hwdsl2
3611ed5981
Update IKEv2 script
...
- Minor fix: Set permission for the generated .mobileconfig file to 600,
same as the exported .p12 file.
2021-01-23 00:20:09 -06:00
hwdsl2
47b5cd01c1
Update IKEv2 script
...
- For the Ubuntu 18.04 NSS bug fix, use mirrors.kernel.org, which
is an Ubuntu mirror that supports HTTPS, instead of HTTP-only
security.ubuntu.com
- Minor fix: When uninstalling IKEv2, delete keys in addition to
certificates from the IPsec database
2021-01-21 23:07:24 -06:00
hwdsl2
5e1b3e1ae9
Update IKEv2 script
...
- Apply fix for NSS bug on Ubuntu 18.04. Ubuntu 18.04 has NSS (libnss3)
version 3.35, which has a bug with iteration counts that results in
"incorrect password" errors when trying to import a generated ".p12"
file to Windows. To fix this, we install newer versions of libnss3
related packages from the official Ubuntu repo.
Ref: #414
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes
https://packages.ubuntu.com/focal/amd64/libnss3
- Other minor improvements
2021-01-21 00:24:07 -06:00
hwdsl2
7d9f2c6603
Fix IKEv2
...
- Fix an issue with IKEv2 disconnecting after one hour due to IKE SA
expiration, by setting ikelifetime and salifetime to 24h.
Ref: #913 #844 https://libreswan.org/man/ipsec.conf.5.html
2021-01-20 01:39:07 -06:00
hwdsl2
9bf2b630ca
Update IKEv2 script
...
- Add option to remove IKEv2
2021-01-19 01:05:06 -06:00
hwdsl2
819ff8a2b3
Update IKEv2 script
...
- New feature: Export configuration for an existing IKEv2 client
- If IKEv2 has already been set up, users can now choose from a menu to
either add a new client or export configuration for an existing client
2021-01-18 21:57:09 -06:00
hwdsl2
ef93a9867b
Update IKEv2 script
...
- New feature: The IKEv2 helper script can now be run in "auto mode",
which sets up IKEv2 using default options, no user input needed.
To use this mode, add command-line parameter "--auto"
- Refactor entire script to remove duplicate code, improve structure
and make it easier to read and maintain
- Add check for Libreswan version
- Update tests
2021-01-18 00:01:46 -06:00
hwdsl2
b17ec88a0d
Update IKEv2 script
...
- Add the option for users to specify their own password to protect the
exported VPN client configuration files
- Update tests
2021-01-15 23:26:25 -06:00
hwdsl2
b004aaaf7c
Support .mobileconfig for IKEv2
...
- New feature: For macOS and iOS clients, the IKEv2 helper script
can now create .mobileconfig files to simplify client setup
and improve VPN performance with ciphers such as AES-GCM.
- New feature: VPN On Demand is now supported on macOS and iOS.
See https://git.io/ikev2 for more details.
- The script no longer exports the IKEv2 VPN CA certificate, since
.mobileconfig support has been added.
- A random password is now generated for the .p12 and .mobileconfig
files, and displayed on the screen when finished. User input is
no longer required for this password.
2021-01-14 23:21:52 -06:00
hwdsl2
91b7e53004
Update IKEv2 script
...
- Improve check for MOBIKE support
2021-01-13 09:58:17 -06:00
hwdsl2
c0a212bfc8
Update IKEv2 script
...
- Improve OS detection and Libreswan version handling
- Cleanup
2021-01-10 18:28:52 -06:00
hwdsl2
dabf765978
Update year
2021-01-03 00:35:24 -06:00
hwdsl2
313502293f
Update IKEv2 script
...
- Add check for existing certificates for the VPN server and client
- Other minor improvements
2020-12-30 22:53:19 -06:00
hwdsl2
e7bbb50670
Add Amazon Linux 2
2020-12-26 00:19:50 -06:00
hwdsl2
76c9d9c293
Update IKEv2 script
2020-12-20 01:15:00 -06:00
hwdsl2
3b1403668d
Update upgrade scripts
...
- Clean up Libreswan build flags for CentOS
- Minor improvements
2020-12-14 23:12:15 -06:00
hwdsl2
599c1dab15
Update IKEv2 script
...
- Minor improvements
2020-12-13 15:52:03 -06:00
hwdsl2
cf1865a66e
Improve RPi detection
...
- Add check for 64-bit versions of Raspberry Pi OS, e.g. Ubuntu 20.04
on Raspberry Pi 4
- Ref: #852
2020-11-24 21:27:40 -06:00
hwdsl2
afb8a7acce
New Libreswan version
...
- Upgrade Libreswan from 3.32 to 4.1
2020-11-11 00:27:44 -06:00
hwdsl2
5e090770c8
Update IKEv2 script
...
- Allow specifying custom DNS servers
- Add notes about the IKEv2 MOBIKE extension
- Cleanup
2020-07-12 17:14:30 -05:00
hwdsl2
012c19fed1
Update IKEv2 script
...
- Allow specifying the validity period of client certificates
2020-07-02 11:48:35 -05:00
hwdsl2
cf2ed17ae6
Update IKEv2 script
...
- Improve error handling and move ikev2 config to the last step
2020-06-11 01:32:31 -05:00
hwdsl2
b7293e95da
Cleanup
2020-06-05 11:00:23 -05:00
hwdsl2
333a63850e
Update IKEv2 script
...
- Support adding IKEv2 VPN clients
- Users can specify name for the first VPN client
2020-06-05 00:29:15 -05:00
hwdsl2
e1e1b67afd
Improve IKEv2 setup
...
- Use /etc/ipsec.d/ikev2.conf for IKEv2 configuration
- Allow running from inside a container, so that it can be used with:
https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 23:09:32 -05:00
hwdsl2
5894ea2e1f
Update IKEv2 script
...
- Allow running from inside a container, so that it can be used with:
https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 17:35:27 -05:00
hwdsl2
0a0607feb9
Update IKEv2 script
...
- Save client configuration to home folder
2020-05-17 18:09:40 -05:00
hwdsl2
b028661f6f
Update IKEv2 script
...
- Raspberry Pi (Raspbian) kernels do not support MOBIKE
2020-05-16 22:11:01 -05:00
hwdsl2
f38e2ea4f2
Cleanup
2020-05-14 23:07:47 -05:00
hwdsl2
5bf8b86192
Update IKEv2 script
...
- Fix CentOS detection
- Set MOBIKE question default to 'yes'
2020-05-11 23:15:05 -05:00
hwdsl2
6a285499e3
Update upgrade scripts
...
- Support upgrading to Libreswan 3.32
- Update ikev2 setup helper script
2020-05-11 11:28:37 -05:00
hwdsl2
ace41ebc29
Add IKEv2 script
...
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
2020-05-11 01:18:34 -05:00