Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-30 09:35:44 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,073 Commits 1 Branch 0 Tags 20 MiB
39f1e272a0
Commit Graph

280 Commits

Author SHA1 Message Date
hwdsl2
e40dd6219b Bugfix 
- Libreswan 3.19 removed MODP1024 from the ike= default list,
  which breaks compatibility with Android 5.x and others
- This commit explicitly adds MODP1024 back to the ike= list
- Fixes #101. Thanks @keijodputt!
 2017-01-18 20:10:43 -06:00
hwdsl2
2727f1a1a0 Update year 2017-01-16 22:13:13 -06:00
hwdsl2
85ac19fc70 Minor fix 
- Use the "fixed strings" option in "grep" commands for "swan_ver",
  so that the "." in this variable is treated literally.
 2017-01-16 17:31:38 -06:00
hwdsl2
2dbdee1287 Upgrade to Libreswan 3.19 
- Upgrade to new Libreswan version 3.19
- Some changes are required in the VPN config files
- Ref:
  https://lists.libreswan.org/pipermail/swan-announce/2017/000023.html
 2017-01-16 12:30:37 -06:00
hwdsl2
ba0fbb3860 Improve script outputs 2017-01-09 02:50:03 -06:00
hwdsl2
9500da3231 Bugfix 
- Fix commit ca84aa7 to avoid a possible race condition
  when starting ipsec and xl2tpd services on boot
 2017-01-06 00:51:59 -06:00
hwdsl2
ca84aa7a13 Improve services on boot 2017-01-04 02:21:09 -06:00
hwdsl2
89d75f7243 Bugfix for Android 6 and 7 
- Add "sha2-truncbug=yes" to /etc/ipsec.conf to fix VPN connections
  on Android 6 (Marshmallow) and 7 (Nougat)
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
 2017-01-03 22:40:48 -06:00
hwdsl2
9ea2b50dae Improve OS detection 
- Check /etc/lsb-release if command "lsb_release" is missing
 2017-01-02 09:16:01 -06:00
hwdsl2
69caa65512 Improve options 
- Remove some xl2tpd (pppd) options for Ubuntu/Debian
- They are not recognized in the new xl2tpd version 1.3.8
- Ref: 261e472
 2016-12-30 16:16:33 -06:00
hwdsl2
6479212c45 Improve workaround 
- Improve workaround for non-eth0 network interfaces
- Fixed an issue where it cannot be used with sudo
 2016-11-28 13:11:57 -06:00
hwdsl2
61bd1254ed Minor clean up 2016-11-10 13:02:04 -06:00
hwdsl2
6d99a01b0a Remove SHA2 workaround 
- Libreswan 3.18 and higher prefers sha2_512 over sha2_256
- The 'sha2-truncbug=yes' workaround is no longer needed
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
 2016-11-06 14:40:30 -06:00
hwdsl2
6e16712bc5 Minor clean up 2016-10-31 01:59:11 -05:00
hwdsl2
9319ce8ae2 Clean up IPTables rules 
- Only add the necessary IPTables rules for the VPN
- Other minor clean ups
 2016-10-29 18:00:24 -05:00
hwdsl2
e3d830dfd4 Improve services on boot 
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
 2016-10-29 18:00:11 -05:00
hwdsl2
895d46c0c9 Fix for Raspbian 
- On Raspberry Pis /etc/rc.local can run early during boot
- If the network is not ready, IPsec may fail to start
- A delay has been added as a workaround. Ref: #76
 2016-10-25 21:32:52 -05:00
hwdsl2
6f2818753a Minor improvements and clean up 2016-10-10 22:34:51 -05:00
hwdsl2
4c6de2af29 Improve network interfaces 
- Better handling of non-eth0 network interfaces
- Now easier to use on servers with new interface names
 2016-10-10 16:49:46 -05:00
hwdsl2
0e51150d84 Check VPN credentials 
- If the provided VPN credentials contain \ " or ', exit with error
- The above special characters can cause issues with the VPN
 2016-09-23 14:31:10 -05:00
hwdsl2
cce15b7f08 Improve IP checking 
- Use a function to simplify code for IP checking
- Remove new lines before matching with IP regex
 2016-09-23 00:39:36 -05:00
hwdsl2
7cdd372a6e Improve IPTables rules 
- Fixed an uncommon use case where the setup script is run again after
  a server IP change. Make sure to update IPTables rules in this case.
- Thanks @larryisthere! Ref: #17
 2016-09-21 21:06:22 -05:00
hwdsl2
7937a74469 Improve IP detection 
- Remove unneeded code for Amazon EC2
- Check IPs for correct format after each try
 2016-09-09 15:41:02 -05:00
hwdsl2
96a071ebc5 Improve VPN ciphers 
- Add stronger cipher options
- Fix for Android 6.0 VPN clients
 2016-08-26 00:21:10 -05:00
hwdsl2
14767d354f Reduce wget timeout 2016-08-11 22:12:22 -05:00
Kenneth Endfinger
d3651890bd Add support for Raspbian 2016-08-11 15:06:50 -04:00
hwdsl2
335b4035b9 Minor clean up 2016-08-07 14:00:07 -05:00
hwdsl2
077b119274 New Libreswan version 3.18 2016-07-29 12:55:08 -05:00
hwdsl2
004c68f6ad Improve readability and clean up 2016-07-12 22:43:41 -05:00
hwdsl2
1f76dc169a Better handling of custom SSH port 2016-07-10 00:47:41 -05:00
hwdsl2
7bece1681d Minor improvements and clean up 2016-07-03 21:28:27 -05:00
hwdsl2
ac91fa9b79 Improve error output 2016-06-29 03:22:21 -05:00
hwdsl2
8336260799 Minor improvement to 'tr' 2016-06-29 03:20:49 -05:00
hwdsl2
c28f9b0928 Prepare for new requirements 
- New requirements in Libreswan 3.18 (not released yet)
- libsystemd-dev (Ubuntu/Debian) or systemd-devel (CentOS)
- Applies only to systemd-based Linux distributions
 2016-06-28 17:49:18 -05:00
hwdsl2
d32b449f46 Improve IP detection 2016-06-26 13:00:11 -05:00
hwdsl2
f0804e5184 Remove IP6Tables rules 
- Not needed for the VPN to work
 2016-06-26 01:09:13 -05:00
hwdsl2
fa704629f0 Improve backup of IPTables rules 2016-06-26 00:56:12 -05:00
hwdsl2
de6f4a45ad Minor improvements and clean up 2016-06-21 03:54:47 -05:00
hwdsl2
59c7227587 Improve defining VPN variables 2016-06-11 15:36:43 -05:00
hwdsl2
deb2f75eb9 Improve eth0 detection 2016-06-10 22:05:26 -05:00
hwdsl2
8a75d02751 Improve xl2tpd options 2016-06-10 19:34:59 -05:00
hwdsl2
e3bdaeba52 Improve error output and clean up 
- Output all error messages to STDERR
- Minor improvements and clean up
 2016-06-07 19:29:30 -05:00
hwdsl2
feaeadb41a Minor fix for IPTables rules 2016-06-06 12:18:22 -05:00
hwdsl2
6643a8cd87 Add fallback URL for Libreswan 2016-06-05 18:24:15 -05:00
hwdsl2
9317f4824d Improve IPTables rules for VPN 
- Allow traffic between VPN clients themselves by default
- Add notes on how to change this behavior (uncomment rules)
 2016-06-05 17:34:24 -05:00
hwdsl2
371b5c3e7f Minor improvements and clean up 2016-06-05 00:26:56 -05:00
hwdsl2
9ce1769208 Minor improvement to IPsec config 2016-06-03 16:44:37 -05:00
hwdsl2
96d6f4b3e3 Improve Debian 7 workaround note 2016-06-02 11:09:17 -05:00
hwdsl2
3e1ea78f15 Improve defining VPN variables 2016-06-01 21:27:29 -05:00
Dustin Oprea
34c6511ebe Added execute bit to scripts. 2016-05-27 21:06:25 -04:00
hwdsl2
a1dd7c687b Minor changes in wording 2016-05-26 14:31:11 -05:00
hwdsl2
9e300f3907 Use lowercase variable names 2016-05-21 05:34:19 -05:00
hwdsl2
8628301d28 Minor improvements and clean up 2016-05-21 03:59:08 -05:00
hwdsl2
b25e88c1b1 Minor improvements and clean up 2016-05-19 11:10:36 -05:00
Dustin Oprea
d692e243c0 Renamed PSK variable and adjusted IP variables. 2016-05-18 22:46:28 -04:00
Dustin Oprea
6fb736775b Removed quotes due to restrictions. 2016-05-18 02:53:30 -04:00
Dustin Oprea
cb946063d2 We default the IPs from the environment, too. 2016-05-18 02:53:30 -04:00
Dustin Oprea
4c0c134102 Default the PSK, username, and password from the environment. 2016-05-18 02:53:30 -04:00
hwdsl2
f38f8a7a36 Reduce output verbosity and clean up 2016-05-17 00:13:16 -05:00
hwdsl2
ff8dd58749 🎉 Feature: Add support for IPsec/XAUTH 2016-05-16 13:56:05 -05:00
hwdsl2
49a74df63b Feature: Auto-generate VPN credentials 2016-05-14 11:01:32 -05:00
hwdsl2
018309a328 Improve Debian 7 workaround 2016-05-11 17:18:18 -05:00
hwdsl2
81a731eb5d Set PATH to avoid issues on some systems 
Reference: #19
 2016-05-11 16:36:07 -05:00
hwdsl2
a166285504 Use git.io shortened URLs 2016-05-11 16:26:30 -05:00
hwdsl2
f5e2c87db9 Minor improvements and clean up 2016-04-22 11:54:14 -05:00
hwdsl2
4003b82485 Make sure basic commands exist 2016-04-22 11:52:33 -05:00
hwdsl2
3ca9af7858 Fix detection of Wget errors 
Wget writes out a zero-byte file on certain failures such as 404.
We should check its exit code instead of checking whether the file exists.
 2016-04-20 21:42:55 -05:00
hwdsl2
af23dd290f Minor improvements and clean up 2016-04-20 17:31:29 -05:00
hwdsl2
8e388a07d3 Display VPN details after install 2016-04-17 17:10:33 -05:00
hwdsl2
04c8155791 Minor improvements and clean up 2016-04-07 12:20:08 -05:00
Lin Song
d909b986cf Add support for Ubuntu 16.04 (Xenial) 2016-04-07 12:18:06 -05:00
hwdsl2
4976bde854 Update Libreswan version to 3.17 2016-04-05 23:51:54 -05:00
hwdsl2
01b5cf1c6b Minor improvement to ignore IPv6 errors 2016-02-08 10:46:06 -06:00
hwdsl2
39c9249c3b Minor improvements and clean up 2016-01-30 13:12:15 -06:00
hwdsl2
5f617a30cb Update copyright year 2016-01-25 10:38:07 -06:00
hwdsl2
f8b91f65a4 Check for iptables-persistent and copy new rules 2016-01-22 11:14:58 -06:00
hwdsl2
ab98a9e6b0 Clean up sysctl.conf settings 2016-01-21 17:00:51 -06:00
hwdsl2
684761015e Minor improvements and clean up 2016-01-21 11:50:35 -06:00
hwdsl2
b61035137f Important: Fixed an error in IP format checking. 
- Due to a mistake in the "grep" command, empty strings would pass the IP
  regex checks, which is not OK.
- Please update your VPN scripts with this commit!
 2016-01-21 09:45:31 -06:00
hwdsl2
f47d78b0f1 Improve the process of defining VPN variables 
- Put variables inside single quotes to avoid escaping them
- Make clear which characters should not be used in values

Thanks for your helpful suggestions, @Langleson !
 2016-01-21 02:12:30 -06:00
hwdsl2
acb2000e40 Minor changes in wording and some optimizations 2016-01-19 02:29:01 -06:00
hwdsl2
9609b0b7b5 Add check for network interface eth0 2016-01-19 01:26:12 -06:00
hwdsl2
7ca9723e45 Minor changes in wording 2016-01-19 01:23:17 -06:00
hwdsl2
7f3b94308d Small improvement to OS detection 2016-01-17 20:17:18 -06:00
hwdsl2
d82d6d00b3 Update comments in the VPN scripts 2016-01-17 17:05:35 -06:00
hwdsl2
4ab84f14aa Update sysctl.conf settings and IPTables rules 2016-01-17 14:29:30 -06:00
hwdsl2
a15e502056 Update sysctl.conf settings, and add IP6Tables rules 2016-01-17 12:17:26 -06:00
hwdsl2
28d7da66c8 Better handling of existing config files 2016-01-17 00:41:12 -06:00
hwdsl2
9010327a33 Correct small error in notes about escaping characters 2016-01-15 11:05:40 -06:00
hwdsl2
79887bb458 Add notes about escaping characters in VPN variables 
Thanks to @sohailmamdani for reminding me on this!
 2016-01-15 10:01:40 -06:00
hwdsl2
7cfe17f1a2 Update important notes 2016-01-14 23:27:34 -06:00
hwdsl2
21629ae178 Update VPN scripts for better usability 
- Improve detection of public and private IPs
- Test for empty IPSEC_PSK, VPN_USER and/or VPN_PASSWORD
- Check for OpenVZ VPS, which is unsupported
 2016-01-14 17:42:32 -06:00
hwdsl2
59c2817731 Quote VPN credentials in chap-secrets for safety 2016-01-14 15:05:50 -06:00
hwdsl2
46a3f9e0b1 Added note for Android 6.0 users 
Android 6.0 users must enable SHA2 in /etc/ipsec.conf.
Thanks @rodolfobandeira for the hint!
Ref: 544a25ab77
 2016-01-14 14:33:51 -06:00
hwdsl2
dec1b44091 Update VPN scripts for better security and usability 
- Install Fail2Ban to protect SSH server from web attacks
- Check public/private IPs against regex for the correct format
- Use printf instead of "read -r -p" for better POSIX compliance
- Other small code enhancements to the scripts
- Update README.md to add "OS update" to Installation
 2016-01-12 21:33:16 -06:00
hwdsl2
965ec7ff39 Create working dir before package install 2016-01-08 09:40:57 -06:00
Lin Song
2aaaf44385 Combined Revisions 
combined revisions
 2016-01-04 15:13:10 -06:00
Lin Song
ec06bfae19 2015-07-23 12:49:02 -05:00
hwdsl2
d541f0d9b4 Merge serveral revisions 2015-07-14 11:57:38 -05:00
hwdsl2
734f561494 Merged revisions 2015-07-04 00:49:31 -05:00
hwdsl2
0b155703f3 2015-06-17 18:22:04 -07:00
hwdsl2
c85ea8304c 2015-01-25 11:10:44 -08:00
hwdsl2
63bbbbf497 2015-01-12 15:36:04 -08:00
hwdsl2
737a7c7e6a 2014-12-29 20:31:27 -08:00
hwdsl2
72c7c88810 2014-12-29 20:21:27 -08:00
hwdsl2
4edd197ab7 2014-12-16 19:50:03 -08:00
hwdsl2
0293f31b22 2014-12-13 00:01:04 -08:00
hwdsl2
fde36a9540 2014-12-12 22:49:18 -08:00
hwdsl2
b792afb92d 2014-12-12 21:13:20 -08:00
hwdsl2
c55bec7b7d 2014-12-12 20:57:35 -08:00
hwdsl2
5f4585f781 2014-11-03 09:02:24 -08:00
hwdsl2
bc47a01cf5 2014-10-08 14:25:51 -07:00
hwdsl2
1c7c5e390c 2014-10-08 14:24:34 -07:00
hwdsl2
c8c2c102f5 2014-10-08 14:22:19 -07:00
hwdsl2
5cdefe18a9 2014-10-08 14:05:20 -07:00
hwdsl2
022ad5cfd8 2014-09-18 15:58:19 -07:00
hwdsl2
5cb717598b 2014-08-14 11:02:24 -07:00
hwdsl2
0045668689 2014-07-17 00:25:37 -07:00
hwdsl2
641b9a818a 2014-04-24 22:28:17 -07:00
hwdsl2
9886f944f3 2014-04-20 16:20:04 -07:00
hwdsl2
110bd0c45a 2014-04-20 15:48:26 -07:00
hwdsl2
850a33ac60 2014-03-25 02:54:22 -07:00
hwdsl2
2e15464544 2014-03-25 02:52:38 -07:00
hwdsl2
d5823796cf 2014-02-20 18:49:07 -08:00
hwdsl2
1d602d205f 2014-02-16 23:05:24 -08:00
hwdsl2
8156d5f602 2014-02-16 23:04:19 -08:00
hwdsl2
48d4c2d052 2014-02-16 01:56:38 -08:00
hwdsl2
8f5b88b721 2014-02-16 01:13:54 -08:00
hwdsl2
a90650a6b4 2014-02-16 01:11:58 -08:00
hwdsl2
f869a19d4d 2014-02-16 00:47:14 -08:00