Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-28 08:36:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
485 Commits 1 Branch 0 Tags 20 MiB
3353888ee9
Commit Graph

172 Commits

Author SHA1 Message Date
hwdsl2
3353888ee9 Set sha2-truncbug to no 
- This fixes VPN connection issues on iOS 13
- Android 6.x and 7.x users may require sha2-truncbug=yes. Will note
  this in the documentation
- Fixes #638
 2019-09-22 20:37:23 -07:00
hwdsl2
609f24257d New Libreswan version 
- Upgrade Libreswan to 3.29
 2019-06-10 21:05:51 -05:00
hwdsl2
f69a0a9c97 New Libreswan version 
- Upgrade Libreswan to 3.28
- Patches applied for Debian and CentOS 6. See 1659d03
 2019-06-09 00:15:11 -05:00
hwdsl2
da20e723e8 Remove xl2tpd workaround 2019-06-02 22:44:12 -05:00
hwdsl2
dfa607eef8 Improve route detection 
- Limit Number of default routes returned to 1
- Fixup for commit 323e7cf (#541)
 2019-03-09 13:13:42 -06:00
hwdsl2
6fb35e25cb Update year 2019-01-12 11:34:10 -06:00
hwdsl2
997cacdaeb Cleanup 2019-01-12 01:08:04 -06:00
hwdsl2
ed5cbb865f Clean up network detection 
- Clean up default network interface detection and remove VPN_NET_IFACE
 2019-01-12 00:44:23 -06:00
hwdsl2
ddaa0ee99c Improve DNS servers 
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
  only one or both alternative DNS servers
 2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e Improve VPN ciphers 
- Optimize order of VPN ciphers for performance
 2018-11-24 10:30:42 -06:00
hwdsl2
f1c8c06af1 Improve VPN ciphers 
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
  improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
 2018-11-02 01:54:49 -05:00
hwdsl2
5f75a7306a Improve VPN ciphers 
- Revert 'sha2-truncbug' from 'no' to 'yes' to fix compatibility with
  Android versions 6.x and 7.x.
- Remove aes128-sha2_512 algorithm
- Ref: 732ad1e
 2018-10-28 00:33:42 -05:00
hwdsl2
e8723245f0 Improve VPN config 
- Increase auto-generated IPsec PSK length to 20 characters
- Add a note to README
 2018-10-27 15:22:53 -05:00
hwdsl2
732ad1e941 Improve VPN ciphers 
- Optimize VPN ciphers and their order for improved security and
  compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
 2018-10-27 00:53:19 -05:00
hwdsl2
9db710090d Improve VPN ciphers 
- Add AES-GCM cipher for Chromebook compatibility and performance
 2018-10-25 01:25:35 -05:00
hwdsl2
804211c101 Cleanup 2018-10-21 00:20:54 -05:00
hwdsl2
a04d2d32e8 New Libreswan version 
- Upgrade Libreswan to 3.27
- Cleanup
 2018-10-09 12:32:28 -05:00
hwdsl2
b803f32b71 New Libreswan version 
- Upgrade to new Libreswan version 3.26
- Ref: https://github.com/libreswan/libreswan/issues/202
- Cleanup
 2018-09-21 23:47:17 -05:00
hwdsl2
95c8a178e7 Improve variables 
- Move SWAN_VER to the top of the scripts
- Add check for Libreswan version
- Cleanup
 2018-09-18 00:57:03 -05:00
hwdsl2
2fe44b172e Improve Libreswan versions 
- Add compilation workarounds specific to Libreswan 3.23/3.25 to the VPN
  setup scripts, so that users may install those versions by modifying
  SWAN_VER before running the scripts
- Cleanup
 2018-09-11 00:03:04 -05:00
hwdsl2
8d90a3877c Add version note 2018-09-10 01:26:31 -05:00
hwdsl2
1227a0ed5d Improve xl2tpd workaround 
- Exclude Ubuntu from xl2tpd 1.3.12 workaround (Ref: 3f8e79b), because
  updated xl2tpd packages are now available for Ubuntu 16.04 and 18.04
  See: https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796
- Add Linux kernel 4.16 to the list of kernels to work around
- Cleanup
 2018-09-04 23:11:59 -05:00
hwdsl2
b8088d3934 Improve EPEL repo 
- Improve handling of the EPEL repository. Although uncommon, some systems
  can have epel-release installed but disabled in /etc/yum.repos.d/epel.repo
- Fixes #210
 2018-07-04 20:07:32 -05:00
hwdsl2
59f817575c Create rundir 
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
 2018-06-10 16:08:12 -05:00
hwdsl2
1ff393b91c Use Libreswan 3.22 
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
  multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502 0cf01c0
 2018-06-06 00:40:09 -05:00
hwdsl2
f838fcfe12 Fix IP parsing 
- Fix parsing private IP on some systems such as Ubuntu 18.04
 2018-06-03 23:24:37 -05:00
hwdsl2
3452926759 Use xl2tpd 1.3.12 
- Install xl2tpd 1.3.12 for CentOS 6 with Linux kernel 4.14/4.15
- This version fixes an xl2tpd issue under the above Linux kernels
- Remove Linux kernel check which is no longer needed
- Ref: 3f8e79b (fix for Ubuntu/Debian)
 2018-05-23 20:40:58 -05:00
hwdsl2
95bcadb2c2 Improve VPN ciphers 
- Add back aes256-sha2_512 to phase2alg, required on some Android systems
- Fixes #391
 2018-05-23 19:54:37 -05:00
hwdsl2
8e15eb683c Cleanup 2018-05-23 01:39:53 -05:00
hwdsl2
e3fe8b05bf Improve workaround 
- Specify "left=" in ipsec.conf for servers with 'src' in default route
- Ref: https://github.com/libreswan/libreswan/issues/177
 2018-05-21 00:58:24 -05:00
hwdsl2
3b7039ef78 Update Linux kernel check 2018-05-16 22:34:33 -05:00
hwdsl2
f2f6524201 Re-add Android workaround 
- VPN on Android 6.0, 7.0 and 7.1.1 requires sha2-truncbug=yes to work
- Android 5.1, 8.0 and 8.1 also connect OK with this setting
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
 2018-05-08 00:39:52 -05:00
hwdsl2
102ccbc17d Clean up VPN ciphers 
- Remove aes256-sha2_512
- Change sha2-truncbug to no for newer Android versions
- Fixes #303
 2018-05-05 18:51:24 -05:00
hwdsl2
0c6cb4b8a9 Update year 2018-05-05 18:49:38 -05:00
hwdsl2
240a0187f6 Update Linux kernel check 2018-05-04 03:16:58 -05:00
hwdsl2
3c9c3d25a7 Add check for Linux kernel 4.15 2018-05-03 00:52:14 -05:00
hwdsl2
632165685a Add iptables dependency 
- Closes #363
- Thanks @rocboronat!
 2018-05-02 02:58:45 -05:00
hwdsl2
fa5abe7825 Remove unneeded check on CentOS 2018-02-03 16:10:09 -06:00
hwdsl2
0cf01c0eb8 Update ipsec.conf 
- Switch to new keyword 'modecfgdns' in Libreswan 3.23
 2018-01-29 02:11:16 -06:00
hwdsl2
c982502ad4 Upgrade Libreswan to 3.23 
- Remove 'docker-targets.mk' from Makefile to avoid git errors
  during compilation
 2018-01-29 01:22:24 -06:00
hwdsl2
cc64a29c01 Re-add RPi workaround 
- Libreswan 3.22 may fail to compile on Raspberry Pi w/ Raspbian 9
- Use version 3.21 instead of 3.22 for Raspbian systems
- Ref: d472c65
 2017-12-06 04:55:22 -06:00
hwdsl2
3f39255f84 Bug fix for RHEL 6/7 
- Fix compatibility with Red Hat Enterprise Linux (RHEL) 6 and 7
- Ref: #273
 2017-11-20 00:33:36 -06:00
hwdsl2
2dfa587a71 Fix Libreswan 3.22 bug 
- This bug causes Libreswan 3.22 fail to start on a Raspberry Pi
- Apply fix from Libreswan GitHub repo: libreswan/libreswan@e154ae7
- Ref: https://lists.libreswan.org/pipermail/swan/2017/002338.html
 2017-11-12 23:51:53 -06:00
hwdsl2
7190577c99 Minor clean up 2017-11-01 22:15:56 -05:00
hwdsl2
70c6d6b540 Various clean up 2017-11-01 01:01:49 -05:00
hwdsl2
16e437f58e Minor clean up 
- Wrap the scripts in a big function which is only called at the very end,
  to protect against the possibility of connection interruptions
- Clean up some variables names
 2017-10-29 19:53:35 -05:00
hwdsl2
05c2cb911b Improve sysctl settings 
- Fix kernel.shmmax and kernel.shmall on 32-bit Linux. Thanks @komanshidaruma!
- Clean up other sysctl settings
 2017-10-28 15:40:24 -05:00
hwdsl2
ef90b6ff19 Upgrade Libreswan to 3.22 2017-10-26 01:48:15 -05:00
hwdsl2
47e1c92051 Clean up ipsec.conf 
- Remove unneeded option nhelpers=0
 2017-10-26 01:48:15 -05:00
hwdsl2
9cd6cb50b7 Clean up packages 
- Remove libunbound-dev / unbound-devel (these packages are not needed
  because we are not enabling DNSSEC)
  Ref: https://github.com/libreswan/libreswan/issues/117
 2017-10-02 20:33:24 -05:00