Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-30 17:45:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
603 Commits 1 Branch 0 Tags 20 MiB
3b1403668d
Commit Graph

239 Commits

Author SHA1 Message Date
hwdsl2
f9d84216d6 Fix Libreswan flags 
- Fix Libreswan flags on e.g. Raspbian 10
 2020-12-14 14:17:54 -06:00
hwdsl2
8a3f22ba65 Update Debian check 
- Add check for Debian 8 (not supported)
 2020-12-04 23:39:35 -06:00
hwdsl2
00f9d2ba86 Clean up build flags 
- Clean up build flags for Libreswan. In Libreswan 4.1, these flags are
  now set automatically based on Ubuntu/Debian versions, and no longer
  needed for CentOS/RHEL 7 and 8.
- Ref: https://github.com/libreswan/libreswan/blob/main/mk/defaults/linux.mk
       https://github.com/libreswan/libreswan/commit/c01ffcc1
 2020-12-04 23:36:53 -06:00
hwdsl2
7674810559 Clean up sysctl settings 2020-11-28 11:54:49 -06:00
hwdsl2
cf1865a66e Improve RPi detection 
- Add check for 64-bit versions of Raspberry Pi OS, e.g. Ubuntu 20.04
  on Raspberry Pi 4
- Ref: #852
 2020-11-24 21:27:40 -06:00
hwdsl2
ccd072541b Update Debian check 
- Add check for Debian 10. See: https://git.io/vpndebian10
- Remove Debian 7 check
 2020-11-17 00:50:35 -06:00
hwdsl2
5a13026701 Apply Libreswan fix 
- Fix detection for sysvinit initsystem:
  cfe4dabab4
 2020-11-11 23:05:29 -06:00
hwdsl2
afb8a7acce New Libreswan version 
- Upgrade Libreswan from 3.32 to 4.1
 2020-11-11 00:27:44 -06:00
hwdsl2
f8f97e014a Cleanup 2020-08-09 14:49:02 -05:00
hwdsl2
d18801452d Add IPTables check 
- Add IPTables check to work around an issue with Raspberry Pi OS
  kernel updates
- Ref: #835
 2020-08-09 13:56:08 -05:00
hwdsl2
3faa8fd86e Improve DNS check 2020-06-12 11:05:42 -05:00
hwdsl2
b7293e95da Cleanup 2020-06-05 11:00:23 -05:00
hwdsl2
e1e1b67afd Improve IKEv2 setup 
- Use /etc/ipsec.d/ikev2.conf for IKEv2 configuration
- Allow running from inside a container, so that it can be used with:
  https://github.com/hwdsl2/docker-ipsec-vpn-server
 2020-05-30 23:09:32 -05:00
hwdsl2
a087be669f Cleanup 2020-05-24 00:14:05 -05:00
hwdsl2
fab5d51d78 Cleanup 
- No need to apply IPTables rules for Ubuntu/Debian
 2020-05-23 17:57:38 -05:00
hwdsl2
b293aa3081 New Libreswan version 
- Upgrade Libreswan to 3.32
 2020-05-11 10:59:08 -05:00
hwdsl2
207fb6574d Update links 
- Add a link to IKEv2 how-to guide
 2020-05-11 01:19:03 -05:00
hwdsl2
dae0c03356 Improve output 
- Inhibit warning messages from Libreswan compilation
 2020-04-29 11:00:25 -05:00
hwdsl2
5983c79904 Fix IKEv2 
- Apply fix for an IKEv2 regression in Libreswan
- Ref: https://github.com/libreswan/libreswan/commit/90f8a09
  https://github.com/libreswan/libreswan/issues/333
  https://github.com/libreswan/libreswan/issues/329
 2020-04-26 16:27:00 -05:00
hwdsl2
dbb3c6b436 Improve RPi workaround 
- Newer Raspbian kernels now support SHA512
 2020-04-26 00:32:54 -05:00
hwdsl2
2c660bb914 New Libreswan version 
- Upgrade Libreswan to 3.31
- "USE_DH2=true" is required for keeping Windows clients compatibility
  Ref: https://github.com/libreswan/libreswan/commit/8fcbbc7
- "USE_XFRM_INTERFACE_IFLA_HEADER=true" is required for compilation on
  older Linux distributions
  Ref: https://github.com/libreswan/libreswan/commit/c21909c
 2020-04-11 17:11:12 -05:00
hwdsl2
4360737eaf Improve OS detection 2020-01-13 00:07:39 -08:00
hwdsl2
3353888ee9 Set sha2-truncbug to no 
- This fixes VPN connection issues on iOS 13
- Android 6.x and 7.x users may require sha2-truncbug=yes. Will note
  this in the documentation
- Fixes #638
 2019-09-22 20:37:23 -07:00
hwdsl2
609f24257d New Libreswan version 
- Upgrade Libreswan to 3.29
 2019-06-10 21:05:51 -05:00
hwdsl2
f69a0a9c97 New Libreswan version 
- Upgrade Libreswan to 3.28
- Patches applied for Debian and CentOS 6. See 1659d03
 2019-06-09 00:15:11 -05:00
hwdsl2
da20e723e8 Remove xl2tpd workaround 2019-06-02 22:44:12 -05:00
hwdsl2
dfa607eef8 Improve route detection 
- Limit Number of default routes returned to 1
- Fixup for commit 323e7cf (#541)
 2019-03-09 13:13:42 -06:00
Abubakar Siddiq Ango
323e7cfbf4 Limit Number of default routes returned to 1 (#541) 2019-03-09 13:07:46 -06:00
hwdsl2
6fb35e25cb Update year 2019-01-12 11:34:10 -06:00
hwdsl2
997cacdaeb Cleanup 2019-01-12 01:08:04 -06:00
hwdsl2
ed5cbb865f Clean up network detection 
- Clean up default network interface detection and remove VPN_NET_IFACE
 2019-01-12 00:44:23 -06:00
hwdsl2
ddaa0ee99c Improve DNS servers 
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
  only one or both alternative DNS servers
 2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e Improve VPN ciphers 
- Optimize order of VPN ciphers for performance
 2018-11-24 10:30:42 -06:00
hwdsl2
f1c8c06af1 Improve VPN ciphers 
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
  improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
 2018-11-02 01:54:49 -05:00
hwdsl2
5f75a7306a Improve VPN ciphers 
- Revert 'sha2-truncbug' from 'no' to 'yes' to fix compatibility with
  Android versions 6.x and 7.x.
- Remove aes128-sha2_512 algorithm
- Ref: 732ad1e
 2018-10-28 00:33:42 -05:00
hwdsl2
e8723245f0 Improve VPN config 
- Increase auto-generated IPsec PSK length to 20 characters
- Add a note to README
 2018-10-27 15:22:53 -05:00
hwdsl2
732ad1e941 Improve VPN ciphers 
- Optimize VPN ciphers and their order for improved security and
  compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
 2018-10-27 00:53:19 -05:00
hwdsl2
9db710090d Improve VPN ciphers 
- Add AES-GCM cipher for Chromebook compatibility and performance
 2018-10-25 01:25:35 -05:00
hwdsl2
69d1bfe06f Improve IPTables on boot 
- Improve checking for iptables-persistent, and do not add ifupdown
  script /etc/network/if-pre-up.d/iptablesload if it is in use
 2018-10-24 00:56:37 -05:00
hwdsl2
39a92e52c0 Improve IPTables on boot 
- For systems with "netplan" (e.g. Ubuntu 18.04), do not create
  load-iptables-rules service if iptables-persistent is installed
  (to avoid conflicts on boot)
- Ref: cf77372
 2018-10-21 22:05:00 -05:00
hwdsl2
804211c101 Cleanup 2018-10-21 00:20:54 -05:00
hwdsl2
cf7737238d Improve IPTables on boot 
- Improve loading of IPTables rules on boot for systems with "netplan"
  such as Ubuntu 18.04, by creating a systemd service. This is needed
  because ifupdown scripts do not run under netplan
 2018-10-21 00:05:21 -05:00
hwdsl2
a04d2d32e8 New Libreswan version 
- Upgrade Libreswan to 3.27
- Cleanup
 2018-10-09 12:32:28 -05:00
hwdsl2
b803f32b71 New Libreswan version 
- Upgrade to new Libreswan version 3.26
- Ref: https://github.com/libreswan/libreswan/issues/202
- Cleanup
 2018-09-21 23:47:17 -05:00
hwdsl2
95c8a178e7 Improve variables 
- Move SWAN_VER to the top of the scripts
- Add check for Libreswan version
- Cleanup
 2018-09-18 00:57:03 -05:00
hwdsl2
2fe44b172e Improve Libreswan versions 
- Add compilation workarounds specific to Libreswan 3.23/3.25 to the VPN
  setup scripts, so that users may install those versions by modifying
  SWAN_VER before running the scripts
- Cleanup
 2018-09-11 00:03:04 -05:00
hwdsl2
8d90a3877c Add version note 2018-09-10 01:26:31 -05:00
hwdsl2
1227a0ed5d Improve xl2tpd workaround 
- Exclude Ubuntu from xl2tpd 1.3.12 workaround (Ref: 3f8e79b), because
  updated xl2tpd packages are now available for Ubuntu 16.04 and 18.04
  See: https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796
- Add Linux kernel 4.16 to the list of kernels to work around
- Cleanup
 2018-09-04 23:11:59 -05:00
hwdsl2
59f817575c Create rundir 
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
 2018-06-10 16:08:12 -05:00
hwdsl2
1ff393b91c Use Libreswan 3.22 
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
  multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502 0cf01c0
 2018-06-06 00:40:09 -05:00