1
0
mirror of synced 2024-11-22 21:16:02 +03:00
setup-ipsec-vpn/vpnupgrade_Libreswan_centos.sh

152 lines
4.7 KiB
Bash
Raw Normal View History

2016-01-08 12:03:56 +03:00
#!/bin/sh
#
# Simple script to upgrade Libreswan on CentOS and RHEL
#
2016-01-25 19:38:07 +03:00
# Copyright (C) 2016 Lin Song
2016-01-08 12:03:56 +03:00
#
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
# Unported License: http://creativecommons.org/licenses/by-sa/3.0/
#
# Attribution required: please include my name in any derivative and let me
# know how you have improved it!
# Check https://libreswan.org and update version number if necessary
2016-01-08 12:03:56 +03:00
SWAN_VER=3.16
2016-01-21 20:50:35 +03:00
### Do not edit below this line
2016-01-08 12:03:56 +03:00
if [ ! -f /etc/redhat-release ]; then
echo "Looks like you aren't running this script on a CentOS/RHEL system."
exit 1
fi
if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
2016-01-19 10:23:17 +03:00
echo "This script only supports versions 6 and 7 of CentOS/RHEL."
2016-01-08 12:03:56 +03:00
exit 1
fi
if [ "$(uname -m)" != "x86_64" ]; then
2016-01-19 10:23:17 +03:00
echo "This script only supports 64-bit CentOS/RHEL."
exit 1
fi
2016-01-19 10:32:22 +03:00
if [ -f "/proc/user_beancounters" ]; then
echo "This script does NOT support OpenVZ VPS."
exit 1
fi
2016-01-08 12:03:56 +03:00
if [ "$(id -u)" != 0 ]; then
echo "Sorry, you need to run this script as root."
exit 1
fi
2016-01-13 08:05:16 +03:00
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
2016-01-08 12:03:56 +03:00
if [ "$?" != "0" ]; then
2016-01-19 10:23:17 +03:00
echo "This upgrade script requires you already have Libreswan installed."
2016-01-08 12:03:56 +03:00
echo "Aborting."
exit 1
fi
2016-01-13 08:05:16 +03:00
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan ${SWAN_VER}"
2016-01-08 12:03:56 +03:00
if [ "$?" = "0" ]; then
2016-01-18 21:37:09 +03:00
echo "It looks like you already have Libreswan ${SWAN_VER} installed! "
2016-01-08 12:03:56 +03:00
echo
printf "Do you wish to continue anyway? [y/N] "
read -r response
2016-01-08 12:03:56 +03:00
case $response in
[yY][eE][sS]|[yY])
echo
;;
*)
echo "Aborting."
exit 1
;;
esac
fi
2016-01-18 21:37:09 +03:00
clear
2016-01-20 08:17:18 +03:00
echo "Welcome! This script will build and install Libreswan ${SWAN_VER} on your server."
echo "Related packages, such as those required by Libreswan compilation will also be installed."
echo "This is intended for use on VPN servers running an older version of Libreswan."
2016-01-08 12:03:56 +03:00
echo "Your existing VPN configuration files will NOT be modified."
echo
printf "Do you wish to continue? [y/N] "
read -r response
2016-01-08 12:03:56 +03:00
case $response in
[yY][eE][sS]|[yY])
echo
echo "Please be patient. Setup is continuing..."
echo
;;
*)
echo "Aborting."
exit 1
;;
esac
# Create and change to working dir
mkdir -p /opt/src
cd /opt/src || { echo "Failed to change working directory to /opt/src. Aborting."; exit 1; }
2016-01-21 20:50:35 +03:00
# Install Wget
yum -y install wget
2016-01-08 12:03:56 +03:00
# Add the EPEL repository
if grep -qs "release 6" /etc/redhat-release; then
EPEL_RPM="epel-release-6-8.noarch.rpm"
EPEL_URL="http://download.fedoraproject.org/pub/epel/6/x86_64/$EPEL_RPM"
elif grep -qs "release 7" /etc/redhat-release; then
EPEL_RPM="epel-release-7-5.noarch.rpm"
EPEL_URL="http://download.fedoraproject.org/pub/epel/7/x86_64/e/$EPEL_RPM"
fi
wget -t 3 -T 30 -nv -O "$EPEL_RPM" "$EPEL_URL"
[ ! -f "$EPEL_RPM" ] && { echo "Cannot retrieve EPEL repo RPM file. Aborting."; exit 1; }
rpm -ivh --force "$EPEL_RPM" && /bin/rm -f "$EPEL_RPM"
2016-01-08 12:03:56 +03:00
# Install necessary packages
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
libcap-ng-devel libselinux-devel \
curl-devel gmp-devel flex bison gcc make \
fipscheck-devel unbound-devel gmp gmp-devel xmlto
# Installed Libevent2. Use backported version for CentOS 6.
2016-01-08 12:03:56 +03:00
if grep -qs "release 6" /etc/redhat-release; then
LE2_URL="https://download.libreswan.org/binaries/rhel/6/x86_64"
RPM1="libevent2-2.0.22-1.el6.x86_64.rpm"
RPM2="libevent2-devel-2.0.22-1.el6.x86_64.rpm"
wget -t 3 -T 30 -nv -O "$RPM1" "$LE2_URL/$RPM1"
wget -t 3 -T 30 -nv -O "$RPM2" "$LE2_URL/$RPM2"
[ ! -f "$RPM1" ] || [ ! -f "$RPM2" ] && { echo "Cannot retrieve Libevent2 RPM file(s). Aborting."; exit 1; }
rpm -ivh --force "$RPM1" "$RPM2" && /bin/rm -f "$RPM1" "$RPM2"
2016-01-08 12:03:56 +03:00
elif grep -qs "release 7" /etc/redhat-release; then
yum -y install libevent-devel
fi
# Compile and install Libreswan
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz"
SWAN_URL="https://download.libreswan.org/${SWAN_FILE}"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
[ ! -f "$SWAN_FILE" ] && { echo "Cannot retrieve Libreswan source file. Aborting."; exit 1; }
2016-01-08 12:03:56 +03:00
/bin/rm -rf "/opt/src/libreswan-${SWAN_VER}"
tar xvzf "$SWAN_FILE" && rm -f "$SWAN_FILE"
cd "libreswan-${SWAN_VER}" || { echo "Failed to enter Libreswan source dir. Aborting."; exit 1; }
2016-01-08 12:03:56 +03:00
make programs && make install
# Restore SELinux contexts
2016-01-21 20:50:35 +03:00
/sbin/restorecon /etc/ipsec.d/*db 2>/dev/null
/sbin/restorecon /usr/local/sbin -Rv 2>/dev/null
/sbin/restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
2016-01-20 08:17:18 +03:00
# Restart IPsec service
/sbin/service ipsec restart
2016-01-21 20:50:35 +03:00
# Check if the install was successful
2016-01-13 08:05:16 +03:00
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "${SWAN_VER}"
2016-01-21 20:50:35 +03:00
[ "$?" != "0" ] && { echo "Sorry, Libreswan ${SWAN_VER} failed to compile or install. Aborting."; exit 1; }
2016-01-08 12:03:56 +03:00
echo
echo "Congratulations! Libreswan ${SWAN_VER} was installed successfully!"
exit 0