Commit Graph

37 Commits

Author SHA1 Message Date
hwdsl2
8c286df143 Cleanup 2021-01-24 20:01:40 -06:00
hwdsl2
7e3a38ca54 Update IKEv2 script
- New: Users can now specify '--listclients' to list the names of
  existing IKEv2 clients
- Other minor improvements
2021-01-24 15:54:44 -06:00
hwdsl2
625ddd3d32 Update IKEv2 script
- New: Users can now specify '--addclient [client name]' or
  '--exportclient [client name]' command-line arguments to automatically
  add or export an IKEv2 client using default options.
- Show script usage when '-h' or '--help' is specified.
- Other minor improvements
2021-01-24 13:53:55 -06:00
hwdsl2
83d7309147 Cleanup 2021-01-23 18:20:49 -06:00
hwdsl2
f0c1f3bcb1 Update IKEv2 script
- New: Create .sswan files to simplify Android IKEv2 client setup and
  improve VPN performance
- Cleanup
2021-01-23 16:02:59 -06:00
hwdsl2
3611ed5981 Update IKEv2 script
- Minor fix: Set permission for the generated .mobileconfig file to 600,
  same as the exported .p12 file.
2021-01-23 00:20:09 -06:00
hwdsl2
47b5cd01c1 Update IKEv2 script
- For the Ubuntu 18.04 NSS bug fix, use mirrors.kernel.org, which
  is an Ubuntu mirror that supports HTTPS, instead of HTTP-only
  security.ubuntu.com
- Minor fix: When uninstalling IKEv2, delete keys in addition to
  certificates from the IPsec database
2021-01-21 23:07:24 -06:00
hwdsl2
5e1b3e1ae9 Update IKEv2 script
- Apply fix for NSS bug on Ubuntu 18.04. Ubuntu 18.04 has NSS (libnss3)
  version 3.35, which has a bug with iteration counts that results in
  "incorrect password" errors when trying to import a generated ".p12"
  file to Windows. To fix this, we install newer versions of libnss3
  related packages from the official Ubuntu repo.
  Ref: #414
  https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes
  https://packages.ubuntu.com/focal/amd64/libnss3
- Other minor improvements
2021-01-21 00:24:07 -06:00
hwdsl2
7d9f2c6603 Fix IKEv2
- Fix an issue with IKEv2 disconnecting after one hour due to IKE SA
  expiration, by setting ikelifetime and salifetime to 24h.
  Ref: #913 #844 https://libreswan.org/man/ipsec.conf.5.html
2021-01-20 01:39:07 -06:00
hwdsl2
9bf2b630ca Update IKEv2 script
- Add option to remove IKEv2
2021-01-19 01:05:06 -06:00
hwdsl2
819ff8a2b3 Update IKEv2 script
- New feature: Export configuration for an existing IKEv2 client
- If IKEv2 has already been set up, users can now choose from a menu to
  either add a new client or export configuration for an existing client
2021-01-18 21:57:09 -06:00
hwdsl2
ef93a9867b Update IKEv2 script
- New feature: The IKEv2 helper script can now be run in "auto mode",
  which sets up IKEv2 using default options, no user input needed.
  To use this mode, add command-line parameter "--auto"
- Refactor entire script to remove duplicate code, improve structure
  and make it easier to read and maintain
- Add check for Libreswan version
- Update tests
2021-01-18 00:01:46 -06:00
hwdsl2
b17ec88a0d Update IKEv2 script
- Add the option for users to specify their own password to protect the
  exported VPN client configuration files
- Update tests
2021-01-15 23:26:25 -06:00
hwdsl2
b004aaaf7c Support .mobileconfig for IKEv2
- New feature: For macOS and iOS clients, the IKEv2 helper script
  can now create .mobileconfig files to simplify client setup
  and improve VPN performance with ciphers such as AES-GCM.
- New feature: VPN On Demand is now supported on macOS and iOS.
  See https://git.io/ikev2 for more details.
- The script no longer exports the IKEv2 VPN CA certificate, since
  .mobileconfig support has been added.
- A random password is now generated for the .p12 and .mobileconfig
  files, and displayed on the screen when finished. User input is
  no longer required for this password.
2021-01-14 23:21:52 -06:00
hwdsl2
91b7e53004 Update IKEv2 script
- Improve check for MOBIKE support
2021-01-13 09:58:17 -06:00
hwdsl2
c0a212bfc8 Update IKEv2 script
- Improve OS detection and Libreswan version handling
- Cleanup
2021-01-10 18:28:52 -06:00
hwdsl2
dabf765978 Update year 2021-01-03 00:35:24 -06:00
hwdsl2
313502293f Update IKEv2 script
- Add check for existing certificates for the VPN server and client
- Other minor improvements
2020-12-30 22:53:19 -06:00
hwdsl2
e7bbb50670 Add Amazon Linux 2 2020-12-26 00:19:50 -06:00
hwdsl2
76c9d9c293 Update IKEv2 script 2020-12-20 01:15:00 -06:00
hwdsl2
3b1403668d Update upgrade scripts
- Clean up Libreswan build flags for CentOS
- Minor improvements
2020-12-14 23:12:15 -06:00
hwdsl2
599c1dab15 Update IKEv2 script
- Minor improvements
2020-12-13 15:52:03 -06:00
hwdsl2
cf1865a66e Improve RPi detection
- Add check for 64-bit versions of Raspberry Pi OS, e.g. Ubuntu 20.04
  on Raspberry Pi 4
- Ref: #852
2020-11-24 21:27:40 -06:00
hwdsl2
afb8a7acce New Libreswan version
- Upgrade Libreswan from 3.32 to 4.1
2020-11-11 00:27:44 -06:00
hwdsl2
5e090770c8 Update IKEv2 script
- Allow specifying custom DNS servers
- Add notes about the IKEv2 MOBIKE extension
- Cleanup
2020-07-12 17:14:30 -05:00
hwdsl2
012c19fed1 Update IKEv2 script
- Allow specifying the validity period of client certificates
2020-07-02 11:48:35 -05:00
hwdsl2
cf2ed17ae6 Update IKEv2 script
- Improve error handling and move ikev2 config to the last step
2020-06-11 01:32:31 -05:00
hwdsl2
b7293e95da Cleanup 2020-06-05 11:00:23 -05:00
hwdsl2
333a63850e Update IKEv2 script
- Support adding IKEv2 VPN clients
- Users can specify name for the first VPN client
2020-06-05 00:29:15 -05:00
hwdsl2
e1e1b67afd Improve IKEv2 setup
- Use /etc/ipsec.d/ikev2.conf for IKEv2 configuration
- Allow running from inside a container, so that it can be used with:
  https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 23:09:32 -05:00
hwdsl2
5894ea2e1f Update IKEv2 script
- Allow running from inside a container, so that it can be used with:
  https://github.com/hwdsl2/docker-ipsec-vpn-server
2020-05-30 17:35:27 -05:00
hwdsl2
0a0607feb9 Update IKEv2 script
- Save client configuration to home folder
2020-05-17 18:09:40 -05:00
hwdsl2
b028661f6f Update IKEv2 script
- Raspberry Pi (Raspbian) kernels do not support MOBIKE
2020-05-16 22:11:01 -05:00
hwdsl2
f38e2ea4f2 Cleanup 2020-05-14 23:07:47 -05:00
hwdsl2
5bf8b86192 Update IKEv2 script
- Fix CentOS detection
- Set MOBIKE question default to 'yes'
2020-05-11 23:15:05 -05:00
hwdsl2
6a285499e3 Update upgrade scripts
- Support upgrading to Libreswan 3.32
- Update ikev2 setup helper script
2020-05-11 11:28:37 -05:00
hwdsl2
ace41ebc29 Add IKEv2 script
- Add a helper script for automatic IKEv2 setup
- Update IKEv2 docs
2020-05-11 01:18:34 -05:00