- Improve the optional VPN On Demand feature on macOS and iOS.
Connect only on WiFi networks (instead of any network), with
captive portal detection. This is the most common use case.
- For IKEv2 mode, add a new variable VPN_CLIENT_VALIDITY for specifying
the client certificate validity period (in months). Must be an integer
between 1 and 120. Default value is 120. Users can define it as an
environment variable when setting up IKEv2 in auto mode, or when
adding a new IKEv2 client using "--addclient".
- Instead of finding the server's public IP, use the IP address
on the default route if it is not a private IP. This makes VPN
setup slightly faster by skipping IP detection.
- Add a fallback URL for finding the server's public IP.
- Cleanup
- Make the VPN setup scripts work on Kali Linux (based on Debian).
- Update IKEv2 helper script to check for OpenSSL 3 first when
exporting the .p12 file.
- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
keep the VPN connection open if the client's network is unstable.
- Add a workaround for Ubuntu 22.04 "password is incorrect" issue
when importing IKEv2 client config files into iOS and macOS devices.
- Ubuntu 22.04 uses OpenSSL 3, which has a default "openssl pkcs12"
encoding algorithm that is incompatible with iOS and macOS devices.
Ref: https://developer.apple.com/forums/thread/697030?answerId=701291022#701291022
- Create a client config README file under certain circumstances,
such as when setting up IKEv2 automatically and users might not
see the script's output.
- Display a note if no password is required when importing client
config files.
- Advanced users can now define VPN_PROTECT_CONFIG=yes when setting up
IKEv2, if they want to protect client config files with a password.
- Add an option to protect IKEv2 client config files using a password,
which users can select when customizing IKEv2 or client options
Ref: dbc3527
- Change the default action to 'continue' when confirming IKEv2 setup
options
- Other minor improvements
- Simplify IKEv2 configuration import: Remove passwords for IKEv2
client config files. When importing, it is no longer required to
enter a config file password.
- For macOS and iOS, .mobileconfig files require a password to work.
The password is now included so there is no need to manually enter.
- Note: Client config files should be securely transferred from
the VPN server to VPN client device(s) for import.
