hwdsl2
c8d8730fd0
Minor fix
...
[ci skip]
2017-01-26 17:42:13 -06:00
hwdsl2
758f0e1418
Fix IKEv2 docs
...
- Windows 8.x and 10 require the IKEv2 machine certificate to have
"Client Auth" EKU in addition to "Server Auth". Otherwise it gives
"Error 13806: IKE failed to find valid machine certificate..."
- The IKEv2 documentation has been updated to fix this issue
- Also, this Libreswan wiki page may need to be updated. @letoams
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
- Ref: #106 . Thanks @evil-shrike!
2017-01-26 17:15:43 -06:00
hwdsl2
a156a1f5f3
Update docs
...
[ci skip]
2017-01-25 13:12:47 -06:00
hwdsl2
0c8f117fd9
Update docs
...
[ci skip]
2017-01-21 12:13:27 -06:00
hwdsl2
721f7bfaa0
Minor fix
...
- Improve sed command in VPN upgrade scripts
2017-01-20 11:25:12 -06:00
hwdsl2
63697214b4
Improve VPN ciphers
...
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b
Bugfix
...
- Libreswan 3.19 removed MODP1024 from the ike= default list,
which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101 . Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
5cbadb643b
Update docs
...
[ci skip]
2017-01-18 16:31:42 -06:00
hwdsl2
c8bfb7c741
Update docs
...
[ci skip]
2017-01-18 01:50:43 -06:00
hwdsl2
e767b462a5
Fix docs
...
- Further improve IKEv2 config for Windows 7/8/10
- Ref: 9455b19
2017-01-17 11:31:40 -06:00
hwdsl2
9455b19119
Fix docs
...
- Libreswan 3.19 requires configuration changes in ipsec.conf
for IKEv2, so that Windows 7/8/10 clients can connect
2017-01-17 02:22:46 -06:00
hwdsl2
2727f1a1a0
Update year
2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70
Minor fix
...
- Use the "fixed strings" option in "grep" commands for "swan_ver",
so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
3735530015
Update docs
...
[ci skip]
2017-01-16 17:27:08 -06:00
hwdsl2
2dbdee1287
Upgrade to Libreswan 3.19
...
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ad8295721d
Minor clean up
2017-01-09 10:39:26 -06:00
hwdsl2
ba0fbb3860
Improve script outputs
2017-01-09 02:50:03 -06:00
hwdsl2
c23d5c972a
Update docs
...
[ci skip]
2017-01-08 11:44:58 -06:00
hwdsl2
efeff51f3a
Improve tests
2017-01-06 16:12:36 -06:00
hwdsl2
9500da3231
Bugfix
...
- Fix commit ca84aa7
to avoid a possible race condition
when starting ipsec and xl2tpd services on boot
2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13
Improve services on boot
2017-01-04 02:21:09 -06:00
hwdsl2
e41cf78b53
Update docs
...
[ci skip]
2017-01-03 23:31:56 -06:00
hwdsl2
89d75f7243
Bugfix for Android 6 and 7
...
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2017-01-03 22:40:48 -06:00
hwdsl2
525f39d141
Fix tests
2017-01-02 09:17:59 -06:00
hwdsl2
9ea2b50dae
Improve OS detection
...
- Check /etc/lsb-release if command "lsb_release" is missing
2017-01-02 09:16:01 -06:00
hwdsl2
3dbf3a9c09
Remove xl2tpd workaround
...
- Updated xl2tpd package is now available in EPEL
- This workaround is no longer needed
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
- Ref: 8cc1362
2016-12-31 16:36:04 -06:00
hwdsl2
e6ebdeaaf8
Update docs
...
[ci skip]
2016-12-30 16:24:47 -06:00
hwdsl2
69caa65512
Improve options
...
- Remove some xl2tpd (pppd) options for Ubuntu/Debian
- They are not recognized in the new xl2tpd version 1.3.8
- Ref: 261e472
2016-12-30 16:16:33 -06:00
hwdsl2
261e472e3e
Bugfix
...
- In xl2tpd version 1.3.8, which was pushed to the EPEL repository
in Dec. 2016, the options "crtscts" and "lock" are no longer
recognized in "/etc/ppp/options.xl2tpd" and generates an error.
- This commit fixes the VPN on CentOS by removing those options.
- Ref: https://github.com/xelerance/xl2tpd/issues/108
2016-12-30 00:56:38 -06:00
hwdsl2
b59389a03f
Use L2TP kernel support
...
- Use L2TP kernel support on CentOS 6
- This could improve L2TP performance
2016-12-29 00:53:30 -06:00
hwdsl2
9b3eeed571
Improve tests
2016-12-28 13:24:17 -06:00
hwdsl2
8cc1362d17
Workaround for xl2tpd bug
...
- Temporary workaround for an xl2tpd bug which affects CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
2016-12-28 13:23:27 -06:00
hwdsl2
eba1e4e08e
Update docs
...
[ci skip]
2016-12-22 10:27:56 -06:00
hwdsl2
72f5ddf145
Improve tests
2016-12-13 13:49:55 -06:00
hwdsl2
6479212c45
Improve workaround
...
- Improve workaround for non-eth0 network interfaces
- Fixed an issue where it cannot be used with sudo
2016-11-28 13:11:57 -06:00
hwdsl2
af1af539aa
Update docs
...
[ci skip]
2016-11-23 20:19:05 -06:00
hwdsl2
61bd1254ed
Minor clean up
2016-11-10 13:02:04 -06:00
hwdsl2
6d99a01b0a
Remove SHA2 workaround
...
- Libreswan 3.18 and higher prefers sha2_512 over sha2_256
- The 'sha2-truncbug=yes' workaround is no longer needed
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2016-11-06 14:40:30 -06:00
hwdsl2
6e16712bc5
Minor clean up
2016-10-31 01:59:11 -05:00
hwdsl2
75bcdfae75
Update docs
...
[ci skip]
2016-10-29 18:36:58 -05:00
hwdsl2
9319ce8ae2
Clean up IPTables rules
...
- Only add the necessary IPTables rules for the VPN
- Other minor clean ups
2016-10-29 18:00:24 -05:00
hwdsl2
e3d830dfd4
Improve services on boot
...
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
2016-10-29 18:00:11 -05:00
hwdsl2
895d46c0c9
Fix for Raspbian
...
- On Raspberry Pis /etc/rc.local can run early during boot
- If the network is not ready, IPsec may fail to start
- A delay has been added as a workaround. Ref: #76
2016-10-25 21:32:52 -05:00
hwdsl2
13db1d4a7f
Improve Linux instructions
...
- Add option "noipdefault" to fix Linux clients behind NAT
- Specify VPN username and password in the config file
- Combine the Ubuntu/Debian and CentOS/Fedora sections
- [ci skip]
2016-10-25 18:08:36 -05:00
hwdsl2
44eb55f9f3
Update docs
...
[ci skip]
2016-10-24 09:53:07 -05:00
hwdsl2
5193d199ca
Improve Linux client instructions
...
[ci skip]
2016-10-21 09:05:33 -05:00
hwdsl2
2e7913bd44
Update docs
...
[ci skip]
2016-10-15 14:49:20 -05:00
hwdsl2
6f2818753a
Minor improvements and clean up
2016-10-10 22:34:51 -05:00
hwdsl2
4c6de2af29
Improve network interfaces
...
- Better handling of non-eth0 network interfaces
- Now easier to use on servers with new interface names
2016-10-10 16:49:46 -05:00
hwdsl2
65f1bcd726
Update docs
...
[ci skip]
2016-10-08 15:03:06 -05:00