hwdsl2
3452926759
Use xl2tpd 1.3.12
...
- Install xl2tpd 1.3.12 for CentOS 6 with Linux kernel 4.14/4.15
- This version fixes an xl2tpd issue under the above Linux kernels
- Remove Linux kernel check which is no longer needed
- Ref: 3f8e79b
(fix for Ubuntu/Debian)
2018-05-23 20:40:58 -05:00
hwdsl2
95bcadb2c2
Improve VPN ciphers
...
- Add back aes256-sha2_512 to phase2alg, required on some Android systems
- Fixes #391
2018-05-23 19:54:37 -05:00
hwdsl2
8e15eb683c
Cleanup
2018-05-23 01:39:53 -05:00
hwdsl2
e3fe8b05bf
Improve workaround
...
- Specify "left=" in ipsec.conf for servers with 'src' in default route
- Ref: https://github.com/libreswan/libreswan/issues/177
2018-05-21 00:58:24 -05:00
hwdsl2
3b7039ef78
Update Linux kernel check
2018-05-16 22:34:33 -05:00
hwdsl2
f2f6524201
Re-add Android workaround
...
- VPN on Android 6.0, 7.0 and 7.1.1 requires sha2-truncbug=yes to work
- Android 5.1, 8.0 and 8.1 also connect OK with this setting
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2018-05-08 00:39:52 -05:00
hwdsl2
102ccbc17d
Clean up VPN ciphers
...
- Remove aes256-sha2_512
- Change sha2-truncbug to no for newer Android versions
- Fixes #303
2018-05-05 18:51:24 -05:00
hwdsl2
0c6cb4b8a9
Update year
2018-05-05 18:49:38 -05:00
hwdsl2
240a0187f6
Update Linux kernel check
2018-05-04 03:16:58 -05:00
hwdsl2
3c9c3d25a7
Add check for Linux kernel 4.15
2018-05-03 00:52:14 -05:00
hwdsl2
632165685a
Add iptables dependency
...
- Closes #363
- Thanks @rocboronat!
2018-05-02 02:58:45 -05:00
hwdsl2
fa5abe7825
Remove unneeded check on CentOS
2018-02-03 16:10:09 -06:00
hwdsl2
0cf01c0eb8
Update ipsec.conf
...
- Switch to new keyword 'modecfgdns' in Libreswan 3.23
2018-01-29 02:11:16 -06:00
hwdsl2
c982502ad4
Upgrade Libreswan to 3.23
...
- Remove 'docker-targets.mk' from Makefile to avoid git errors
during compilation
2018-01-29 01:22:24 -06:00
hwdsl2
cc64a29c01
Re-add RPi workaround
...
- Libreswan 3.22 may fail to compile on Raspberry Pi w/ Raspbian 9
- Use version 3.21 instead of 3.22 for Raspbian systems
- Ref: d472c65
2017-12-06 04:55:22 -06:00
hwdsl2
3f39255f84
Bug fix for RHEL 6/7
...
- Fix compatibility with Red Hat Enterprise Linux (RHEL) 6 and 7
- Ref: #273
2017-11-20 00:33:36 -06:00
hwdsl2
2dfa587a71
Fix Libreswan 3.22 bug
...
- This bug causes Libreswan 3.22 fail to start on a Raspberry Pi
- Apply fix from Libreswan GitHub repo: libreswan/libreswan@e154ae7
- Ref: https://lists.libreswan.org/pipermail/swan/2017/002338.html
2017-11-12 23:51:53 -06:00
hwdsl2
7190577c99
Minor clean up
2017-11-01 22:15:56 -05:00
hwdsl2
70c6d6b540
Various clean up
2017-11-01 01:01:49 -05:00
hwdsl2
16e437f58e
Minor clean up
...
- Wrap the scripts in a big function which is only called at the very end,
to protect against the possibility of connection interruptions
- Clean up some variables names
2017-10-29 19:53:35 -05:00
hwdsl2
05c2cb911b
Improve sysctl settings
...
- Fix kernel.shmmax and kernel.shmall on 32-bit Linux. Thanks @komanshidaruma!
- Clean up other sysctl settings
2017-10-28 15:40:24 -05:00
hwdsl2
ef90b6ff19
Upgrade Libreswan to 3.22
2017-10-26 01:48:15 -05:00
hwdsl2
47e1c92051
Clean up ipsec.conf
...
- Remove unneeded option nhelpers=0
2017-10-26 01:48:15 -05:00
hwdsl2
9cd6cb50b7
Clean up packages
...
- Remove libunbound-dev / unbound-devel (these packages are not needed
because we are not enabling DNSSEC)
Ref: https://github.com/libreswan/libreswan/issues/117
2017-10-02 20:33:24 -05:00
hwdsl2
23c4a287d3
Use parallel make
...
- Speed up Libreswan compilation using parallel make ("-j" option)
2017-09-28 01:11:03 -05:00
hwdsl2
f46e18cffc
Skip building manpages
...
- Skip building manpages for Libreswan
- No longer need/install "xmlto" package
- Reduce Libreswan compilation time by ~30%
2017-09-28 00:15:08 -05:00
hwdsl2
536ac8f54b
Update ipsec.conf
...
- Replace obsolete keyword "virtual_private" with "virtual-private"
2017-09-27 21:41:24 -05:00
hwdsl2
82da3121b1
Enable MS-CHAP v2
...
- Allow MS-CHAP v2 for better compatibility with the built-in Windows 10
VPN client. Thanks @remini1998!
2017-09-25 00:28:10 -05:00
hwdsl2
caf9293b8a
New Libreswan version 3.21
2017-08-20 10:52:28 -05:00
hwdsl2
8ac1573106
Minor clean up
2017-06-21 11:59:07 -05:00
hwdsl2
cf595eaee7
Improve services on boot
...
- Systemd may run rc.local early during system boot
- Insert delay so that services can start correctly
2017-06-21 00:02:03 -05:00
hwdsl2
5e3689198f
Improve network interfaces
...
- Better detection of default network interface when the 'route'
command is not available
2017-06-20 23:59:13 -05:00
hwdsl2
47a9015135
Improve VPN ciphers
...
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
DL6ER
748d89bb4b
Add 3des-sha2 to both ike= and phase2alg= lines. Fixes #154
2017-06-02 18:20:23 +02:00
hwdsl2
8fb4bf7897
Minor clean up
2017-05-22 11:46:28 -05:00
hwdsl2
d711e2aee6
Improve network interfaces
...
- Try to auto detect server's default network interface
- Display a warning if the default interface is wlan*
2017-05-17 17:24:19 -05:00
hwdsl2
cf75c2bb86
Improve network interfaces
...
- Use eth0 instead of eth+ throughout for consistency
- Improve error messages when eth0 is unavailable
2017-04-30 17:16:33 -05:00
hwdsl2
cebf9f4361
Minor clean up
2017-04-12 10:38:57 -05:00
hwdsl2
f58afbc84b
Update VPN ciphers
...
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
67474fddc9
Improve VPN variables
...
- Check VPN credentials for non-ASCII characters
- Ref: #130
2017-04-07 13:55:46 -05:00
hwdsl2
222acbf5ae
New Libreswan version
...
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6f1dc6db1c
Remove fail2ban workaround
...
- The fail2ban bug on CentOS 7 has been fixed. Remove workaround.
- Ref: 320e17a
, https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-03-06 11:03:33 -06:00
hwdsl2
347f3fdbfe
Improve IPTables rules
...
- Improve blocking of unencrypted L2TP without IPsec
- Closes #116 . Thanks @ryt51V!
2017-02-18 08:53:00 -06:00
hwdsl2
43d11fe35a
Fix xl2tpd on CentOS 7 for Linode
...
- Fix xl2tpd on CentOS 7 for providers such as Linode,
where kernel module "l2tp_ppp" is unavailable
- Closes : #114
2017-02-16 12:39:21 -06:00
hwdsl2
320e17a61d
Workaround for fail2ban bug
...
- Temporary workaround for fail2ban bug on CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-02-16 12:14:13 -06:00
hwdsl2
08e08c6924
Improve customization
...
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6
Improve VPN IPs
...
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
63697214b4
Improve VPN ciphers
...
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b
Bugfix
...
- Libreswan 3.19 removed MODP1024 from the ike= default list,
which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101 . Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0
Update year
2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70
Minor fix
...
- Use the "fixed strings" option in "grep" commands for "swan_ver",
so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287
Upgrade to Libreswan 3.19
...
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ad8295721d
Minor clean up
2017-01-09 10:39:26 -06:00
hwdsl2
ba0fbb3860
Improve script outputs
2017-01-09 02:50:03 -06:00
hwdsl2
9500da3231
Bugfix
...
- Fix commit ca84aa7
to avoid a possible race condition
when starting ipsec and xl2tpd services on boot
2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13
Improve services on boot
2017-01-04 02:21:09 -06:00
hwdsl2
89d75f7243
Bugfix for Android 6 and 7
...
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2017-01-03 22:40:48 -06:00
hwdsl2
3dbf3a9c09
Remove xl2tpd workaround
...
- Updated xl2tpd package is now available in EPEL
- This workaround is no longer needed
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
- Ref: 8cc1362
2016-12-31 16:36:04 -06:00
hwdsl2
261e472e3e
Bugfix
...
- In xl2tpd version 1.3.8, which was pushed to the EPEL repository
in Dec. 2016, the options "crtscts" and "lock" are no longer
recognized in "/etc/ppp/options.xl2tpd" and generates an error.
- This commit fixes the VPN on CentOS by removing those options.
- Ref: https://github.com/xelerance/xl2tpd/issues/108
2016-12-30 00:56:38 -06:00
hwdsl2
b59389a03f
Use L2TP kernel support
...
- Use L2TP kernel support on CentOS 6
- This could improve L2TP performance
2016-12-29 00:53:30 -06:00
hwdsl2
8cc1362d17
Workaround for xl2tpd bug
...
- Temporary workaround for an xl2tpd bug which affects CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
2016-12-28 13:23:27 -06:00
hwdsl2
6479212c45
Improve workaround
...
- Improve workaround for non-eth0 network interfaces
- Fixed an issue where it cannot be used with sudo
2016-11-28 13:11:57 -06:00
hwdsl2
61bd1254ed
Minor clean up
2016-11-10 13:02:04 -06:00
hwdsl2
6d99a01b0a
Remove SHA2 workaround
...
- Libreswan 3.18 and higher prefers sha2_512 over sha2_256
- The 'sha2-truncbug=yes' workaround is no longer needed
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2016-11-06 14:40:30 -06:00
hwdsl2
6e16712bc5
Minor clean up
2016-10-31 01:59:11 -05:00
hwdsl2
9319ce8ae2
Clean up IPTables rules
...
- Only add the necessary IPTables rules for the VPN
- Other minor clean ups
2016-10-29 18:00:24 -05:00
hwdsl2
e3d830dfd4
Improve services on boot
...
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
2016-10-29 18:00:11 -05:00
hwdsl2
6f2818753a
Minor improvements and clean up
2016-10-10 22:34:51 -05:00
hwdsl2
4c6de2af29
Improve network interfaces
...
- Better handling of non-eth0 network interfaces
- Now easier to use on servers with new interface names
2016-10-10 16:49:46 -05:00
hwdsl2
0e51150d84
Check VPN credentials
...
- If the provided VPN credentials contain \ " or ', exit with error
- The above special characters can cause issues with the VPN
2016-09-23 14:31:10 -05:00
hwdsl2
cce15b7f08
Improve IP checking
...
- Use a function to simplify code for IP checking
- Remove new lines before matching with IP regex
2016-09-23 00:39:36 -05:00
hwdsl2
7cdd372a6e
Improve IPTables rules
...
- Fixed an uncommon use case where the setup script is run again after
a server IP change. Make sure to update IPTables rules in this case.
- Thanks @larryisthere! Ref: #17
2016-09-21 21:06:22 -05:00
hwdsl2
7937a74469
Improve IP detection
...
- Remove unneeded code for Amazon EC2
- Check IPs for correct format after each try
2016-09-09 15:41:02 -05:00
hwdsl2
96a071ebc5
Improve VPN ciphers
...
- Add stronger cipher options
- Fix for Android 6.0 VPN clients
2016-08-26 00:21:10 -05:00
hwdsl2
14767d354f
Reduce wget timeout
2016-08-11 22:12:22 -05:00
hwdsl2
335b4035b9
Minor clean up
2016-08-07 14:00:07 -05:00
hwdsl2
077b119274
New Libreswan version 3.18
2016-07-29 12:55:08 -05:00
hwdsl2
004c68f6ad
Improve readability and clean up
2016-07-12 22:43:41 -05:00
hwdsl2
1f76dc169a
Better handling of custom SSH port
2016-07-10 00:47:41 -05:00
hwdsl2
7bece1681d
Minor improvements and clean up
2016-07-03 21:28:27 -05:00
hwdsl2
ac91fa9b79
Improve error output
2016-06-29 03:22:21 -05:00
hwdsl2
8336260799
Minor improvement to 'tr'
2016-06-29 03:20:49 -05:00
hwdsl2
c28f9b0928
Prepare for new requirements
...
- New requirements in Libreswan 3.18 (not released yet)
- libsystemd-dev (Ubuntu/Debian) or systemd-devel (CentOS)
- Applies only to systemd-based Linux distributions
2016-06-28 17:49:18 -05:00
hwdsl2
d32b449f46
Improve IP detection
2016-06-26 13:00:11 -05:00
hwdsl2
f0804e5184
Remove IP6Tables rules
...
- Not needed for the VPN to work
2016-06-26 01:09:13 -05:00
hwdsl2
fa704629f0
Improve backup of IPTables rules
2016-06-26 00:56:12 -05:00
hwdsl2
de6f4a45ad
Minor improvements and clean up
2016-06-21 03:54:47 -05:00
hwdsl2
59c7227587
Improve defining VPN variables
2016-06-11 15:36:43 -05:00
hwdsl2
deb2f75eb9
Improve eth0 detection
2016-06-10 22:05:26 -05:00
hwdsl2
8a75d02751
Improve xl2tpd options
2016-06-10 19:34:59 -05:00
hwdsl2
e3bdaeba52
Improve error output and clean up
...
- Output all error messages to STDERR
- Minor improvements and clean up
2016-06-07 19:29:30 -05:00
hwdsl2
feaeadb41a
Minor fix for IPTables rules
2016-06-06 12:18:22 -05:00
hwdsl2
6aaf6240c1
Re-add support for 32-bit CentOS
...
Refer to commit: 1cc1e89
2016-06-06 12:04:52 -05:00
hwdsl2
6643a8cd87
Add fallback URL for Libreswan
2016-06-05 18:24:15 -05:00
hwdsl2
9317f4824d
Improve IPTables rules for VPN
...
- Allow traffic between VPN clients themselves by default
- Add notes on how to change this behavior (uncomment rules)
2016-06-05 17:34:24 -05:00
hwdsl2
371b5c3e7f
Minor improvements and clean up
2016-06-05 00:26:56 -05:00
hwdsl2
9ce1769208
Minor improvement to IPsec config
2016-06-03 16:44:37 -05:00
hwdsl2
3e1ea78f15
Improve defining VPN variables
2016-06-01 21:27:29 -05:00
Dustin Oprea
34c6511ebe
Added execute bit to scripts.
2016-05-27 21:06:25 -04:00
hwdsl2
1cc1e89963
Use Libevent2 from CentOS 6 repo
...
- Libevent2 is newly available in CentOS 6 as of May 12
- No longer need to install from download.libreswan.org
- Remove libevent-devel before install to avoid conflicts
- Thanks to Thomas C for reporting this issue
2016-05-26 18:16:24 -05:00
hwdsl2
a1dd7c687b
Minor changes in wording
2016-05-26 14:31:11 -05:00
hwdsl2
9e300f3907
Use lowercase variable names
2016-05-21 05:34:19 -05:00
hwdsl2
8628301d28
Minor improvements and clean up
2016-05-21 03:59:08 -05:00
hwdsl2
b25e88c1b1
Minor improvements and clean up
2016-05-19 11:10:36 -05:00
Dustin Oprea
d692e243c0
Renamed PSK variable and adjusted IP variables.
2016-05-18 22:46:28 -04:00
hwdsl2
f38f8a7a36
Reduce output verbosity and clean up
2016-05-17 00:13:16 -05:00
hwdsl2
ff8dd58749
🎉 Feature: Add support for IPsec/XAUTH
2016-05-16 13:56:05 -05:00
hwdsl2
49a74df63b
Feature: Auto-generate VPN credentials
2016-05-14 11:01:32 -05:00
hwdsl2
81a731eb5d
Set PATH to avoid issues on some systems
...
Reference: #19
2016-05-11 16:36:07 -05:00
hwdsl2
a166285504
Use git.io shortened URLs
2016-05-11 16:26:30 -05:00
hwdsl2
f5e2c87db9
Minor improvements and clean up
2016-04-22 11:54:14 -05:00
hwdsl2
4003b82485
Make sure basic commands exist
2016-04-22 11:52:33 -05:00
hwdsl2
3ca9af7858
Fix detection of Wget errors
...
Wget writes out a zero-byte file on certain failures such as 404.
We should check its exit code instead of checking whether the file exists.
2016-04-20 21:42:55 -05:00
hwdsl2
5866932ea0
Improve install of EPEL repository
2016-04-20 21:28:19 -05:00
hwdsl2
af23dd290f
Minor improvements and clean up
2016-04-20 17:31:29 -05:00
hwdsl2
8e388a07d3
Display VPN details after install
2016-04-17 17:10:33 -05:00
hwdsl2
04c8155791
Minor improvements and clean up
2016-04-07 12:20:08 -05:00
Lin Song
d909b986cf
Add support for Ubuntu 16.04 (Xenial)
2016-04-07 12:18:06 -05:00
hwdsl2
4976bde854
Update Libreswan version to 3.17
2016-04-05 23:51:54 -05:00
hwdsl2
01b5cf1c6b
Minor improvement to ignore IPv6 errors
2016-02-08 10:46:06 -06:00
hwdsl2
39c9249c3b
Minor improvements and clean up
2016-01-30 13:12:15 -06:00
hwdsl2
5f617a30cb
Update copyright year
2016-01-25 10:38:07 -06:00
hwdsl2
ab98a9e6b0
Clean up sysctl.conf settings
2016-01-21 17:00:51 -06:00
hwdsl2
684761015e
Minor improvements and clean up
2016-01-21 11:50:35 -06:00
hwdsl2
b61035137f
Important: Fixed an error in IP format checking.
...
- Due to a mistake in the "grep" command, empty strings would pass the IP
regex checks, which is not OK.
- Please update your VPN scripts with this commit!
2016-01-21 09:45:31 -06:00
hwdsl2
f47d78b0f1
Improve the process of defining VPN variables
...
- Put variables inside single quotes to avoid escaping them
- Make clear which characters should not be used in values
Thanks for your helpful suggestions, @Langleson !
2016-01-21 02:12:30 -06:00
hwdsl2
acb2000e40
Minor changes in wording and some optimizations
2016-01-19 02:29:01 -06:00
hwdsl2
9609b0b7b5
Add check for network interface eth0
2016-01-19 01:26:12 -06:00
hwdsl2
7ca9723e45
Minor changes in wording
2016-01-19 01:23:17 -06:00
hwdsl2
bd42a23185
Use newer Libevent2 packages from download.libreswan.org
2016-01-18 11:34:29 -06:00
hwdsl2
d82d6d00b3
Update comments in the VPN scripts
2016-01-17 17:05:35 -06:00
hwdsl2
4ab84f14aa
Update sysctl.conf settings and IPTables rules
2016-01-17 14:29:30 -06:00
hwdsl2
a15e502056
Update sysctl.conf settings, and add IP6Tables rules
2016-01-17 12:17:26 -06:00
hwdsl2
28d7da66c8
Better handling of existing config files
2016-01-17 00:41:12 -06:00
hwdsl2
7ac6a030b1
Fix small error in grep command for CentOS VPN script
2016-01-17 00:36:46 -06:00
hwdsl2
9010327a33
Correct small error in notes about escaping characters
2016-01-15 11:05:40 -06:00
hwdsl2
79887bb458
Add notes about escaping characters in VPN variables
...
Thanks to @sohailmamdani for reminding me on this!
2016-01-15 10:01:40 -06:00
hwdsl2
7cfe17f1a2
Update important notes
2016-01-14 23:27:34 -06:00
hwdsl2
21629ae178
Update VPN scripts for better usability
...
- Improve detection of public and private IPs
- Test for empty IPSEC_PSK, VPN_USER and/or VPN_PASSWORD
- Check for OpenVZ VPS, which is unsupported
2016-01-14 17:42:32 -06:00
hwdsl2
59c2817731
Quote VPN credentials in chap-secrets for safety
2016-01-14 15:05:50 -06:00
hwdsl2
46a3f9e0b1
Added note for Android 6.0 users
...
Android 6.0 users must enable SHA2 in /etc/ipsec.conf.
Thanks @rodolfobandeira for the hint!
Ref: 544a25ab77
2016-01-14 14:33:51 -06:00
hwdsl2
e97f1d2598
Removed cloud-init notes for CentOS 6 AMI
...
The latest version of official CentOS 6 AMI has included cloud-init,
and these notes are no longer applicable.
2016-01-12 22:14:24 -06:00
hwdsl2
dec1b44091
Update VPN scripts for better security and usability
...
- Install Fail2Ban to protect SSH server from web attacks
- Check public/private IPs against regex for the correct format
- Use printf instead of "read -r -p" for better POSIX compliance
- Other small code enhancements to the scripts
- Update README.md to add "OS update" to Installation
2016-01-12 21:33:16 -06:00
hwdsl2
965ec7ff39
Create working dir before package install
2016-01-08 09:40:57 -06:00
Lin Song
e814bb673a
Additional test for CentOS version
2016-01-08 09:02:15 -06:00
Lin Song
2e10e6e891
Update README.md and add vpnsetup_centos.sh
2016-01-07 13:19:22 -06:00