Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-29 17:15:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
811 Commits 1 Branch 0 Tags 20 MiB
2e2cbd0ce5
Commit Graph

261 Commits

Author SHA1 Message Date
hwdsl2
cfd9128e3f Improve VPN setup 
- Wait for apt to be available
- Check for Wget and install it if not found
- Fallback to cURL if Wget fails
- Cleanup
 2021-08-13 22:15:11 -05:00
hwdsl2
920e7a5fc8 Improve VPN setup 
- Add a new wrapper script for IPsec VPN setup on all supported OS.
  The previous vpnsetup.sh has been moved to vpnsetup_ubuntu.sh.
 2021-08-13 02:11:49 -05:00
hwdsl2
c54484a910 Rename Ubuntu/Debian script 2021-08-13 01:20:07 -05:00
hwdsl2
a0409b4399 Cleanup 
- In rare cases, if a parent process traps SIGPIPE, the 'tr'
  command in the VPN setup scripts could output an error
  'tr: write error: Broken pipe'. This is a cosmetic error
  that does NOT affect the functionality of the scripts. This
  commit hides the error in such cases.
 2021-07-21 23:12:06 -05:00
hwdsl2
61025818bb Optimize binary size 
- Use the gcc "-s" option when compiling Libreswan. This reduces
  binary size by ~80%.
 2021-07-10 01:57:11 -05:00
hwdsl2
02b6d05c82 Update IPTables rules 
- Allow traffic from IKEv2 and IPsec/XAuth ("Cisco IPsec") clients to
  IPsec/L2TP clients. Ref: #983
- Cleanup
- Update docs
 2021-06-20 15:02:33 -05:00
hwdsl2
de2d49d3a6 Improve IKEv2 setup 
- Add a link to /usr/bin for the IKEv2 helper script
 2021-05-24 01:14:32 -05:00
hwdsl2
293e5d999a Improve IP detection 2021-05-11 09:59:18 -05:00
hwdsl2
c55bdd7d13 Update permissions 
- Set executable bit for ikev2.sh
 2021-04-26 22:55:32 -05:00
hwdsl2
ac0bde54bb New Libreswan version 
- Use new Libreswan version 4.4
- Support updating to Libreswan 4.4
- Other small improvements and cleanup
 2021-04-24 16:15:05 -05:00
hwdsl2
cec1dde5e4 Improve setup 
- To make it easier for users to set up IKEv2, the IKEv2 helper script
  is now downloaded during VPN setup.
- Cleanup
 2021-03-28 23:39:29 -05:00
hwdsl2
f6dd26abba Improve setup 
- Install uuid-runtime/util-linux, which is required for IKEv2 setup.
 2021-03-13 14:39:05 -06:00
hwdsl2
1972501725 New Libreswan version 
- Use new Libreswan version 4.3
- Support updating to Libreswan 4.3
- Other small improvements
- Update tests
 2021-02-21 23:54:37 -06:00
hwdsl2
5779b2e6c8 Improve output 
- Improve output for the VPN setup and upgrade scripts. The outputs
  of the scripts are now significantly reduced and only include the
  most useful information for users.
- Other minor cleanup
 2021-02-05 21:49:35 -06:00
hwdsl2
1808095bb7 New Libreswan version 
- Use new Libreswan version 4.2
- Support updating to Libreswan 4.2 from older versions. The upgrade
  scripts can now install one of these versions: 3.32, 4.1 or 4.2.
- Other small improvements
- Update tests
 2021-02-04 01:47:04 -06:00
hwdsl2
2b6586cf1b Increase IKE lifetime 
- Set both "ikelifetime" and "salifetime" to 24 hours, which is
  recommended since we have "rekey=no" on the server. VPN clients will
  normally initiate rekey with a shorter interval.
  Ref: https://github.com/libreswan/libreswan/issues/405#issuecomment-765109809
       https://libreswan.org/man/ipsec.conf.5.html
 2021-01-21 23:24:41 -06:00
hwdsl2
3b90d2d394 Cleanup 2021-01-07 12:02:44 -06:00
hwdsl2
a5a1f4adb1 Cleanup 2021-01-03 14:05:13 -06:00
hwdsl2
dabf765978 Update year 2021-01-03 00:35:24 -06:00
hwdsl2
de7a529c6c Cleanup 
- Remove Debian 8 from VPN upgrade script, which is EOL on 06/30/2020
- Include OS arch when checking Libreswan version
- Other minor improvements
 2021-01-02 14:25:50 -06:00
hwdsl2
b3ad82fd48 Cleanup 2020-12-31 23:09:58 -06:00
hwdsl2
cac5191155 Add version check 
- Check for latest supported Libreswan version, and remind users who use
  a non-latest version of the VPN scripts that they can upgrade
- Other minor improvements
 2020-12-31 18:24:41 -06:00
hwdsl2
f9d84216d6 Fix Libreswan flags 
- Fix Libreswan flags on e.g. Raspbian 10
 2020-12-14 14:17:54 -06:00
hwdsl2
8a3f22ba65 Update Debian check 
- Add check for Debian 8 (not supported)
 2020-12-04 23:39:35 -06:00
hwdsl2
00f9d2ba86 Clean up build flags 
- Clean up build flags for Libreswan. In Libreswan 4.1, these flags are
  now set automatically based on Ubuntu/Debian versions, and no longer
  needed for CentOS/RHEL 7 and 8.
- Ref: https://github.com/libreswan/libreswan/blob/main/mk/defaults/linux.mk
       https://github.com/libreswan/libreswan/commit/c01ffcc1
 2020-12-04 23:36:53 -06:00
hwdsl2
7674810559 Clean up sysctl settings 2020-11-28 11:54:49 -06:00
hwdsl2
cf1865a66e Improve RPi detection 
- Add check for 64-bit versions of Raspberry Pi OS, e.g. Ubuntu 20.04
  on Raspberry Pi 4
- Ref: #852
 2020-11-24 21:27:40 -06:00
hwdsl2
ccd072541b Update Debian check 
- Add check for Debian 10. See: https://git.io/vpndebian10
- Remove Debian 7 check
 2020-11-17 00:50:35 -06:00
hwdsl2
5a13026701 Apply Libreswan fix 
- Fix detection for sysvinit initsystem:
  cfe4dabab4
 2020-11-11 23:05:29 -06:00
hwdsl2
afb8a7acce New Libreswan version 
- Upgrade Libreswan from 3.32 to 4.1
 2020-11-11 00:27:44 -06:00
hwdsl2
f8f97e014a Cleanup 2020-08-09 14:49:02 -05:00
hwdsl2
d18801452d Add IPTables check 
- Add IPTables check to work around an issue with Raspberry Pi OS
  kernel updates
- Ref: #835
 2020-08-09 13:56:08 -05:00
hwdsl2
3faa8fd86e Improve DNS check 2020-06-12 11:05:42 -05:00
hwdsl2
b7293e95da Cleanup 2020-06-05 11:00:23 -05:00
hwdsl2
e1e1b67afd Improve IKEv2 setup 
- Use /etc/ipsec.d/ikev2.conf for IKEv2 configuration
- Allow running from inside a container, so that it can be used with:
  https://github.com/hwdsl2/docker-ipsec-vpn-server
 2020-05-30 23:09:32 -05:00
hwdsl2
a087be669f Cleanup 2020-05-24 00:14:05 -05:00
hwdsl2
fab5d51d78 Cleanup 
- No need to apply IPTables rules for Ubuntu/Debian
 2020-05-23 17:57:38 -05:00
hwdsl2
b293aa3081 New Libreswan version 
- Upgrade Libreswan to 3.32
 2020-05-11 10:59:08 -05:00
hwdsl2
207fb6574d Update links 
- Add a link to IKEv2 how-to guide
 2020-05-11 01:19:03 -05:00
hwdsl2
dae0c03356 Improve output 
- Inhibit warning messages from Libreswan compilation
 2020-04-29 11:00:25 -05:00
hwdsl2
5983c79904 Fix IKEv2 
- Apply fix for an IKEv2 regression in Libreswan
- Ref: https://github.com/libreswan/libreswan/commit/90f8a09
  https://github.com/libreswan/libreswan/issues/333
  https://github.com/libreswan/libreswan/issues/329
 2020-04-26 16:27:00 -05:00
hwdsl2
dbb3c6b436 Improve RPi workaround 
- Newer Raspbian kernels now support SHA512
 2020-04-26 00:32:54 -05:00
hwdsl2
2c660bb914 New Libreswan version 
- Upgrade Libreswan to 3.31
- "USE_DH2=true" is required for keeping Windows clients compatibility
  Ref: https://github.com/libreswan/libreswan/commit/8fcbbc7
- "USE_XFRM_INTERFACE_IFLA_HEADER=true" is required for compilation on
  older Linux distributions
  Ref: https://github.com/libreswan/libreswan/commit/c21909c
 2020-04-11 17:11:12 -05:00
hwdsl2
4360737eaf Improve OS detection 2020-01-13 00:07:39 -08:00
hwdsl2
3353888ee9 Set sha2-truncbug to no 
- This fixes VPN connection issues on iOS 13
- Android 6.x and 7.x users may require sha2-truncbug=yes. Will note
  this in the documentation
- Fixes #638
 2019-09-22 20:37:23 -07:00
hwdsl2
609f24257d New Libreswan version 
- Upgrade Libreswan to 3.29
 2019-06-10 21:05:51 -05:00
hwdsl2
f69a0a9c97 New Libreswan version 
- Upgrade Libreswan to 3.28
- Patches applied for Debian and CentOS 6. See 1659d03
 2019-06-09 00:15:11 -05:00
hwdsl2
da20e723e8 Remove xl2tpd workaround 2019-06-02 22:44:12 -05:00
hwdsl2
dfa607eef8 Improve route detection 
- Limit Number of default routes returned to 1
- Fixup for commit 323e7cf (#541)
 2019-03-09 13:13:42 -06:00
Abubakar Siddiq Ango
323e7cfbf4 Limit Number of default routes returned to 1 (#541) 2019-03-09 13:07:46 -06:00