hwdsl2
ef90b6ff19
Upgrade Libreswan to 3.22
2017-10-26 01:48:15 -05:00
hwdsl2
47e1c92051
Clean up ipsec.conf
...
- Remove unneeded option nhelpers=0
2017-10-26 01:48:15 -05:00
hwdsl2
d7e420340c
Workaround for Netplan
...
- Newer Ubuntu versions use netplan instead of ifupdown by default for
network configuration
- Scripts in /etc/network/if-pre-up.d/ does not work under netplan
- Add workaround in /etc/rc.local for the above
2017-10-26 01:47:26 -05:00
hwdsl2
087306dbf5
Update docs
2017-10-02 21:55:21 -05:00
hwdsl2
9cd6cb50b7
Clean up packages
...
- Remove libunbound-dev / unbound-devel (these packages are not needed
because we are not enabling DNSSEC)
Ref: https://github.com/libreswan/libreswan/issues/117
2017-10-02 20:33:24 -05:00
hwdsl2
23c4a287d3
Use parallel make
...
- Speed up Libreswan compilation using parallel make ("-j" option)
2017-09-28 01:11:03 -05:00
hwdsl2
f46e18cffc
Skip building manpages
...
- Skip building manpages for Libreswan
- No longer need/install "xmlto" package
- Reduce Libreswan compilation time by ~30%
2017-09-28 00:15:08 -05:00
hwdsl2
536ac8f54b
Update ipsec.conf
...
- Replace obsolete keyword "virtual_private" with "virtual-private"
2017-09-27 21:41:24 -05:00
hwdsl2
f8414c40f6
Update images
...
- Update VPN properties screenshots for MS-CHAP v2
2017-09-25 18:59:04 -05:00
hwdsl2
82da3121b1
Enable MS-CHAP v2
...
- Allow MS-CHAP v2 for better compatibility with the built-in Windows 10
VPN client. Thanks @remini1998!
2017-09-25 00:28:10 -05:00
hwdsl2
98a3f29407
Improve RPi fix
...
- Minor improvement to Raspberry Pi fix
2017-09-23 14:26:55 -05:00
hwdsl2
dc71db3451
Fixes for Raspberry Pi
...
- Change "start" to "restart", so that the 15-second delay actually works
(wait for network interfaces to initialize)
- Workaround for Raspbian 9 (requires left=$PRIVATE_IP in ipsec.conf)
2017-09-21 02:00:44 -05:00
hwdsl2
3f2b2cbc0b
Remove Debian 7
...
- Remove support for Debian 7 (Wheezy)
- Libreswan 3.21 no longer compiles on Debian 7 or Ubuntu 12.04
- Fix tests by switching to Ubuntu 14.04
2017-08-20 11:50:46 -05:00
hwdsl2
caf9293b8a
New Libreswan version 3.21
2017-08-20 10:52:28 -05:00
hwdsl2
a6480995f8
Update docs
...
- Remove Ubuntu 12.04 from README (EOL as of April 2017)
2017-06-22 00:50:50 -05:00
hwdsl2
8ac1573106
Minor clean up
2017-06-21 11:59:07 -05:00
hwdsl2
6255c43e93
Update docs
2017-06-21 11:26:00 -05:00
hwdsl2
cf595eaee7
Improve services on boot
...
- Systemd may run rc.local early during system boot
- Insert delay so that services can start correctly
2017-06-21 00:02:03 -05:00
hwdsl2
5e3689198f
Improve network interfaces
...
- Better detection of default network interface when the 'route'
command is not available
2017-06-20 23:59:13 -05:00
hwdsl2
c01fb79650
Update docs
2017-06-12 02:29:53 -05:00
hwdsl2
bc0324f957
Improve IKEv2 docs
...
- Make it clear how to use the VPN server's DNS name to connect
2017-06-03 14:53:45 -05:00
hwdsl2
47a9015135
Improve VPN ciphers
...
- Add 3des-sha2 to allowed VPN ciphers, and clean up
2017-06-02 14:24:55 -05:00
Lin Song
2c58e65f88
Merge pull request #156 from DL6ER/fix/3des-sha2
...
Add 3des-sha2 to both ike= and phase2alg= lines.
2017-06-02 12:55:25 -05:00
DL6ER
748d89bb4b
Add 3des-sha2 to both ike= and phase2alg= lines. Fixes #154
2017-06-02 18:20:23 +02:00
hwdsl2
0316b0f755
Fix Azure template
...
- Switch to version 2 of the Azure Custom Script Extension
- Use default VM size "Basic_A0" for deployments (configurable)
- Clean up install.sh, and other minor improvements
2017-05-31 14:13:54 -05:00
hwdsl2
654ddcdfa4
Update docs
2017-05-30 15:01:26 -05:00
hwdsl2
f403dbeaf7
Improve tests
2017-05-28 21:47:17 -05:00
hwdsl2
8fb4bf7897
Minor clean up
2017-05-22 11:46:28 -05:00
hwdsl2
f93ecd60d2
Improve tests
2017-05-17 17:44:19 -05:00
hwdsl2
d711e2aee6
Improve network interfaces
...
- Try to auto detect server's default network interface
- Display a warning if the default interface is wlan*
2017-05-17 17:24:19 -05:00
hwdsl2
d437f7044d
Update docs
...
- Add troubleshooting notes for Chromebook users
- Closes #147
2017-05-16 16:05:25 -05:00
hwdsl2
7aeae4c8b8
Update docs
2017-05-05 10:37:45 -05:00
hwdsl2
4c6aa6e3a1
Update docs
2017-05-02 16:55:54 -05:00
hwdsl2
db834c146f
Update Azure template
2017-05-01 20:08:02 -05:00
hwdsl2
cf75c2bb86
Improve network interfaces
...
- Use eth0 instead of eth+ throughout for consistency
- Improve error messages when eth0 is unavailable
2017-04-30 17:16:33 -05:00
hwdsl2
cebf9f4361
Minor clean up
2017-04-12 10:38:57 -05:00
hwdsl2
f58afbc84b
Update VPN ciphers
...
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
67474fddc9
Improve VPN variables
...
- Check VPN credentials for non-ASCII characters
- Ref: #130
2017-04-07 13:55:46 -05:00
hwdsl2
222acbf5ae
New Libreswan version
...
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6d9eb9a2fa
Improve OS detection
...
- Fix OS detection on Debian when lsb_release is not available
- Closes #123
2017-03-23 12:39:01 -05:00
hwdsl2
fec47196d6
Update docs
2017-03-19 22:10:49 -05:00
hwdsl2
6f1dc6db1c
Remove fail2ban workaround
...
- The fail2ban bug on CentOS 7 has been fixed. Remove workaround.
- Ref: 320e17a
, https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-03-06 11:03:33 -06:00
hwdsl2
347f3fdbfe
Improve IPTables rules
...
- Improve blocking of unencrypted L2TP without IPsec
- Closes #116 . Thanks @ryt51V!
2017-02-18 08:53:00 -06:00
hwdsl2
43d11fe35a
Fix xl2tpd on CentOS 7 for Linode
...
- Fix xl2tpd on CentOS 7 for providers such as Linode,
where kernel module "l2tp_ppp" is unavailable
- Closes : #114
2017-02-16 12:39:21 -06:00
hwdsl2
320e17a61d
Workaround for fail2ban bug
...
- Temporary workaround for fail2ban bug on CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-02-16 12:14:13 -06:00
hwdsl2
08e08c6924
Improve customization
...
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6
Improve VPN IPs
...
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
f7961242e4
Update docs
2017-02-10 10:32:24 -06:00
hwdsl2
4a1c0e34c7
Update docs
...
- Add link to Justin's blog post (IPsec VPN server on Raspberry Pi 3)
- Closes #112
2017-02-07 23:40:39 -06:00
hwdsl2
e6b9208eeb
Update docs
2017-02-07 21:12:31 -06:00