2016-01-08 12:03:56 +03:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# Simple script to upgrade Libreswan on CentOS and RHEL
|
|
|
|
#
|
2016-01-25 19:38:07 +03:00
|
|
|
# Copyright (C) 2016 Lin Song
|
2016-01-08 12:03:56 +03:00
|
|
|
#
|
|
|
|
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
|
|
|
|
# Unported License: http://creativecommons.org/licenses/by-sa/3.0/
|
|
|
|
#
|
|
|
|
# Attribution required: please include my name in any derivative and let me
|
|
|
|
# know how you have improved it!
|
|
|
|
|
2016-01-13 03:28:34 +03:00
|
|
|
# Check https://libreswan.org and update version number if necessary
|
2016-01-08 12:03:56 +03:00
|
|
|
SWAN_VER=3.16
|
|
|
|
|
2016-01-21 20:50:35 +03:00
|
|
|
### Do not edit below this line
|
|
|
|
|
2016-01-08 12:03:56 +03:00
|
|
|
if [ ! -f /etc/redhat-release ]; then
|
|
|
|
echo "Looks like you aren't running this script on a CentOS/RHEL system."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2016-01-17 10:17:45 +03:00
|
|
|
if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
|
2016-01-19 10:23:17 +03:00
|
|
|
echo "This script only supports versions 6 and 7 of CentOS/RHEL."
|
2016-01-08 12:03:56 +03:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$(uname -m)" != "x86_64" ]; then
|
2016-01-19 10:23:17 +03:00
|
|
|
echo "This script only supports 64-bit CentOS/RHEL."
|
2016-01-15 02:42:32 +03:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2016-01-19 10:32:22 +03:00
|
|
|
if [ -f "/proc/user_beancounters" ]; then
|
|
|
|
echo "This script does NOT support OpenVZ VPS."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2016-01-08 12:03:56 +03:00
|
|
|
if [ "$(id -u)" != 0 ]; then
|
|
|
|
echo "Sorry, you need to run this script as root."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2016-01-13 08:05:16 +03:00
|
|
|
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
|
2016-01-08 12:03:56 +03:00
|
|
|
if [ "$?" != "0" ]; then
|
2016-01-19 10:23:17 +03:00
|
|
|
echo "This upgrade script requires you already have Libreswan installed."
|
2016-01-08 12:03:56 +03:00
|
|
|
echo "Aborting."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2016-01-13 08:05:16 +03:00
|
|
|
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan ${SWAN_VER}"
|
2016-01-08 12:03:56 +03:00
|
|
|
if [ "$?" = "0" ]; then
|
2016-01-18 21:37:09 +03:00
|
|
|
echo "It looks like you already have Libreswan ${SWAN_VER} installed! "
|
2016-01-08 12:03:56 +03:00
|
|
|
echo
|
2016-01-13 03:28:34 +03:00
|
|
|
printf "Do you wish to continue anyway? [y/N] "
|
|
|
|
read -r response
|
2016-01-08 12:03:56 +03:00
|
|
|
case $response in
|
|
|
|
[yY][eE][sS]|[yY])
|
|
|
|
echo
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "Aborting."
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
fi
|
|
|
|
|
2016-01-18 21:37:09 +03:00
|
|
|
clear
|
|
|
|
|
2016-01-20 08:17:18 +03:00
|
|
|
echo "Welcome! This script will build and install Libreswan ${SWAN_VER} on your server."
|
|
|
|
echo "Related packages, such as those required by Libreswan compilation will also be installed."
|
|
|
|
echo "This is intended for use on VPN servers running an older version of Libreswan."
|
2016-01-08 12:03:56 +03:00
|
|
|
echo "Your existing VPN configuration files will NOT be modified."
|
|
|
|
|
|
|
|
echo
|
2016-01-13 03:28:34 +03:00
|
|
|
printf "Do you wish to continue? [y/N] "
|
|
|
|
read -r response
|
2016-01-08 12:03:56 +03:00
|
|
|
case $response in
|
|
|
|
[yY][eE][sS]|[yY])
|
|
|
|
echo
|
|
|
|
echo "Please be patient. Setup is continuing..."
|
|
|
|
echo
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "Aborting."
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
# Create and change to working dir
|
|
|
|
mkdir -p /opt/src
|
|
|
|
cd /opt/src || { echo "Failed to change working directory to /opt/src. Aborting."; exit 1; }
|
|
|
|
|
2016-01-21 20:50:35 +03:00
|
|
|
# Install Wget
|
|
|
|
yum -y install wget
|
2016-01-08 12:03:56 +03:00
|
|
|
|
|
|
|
# Add the EPEL repository
|
|
|
|
if grep -qs "release 6" /etc/redhat-release; then
|
|
|
|
EPEL_RPM="epel-release-6-8.noarch.rpm"
|
|
|
|
EPEL_URL="http://download.fedoraproject.org/pub/epel/6/x86_64/$EPEL_RPM"
|
|
|
|
elif grep -qs "release 7" /etc/redhat-release; then
|
|
|
|
EPEL_RPM="epel-release-7-5.noarch.rpm"
|
|
|
|
EPEL_URL="http://download.fedoraproject.org/pub/epel/7/x86_64/e/$EPEL_RPM"
|
|
|
|
fi
|
2016-01-13 03:28:34 +03:00
|
|
|
wget -t 3 -T 30 -nv -O "$EPEL_RPM" "$EPEL_URL"
|
2016-01-19 11:23:21 +03:00
|
|
|
[ ! -f "$EPEL_RPM" ] && { echo "Cannot retrieve EPEL repo RPM file. Aborting."; exit 1; }
|
2016-01-13 03:28:34 +03:00
|
|
|
rpm -ivh --force "$EPEL_RPM" && /bin/rm -f "$EPEL_RPM"
|
2016-01-08 12:03:56 +03:00
|
|
|
|
|
|
|
# Install necessary packages
|
|
|
|
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
|
|
|
|
libcap-ng-devel libselinux-devel \
|
|
|
|
curl-devel gmp-devel flex bison gcc make \
|
|
|
|
fipscheck-devel unbound-devel gmp gmp-devel xmlto
|
|
|
|
|
2016-01-17 23:55:43 +03:00
|
|
|
# Installed Libevent2. Use backported version for CentOS 6.
|
2016-01-08 12:03:56 +03:00
|
|
|
if grep -qs "release 6" /etc/redhat-release; then
|
2016-01-18 20:34:29 +03:00
|
|
|
LE2_URL="https://download.libreswan.org/binaries/rhel/6/x86_64"
|
|
|
|
RPM1="libevent2-2.0.22-1.el6.x86_64.rpm"
|
|
|
|
RPM2="libevent2-devel-2.0.22-1.el6.x86_64.rpm"
|
2016-01-13 03:28:34 +03:00
|
|
|
wget -t 3 -T 30 -nv -O "$RPM1" "$LE2_URL/$RPM1"
|
|
|
|
wget -t 3 -T 30 -nv -O "$RPM2" "$LE2_URL/$RPM2"
|
2016-01-19 11:23:21 +03:00
|
|
|
[ ! -f "$RPM1" ] || [ ! -f "$RPM2" ] && { echo "Cannot retrieve Libevent2 RPM file(s). Aborting."; exit 1; }
|
2016-01-13 03:28:34 +03:00
|
|
|
rpm -ivh --force "$RPM1" "$RPM2" && /bin/rm -f "$RPM1" "$RPM2"
|
2016-01-08 12:03:56 +03:00
|
|
|
elif grep -qs "release 7" /etc/redhat-release; then
|
|
|
|
yum -y install libevent-devel
|
|
|
|
fi
|
|
|
|
|
2016-01-19 11:23:21 +03:00
|
|
|
# Compile and install Libreswan
|
2016-01-13 03:28:34 +03:00
|
|
|
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz"
|
|
|
|
SWAN_URL="https://download.libreswan.org/${SWAN_FILE}"
|
|
|
|
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
|
2016-01-19 11:23:21 +03:00
|
|
|
[ ! -f "$SWAN_FILE" ] && { echo "Cannot retrieve Libreswan source file. Aborting."; exit 1; }
|
2016-01-08 12:03:56 +03:00
|
|
|
/bin/rm -rf "/opt/src/libreswan-${SWAN_VER}"
|
2016-01-13 03:28:34 +03:00
|
|
|
tar xvzf "$SWAN_FILE" && rm -f "$SWAN_FILE"
|
2016-01-19 11:23:21 +03:00
|
|
|
cd "libreswan-${SWAN_VER}" || { echo "Failed to enter Libreswan source dir. Aborting."; exit 1; }
|
2016-01-08 12:03:56 +03:00
|
|
|
make programs && make install
|
|
|
|
|
2016-01-17 23:55:43 +03:00
|
|
|
# Restore SELinux contexts
|
2016-01-21 20:50:35 +03:00
|
|
|
/sbin/restorecon /etc/ipsec.d/*db 2>/dev/null
|
|
|
|
/sbin/restorecon /usr/local/sbin -Rv 2>/dev/null
|
|
|
|
/sbin/restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
|
2016-01-17 23:55:43 +03:00
|
|
|
|
2016-01-20 08:17:18 +03:00
|
|
|
# Restart IPsec service
|
2016-01-17 23:55:43 +03:00
|
|
|
/sbin/service ipsec restart
|
|
|
|
|
2016-01-21 20:50:35 +03:00
|
|
|
# Check if the install was successful
|
2016-01-13 08:05:16 +03:00
|
|
|
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "${SWAN_VER}"
|
2016-01-21 20:50:35 +03:00
|
|
|
[ "$?" != "0" ] && { echo "Sorry, Libreswan ${SWAN_VER} failed to compile or install. Aborting."; exit 1; }
|
2016-01-08 12:03:56 +03:00
|
|
|
|
|
|
|
echo
|
|
|
|
echo "Congratulations! Libreswan ${SWAN_VER} was installed successfully!"
|
|
|
|
exit 0
|