hwdsl2
320e17a61d
Workaround for fail2ban bug
...
- Temporary workaround for fail2ban bug on CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-02-16 12:14:13 -06:00
hwdsl2
08e08c6924
Improve customization
...
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6
Improve VPN IPs
...
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
f7961242e4
Update docs
2017-02-10 10:32:24 -06:00
hwdsl2
4a1c0e34c7
Update docs
...
- Add link to Justin's blog post (IPsec VPN server on Raspberry Pi 3)
- Closes #112
2017-02-07 23:40:39 -06:00
hwdsl2
e6b9208eeb
Update docs
2017-02-07 21:12:31 -06:00
hwdsl2
e31c378b44
Improve upgrade scripts
...
- Better handling of updating ipsec.conf for Libreswan >= 3.19
- Other minor changes
2017-02-07 20:59:47 -06:00
hwdsl2
8c0940f63b
Update docs
...
- Improve IKEv2 docs. The strongSwan Android VPN client requires
an "IP address" in the VPN server certificate's subjectAltName field
in addition to "DNS name", when connecting using the server's IP.
The certutil commands have been updated to add this field.
- Other improvements to docs
2017-02-05 14:48:11 -06:00
hwdsl2
c8d8730fd0
Minor fix
...
[ci skip]
2017-01-26 17:42:13 -06:00
hwdsl2
758f0e1418
Fix IKEv2 docs
...
- Windows 8.x and 10 require the IKEv2 machine certificate to have
"Client Auth" EKU in addition to "Server Auth". Otherwise it gives
"Error 13806: IKE failed to find valid machine certificate..."
- The IKEv2 documentation has been updated to fix this issue
- Also, this Libreswan wiki page may need to be updated. @letoams
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
- Ref: #106 . Thanks @evil-shrike!
2017-01-26 17:15:43 -06:00
hwdsl2
a156a1f5f3
Update docs
...
[ci skip]
2017-01-25 13:12:47 -06:00
hwdsl2
0c8f117fd9
Update docs
...
[ci skip]
2017-01-21 12:13:27 -06:00
hwdsl2
721f7bfaa0
Minor fix
...
- Improve sed command in VPN upgrade scripts
2017-01-20 11:25:12 -06:00
hwdsl2
63697214b4
Improve VPN ciphers
...
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b
Bugfix
...
- Libreswan 3.19 removed MODP1024 from the ike= default list,
which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101 . Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
5cbadb643b
Update docs
...
[ci skip]
2017-01-18 16:31:42 -06:00
hwdsl2
c8bfb7c741
Update docs
...
[ci skip]
2017-01-18 01:50:43 -06:00
hwdsl2
e767b462a5
Fix docs
...
- Further improve IKEv2 config for Windows 7/8/10
- Ref: 9455b19
2017-01-17 11:31:40 -06:00
hwdsl2
9455b19119
Fix docs
...
- Libreswan 3.19 requires configuration changes in ipsec.conf
for IKEv2, so that Windows 7/8/10 clients can connect
2017-01-17 02:22:46 -06:00
hwdsl2
2727f1a1a0
Update year
2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70
Minor fix
...
- Use the "fixed strings" option in "grep" commands for "swan_ver",
so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
3735530015
Update docs
...
[ci skip]
2017-01-16 17:27:08 -06:00
hwdsl2
2dbdee1287
Upgrade to Libreswan 3.19
...
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ad8295721d
Minor clean up
2017-01-09 10:39:26 -06:00
hwdsl2
ba0fbb3860
Improve script outputs
2017-01-09 02:50:03 -06:00
hwdsl2
c23d5c972a
Update docs
...
[ci skip]
2017-01-08 11:44:58 -06:00
hwdsl2
efeff51f3a
Improve tests
2017-01-06 16:12:36 -06:00
hwdsl2
9500da3231
Bugfix
...
- Fix commit ca84aa7
to avoid a possible race condition
when starting ipsec and xl2tpd services on boot
2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13
Improve services on boot
2017-01-04 02:21:09 -06:00
hwdsl2
e41cf78b53
Update docs
...
[ci skip]
2017-01-03 23:31:56 -06:00
hwdsl2
89d75f7243
Bugfix for Android 6 and 7
...
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2017-01-03 22:40:48 -06:00
hwdsl2
525f39d141
Fix tests
2017-01-02 09:17:59 -06:00
hwdsl2
9ea2b50dae
Improve OS detection
...
- Check /etc/lsb-release if command "lsb_release" is missing
2017-01-02 09:16:01 -06:00
hwdsl2
3dbf3a9c09
Remove xl2tpd workaround
...
- Updated xl2tpd package is now available in EPEL
- This workaround is no longer needed
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
- Ref: 8cc1362
2016-12-31 16:36:04 -06:00
hwdsl2
e6ebdeaaf8
Update docs
...
[ci skip]
2016-12-30 16:24:47 -06:00
hwdsl2
69caa65512
Improve options
...
- Remove some xl2tpd (pppd) options for Ubuntu/Debian
- They are not recognized in the new xl2tpd version 1.3.8
- Ref: 261e472
2016-12-30 16:16:33 -06:00
hwdsl2
261e472e3e
Bugfix
...
- In xl2tpd version 1.3.8, which was pushed to the EPEL repository
in Dec. 2016, the options "crtscts" and "lock" are no longer
recognized in "/etc/ppp/options.xl2tpd" and generates an error.
- This commit fixes the VPN on CentOS by removing those options.
- Ref: https://github.com/xelerance/xl2tpd/issues/108
2016-12-30 00:56:38 -06:00
hwdsl2
b59389a03f
Use L2TP kernel support
...
- Use L2TP kernel support on CentOS 6
- This could improve L2TP performance
2016-12-29 00:53:30 -06:00
hwdsl2
9b3eeed571
Improve tests
2016-12-28 13:24:17 -06:00
hwdsl2
8cc1362d17
Workaround for xl2tpd bug
...
- Temporary workaround for an xl2tpd bug which affects CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
2016-12-28 13:23:27 -06:00
hwdsl2
eba1e4e08e
Update docs
...
[ci skip]
2016-12-22 10:27:56 -06:00
hwdsl2
72f5ddf145
Improve tests
2016-12-13 13:49:55 -06:00
hwdsl2
6479212c45
Improve workaround
...
- Improve workaround for non-eth0 network interfaces
- Fixed an issue where it cannot be used with sudo
2016-11-28 13:11:57 -06:00
hwdsl2
af1af539aa
Update docs
...
[ci skip]
2016-11-23 20:19:05 -06:00
hwdsl2
61bd1254ed
Minor clean up
2016-11-10 13:02:04 -06:00
hwdsl2
6d99a01b0a
Remove SHA2 workaround
...
- Libreswan 3.18 and higher prefers sha2_512 over sha2_256
- The 'sha2-truncbug=yes' workaround is no longer needed
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2016-11-06 14:40:30 -06:00
hwdsl2
6e16712bc5
Minor clean up
2016-10-31 01:59:11 -05:00
hwdsl2
75bcdfae75
Update docs
...
[ci skip]
2016-10-29 18:36:58 -05:00
hwdsl2
9319ce8ae2
Clean up IPTables rules
...
- Only add the necessary IPTables rules for the VPN
- Other minor clean ups
2016-10-29 18:00:24 -05:00
hwdsl2
e3d830dfd4
Improve services on boot
...
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
2016-10-29 18:00:11 -05:00