mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 21:16:02 +03:00
Code Issues Projects Releases Wiki Activity
991 Commits 1 Branch 0 Tags 20 MiB
d1f15684be
Commit Graph

241 Commits

Author SHA1 Message Date
hwdsl2
79a344ec46 Cleanup 2022-02-24 09:18:39 -06:00
hwdsl2
a4e452e9df Cleanup 2022-02-23 00:08:45 -06:00
hwdsl2
06c5e27080 Fix for GCP MTU size 
- This fix is specifically for Google Cloud Platform (GCP) VMs.
  The default MTU size on GCP, 1460 bytes, could cause network issues
  such as "cannot open websites" with IKEv2 VPN clients.
  This issue was brought up multiple times in this repo, e.g. #1000.
- The fix changes the MTU to 1500 (the default that is widely used),
  and updates dhclient.conf so that it is not reverted to 1460 by DHCP.
- Refs: https://cloud.google.com/vpc/docs/vpc#mtu
        https://cloud.google.com/compute/docs/instances/detect-compute-engine
        https://linuxhint.com/how-to-change-mtu-size-in-linux/
        https://git.io/ikev2#cannot-open-websites-after-connecting-to-ikev2
 2022-02-23 00:07:33 -06:00
hwdsl2
86d4f2f93c Improve VPN setup 
- Retry certain 'apt-get' and 'yum' commands on failure
 2022-02-08 23:24:46 -06:00
hwdsl2
2bb938416c Cleanup 2022-01-29 12:35:51 -06:00
hwdsl2
c04d056be6 Cleanup 2022-01-29 01:28:56 -06:00
hwdsl2
5b1377dcf3 Cleanup 2022-01-22 21:34:53 -06:00
hwdsl2
9022caf9f4 Improve VPN setup 
- Retrieve latest supported Libreswan version before install
- Cleanup
 2022-01-22 21:31:55 -06:00
hwdsl2
2ffad259af New Libreswan version 
- Use new Libreswan version 4.6.
- Libreswan 4.6 contains a fix for CVE-2022-23094. See the following
  links for more information.
  https://lists.libreswan.org/pipermail/swan-announce/2022/000046.html
  https://libreswan.org/security/
 2022-01-11 22:20:57 -06:00
hwdsl2
c25baaf9a9 Cleanup 2022-01-04 23:01:14 -06:00
hwdsl2
c78b398057 Update year 2022-01-02 00:09:03 -06:00
hwdsl2
a47ced7899 Cleanup 2021-09-19 21:51:14 -05:00
hwdsl2
e2a9c4a0c3 Cleanup 2021-09-11 10:07:33 -05:00
hwdsl2
263ffe97cc Cleanup 2021-09-07 09:02:22 -05:00
hwdsl2
df6c02bf95 Improve Libreswan install 
- Skip downloading and installing Libreswan if the same version
  is already installed.
 2021-08-29 15:12:17 -05:00
hwdsl2
da7697a5b0 Cleanup 
- Update scripts to use bash instead of sh
- Update docs
 2021-08-27 23:35:31 -05:00
hwdsl2
c2236b6e34 New Libreswan version 
- Use new Libreswan version 4.5
 2021-08-22 11:50:14 -05:00
hwdsl2
9336c1c2c2 Improve VPN setup 
- Refactor VPN setup scripts into functions
- Cleanup
 2021-08-19 02:01:34 -05:00
hwdsl2
8e570129b2 Cleanup 2021-08-14 00:26:27 -05:00
hwdsl2
779a86f933 Cleanup 2021-08-13 02:11:31 -05:00
hwdsl2
2e17ef68ce Update OS detection 2021-07-27 00:59:15 -05:00
hwdsl2
a0409b4399 Cleanup 
- In rare cases, if a parent process traps SIGPIPE, the 'tr'
  command in the VPN setup scripts could output an error
  'tr: write error: Broken pipe'. This is a cosmetic error
  that does NOT affect the functionality of the scripts. This
  commit hides the error in such cases.
 2021-07-21 23:12:06 -05:00
hwdsl2
61025818bb Optimize binary size 
- Use the gcc "-s" option when compiling Libreswan. This reduces
  binary size by ~80%.
 2021-07-10 01:57:11 -05:00
hwdsl2
02b6d05c82 Update IPTables rules 
- Allow traffic from IKEv2 and IPsec/XAuth ("Cisco IPsec") clients to
  IPsec/L2TP clients. Ref: #983
- Cleanup
- Update docs
 2021-06-20 15:02:33 -05:00
hwdsl2
de2d49d3a6 Improve IKEv2 setup 
- Add a link to /usr/bin for the IKEv2 helper script
 2021-05-24 01:14:32 -05:00
hwdsl2
293e5d999a Improve IP detection 2021-05-11 09:59:18 -05:00
hwdsl2
c55bdd7d13 Update permissions 
- Set executable bit for ikev2.sh
 2021-04-26 22:55:32 -05:00
hwdsl2
ac0bde54bb New Libreswan version 
- Use new Libreswan version 4.4
- Support updating to Libreswan 4.4
- Other small improvements and cleanup
 2021-04-24 16:15:05 -05:00
hwdsl2
d90c6121b6 Improve OS detection 2021-04-20 00:09:00 -05:00
hwdsl2
28b02f28db Fix for CentOS 8 
- Minor fix for IPTables FORWARD rules on CentOS 8
- Cleanup
 2021-04-19 00:38:50 -05:00
hwdsl2
804856064b Minor fix and cleanup 
- Minor fix for CentOS 8 for the uncommon scenario where the server has
  "nftables" service enabled
- Cleanup
 2021-04-01 23:06:36 -05:00
hwdsl2
cec1dde5e4 Improve setup 
- To make it easier for users to set up IKEv2, the IKEv2 helper script
  is now downloaded during VPN setup.
- Cleanup
 2021-03-28 23:39:29 -05:00
hwdsl2
f6dd26abba Improve setup 
- Install uuid-runtime/util-linux, which is required for IKEv2 setup.
 2021-03-13 14:39:05 -06:00
hwdsl2
1972501725 New Libreswan version 
- Use new Libreswan version 4.3
- Support updating to Libreswan 4.3
- Other small improvements
- Update tests
 2021-02-21 23:54:37 -06:00
hwdsl2
5779b2e6c8 Improve output 
- Improve output for the VPN setup and upgrade scripts. The outputs
  of the scripts are now significantly reduced and only include the
  most useful information for users.
- Other minor cleanup
 2021-02-05 21:49:35 -06:00
hwdsl2
1808095bb7 New Libreswan version 
- Use new Libreswan version 4.2
- Support updating to Libreswan 4.2 from older versions. The upgrade
  scripts can now install one of these versions: 3.32, 4.1 or 4.2.
- Other small improvements
- Update tests
 2021-02-04 01:47:04 -06:00
hwdsl2
2b6586cf1b Increase IKE lifetime 
- Set both "ikelifetime" and "salifetime" to 24 hours, which is
  recommended since we have "rekey=no" on the server. VPN clients will
  normally initiate rekey with a shorter interval.
  Ref: https://github.com/libreswan/libreswan/issues/405#issuecomment-765109809
       https://libreswan.org/man/ipsec.conf.5.html
 2021-01-21 23:24:41 -06:00
hwdsl2
3b90d2d394 Cleanup 2021-01-07 12:02:44 -06:00
hwdsl2
a5a1f4adb1 Cleanup 2021-01-03 14:05:13 -06:00
hwdsl2
dabf765978 Update year 2021-01-03 00:35:24 -06:00
hwdsl2
de7a529c6c Cleanup 
- Remove Debian 8 from VPN upgrade script, which is EOL on 06/30/2020
- Include OS arch when checking Libreswan version
- Other minor improvements
 2021-01-02 14:25:50 -06:00
hwdsl2
b3ad82fd48 Cleanup 2020-12-31 23:09:58 -06:00
hwdsl2
cac5191155 Add version check 
- Check for latest supported Libreswan version, and remind users who use
  a non-latest version of the VPN scripts that they can upgrade
- Other minor improvements
 2020-12-31 18:24:41 -06:00
hwdsl2
74b2c4885e Improve l2tp_ppp fix 
- Improve fix for l2tp_ppp: Instead of commenting out ExecStartPre,
  ignore the return code with the '-' prefix
 2020-12-24 14:25:38 -06:00
hwdsl2
dbb5d0576d Minor cleanup 2020-12-24 01:51:25 -06:00
hwdsl2
c1fb45f942 Fix for CentOS 8 
- The repository ID "powertools" is now lower case in the latest
  CentOS release. Update to work in both cases.
 2020-12-07 11:37:48 -06:00
hwdsl2
00f9d2ba86 Clean up build flags 
- Clean up build flags for Libreswan. In Libreswan 4.1, these flags are
  now set automatically based on Ubuntu/Debian versions, and no longer
  needed for CentOS/RHEL 7 and 8.
- Ref: https://github.com/libreswan/libreswan/blob/main/mk/defaults/linux.mk
       https://github.com/libreswan/libreswan/commit/c01ffcc1
 2020-12-04 23:36:53 -06:00
hwdsl2
41142ee915 Remove CentOS 6 
- CentOS 6 was EOL as of Nov. 30, 2020, and the default yum repos are
  no longer available for installing new packages
  Ref: https://wiki.centos.org/About/Product
 2020-12-02 23:40:54 -06:00
hwdsl2
7674810559 Clean up sysctl settings 2020-11-28 11:54:49 -06:00
hwdsl2
5a13026701 Apply Libreswan fix 
- Fix detection for sysvinit initsystem:
  cfe4dabab4
 2020-11-11 23:05:29 -06:00