1
0
mirror of synced 2024-11-28 23:56:04 +03:00
Commit Graph

277 Commits

Author SHA1 Message Date
hwdsl2
db54638f5e Check kernel version
- Only enable TCP BBR congestion control if the server's Linux kernel
  version is 4.20 or newer.
- BBR requires the "fq" qdisc for older kernels < 4.20. That setting
  may not take effect on existing network interfaces without a reboot.
- References:
  https://github.com/google/bbr/blob/master/Documentation/bbr-quick-start.md
  0bb9d90
2022-09-08 00:29:18 -05:00
hwdsl2
6a525c6c10 Optimize TCP buffers
- Improve VPN performance by tuning TCP buffer sizes.
2022-09-07 23:29:10 -05:00
hwdsl2
0bb9d90668 Enable TCP BBR
- Improve VPN performance by enabling the TCP BBR congestion control
  algorithm on supported systems (e.g. Ubuntu 18.04+, Debian 10+,
  CentOS 8+) during VPN setup.
  References:
  https://cloud.google.com/blog/products/networking/tcp-bbr-congestion-control-comes-to-gcp-your-internet-just-got-faster
  https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/bbr.md
2022-09-07 02:32:12 -05:00
hwdsl2
d2e9b5ff91 Cleanup 2022-08-27 21:51:19 -05:00
hwdsl2
56078b0a1e Add an option to skip IKEv2 setup
- Add an option to skip IKEv2 setup when installing the IPsec VPN.
  Example: sudo VPN_SKIP_IKEV2=yes sh vpn.sh
- This allows users to set up an IKEv1-only VPN, or install IKEv2
  interactively using "sudo ikev2.sh" after VPN setup.
2022-08-27 15:59:43 -05:00
hwdsl2
e2f211c678 Improve OS detection
- Improve OS detection and clean up
2022-08-10 22:41:55 -05:00
hwdsl2
1dbf897500 Cleanup
- Fix OS checking: Don't show errors for /etc/redhat-release.
- Fixes #1211.
2022-08-09 19:34:32 -05:00
hwdsl2
95be4b83fb Fix NSS config
- Update NSS config on e.g. AlmaLinux 9 to allow the SHA1 signature
  algorithm. This fixes the issue where IKEv2 clients cannot connect.
- Fixes #1206.
2022-07-31 23:40:09 -05:00
hwdsl2
200da23776 Add Oracle Linux 9 2022-07-30 09:31:27 -05:00
hwdsl2
10d54262fb Add CentOS 9
- Add support for version 9 of CentOS Stream, RHEL, Rocky Linux
  and AlmaLinux.
2022-07-30 02:59:49 -05:00
hwdsl2
066cb14e14 Cleanup 2022-07-30 00:50:40 -05:00
hwdsl2
d36c435c95 Improve IPsec config
- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
  keep the VPN connection open if the client's network is unstable.
2022-06-15 00:28:21 -05:00
hwdsl2
0e24f8b086 Cleanup 2022-06-09 13:44:16 -05:00
hwdsl2
593f726c80 Cleanup 2022-06-07 22:48:40 -05:00
hwdsl2
41d37e808e Cleanup 2022-06-07 00:37:31 -05:00
hwdsl2
6e6d01dcf7 Improve IPTables rules
- Improve IPTables rules for IPsec VPN setup on systems such as CentOS 8.
  Do not add a DROP rule to the IPTables FORWARD chain if firewalld is
  active, so that existing firewalld FORWARD rules can continue to work.
2022-06-05 00:02:22 -05:00
hwdsl2
7b9813d562 Cleanup 2022-05-27 01:12:37 -05:00
hwdsl2
5f1f444a8f New Libreswan version
- Use new Libreswan version 4.7.
  Ref: https://lists.libreswan.org/pipermail/swan-announce/2022/000047.html
2022-05-25 23:57:30 -05:00
hwdsl2
c2a01e966c Cleanup 2022-05-22 00:36:47 -05:00
hwdsl2
a0f2345c3b Improve subnet check
- Improve check for custom VPN subnets.
  Ref: 95d9fc4
2022-05-16 21:43:56 -05:00
hwdsl2
857c6b9bea Add LXC check 2022-05-10 09:02:46 -05:00
hwdsl2
95d9fc4e03 Add subnet check
- Add a check for custom VPN subnets. Those can only be specified
  during initial VPN install.
  Ref: 1834b79
2022-05-10 08:47:59 -05:00
hwdsl2
c66ca577f3 Update links
- Update links due to git.io deprecation.
  Ref: https://github.blog/changelog/2022-04-25-git-io-deprecation/
2022-04-29 22:32:22 -05:00
hwdsl2
b2626dc921 Cleanup 2022-04-27 00:05:45 -05:00
hwdsl2
24ce5bedd8 Cleanup 2022-04-23 00:30:26 -05:00
hwdsl2
9458735d2c Improve Libreswan check 2022-04-23 00:07:46 -05:00
hwdsl2
a1ab13d9a9 Improve VPN setup
- Add fallback URLs for improved reliability
2022-04-11 22:36:43 -05:00
hwdsl2
629b39d3b3 Add Oracle Linux
- Add support for Oracle Linux 8 and 7.
2022-03-20 23:10:11 -05:00
hwdsl2
742e43ffcd Cleanup 2022-03-18 21:52:20 -05:00
hwdsl2
d182d9651a Improve VPN setup
- Download the add/delete VPN user helper scripts during setup,
  so users can use them directly without manual download.
2022-03-13 15:03:28 -05:00
hwdsl2
beb756f1f2 Remove CentOS 8
- Remove support for CentOS Linux 8, which is EOL.
  Ref: https://www.centos.org/centos-linux-eol/
2022-03-08 21:39:19 -06:00
hwdsl2
46a83e4f9f Cleanup 2022-03-08 21:17:16 -06:00
hwdsl2
e5703d8aaa Cleanup 2022-03-07 21:29:13 -06:00
hwdsl2
40859c5f7f Improve VPN setup
- Display a message if IKEv2 is already set up on the VPN server.
2022-03-06 22:41:29 -06:00
hwdsl2
b6c54c316f Improve VPN setup
- Skip Libreswan install if it has already been installed recently.
2022-03-06 22:36:20 -06:00
hwdsl2
6f4080bab4 Improve VPN setup
- Refactor VPN scripts to move IKEv2 setup inside vpnsetup_*.sh
2022-03-03 22:05:09 -06:00
hwdsl2
79a344ec46 Cleanup 2022-02-24 09:18:39 -06:00
hwdsl2
a4e452e9df Cleanup 2022-02-23 00:08:45 -06:00
hwdsl2
06c5e27080 Fix for GCP MTU size
- This fix is specifically for Google Cloud Platform (GCP) VMs.
  The default MTU size on GCP, 1460 bytes, could cause network issues
  such as "cannot open websites" with IKEv2 VPN clients.
  This issue was brought up multiple times in this repo, e.g. #1000.
- The fix changes the MTU to 1500 (the default that is widely used),
  and updates dhclient.conf so that it is not reverted to 1460 by DHCP.
- Refs: https://cloud.google.com/vpc/docs/vpc#mtu
        https://cloud.google.com/compute/docs/instances/detect-compute-engine
        https://linuxhint.com/how-to-change-mtu-size-in-linux/
        https://git.io/ikev2#cannot-open-websites-after-connecting-to-ikev2
2022-02-23 00:07:33 -06:00
hwdsl2
86d4f2f93c Improve VPN setup
- Retry certain 'apt-get' and 'yum' commands on failure
2022-02-08 23:24:46 -06:00
hwdsl2
2bb938416c Cleanup 2022-01-29 12:35:51 -06:00
hwdsl2
c04d056be6 Cleanup 2022-01-29 01:28:56 -06:00
hwdsl2
5b1377dcf3 Cleanup 2022-01-22 21:34:53 -06:00
hwdsl2
9022caf9f4 Improve VPN setup
- Retrieve latest supported Libreswan version before install
- Cleanup
2022-01-22 21:31:55 -06:00
hwdsl2
2ffad259af New Libreswan version
- Use new Libreswan version 4.6.
- Libreswan 4.6 contains a fix for CVE-2022-23094. See the following
  links for more information.
  https://lists.libreswan.org/pipermail/swan-announce/2022/000046.html
  https://libreswan.org/security/
2022-01-11 22:20:57 -06:00
hwdsl2
c25baaf9a9 Cleanup 2022-01-04 23:01:14 -06:00
hwdsl2
c78b398057 Update year 2022-01-02 00:09:03 -06:00
hwdsl2
a47ced7899 Cleanup 2021-09-19 21:51:14 -05:00
hwdsl2
e2a9c4a0c3 Cleanup 2021-09-11 10:07:33 -05:00
hwdsl2
263ffe97cc Cleanup 2021-09-07 09:02:22 -05:00