1
0
mirror of synced 2024-11-22 21:16:02 +03:00
Commit Graph

229 Commits

Author SHA1 Message Date
hwdsl2
e2a9c4a0c3 Cleanup 2021-09-11 10:07:33 -05:00
hwdsl2
263ffe97cc Cleanup 2021-09-07 09:02:22 -05:00
hwdsl2
df6c02bf95 Improve Libreswan install
- Skip downloading and installing Libreswan if the same version
  is already installed.
2021-08-29 15:12:17 -05:00
hwdsl2
da7697a5b0 Cleanup
- Update scripts to use bash instead of sh
- Update docs
2021-08-27 23:35:31 -05:00
hwdsl2
c2236b6e34 New Libreswan version
- Use new Libreswan version 4.5
2021-08-22 11:50:14 -05:00
hwdsl2
9336c1c2c2 Improve VPN setup
- Refactor VPN setup scripts into functions
- Cleanup
2021-08-19 02:01:34 -05:00
hwdsl2
8e570129b2 Cleanup 2021-08-14 00:26:27 -05:00
hwdsl2
779a86f933 Cleanup 2021-08-13 02:11:31 -05:00
hwdsl2
2e17ef68ce Update OS detection 2021-07-27 00:59:15 -05:00
hwdsl2
a0409b4399 Cleanup
- In rare cases, if a parent process traps SIGPIPE, the 'tr'
  command in the VPN setup scripts could output an error
  'tr: write error: Broken pipe'. This is a cosmetic error
  that does NOT affect the functionality of the scripts. This
  commit hides the error in such cases.
2021-07-21 23:12:06 -05:00
hwdsl2
61025818bb Optimize binary size
- Use the gcc "-s" option when compiling Libreswan. This reduces
  binary size by ~80%.
2021-07-10 01:57:11 -05:00
hwdsl2
02b6d05c82 Update IPTables rules
- Allow traffic from IKEv2 and IPsec/XAuth ("Cisco IPsec") clients to
  IPsec/L2TP clients. Ref: #983
- Cleanup
- Update docs
2021-06-20 15:02:33 -05:00
hwdsl2
de2d49d3a6 Improve IKEv2 setup
- Add a link to /usr/bin for the IKEv2 helper script
2021-05-24 01:14:32 -05:00
hwdsl2
293e5d999a Improve IP detection 2021-05-11 09:59:18 -05:00
hwdsl2
c55bdd7d13 Update permissions
- Set executable bit for ikev2.sh
2021-04-26 22:55:32 -05:00
hwdsl2
ac0bde54bb New Libreswan version
- Use new Libreswan version 4.4
- Support updating to Libreswan 4.4
- Other small improvements and cleanup
2021-04-24 16:15:05 -05:00
hwdsl2
d90c6121b6 Improve OS detection 2021-04-20 00:09:00 -05:00
hwdsl2
28b02f28db Fix for CentOS 8
- Minor fix for IPTables FORWARD rules on CentOS 8
- Cleanup
2021-04-19 00:38:50 -05:00
hwdsl2
804856064b Minor fix and cleanup
- Minor fix for CentOS 8 for the uncommon scenario where the server has
  "nftables" service enabled
- Cleanup
2021-04-01 23:06:36 -05:00
hwdsl2
cec1dde5e4 Improve setup
- To make it easier for users to set up IKEv2, the IKEv2 helper script
  is now downloaded during VPN setup.
- Cleanup
2021-03-28 23:39:29 -05:00
hwdsl2
f6dd26abba Improve setup
- Install uuid-runtime/util-linux, which is required for IKEv2 setup.
2021-03-13 14:39:05 -06:00
hwdsl2
1972501725 New Libreswan version
- Use new Libreswan version 4.3
- Support updating to Libreswan 4.3
- Other small improvements
- Update tests
2021-02-21 23:54:37 -06:00
hwdsl2
5779b2e6c8 Improve output
- Improve output for the VPN setup and upgrade scripts. The outputs
  of the scripts are now significantly reduced and only include the
  most useful information for users.
- Other minor cleanup
2021-02-05 21:49:35 -06:00
hwdsl2
1808095bb7 New Libreswan version
- Use new Libreswan version 4.2
- Support updating to Libreswan 4.2 from older versions. The upgrade
  scripts can now install one of these versions: 3.32, 4.1 or 4.2.
- Other small improvements
- Update tests
2021-02-04 01:47:04 -06:00
hwdsl2
2b6586cf1b Increase IKE lifetime
- Set both "ikelifetime" and "salifetime" to 24 hours, which is
  recommended since we have "rekey=no" on the server. VPN clients will
  normally initiate rekey with a shorter interval.
  Ref: https://github.com/libreswan/libreswan/issues/405#issuecomment-765109809
       https://libreswan.org/man/ipsec.conf.5.html
2021-01-21 23:24:41 -06:00
hwdsl2
3b90d2d394 Cleanup 2021-01-07 12:02:44 -06:00
hwdsl2
a5a1f4adb1 Cleanup 2021-01-03 14:05:13 -06:00
hwdsl2
dabf765978 Update year 2021-01-03 00:35:24 -06:00
hwdsl2
de7a529c6c Cleanup
- Remove Debian 8 from VPN upgrade script, which is EOL on 06/30/2020
- Include OS arch when checking Libreswan version
- Other minor improvements
2021-01-02 14:25:50 -06:00
hwdsl2
b3ad82fd48 Cleanup 2020-12-31 23:09:58 -06:00
hwdsl2
cac5191155 Add version check
- Check for latest supported Libreswan version, and remind users who use
  a non-latest version of the VPN scripts that they can upgrade
- Other minor improvements
2020-12-31 18:24:41 -06:00
hwdsl2
74b2c4885e Improve l2tp_ppp fix
- Improve fix for l2tp_ppp: Instead of commenting out ExecStartPre,
  ignore the return code with the '-' prefix
2020-12-24 14:25:38 -06:00
hwdsl2
dbb5d0576d Minor cleanup 2020-12-24 01:51:25 -06:00
hwdsl2
c1fb45f942 Fix for CentOS 8
- The repository ID "powertools" is now lower case in the latest
  CentOS release. Update to work in both cases.
2020-12-07 11:37:48 -06:00
hwdsl2
00f9d2ba86 Clean up build flags
- Clean up build flags for Libreswan. In Libreswan 4.1, these flags are
  now set automatically based on Ubuntu/Debian versions, and no longer
  needed for CentOS/RHEL 7 and 8.
- Ref: https://github.com/libreswan/libreswan/blob/main/mk/defaults/linux.mk
       https://github.com/libreswan/libreswan/commit/c01ffcc1
2020-12-04 23:36:53 -06:00
hwdsl2
41142ee915 Remove CentOS 6
- CentOS 6 was EOL as of Nov. 30, 2020, and the default yum repos are
  no longer available for installing new packages
  Ref: https://wiki.centos.org/About/Product
2020-12-02 23:40:54 -06:00
hwdsl2
7674810559 Clean up sysctl settings 2020-11-28 11:54:49 -06:00
hwdsl2
5a13026701 Apply Libreswan fix
- Fix detection for sysvinit initsystem:
  cfe4dabab4
2020-11-11 23:05:29 -06:00
hwdsl2
afb8a7acce New Libreswan version
- Upgrade Libreswan from 3.32 to 4.1
2020-11-11 00:27:44 -06:00
hwdsl2
4fa17ce958 Fix for EPEL repo
- Remove workaround for EPEL repo issues (bff3fe5)
- "yum makecache" may have higher disk space requirements that could
  cause issues on systems with low free disk space
2020-09-30 22:49:49 -05:00
hwdsl2
f8f97e014a Cleanup 2020-08-09 14:49:02 -05:00
hwdsl2
6c88c7fd27 Fix for CentOS/RHEL 8
- Fix firewalld detection when the setup script is run again
2020-07-11 20:19:11 -05:00
hwdsl2
bff3fe5a4b Fix for EPEL repo
- Add workaround for EPEL repo issues
2020-07-06 23:03:13 -05:00
hwdsl2
8283bdb32f CentOS/RHEL 8 fix
- Fix fail2ban rules for nftables on CentOS/RHEL 8
2020-07-02 17:52:13 -05:00
hwdsl2
3faa8fd86e Improve DNS check 2020-06-12 11:05:42 -05:00
hwdsl2
b7293e95da Cleanup 2020-06-05 11:00:23 -05:00
hwdsl2
e1e1b67afd Improve IKEv2 setup
- Use /etc/ipsec.d/ikev2.conf for IKEv2 configuration
- Allow running from inside a container, so that it can be used with:
  https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 23:09:32 -05:00
hwdsl2
71d67ae690 CentOS/RHEL fixes
- Use nftables only if firewalld is active (CentOS/RHEL 8)
- Fix RHEL 7 server-optional repo names. See:
  https://access.redhat.com/articles/4599971
- Fix an issue where the codeready-builder repo cannot be enabled
  on EC2 (RHEL 8). Fixes #804.
2020-05-24 15:07:08 -05:00
hwdsl2
a087be669f Cleanup 2020-05-24 00:14:05 -05:00
hwdsl2
d457ebd16d CentOS 8 fixes
- Use nftables instead of iptables-services for CentOS 8
- Existing firewalld rules are now preserved during VPN setup,
  which will be saved as part of nftables rules
2020-05-24 00:10:35 -05:00