Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] master from hwdsl2:master #16

Open
wants to merge 79 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
79 commits
Select commit Hold shift + click to select a range
32d09c6
Update docs
hwdsl2 Nov 13, 2023
dd6f260
Update docs
hwdsl2 Nov 19, 2023
f39c7fd
Update tests
hwdsl2 Nov 19, 2023
5adab8c
Update docs
hwdsl2 Nov 20, 2023
230b628
Update Cloudformation template (#1490)
scottpedia Nov 21, 2023
82cb3f8
Update docs
hwdsl2 Nov 21, 2023
7573090
Update docs
hwdsl2 Nov 25, 2023
b43e975
Update docs
hwdsl2 Nov 28, 2023
f206139
Update docs
hwdsl2 Nov 30, 2023
5a9402b
Improve VPN ciphers
hwdsl2 Dec 10, 2023
6e16b98
Update docs
hwdsl2 Dec 10, 2023
9268ad2
Update IKEv2 script
hwdsl2 Dec 13, 2023
18d5144
Update docs
hwdsl2 Dec 13, 2023
b7b3fc3
Update docs
hwdsl2 Dec 19, 2023
5bb63da
Update Alpine Linux versions
hwdsl2 Feb 3, 2024
198bd98
Update year
hwdsl2 Feb 3, 2024
9d2939d
Update tests
hwdsl2 Feb 4, 2024
d56472d
Update docs
hwdsl2 Feb 24, 2024
f5acbdf
Update docs
hwdsl2 Feb 25, 2024
7ee03da
New Libreswan version
hwdsl2 Mar 16, 2024
3b24405
New Libreswan version
hwdsl2 Mar 16, 2024
7bd9e3e
Update tests
hwdsl2 Mar 16, 2024
127759a
Update docs
hwdsl2 Mar 16, 2024
3ec000e
Update docs
hwdsl2 Mar 16, 2024
e5eabbe
Update docs
hwdsl2 Mar 17, 2024
4c6f37e
Update docs
hwdsl2 Mar 21, 2024
25670f3
Update IKEv2 script
hwdsl2 Apr 11, 2024
1442e9f
Update OS support
hwdsl2 Apr 14, 2024
828bb86
Update tests
hwdsl2 Apr 14, 2024
bf0edf5
Update OS support
hwdsl2 Apr 14, 2024
017a226
Update docs
hwdsl2 Apr 18, 2024
49ab3b6
New Libreswan version
hwdsl2 Apr 18, 2024
ca86194
New Libreswan version
hwdsl2 Apr 18, 2024
a57082a
Update tests
hwdsl2 Apr 18, 2024
2748312
Update docs
hwdsl2 Apr 18, 2024
4ee9911
Update CloudFormation template (#1555)
Saniewski Apr 23, 2024
7447f4b
Update docs
hwdsl2 Apr 23, 2024
b58e65e
Add Ubuntu 24.04
hwdsl2 Apr 27, 2024
1b769fb
Update docs
hwdsl2 Apr 27, 2024
eb75915
Update AWS template
hwdsl2 Apr 28, 2024
028d6dc
Update docs
hwdsl2 Apr 28, 2024
30a46a0
Update tests
hwdsl2 Apr 28, 2024
bf965cf
Fix for CentOS 9
hwdsl2 May 2, 2024
6f2efd3
New Libreswan version
hwdsl2 May 3, 2024
b5d19d7
New Libreswan version
hwdsl2 May 3, 2024
2ba4fe3
Update tests
hwdsl2 May 3, 2024
0b1eaf6
Update docs
hwdsl2 May 3, 2024
bea8597
Add new option
hwdsl2 May 4, 2024
a424108
Update docs
hwdsl2 May 4, 2024
d108c4a
Update tests
hwdsl2 May 18, 2024
1093b03
Update docs
hwdsl2 Jun 6, 2024
78e8957
Update tests
hwdsl2 Jun 6, 2024
8339f72
Update Azure script
hwdsl2 Jun 23, 2024
3a3c28b
Update tests
hwdsl2 Jun 23, 2024
4d01011
Update docs
hwdsl2 Jun 24, 2024
bb0c8ea
Update AWS template
hwdsl2 Jul 28, 2024
65fc2ef
Update docs
hwdsl2 Jul 28, 2024
721ea33
Update docs
hwdsl2 Jul 28, 2024
9a625db
Update OS support
hwdsl2 Jul 28, 2024
99f684f
Update tests
hwdsl2 Jul 28, 2024
d05d769
Update docs
hwdsl2 Jul 29, 2024
2974f8b
Update docs
hwdsl2 Aug 5, 2024
2e069ea
Update docs
hwdsl2 Sep 7, 2024
fbdd75e
Update docs
hwdsl2 Sep 20, 2024
56833ec
Update docs
hwdsl2 Oct 10, 2024
21ba115
New Libreswan version
hwdsl2 Oct 15, 2024
7bd6872
New Libreswan version
hwdsl2 Oct 15, 2024
9442981
Update docs
hwdsl2 Oct 15, 2024
2247387
Update tests
hwdsl2 Oct 15, 2024
2991302
Improve nftables rules
hwdsl2 Oct 16, 2024
97189ac
Cleanup
hwdsl2 Oct 16, 2024
b895650
Update docs
hwdsl2 Oct 17, 2024
e2cad5c
Update docs
hwdsl2 Nov 15, 2024
963902e
Update docs
hwdsl2 Nov 15, 2024
b60c232
Update docs
hwdsl2 Nov 19, 2024
02ed636
Update docs
hwdsl2 Nov 26, 2024
ea64a36
Update docs
hwdsl2 Dec 8, 2024
37d7cd2
Update OS check
hwdsl2 Dec 27, 2024
9d7e4a3
Update docs
hwdsl2 Jan 26, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Improve VPN ciphers
- Update VPN ciphers for compatibility with macOS 14 (Sonoma).
  Ref: hwdsl2#1486, libreswan/libreswan#1450
  • Loading branch information
hwdsl2 committed Dec 10, 2023
commit 5a9402b75bd966671565fe7f76cc89962230ade1
27 changes: 21 additions & 6 deletions extras/ikev2setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ confirm_or_abort() {
show_header() {
cat <<'EOF'

IKEv2 Script Copyright (c) 2020-2023 Lin Song 11 Aug 2023
IKEv2 Script Copyright (c) 2020-2023 Lin Song 9 Dec 2023

EOF
}
Expand Down Expand Up @@ -872,6 +872,20 @@ install_uuidgen() {
fi
}

update_ikev2_conf() {
if grep -qs 'ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1$' "$IKEV2_CONF"; then
bigecho2 "Updating IKEv2 configuration..."
sed -i \
"/ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1$/s/ike=/ike=aes_gcm_c_256-hmac_sha2_256-ecp_256,/" \
"$IKEV2_CONF"
if [ "$os_type" = "alpine" ]; then
ipsec auto --add ikev2-cp >/dev/null
else
restart_ipsec_service >/dev/null
fi
fi
}

create_mobileconfig() {
[ -z "$server_addr" ] && get_server_address
p12_file_enc="$export_dir$client_name.enc.p12"
Expand All @@ -898,9 +912,9 @@ cat > "$mc_file" <<EOF
<key>ChildSecurityAssociationParameters</key>
<dict>
<key>DiffieHellmanGroup</key>
<integer>14</integer>
<integer>19</integer>
<key>EncryptionAlgorithm</key>
<string>AES-128-GCM</string>
<string>AES-256-GCM</string>
<key>LifeTimeInMinutes</key>
<integer>1410</integer>
</dict>
Expand All @@ -915,9 +929,9 @@ cat > "$mc_file" <<EOF
<key>IKESecurityAssociationParameters</key>
<dict>
<key>DiffieHellmanGroup</key>
<integer>14</integer>
<integer>19</integer>
<key>EncryptionAlgorithm</key>
<string>AES-256</string>
<string>AES-256-GCM</string>
<key>IntegrityAlgorithm</key>
<string>SHA2-256</string>
<key>LifeTimeInMinutes</key>
Expand Down Expand Up @@ -1093,6 +1107,7 @@ export_client_config() {
else
install_uuidgen
fi
update_ikev2_conf
export_p12_file
create_mobileconfig
create_android_profile
Expand Down Expand Up @@ -1174,7 +1189,7 @@ conn ikev2-cp
ikev2=insist
rekey=no
pfs=no
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
ike=aes_gcm_c_256-hmac_sha2_256-ecp_256,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
ikelifetime=24h
salifetime=24h
Expand Down