad Minor improvements and clean up 2016-06-21 03:54:47 -05:00
hwdsl2
e3bdaeba52 Improve error output and clean up
- Output all error messages to STDERR
- Minor improvements and clean up
2016-06-07 19:29:30 -05:00
hwdsl2
6aaf6240c1 Re-add support for 32-bit CentOS
Refer to commit: 1cc1e89
2016-06-06 12:04:52 -05:00
hwdsl2
6643a8cd87 Add fallback URL for Libreswan 2016-06-05 18:24:15 -05:00
hwdsl2
371b5c3e7f Minor improvements and clean up 2016-06-05 00:26:56 -05:00
hwdsl2
96d6f4b3e3 Improve Debian 7 workaround note 2016-06-02 11:09:17 -05:00
hwdsl2
1cc1e89963 Use Libevent2 from CentOS 6 repo
- Libevent2 is newly available in CentOS 6 as of May 12
- No longer need to install from download.libreswan.org
- Remove libevent-devel before install to avoid conflicts
- Thanks to Thomas C for reporting this issue
2016-05-26 18:16:24 -05:00
hwdsl2
9e300f3907 Use lowercase variable names 2016-05-21 05:34:19 -05:00
hwdsl2
8628301d28 Minor improvements and clean up 2016-05-21 03:59:08 -05:00
hwdsl2
b25e88c1b1 Minor improvements and clean up 2016-05-19 11:10:36 -05:00
hwdsl2
f38f8a7a36 Reduce output verbosity and clean up 2016-05-17 00:13:16 -05:00
hwdsl2
018309a328 Improve Debian 7 workaround 2016-05-11 17:18:18 -05:00
hwdsl2
81a731eb5d Set PATH to avoid issues on some systems
Reference: #19
2016-05-11 16:36:07 -05:00
hwdsl2
bbdca10ee7 Add Debian 7 workaround script 2016-05-10 23:50:04 -05:00
hwdsl2
51207bac76 Move upgrade scripts to extras 2016-05-10 23:47:44 -05:00