mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-04-10 12:30:58 +00:00
Code Issues Projects Releases Wiki Activity
498 commits 1 branch 0 tags 19 MiB
Commit graph

219 commits

Author SHA1 Message Date
Loginbug
91b91d8cd4
Update vpnsetup.sh 
Updated libreswan version up to 3.31
Removed modp1024 from config file because it's now deprecated
Tested on Debian 10 Buster
 2020-03-30 12:31:57 +02:00
hwdsl2
4360737eaf Improve OS detection 2020-01-13 00:07:39 -08:00
hwdsl2
3353888ee9 Set sha2-truncbug to no 
- This fixes VPN connection issues on iOS 13
- Android 6.x and 7.x users may require sha2-truncbug=yes. Will note
  this in the documentation
- Fixes #638
 2019-09-22 20:37:23 -07:00
hwdsl2
609f24257d New Libreswan version 
- Upgrade Libreswan to 3.29
 2019-06-10 21:05:51 -05:00
hwdsl2
f69a0a9c97 New Libreswan version 
- Upgrade Libreswan to 3.28
- Patches applied for Debian and CentOS 6. See 1659d03
 2019-06-09 00:15:11 -05:00
hwdsl2
da20e723e8 Remove xl2tpd workaround 2019-06-02 22:44:12 -05:00
hwdsl2
dfa607eef8 Improve route detection 
- Limit Number of default routes returned to 1
- Fixup for commit 323e7cf (#541)
 2019-03-09 13:13:42 -06:00
Abubakar Siddiq Ango
323e7cfbf4 Limit Number of default routes returned to 1 (#541) 2019-03-09 13:07:46 -06:00
hwdsl2
6fb35e25cb Update year 2019-01-12 11:34:10 -06:00
hwdsl2
997cacdaeb Cleanup 2019-01-12 01:08:04 -06:00
hwdsl2
ed5cbb865f Clean up network detection 
- Clean up default network interface detection and remove VPN_NET_IFACE
 2019-01-12 00:44:23 -06:00
hwdsl2
ddaa0ee99c Improve DNS servers 
- Improve modecfgdns format
- Better parsing of DNS servers in upgrade scripts
- Add usage of DNS server variables to README and allow users to specify
  only one or both alternative DNS servers
 2018-12-17 00:07:04 -06:00
hwdsl2
ff82c3fb6e Improve VPN ciphers 
- Optimize order of VPN ciphers for performance
 2018-11-24 10:30:42 -06:00
hwdsl2
f1c8c06af1 Improve VPN ciphers 
- Replace "aes_gcm256-null,aes_gcm128-null" with "aes_gcm-null" to
  improve compatibility with some Linux kernels
- Ref: https://libreswan.org/wiki/FAQ#Using_aes_gcm_or_aes_ctr_results_in_ERROR:_netlink_response_for_Add_SA_esp.XXXXXXXX.40IPADDRESS_included_errno_22:_Invalid_argument
 2018-11-02 01:54:49 -05:00
hwdsl2
5f75a7306a Improve VPN ciphers 
- Revert 'sha2-truncbug' from 'no' to 'yes' to fix compatibility with
  Android versions 6.x and 7.x.
- Remove aes128-sha2_512 algorithm
- Ref: 732ad1e
 2018-10-28 00:33:42 -05:00
hwdsl2
e8723245f0 Improve VPN config 
- Increase auto-generated IPsec PSK length to 20 characters
- Add a note to README
 2018-10-27 15:22:53 -05:00
hwdsl2
732ad1e941 Improve VPN ciphers 
- Optimize VPN ciphers and their order for improved security and
  compatibility with different OS. Remove 3DES algorithm
- Change 'sha2-truncbug' from 'yes' to 'no'
- Update docs
 2018-10-27 00:53:19 -05:00
hwdsl2
9db710090d Improve VPN ciphers 
- Add AES-GCM cipher for Chromebook compatibility and performance
 2018-10-25 01:25:35 -05:00
hwdsl2
69d1bfe06f Improve IPTables on boot 
- Improve checking for iptables-persistent, and do not add ifupdown
  script /etc/network/if-pre-up.d/iptablesload if it is in use
 2018-10-24 00:56:37 -05:00
hwdsl2
39a92e52c0 Improve IPTables on boot 
- For systems with "netplan" (e.g. Ubuntu 18.04), do not create
  load-iptables-rules service if iptables-persistent is installed
  (to avoid conflicts on boot)
- Ref: cf77372
 2018-10-21 22:05:00 -05:00
hwdsl2
804211c101 Cleanup 2018-10-21 00:20:54 -05:00
hwdsl2
cf7737238d Improve IPTables on boot 
- Improve loading of IPTables rules on boot for systems with "netplan"
  such as Ubuntu 18.04, by creating a systemd service. This is needed
  because ifupdown scripts do not run under netplan
 2018-10-21 00:05:21 -05:00
hwdsl2
a04d2d32e8 New Libreswan version 
- Upgrade Libreswan to 3.27
- Cleanup
 2018-10-09 12:32:28 -05:00
hwdsl2
b803f32b71 New Libreswan version 
- Upgrade to new Libreswan version 3.26
- Ref: https://github.com/libreswan/libreswan/issues/202
- Cleanup
 2018-09-21 23:47:17 -05:00
hwdsl2
95c8a178e7 Improve variables 
- Move SWAN_VER to the top of the scripts
- Add check for Libreswan version
- Cleanup
 2018-09-18 00:57:03 -05:00
hwdsl2
2fe44b172e Improve Libreswan versions 
- Add compilation workarounds specific to Libreswan 3.23/3.25 to the VPN
  setup scripts, so that users may install those versions by modifying
  SWAN_VER before running the scripts
- Cleanup
 2018-09-11 00:03:04 -05:00
hwdsl2
8d90a3877c Add version note 2018-09-10 01:26:31 -05:00
hwdsl2
1227a0ed5d Improve xl2tpd workaround 
- Exclude Ubuntu from xl2tpd 1.3.12 workaround (Ref: 3f8e79b), because
  updated xl2tpd packages are now available for Ubuntu 16.04 and 18.04
  See: https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796
- Add Linux kernel 4.16 to the list of kernels to work around
- Cleanup
 2018-09-04 23:11:59 -05:00
hwdsl2
59f817575c Create rundir 
- Create /run/pluto which is used as rundir in Libreswan 3.22 and newer
- Fixes #407
 2018-06-10 16:08:12 -05:00
hwdsl2
1ff393b91c Use Libreswan 3.22 
- Use Libreswan 3.22 instead of 3.23 due to an issue with connecting
  multiple IPsec/XAuth VPN clients from behind the same NAT
- Ref: c982502 0cf01c0
 2018-06-06 00:40:09 -05:00
hwdsl2
f838fcfe12 Fix IP parsing 
- Fix parsing private IP on some systems such as Ubuntu 18.04
 2018-06-03 23:24:37 -05:00
hwdsl2
95bcadb2c2 Improve VPN ciphers 
- Add back aes256-sha2_512 to phase2alg, required on some Android systems
- Fixes #391
 2018-05-23 19:54:37 -05:00
hwdsl2
8e15eb683c Cleanup 2018-05-23 01:39:53 -05:00
hwdsl2
3f8e79b8e4 Use xl2tpd 1.3.12 
- Install xl2tpd 1.3.12 for systems with Linux kernel 4.14/4.15
- This version fixes an xl2tpd issue under the above Linux kernels
- Remove Linux kernel check and notes which are no longer needed
- Ref: xelerance/xl2tpd#147
- Ref: https://github.com/xelerance/xl2tpd/releases
 2018-05-23 00:38:01 -05:00
hwdsl2
e3fe8b05bf Improve workaround 
- Specify "left=" in ipsec.conf for servers with 'src' in default route
- Ref: https://github.com/libreswan/libreswan/issues/177
 2018-05-21 00:58:24 -05:00
hwdsl2
3b7039ef78 Update Linux kernel check 2018-05-16 22:34:33 -05:00
hwdsl2
738f5d4764 Improve check for apt/dpkg lock 2018-05-13 00:58:43 -05:00
hwdsl2
73a97f2ba4 Cleanup 2018-05-10 21:18:58 -05:00
hwdsl2
f2f6524201 Re-add Android workaround 
- VPN on Android 6.0, 7.0 and 7.1.1 requires sha2-truncbug=yes to work
- Android 5.1, 8.0 and 8.1 also connect OK with this setting
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters
 2018-05-08 00:39:52 -05:00
hwdsl2
102ccbc17d Clean up VPN ciphers 
- Remove aes256-sha2_512
- Change sha2-truncbug to no for newer Android versions
- Fixes #303
 2018-05-05 18:51:24 -05:00
hwdsl2
0c6cb4b8a9 Update year 2018-05-05 18:49:38 -05:00
hwdsl2
240a0187f6 Update Linux kernel check 2018-05-04 03:16:58 -05:00
hwdsl2
6a5c14b873 Minor fix 2018-05-03 01:34:05 -05:00
hwdsl2
3c9c3d25a7 Add check for Linux kernel 4.15 2018-05-03 00:52:14 -05:00
hwdsl2
632165685a Add iptables dependency 
- Closes #363
- Thanks @rocboronat!
 2018-05-02 02:58:45 -05:00
Aofei Sheng
a06995d35d Fix iproute for Ubuntu 18.04 (#375) 
The iproute package has been deprecated in Ubuntu 18.04.
 2018-05-01 01:34:04 -05:00
hwdsl2
21228a8caf Improve RPi workarounds 
- Improve workarounds for systems with ARM CPU (e.g. Raspberry Pi)
- Check for ARM architecture instead of checking for Raspbian
 2018-02-03 16:55:54 -06:00
hwdsl2
0cf01c0eb8 Update ipsec.conf 
- Switch to new keyword 'modecfgdns' in Libreswan 3.23
 2018-01-29 02:11:16 -06:00
hwdsl2
3d2b6fc861 Remove RPi workaround 2018-01-29 02:06:08 -06:00
hwdsl2
c982502ad4 Upgrade Libreswan to 3.23 
- Remove 'docker-targets.mk' from Makefile to avoid git errors
  during compilation
 2018-01-29 01:22:24 -06:00