1
0
mirror of synced 2024-11-25 14:26:09 +03:00
Commit Graph

108 Commits

Author SHA1 Message Date
hwdsl2
f58afbc84b Update VPN ciphers
- Add aes256-sha2_512 to the list of allowed ciphers
- Required for Android 7.1.x and (possibly) Chromebook
2017-04-12 10:17:08 -05:00
hwdsl2
67474fddc9 Improve VPN variables
- Check VPN credentials for non-ASCII characters
- Ref: #130
2017-04-07 13:55:46 -05:00
hwdsl2
222acbf5ae New Libreswan version
- New Libreswan version 3.20
- Use GitHub as primary download source
2017-03-23 13:55:51 -05:00
hwdsl2
6f1dc6db1c Remove fail2ban workaround
- The fail2ban bug on CentOS 7 has been fixed. Remove workaround.
- Ref: 320e17a, https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-03-06 11:03:33 -06:00
hwdsl2
347f3fdbfe Improve IPTables rules
- Improve blocking of unencrypted L2TP without IPsec
- Closes #116. Thanks @ryt51V!
2017-02-18 08:53:00 -06:00
hwdsl2
43d11fe35a Fix xl2tpd on CentOS 7 for Linode
- Fix xl2tpd on CentOS 7 for providers such as Linode,
  where kernel module "l2tp_ppp" is unavailable
- Closes: #114
2017-02-16 12:39:21 -06:00
hwdsl2
320e17a61d Workaround for fail2ban bug
- Temporary workaround for fail2ban bug on CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1422500
2017-02-16 12:14:13 -06:00
hwdsl2
08e08c6924 Improve customization
- Use variables for easier customization of VPN subnets and DNS
- Other minor improvements
2017-02-11 21:36:37 -06:00
hwdsl2
03007079e6 Improve VPN IPs
- Use %defaultroute and iptables MASQUERADE, no need to detect private IP
- Use %any for the first field of ipsec.secrets, instead of public IP
- As a result, the VPN server should now better adapt to IP changes.
2017-02-10 18:00:29 -06:00
hwdsl2
63697214b4 Improve VPN ciphers
- Consolidate VPN ciphers for "ike=" and "phase2alg=" in ipsec.conf.
2017-01-18 23:01:09 -06:00
hwdsl2
e40dd6219b Bugfix
- Libreswan 3.19 removed MODP1024 from the ike= default list,
  which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101. Thanks @keijodputt!
2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0 Update year 2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70 Minor fix
- Use the "fixed strings" option in "grep" commands for "swan_ver",
  so that the "." in this variable is treated literally.
2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287 Upgrade to Libreswan 3.19
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
  https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
2017-01-16 12:30:37 -06:00
hwdsl2
ad8295721d Minor clean up 2017-01-09 10:39:26 -06:00
hwdsl2
ba0fbb3860 Improve script outputs 2017-01-09 02:50:03 -06:00
hwdsl2
9500da3231 Bugfix
- Fix commit ca84aa7 to avoid a possible race condition
  when starting ipsec and xl2tpd services on boot
2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13 Improve services on boot 2017-01-04 02:21:09 -06:00
hwdsl2
89d75f7243 Bugfix for Android 6 and 7
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
  on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2017-01-03 22:40:48 -06:00
hwdsl2
3dbf3a9c09 Remove xl2tpd workaround
- Updated xl2tpd package is now available in EPEL
- This workaround is no longer needed
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
- Ref: 8cc1362
2016-12-31 16:36:04 -06:00
hwdsl2
261e472e3e Bugfix
- In xl2tpd version 1.3.8, which was pushed to the EPEL repository
  in Dec. 2016, the options "crtscts" and "lock" are no longer
  recognized in "/etc/ppp/options.xl2tpd" and generates an error.
- This commit fixes the VPN on CentOS by removing those options.
- Ref: https://github.com/xelerance/xl2tpd/issues/108
2016-12-30 00:56:38 -06:00
hwdsl2
b59389a03f Use L2TP kernel support
- Use L2TP kernel support on CentOS 6
- This could improve L2TP performance
2016-12-29 00:53:30 -06:00
hwdsl2
8cc1362d17 Workaround for xl2tpd bug
- Temporary workaround for an xl2tpd bug which affects CentOS 7
- Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1406360
2016-12-28 13:23:27 -06:00
hwdsl2
6479212c45 Improve workaround
- Improve workaround for non-eth0 network interfaces
- Fixed an issue where it cannot be used with sudo
2016-11-28 13:11:57 -06:00
hwdsl2
61bd1254ed Minor clean up 2016-11-10 13:02:04 -06:00
hwdsl2
6d99a01b0a Remove SHA2 workaround
- Libreswan 3.18 and higher prefers sha2_512 over sha2_256
- The 'sha2-truncbug=yes' workaround is no longer needed
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
2016-11-06 14:40:30 -06:00
hwdsl2
6e16712bc5 Minor clean up 2016-10-31 01:59:11 -05:00
hwdsl2
9319ce8ae2 Clean up IPTables rules
- Only add the necessary IPTables rules for the VPN
- Other minor clean ups
2016-10-29 18:00:24 -05:00
hwdsl2
e3d830dfd4 Improve services on boot
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
2016-10-29 18:00:11 -05:00
hwdsl2
6f2818753a Minor improvements and clean up 2016-10-10 22:34:51 -05:00
hwdsl2
4c6de2af29 Improve network interfaces
- Better handling of non-eth0 network interfaces
- Now easier to use on servers with new interface names
2016-10-10 16:49:46 -05:00
hwdsl2
0e51150d84 Check VPN credentials
- If the provided VPN credentials contain \ " or ', exit with error
- The above special characters can cause issues with the VPN
2016-09-23 14:31:10 -05:00
hwdsl2
cce15b7f08 Improve IP checking
- Use a function to simplify code for IP checking
- Remove new lines before matching with IP regex
2016-09-23 00:39:36 -05:00
hwdsl2
7cdd372a6e Improve IPTables rules
- Fixed an uncommon use case where the setup script is run again after
  a server IP change. Make sure to update IPTables rules in this case.
- Thanks @larryisthere! Ref: #17
2016-09-21 21:06:22 -05:00
hwdsl2
7937a74469 Improve IP detection
- Remove unneeded code for Amazon EC2
- Check IPs for correct format after each try
2016-09-09 15:41:02 -05:00
hwdsl2
96a071ebc5 Improve VPN ciphers
- Add stronger cipher options
- Fix for Android 6.0 VPN clients
2016-08-26 00:21:10 -05:00
hwdsl2
14767d354f Reduce wget timeout 2016-08-11 22:12:22 -05:00
hwdsl2
335b4035b9 Minor clean up 2016-08-07 14:00:07 -05:00
hwdsl2
077b119274 New Libreswan version 3.18 2016-07-29 12:55:08 -05:00
hwdsl2
004c68f6ad Improve readability and clean up 2016-07-12 22:43:41 -05:00
hwdsl2
1f76dc169a Better handling of custom SSH port 2016-07-10 00:47:41 -05:00
hwdsl2
7bece1681d Minor improvements and clean up 2016-07-03 21:28:27 -05:00
hwdsl2
ac91fa9b79 Improve error output 2016-06-29 03:22:21 -05:00
hwdsl2
8336260799 Minor improvement to 'tr' 2016-06-29 03:20:49 -05:00
hwdsl2
c28f9b0928 Prepare for new requirements
- New requirements in Libreswan 3.18 (not released yet)
- libsystemd-dev (Ubuntu/Debian) or systemd-devel (CentOS)
- Applies only to systemd-based Linux distributions
2016-06-28 17:49:18 -05:00
hwdsl2
d32b449f46 Improve IP detection 2016-06-26 13:00:11 -05:00
hwdsl2
f0804e5184 Remove IP6Tables rules
- Not needed for the VPN to work
2016-06-26 01:09:13 -05:00
hwdsl2
fa704629f0 Improve backup of IPTables rules 2016-06-26 00:56:12 -05:00
hwdsl2
de6f4a45ad Minor improvements and clean up 2016-06-21 03:54:47 -05:00
hwdsl2
59c7227587 Improve defining VPN variables 2016-06-11 15:36:43 -05:00