hwdsl2
194d188313
Update docs
2022-10-14 00:36:09 -05:00
hwdsl2
e12ffa2222
Update docs
2022-10-10 08:54:52 -05:00
hwdsl2
ed359619bb
Cleanup
2022-10-10 00:29:25 -05:00
hwdsl2
bd291e91a1
Cleanup
2022-10-07 00:19:00 -05:00
hwdsl2
3bf17a75db
Improve interface check
...
- Install iproute (for the "ip" command) in the unlikely cases that
both "route" and "ip" commands are unavailable.
2022-10-04 22:52:37 -05:00
hwdsl2
6e596825e2
Improve VPN ciphers
...
- Improve security by removing support for modp1536 (DH group 5),
which is less secure and rarely used by VPN clients. To do this,
we specify modp2048 on the "ike=" line in ipsec.conf.
2022-09-30 01:11:18 -05:00
hwdsl2
4b15a5d2f9
Update docs
2022-09-30 01:04:50 -05:00
hwdsl2
025387df91
Improve VPN ciphers
...
- Improve security by removing support for modp1024 (DH group 2),
which is less secure and no longer enabled in Libreswan by default.
- The native VPN client on Android devices uses modp1024 for the
IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. After this change,
Android users should instead connect using IKEv2 mode (recommended).
2022-09-29 22:52:40 -05:00
hwdsl2
8ae26b832f
Update docs
2022-09-25 14:33:51 -05:00
hwdsl2
c87dfdb0d8
Improve VPN setup
...
- When uninstalling the VPN, remove the two TCP BBR related lines
from /etc/sysctl.conf, if they were added during VPN setup.
2022-09-25 10:43:15 -05:00
hwdsl2
28a7b595ec
Update docs
2022-09-24 18:56:38 -05:00
hwdsl2
cc99e18123
Cleanup
2022-09-24 18:56:27 -05:00
hwdsl2
32faed40d5
Improve IP check
...
- Instead of finding the server's public IP, use the IP address
on the default route if it is not a private IP. This makes VPN
setup slightly faster by skipping IP detection.
- Add a fallback URL for finding the server's public IP.
- Cleanup
2022-09-24 00:58:16 -05:00
hwdsl2
6ba4618351
Update docs
2022-09-23 00:34:42 -05:00
hwdsl2
7827f75785
Update docs
2022-09-17 00:02:11 -05:00
hwdsl2
f248738154
Update docs
2022-09-16 01:48:56 -05:00
hwdsl2
310161044c
Update docs
2022-09-15 19:41:36 -05:00
hwdsl2
9e3135745b
Update tests
2022-09-11 10:04:46 -05:00
hwdsl2
608fca101c
Update docs
2022-09-11 00:54:45 -05:00
hwdsl2
8912e6ec8e
Update IKEv2 script
...
- Cleanup
2022-09-11 00:17:26 -05:00
hwdsl2
1edac55430
Update tests
2022-09-10 09:53:40 -05:00
hwdsl2
4202a88804
Update docs
2022-09-09 23:53:53 -05:00
hwdsl2
c5df950ea2
Improve VPN setup
...
- Continue VPN setup (instead of exiting) if fail2ban fails to install.
2022-09-09 23:53:13 -05:00
hwdsl2
098a6b4e5d
Update IKEv2 script
...
- When revoking or deleting an existing client, remove previously
generated client config files for the client.
- Cleanup
2022-09-09 23:03:07 -05:00
hwdsl2
949790a5d9
Update docs
2022-09-08 09:06:16 -05:00
hwdsl2
db54638f5e
Check kernel version
...
- Only enable TCP BBR congestion control if the server's Linux kernel
version is 4.20 or newer.
- BBR requires the "fq" qdisc for older kernels < 4.20. That setting
may not take effect on existing network interfaces without a reboot.
- References:
https://github.com/google/bbr/blob/master/Documentation/bbr-quick-start.md
0bb9d90
2022-09-08 00:29:18 -05:00
hwdsl2
6a525c6c10
Optimize TCP buffers
...
- Improve VPN performance by tuning TCP buffer sizes.
2022-09-07 23:29:10 -05:00
hwdsl2
0bb9d90668
Enable TCP BBR
...
- Improve VPN performance by enabling the TCP BBR congestion control
algorithm on supported systems (e.g. Ubuntu 18.04+, Debian 10+,
CentOS 8+) during VPN setup.
References:
https://cloud.google.com/blog/products/networking/tcp-bbr-congestion-control-comes-to-gcp-your-internet-just-got-faster
https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/bbr.md
2022-09-07 02:32:12 -05:00
hwdsl2
b4770c4507
Update docs
2022-08-29 20:57:20 -05:00
hwdsl2
05d1e62f14
Update docs
2022-08-28 22:55:20 -05:00
hwdsl2
2d4cf2cb8f
Update docs
...
- Update instructions for customizing IKEv2 options during VPN setup.
- Ref: 56078b0
2022-08-28 00:09:30 -05:00
hwdsl2
d2e9b5ff91
Cleanup
2022-08-27 21:51:19 -05:00
hwdsl2
56078b0a1e
Add an option to skip IKEv2 setup
...
- Add an option to skip IKEv2 setup when installing the IPsec VPN.
Example: sudo VPN_SKIP_IKEV2=yes sh vpn.sh
- This allows users to set up an IKEv1-only VPN, or install IKEv2
interactively using "sudo ikev2.sh" after VPN setup.
2022-08-27 15:59:43 -05:00
hwdsl2
5525c407c5
Update docs
...
- Update split tunneling instructions in advanced usage.
- Ref: #1218
2022-08-27 00:09:14 -05:00
hwdsl2
5d469239a0
Update docs
2022-08-16 09:01:15 -05:00
hwdsl2
71f9d97870
Update docs
...
- Add instructions for connecting using the native IKEv2 client
on Android 12 and above.
2022-08-16 00:51:58 -05:00
hwdsl2
a1e761a067
Update docs
2022-08-11 09:14:17 -05:00
hwdsl2
6a872207f4
Update IKEv2 script
...
- Add a note about changing IKEv2 server address.
2022-08-11 00:02:42 -05:00
hwdsl2
4995ec03f5
Improve OS support
...
- Make the VPN setup scripts work on Kali Linux (based on Debian).
- Update IKEv2 helper script to check for OpenSSL 3 first when
exporting the .p12 file.
2022-08-10 23:25:58 -05:00
hwdsl2
e2f211c678
Improve OS detection
...
- Improve OS detection and clean up
2022-08-10 22:41:55 -05:00
hwdsl2
8973b8d6c0
Update tests
2022-08-09 19:35:32 -05:00
hwdsl2
1dbf897500
Cleanup
...
- Fix OS checking: Don't show errors for /etc/redhat-release.
- Fixes #1211 .
2022-08-09 19:34:32 -05:00
hwdsl2
d22b32d4c6
Update docs
...
- Ref: #1209
2022-08-05 12:02:29 -05:00
Uros Radovanovic
44b39cb2ed
Update README.md with note about external firewalls ( #1209 )
2022-08-05 11:51:52 -05:00
hwdsl2
95be4b83fb
Fix NSS config
...
- Update NSS config on e.g. AlmaLinux 9 to allow the SHA1 signature
algorithm. This fixes the issue where IKEv2 clients cannot connect.
- Fixes #1206 .
2022-07-31 23:40:09 -05:00
hwdsl2
0fe30b0479
Update tests
2022-07-31 00:05:10 -05:00
hwdsl2
9088681e89
Update tests
2022-07-30 23:17:53 -05:00
hwdsl2
3c7273eb62
Update docs
2022-07-30 09:32:03 -05:00
hwdsl2
200da23776
Add Oracle Linux 9
2022-07-30 09:31:27 -05:00
hwdsl2
6ca52bf0e0
Update docs
2022-07-30 03:00:14 -05:00