Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-07-02 10:35:45 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,173 Commits 1 Branch 0 Tags 20 MiB
6b6ad1cbd8
Commit Graph

328 Commits

Author SHA1 Message Date
hwdsl2
f072e8312a Update IKEv2 script 
- Cleanup
 2022-02-14 23:45:13 -06:00
hwdsl2
7c0d08442e Update IKEv2 script 
- Improve backward compatibility: Protect IKEv2 client config files
  using a password if one was previously generated.
- Ref: dbc3527
 2022-02-14 03:46:06 -06:00
hwdsl2
444403ba10 Add IKEv2 change address helper script 
- New: IKEv2 change address helper script. This script can be used
  to change the IKEv2 VPN server's address.
 2022-02-13 23:41:35 -06:00
hwdsl2
f815d6810a Update IKEv2 script 
- Minor improvement for IKEv2 config passwords
 2022-02-12 16:16:46 -06:00
hwdsl2
5c85b5693c Cleanup 
- Change the default action to 'continue' in VPN scripts
 2022-02-12 12:24:26 -06:00
hwdsl2
fb85eae7ba Update IKEv2 script 
- Add an option to protect IKEv2 client config files using a password,
  which users can select when customizing IKEv2 or client options
  Ref: dbc3527
- Change the default action to 'continue' when confirming IKEv2 setup
  options
- Other minor improvements
 2022-02-12 12:12:51 -06:00
hwdsl2
dbc3527448 Simplify IKEv2 import 
- Simplify IKEv2 configuration import: Remove passwords for IKEv2
  client config files. When importing, it is no longer required to
  enter a config file password.
- For macOS and iOS, .mobileconfig files require a password to work.
  The password is now included so there is no need to manually enter.
- Note: Client config files should be securely transferred from
  the VPN server to VPN client device(s) for import.
 2022-02-12 01:21:12 -06:00
hwdsl2
d20f82e6f2 Update IKEv2 script 
- Minor improvement to IKEv2 config password retrieval
 2022-02-11 21:50:00 -06:00
hwdsl2
1da1493f53 Cleanup 2022-02-10 21:49:49 -06:00
hwdsl2
6dbc47e0db Improve upgrade scripts 
- Stop IPsec service before updating Libreswan
 2022-02-08 23:46:11 -06:00
hwdsl2
86d4f2f93c Improve VPN setup 
- Retry certain 'apt-get' and 'yum' commands on failure
 2022-02-08 23:24:46 -06:00
hwdsl2
4ebe582d36 Update IKEv2 script 
- Fix function name
 2022-01-29 17:33:42 -06:00
hwdsl2
40d8a26713 Update IKEv2-only mode script 
- Improve Libreswan version test
 2022-01-29 14:46:10 -06:00
hwdsl2
2270d66e02 Update IKEv2 script 
- Improve Libreswan version test
 2022-01-29 14:12:50 -06:00
hwdsl2
14af993d6a Update IKEv2 script 
- Cleanup
 2022-01-29 12:36:03 -06:00
hwdsl2
35c23f1144 Improve upgrade scripts 
- Make specifying Libreswan version optional. Retrieve and install
  the latest supported version by default.
- Other minor improvements
 2022-01-29 12:34:10 -06:00
hwdsl2
e16151f183 Improve upgrade scripts 
- Cleanup
 2022-01-29 01:47:45 -06:00
hwdsl2
c2d7eef27c Update IKEv2 script 
- Cleanup
 2022-01-29 01:30:21 -06:00
hwdsl2
0f27ebbfad Update IKEv2 script 
- Update Libreswan version check
- Cleanup
 2022-01-23 00:05:44 -06:00
hwdsl2
c56ebe9cfe Improve upgrade scripts 
- Make specifying Libreswan version optional in vpnupgrade.sh.
  Install the latest supported version by default.
- Remove Libreswan version check
 2022-01-22 22:30:39 -06:00
hwdsl2
5b1377dcf3 Cleanup 2022-01-22 21:34:53 -06:00
hwdsl2
6393470f46 Cleanup 2022-01-15 23:41:00 -06:00
hwdsl2
62723fe0c6 Update IKEv2 script 
- When upgrading Libreswan using vpnupgrade.sh, also update the
  IKEv2 helper script to the latest version.
 2022-01-13 23:47:27 -06:00
hwdsl2
18b830c998 New Libreswan version 
- Support updating to Libreswan 4.6
 2022-01-11 22:47:18 -06:00
hwdsl2
4403c9c241 Update Alpine scripts 
- Install nss, nss-tools and nss-dev from 3.14/3.15 repository.
  It is not necessary to install from edge because the latest
  3.14/3.15 nss related packages are already patched to fix
  CVE-2021-43527.
  Ref: https://git.alpinelinux.org/aports/tree/community/nss?h=3.15-stable
       https://git.alpinelinux.org/aports/tree/community/nss?h=3.14-stable
       603b198
 2022-01-05 19:33:08 -06:00
hwdsl2
34ba47e79b Update VPN user scripts 
- Sort VPN usernames when listing users
- Cleanup
 2022-01-04 23:11:05 -06:00
hwdsl2
abbf19f296 Update IKEv2 script 
- Sort IKEv2 client names when listing existing clients
- Cleanup
 2022-01-04 23:10:28 -06:00
hwdsl2
c25baaf9a9 Cleanup 2022-01-04 23:01:14 -06:00
hwdsl2
3c22bbbeb6 Update IKEv2 script 
- Fix IKEv2 "password is incorrect" issue when using Ubuntu 21.10
  Fixes #1073. Ref: #1048.
- Note: Ubuntu 21.10 is NOT a supported OS for the VPN setup scripts.
  Please use e.g. Ubuntu 20.04 instead.
  Ref: https://github.com/hwdsl2/setup-ipsec-vpn#requirements
 2022-01-02 21:52:47 -06:00
hwdsl2
c0a81ceb5b Add IKEv2-only mode script 
- New: Helper script to enable or disable IKEv2-only mode
 2022-01-02 01:01:02 -06:00
hwdsl2
c78b398057 Update year 2022-01-02 00:09:03 -06:00
hwdsl2
8f55500f0f Improve VPN user scripts 
- Improve helper scripts for managing VPN users.
- Support running add_vpn_user.sh and del_vpn_user.sh interactively
  without arguments.
 2021-12-30 15:47:49 -06:00
hwdsl2
603b198613 Add Alpine 3.15 
- Add support for Alpine Linux 3.15
- Install nss, nss-tools and nss-dev packages from edge for CVE-2021-43527
  Ref: https://lists.libreswan.org/pipermail/swan-announce/2021/000044.html
 2021-12-29 23:12:24 -06:00
hwdsl2
a323b13512 Update IKEv2 script 
- Update Ubuntu 18.04 NSS fix with newer package versions.
  Ref: https://ubuntu.com/security/CVE-2021-43527
 2021-12-29 20:28:15 -06:00
hwdsl2
bbdb9b13f9 Update IKEv2 script 
- Add Alpine Linux 3.15
 2021-12-29 18:48:47 -06:00
hwdsl2
bc312e0736 Update IKEv2 script 
- Show client certificate statuses when listing IKEv2 clients
- Fixes #1038
 2021-11-07 00:13:42 -05:00
hwdsl2
dccfa65a08 Update IKEv2 script 
- Minor fix
 2021-10-10 14:30:34 -05:00
hwdsl2
b129339927 Cleanup 2021-09-22 00:04:58 -05:00
hwdsl2
7b6d982875 Improve VPN setup 
- Remove IKEv2 script when uninstalling
 2021-09-22 00:03:20 -05:00
hwdsl2
a47ced7899 Cleanup 2021-09-19 21:51:14 -05:00
hwdsl2
4a8e24a61c Cleanup 2021-09-18 14:58:06 -05:00
hwdsl2
c8db38f12b Add container check 
- Add check for LXC containers. Ref: #1014
 2021-09-18 00:53:15 -05:00
hwdsl2
819c537b5e Improve /dev/ppp check 
- Show a warning instead of exiting with an error for missing /dev/ppp,
  which could happen on Debian 11/10 with certain Linux kernels. Users
  can use the IKEv2 or IPsec/XAuth ("Cisco IPsec") mode to connect.
  Ref: https://git.io/vpndebian10
 2021-09-17 23:47:09 -05:00
hwdsl2
f14d903b97 Bugfix for Alpine Linux 
- Install coreutils on Alpine Linux for "mktemp"
 2021-09-14 00:49:13 -05:00
hwdsl2
1f9939b8cc Update IKEv2 script 
- Install uuidgen on Alpine Linux
 2021-09-14 00:24:27 -05:00
hwdsl2
ca411d90cd Cleanup 2021-09-11 22:26:55 -05:00
hwdsl2
3c557c7f22 Add Alpine Linux 2021-09-11 15:00:29 -05:00
hwdsl2
e2a9c4a0c3 Cleanup 2021-09-11 10:07:33 -05:00
hwdsl2
5f9a6fa8ce Improve VPN setup 
- Update uninstall script: For CentOS/RHEL 8, try to automatically
  restore nftables rules to the version before VPN setup.
- Cleanup
 2021-09-09 00:14:26 -05:00
hwdsl2
263ffe97cc Cleanup 2021-09-07 09:02:22 -05:00
hwdsl2
c91270a18c Improve VPN setup 
- Add uninstall script
 2021-09-07 02:55:37 -05:00
hwdsl2
217bf2a237 Cleanup 
- Improve temporary folder creation
 2021-08-28 16:07:52 -05:00
hwdsl2
da7697a5b0 Cleanup 
- Update scripts to use bash instead of sh
- Update docs
 2021-08-27 23:35:31 -05:00
hwdsl2
0e8e6a020c New Libreswan version 
- Support updating to Libreswan 4.5
 2021-08-22 11:49:35 -05:00
hwdsl2
edd124ed9c Update IKEv2 script 
- Set display name under server description in iOS VPN settings
  to "IKEv2 VPN"
- Ref: #995. Thanks @Mattz-P!
 2021-08-22 10:55:57 -05:00
hwdsl2
52216d8f59 Improve update scripts 
- Refactor VPN update scripts into functions
- Cleanup
 2021-08-22 00:43:14 -05:00
hwdsl2
665349336d Update IKEv2 script 
- Cleanup
 2021-08-22 00:42:21 -05:00
hwdsl2
fc33e1c451 Cleanup 2021-08-19 01:40:38 -05:00
hwdsl2
87235014ad Add Debian 11 2021-08-15 00:46:25 -05:00
hwdsl2
8e570129b2 Cleanup 2021-08-14 00:26:27 -05:00
hwdsl2
70873348b9 Add update script 
- Add a new wrapper script for updating Libreswan on all supported OS.
  The previous vpnupgrade.sh has been moved to vpnupgrade_ubuntu.sh.
 2021-08-14 00:23:14 -05:00
hwdsl2
cd40f1e2b7 Rename update script 2021-08-13 22:59:41 -05:00
hwdsl2
cfd9128e3f Improve VPN setup 
- Wait for apt to be available
- Check for Wget and install it if not found
- Fallback to cURL if Wget fails
- Cleanup
 2021-08-13 22:15:11 -05:00
hwdsl2
779a86f933 Cleanup 2021-08-13 02:11:31 -05:00
hwdsl2
21dc90e656 Update IKEv2 script 
- Cleanup
 2021-08-11 00:03:25 -05:00
hwdsl2
c8b5bb87f0 Update interface check 
- Update network interface check in quickstart.sh so that it is
  consistent with vpnsetup.sh.
 2021-08-10 23:09:48 -05:00
hwdsl2
50053e3be7 Add quick start script 2021-08-10 02:57:18 -05:00
hwdsl2
6daacff466 Cleanup 2021-08-07 16:12:26 -05:00
hwdsl2
ab50fa7264 Update IKEv2 script 
- Minor improvements to client name input prompts. Abort and exit
  if the user presses Enter without specifying a client name.
- Cleanup
 2021-07-31 23:36:43 -05:00
hwdsl2
c928068a20 Update IKEv2 script 
- Cleanup
 2021-07-31 15:31:13 -05:00
hwdsl2
2c3f4e20a5 Update IKEv2 script 
- Cleanup
 2021-07-30 08:47:10 -05:00
hwdsl2
2e17ef68ce Update OS detection 2021-07-27 00:59:15 -05:00
hwdsl2
8d26e0b6c9 Update IKEv2 script 
- Improve checking for MOBIKE support. Linux kernels on QNAP systems
  do not support MOBIKE.
  Ref: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/247
- Switch to use /etc/ipsec.d/.vpnconfig to store generated password
  for IKEv2 client config files, instead of vpnclient.p12.password.
  Migrate to use .vpnconfig if the older config file is found.
  Ref: 45ee41d
 2021-07-25 20:55:40 -05:00
hwdsl2
45ee41d930 Update IKEv2 script 
- Improve IKEv2 setup: Save generated password for IKEv2 client
  configuration files to vpnclient.p12.password, so that it can
  be re-used for later runs of the helper script. Previously,
  a different password is generated each time the script is run.
 2021-07-24 15:58:48 -05:00
hwdsl2
855a285cff Update IKEv2 script 
- Cleanup
 2021-07-23 00:22:51 -05:00
hwdsl2
a0409b4399 Cleanup 
- In rare cases, if a parent process traps SIGPIPE, the 'tr'
  command in the VPN setup scripts could output an error
  'tr: write error: Broken pipe'. This is a cosmetic error
  that does NOT affect the functionality of the scripts. This
  commit hides the error in such cases.
 2021-07-21 23:12:06 -05:00
hwdsl2
7afbca94a5 Cleanup 2021-07-17 00:52:04 -05:00
hwdsl2
5d43404beb Update IKEv2 script 
- Simplify IKEv2 setup: Use an auto-generated password to protect
  client configuration files. Remove the steps for user input.
- Cleanup
 2021-07-13 22:09:25 -05:00
hwdsl2
a90caf428b Update IKEv2 script 
- Add support for Alpine Linux in a Docker container. See:
  https://github.com/hwdsl2/docker-ipsec-vpn-server
 2021-07-12 23:41:33 -05:00
hwdsl2
61025818bb Optimize binary size 
- Use the gcc "-s" option when compiling Libreswan. This reduces
  binary size by ~80%.
 2021-07-10 01:57:11 -05:00
hwdsl2
64eb0e1f49 Cleanup 2021-06-09 00:42:28 -05:00
hwdsl2
811ce6a9aa Update IKEv2 script 
- Check certificate status when exporting a client configuration
  using --exportclient
 2021-06-01 23:35:19 -05:00
hwdsl2
ea52ab4683 Update IKEv2 script 
- New: Revoke a client certificate using the helper script. Users can
  also manually revoke a client certificate, see https://git.io/ikev2
- Check for certificate validity when exporting client configurations
- Delete CRL from IPsec database when removing IKEv2
- Cleanup
 2021-06-01 02:30:51 -05:00
hwdsl2
3014143e15 Update IKEv2 script 
- Advanced users can specify the server's IP address using variable
  VPN_PUBLIC_IP instead of auto-detect
 2021-05-11 09:59:29 -05:00
hwdsl2
ee409250d8 Improve IKEv2 setup 
- Increase RSA key size from the default 2048 bits to 3072 bits
- Use fixed delay between certutil calls, a random delay is not needed
- Update docs
 2021-05-01 14:46:12 -05:00
hwdsl2
e850fca9c3 Update IKEv2 script 
- Remove MODP1024 from IKEv2 ciphers for improved security. Windows users
  will need to make a one-time registry change before connecting for the
  first time. Refer to https://git.io/ikev2.
 2021-04-24 22:34:48 -05:00
hwdsl2
ac0bde54bb New Libreswan version 
- Use new Libreswan version 4.4
- Support updating to Libreswan 4.4
- Other small improvements and cleanup
 2021-04-24 16:15:05 -05:00
hwdsl2
d90c6121b6 Improve OS detection 2021-04-20 00:09:00 -05:00
hwdsl2
10f09bbab6 Cleanup 2021-04-18 14:27:52 -05:00
hwdsl2
f35ea9ed0d Update IKEv2 script 
- Improve output for auto mode when custom options are specified
 2021-04-11 13:53:38 -05:00
hwdsl2
5076f9ec03 Update IKEv2 script 
- Add an option to specify the name of the first IKEv2 client when
  running the script in auto mode. The default is "vpnclient".
- Cleanup
 2021-04-10 16:24:49 -05:00
hwdsl2
804856064b Minor fix and cleanup 
- Minor fix for CentOS 8 for the uncommon scenario where the server has
  "nftables" service enabled
- Cleanup
 2021-04-01 23:06:36 -05:00
hwdsl2
7ac343db4d Update IKEv2 script 
- Improve output
 2021-03-30 23:47:59 -05:00
hwdsl2
e6c2cbcd96 Update IKEv2 script 2021-03-28 23:39:04 -05:00
hwdsl2
cd3a0c1bed Update IKEv2 script 
- Remove support for Libreswan 3.22 and older in the IKEv2 script. Users
  should update to a newer version before setting up IKEv2.
- Cleanup
 2021-03-19 23:58:06 -05:00
hwdsl2
eb8daa3a40 Update helper scripts 
- Cleanup and minor improvements to the helper scripts for managing
  VPN users
 2021-03-12 00:07:48 -06:00
hwdsl2
35c85526b6 Update IKEv2 script 
- Minor improvement to client config message
 2021-03-08 23:23:00 -06:00
hwdsl2
d54b2ac57a Cleanup 2021-03-07 23:38:38 -06:00
hwdsl2
8fa3bfac80 Cleanup 2021-03-07 00:12:46 -06:00
hwdsl2
1abcd704be Update IKEv2 config 
- Use the AES_GCM128 cipher for improved performance
  Ref: https://libreswan.org/wiki/Benchmarking_and_Performance_testing
- Update docs
 2021-03-06 14:07:07 -06:00