1
0
mirror of synced 2024-12-02 01:26:03 +03:00
setup-ipsec-vpn/extras/vpnupgrade.sh

142 lines
4.1 KiB
Bash
Raw Normal View History

2016-01-08 12:03:56 +03:00
#!/bin/sh
#
2016-04-21 01:31:29 +03:00
# Script to upgrade Libreswan on Ubuntu and Debian
2016-01-08 12:03:56 +03:00
#
# Copyright (C) 2016 Lin Song <linsongui@gmail.com>
2016-01-08 12:03:56 +03:00
#
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
# Unported License: http://creativecommons.org/licenses/by-sa/3.0/
#
# Attribution required: please include my name in any derivative and let me
# know how you have improved it!
2016-07-20 21:10:58 +03:00
# Check https://libreswan.org for the latest version
2016-07-29 20:55:08 +03:00
swan_ver=3.18
2016-01-08 12:03:56 +03:00
2016-07-20 21:10:58 +03:00
### Do not edit below this line ###
2016-01-21 20:50:35 +03:00
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
2016-07-04 01:54:15 +03:00
exiterr() { echo "Error: ${1}" >&2; exit 1; }
exiterr2() { echo "Error: 'apt-get install' failed." >&2; exit 1; }
2016-04-21 01:31:29 +03:00
os_type="$(lsb_release -si 2>/dev/null)"
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
2016-06-29 10:40:52 +03:00
exiterr "This script only supports Ubuntu/Debian."
2016-01-08 12:03:56 +03:00
fi
2016-01-30 22:12:15 +03:00
if [ -f /proc/user_beancounters ]; then
2016-06-29 10:40:52 +03:00
exiterr "This script does not support OpenVZ VPS."
2016-01-19 10:32:22 +03:00
fi
2016-01-08 12:03:56 +03:00
if [ "$(id -u)" != 0 ]; then
2016-06-29 10:40:52 +03:00
exiterr "Script must be run as root. Try 'sudo sh $0'"
2016-01-08 12:03:56 +03:00
fi
2016-06-21 06:35:45 +03:00
if [ -z "$swan_ver" ]; then
2016-06-29 10:40:52 +03:00
exiterr "Libreswan version 'swan_ver' not specified."
2016-06-21 06:35:45 +03:00
fi
2016-01-13 08:05:16 +03:00
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
2016-01-08 12:03:56 +03:00
if [ "$?" != "0" ]; then
2016-06-29 10:40:52 +03:00
exiterr "This script requires Libreswan already installed."
2016-01-08 12:03:56 +03:00
fi
2016-07-20 21:10:58 +03:00
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
2016-01-08 12:03:56 +03:00
if [ "$?" = "0" ]; then
2016-06-21 06:35:45 +03:00
echo "You already have Libreswan version $swan_ver installed! "
echo "If you continue, the same version will be re-installed."
2016-01-08 12:03:56 +03:00
echo
printf "Do you wish to continue anyway? [y/N] "
read -r response
2016-01-08 12:03:56 +03:00
case $response in
[yY][eE][sS]|[yY])
echo
;;
*)
echo "Aborting."
exit 1
;;
esac
fi
2016-01-18 21:37:09 +03:00
clear
2016-05-21 11:59:08 +03:00
cat <<EOF
2016-06-21 06:35:45 +03:00
Welcome! This script will build and install Libreswan $swan_ver on your server.
2016-05-21 11:59:08 +03:00
Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan.
Your existing VPN configuration files will NOT be modified.
EOF
2016-01-08 12:03:56 +03:00
2016-06-21 06:35:45 +03:00
if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" = "7" ]; then
2016-05-21 11:59:08 +03:00
cat <<'EOF'
IMPORTANT: Workaround required for Debian 7 (Wheezy).
2016-06-21 06:35:45 +03:00
You must first run the script at: https://git.io/vpndeb7
2016-05-21 11:59:08 +03:00
Continue only after completing this workaround.
2016-06-02 19:09:17 +03:00
2016-05-21 11:59:08 +03:00
EOF
2016-01-18 21:37:09 +03:00
fi
printf "Do you wish to continue? [y/N] "
read -r response
2016-01-08 12:03:56 +03:00
case $response in
[yY][eE][sS]|[yY])
echo
echo "Please be patient. Setup is continuing..."
echo
;;
*)
echo "Aborting."
exit 1
;;
esac
# Create and change to working dir
mkdir -p /opt/src
2016-06-29 10:40:52 +03:00
cd /opt/src || exiterr "Cannot enter /opt/src."
2016-01-08 12:03:56 +03:00
2016-01-21 20:50:35 +03:00
# Update package index and install Wget
2016-01-08 12:03:56 +03:00
export DEBIAN_FRONTEND=noninteractive
2016-07-04 01:54:15 +03:00
apt-get -yq update || exiterr "'apt-get update' failed."
apt-get -yq install wget || exiterr2
2016-01-08 12:03:56 +03:00
# Install necessary packages
2016-05-19 12:02:53 +03:00
apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
2016-07-10 09:36:41 +03:00
libcap-ng-dev libcap-ng-utils libselinux1-dev \
libcurl4-nss-dev flex bison gcc make \
libunbound-dev libnss3-tools libevent-dev || exiterr2
2016-07-04 01:54:15 +03:00
apt-get -yq --no-install-recommends install xmlto || exiterr2
2016-01-08 12:03:56 +03:00
# Compile and install Libreswan
2016-07-10 09:36:41 +03:00
swan_file="libreswan-$swan_ver.tar.gz"
2016-06-06 02:22:03 +03:00
swan_url1="https://download.libreswan.org/$swan_file"
2016-07-10 09:36:41 +03:00
swan_url2="https://github.com/libreswan/libreswan/archive/v$swan_ver.tar.gz"
2016-06-06 02:22:03 +03:00
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
2016-06-29 10:40:52 +03:00
[ "$?" != "0" ] && exiterr "Cannot download Libreswan source."
2016-06-21 06:35:45 +03:00
/bin/rm -rf "/opt/src/libreswan-$swan_ver"
2016-05-21 13:34:19 +03:00
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
2016-06-29 10:40:52 +03:00
cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
echo "WERROR_CFLAGS =" > Makefile.inc.local
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
2016-07-04 01:54:15 +03:00
apt-get -yq install libsystemd-dev || exiterr2
fi
2016-05-17 06:42:30 +03:00
make -s programs && make -s install
2016-01-08 12:03:56 +03:00
2016-06-04 01:10:03 +03:00
# Verify the install and clean up
2016-06-29 10:40:52 +03:00
cd /opt/src || exiterr "Cannot enter /opt/src."
2016-06-21 06:35:45 +03:00
/bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
2016-06-29 10:40:52 +03:00
[ "$?" != "0" ] && exiterr "Libreswan $swan_ver failed to build."
2016-01-08 12:03:56 +03:00
2016-06-04 01:10:03 +03:00
# Restart IPsec service
service ipsec restart
2016-01-08 12:03:56 +03:00
echo
2016-06-21 06:35:45 +03:00
echo "Libreswan $swan_ver was installed successfully! "
2016-04-21 01:31:29 +03:00
echo
2016-05-21 11:59:08 +03:00
2016-01-08 12:03:56 +03:00
exit 0