Improve version check
- Add check for some Libreswan versions that are not available - Include Libreswan 3.25 in multiple IPsec/XAuth clients warning - Cleanup notes
This commit is contained in:
parent
41ce696f08
commit
145f29b477
@ -47,6 +47,12 @@ if [ -z "$SWAN_VER" ]; then
|
|||||||
exiterr "Libreswan version 'SWAN_VER' not specified."
|
exiterr "Libreswan version 'SWAN_VER' not specified."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
case "$SWAN_VER" in
|
||||||
|
3.24|3.2[6-9])
|
||||||
|
exiterr "Libreswan version $SWAN_VER is not available."
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
ipsec_ver="$(/usr/local/sbin/ipsec --version 2>/dev/null)"
|
ipsec_ver="$(/usr/local/sbin/ipsec --version 2>/dev/null)"
|
||||||
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
||||||
exiterr "This script requires Libreswan already installed."
|
exiterr "This script requires Libreswan already installed."
|
||||||
@ -89,11 +95,11 @@ Version to be installed: Libreswan $SWAN_VER
|
|||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ "$SWAN_VER" = "3.23" ]; then
|
if [ "$SWAN_VER" = "3.23" ] || [ "$SWAN_VER" = "3.25" ]; then
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Libreswan 3.23 has an issue with connecting multiple IPsec/XAuth
|
WARNING: Libreswan 3.23 and 3.25 have an issue with connecting multiple
|
||||||
VPN clients from behind the same NAT (e.g. home router).
|
IPsec/XAuth VPN clients from behind the same NAT (e.g. home router).
|
||||||
Do not upgrade to 3.23 if your use cases include the above.
|
DO NOT upgrade to 3.23/3.25 if your use cases include the above.
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
@ -203,8 +209,7 @@ echo
|
|||||||
case "$SWAN_VER" in
|
case "$SWAN_VER" in
|
||||||
3.2[3-9])
|
3.2[3-9])
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
NOTE: Users upgrading to Libreswan 3.23 or newer should edit
|
NOTE: Users upgrading to Libreswan 3.23 or newer should edit "/etc/ipsec.conf" and replace these two lines:
|
||||||
"/etc/ipsec.conf" and replace these two lines:
|
|
||||||
modecfgdns1=DNS_SERVER_1
|
modecfgdns1=DNS_SERVER_1
|
||||||
modecfgdns2=DNS_SERVER_2
|
modecfgdns2=DNS_SERVER_2
|
||||||
with a single line like this:
|
with a single line like this:
|
||||||
@ -217,8 +222,7 @@ esac
|
|||||||
|
|
||||||
if [ "$is_downgrade_to_322" = "1" ]; then
|
if [ "$is_downgrade_to_322" = "1" ]; then
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
NOTE: Users downgrading to Libreswan 3.22 should edit
|
NOTE: Users downgrading to Libreswan 3.22 should edit "/etc/ipsec.conf" and replace this line:
|
||||||
"/etc/ipsec.conf" and replace this line:
|
|
||||||
modecfgdns="DNS_SERVER_1, DNS_SERVER_2"
|
modecfgdns="DNS_SERVER_1, DNS_SERVER_2"
|
||||||
with two lines like this:
|
with two lines like this:
|
||||||
modecfgdns1=DNS_SERVER_1
|
modecfgdns1=DNS_SERVER_1
|
||||||
|
@ -38,6 +38,12 @@ if [ -z "$SWAN_VER" ]; then
|
|||||||
exiterr "Libreswan version 'SWAN_VER' not specified."
|
exiterr "Libreswan version 'SWAN_VER' not specified."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
case "$SWAN_VER" in
|
||||||
|
3.24|3.2[6-9])
|
||||||
|
exiterr "Libreswan version $SWAN_VER is not available."
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
ipsec_ver="$(/usr/local/sbin/ipsec --version 2>/dev/null)"
|
ipsec_ver="$(/usr/local/sbin/ipsec --version 2>/dev/null)"
|
||||||
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
||||||
exiterr "This script requires Libreswan already installed."
|
exiterr "This script requires Libreswan already installed."
|
||||||
@ -80,11 +86,11 @@ Version to be installed: Libreswan $SWAN_VER
|
|||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ "$SWAN_VER" = "3.23" ]; then
|
if [ "$SWAN_VER" = "3.23" ] || [ "$SWAN_VER" = "3.25" ]; then
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Libreswan 3.23 has an issue with connecting multiple IPsec/XAuth
|
WARNING: Libreswan 3.23 and 3.25 have an issue with connecting multiple
|
||||||
VPN clients from behind the same NAT (e.g. home router).
|
IPsec/XAuth VPN clients from behind the same NAT (e.g. home router).
|
||||||
Do not upgrade to 3.23 if your use cases include the above.
|
DO NOT upgrade to 3.23/3.25 if your use cases include the above.
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
@ -204,8 +210,7 @@ echo
|
|||||||
case "$SWAN_VER" in
|
case "$SWAN_VER" in
|
||||||
3.2[3-9])
|
3.2[3-9])
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
NOTE: Users upgrading to Libreswan 3.23 or newer should edit
|
NOTE: Users upgrading to Libreswan 3.23 or newer should edit "/etc/ipsec.conf" and replace these two lines:
|
||||||
"/etc/ipsec.conf" and replace these two lines:
|
|
||||||
modecfgdns1=DNS_SERVER_1
|
modecfgdns1=DNS_SERVER_1
|
||||||
modecfgdns2=DNS_SERVER_2
|
modecfgdns2=DNS_SERVER_2
|
||||||
with a single line like this:
|
with a single line like this:
|
||||||
@ -218,8 +223,7 @@ esac
|
|||||||
|
|
||||||
if [ "$is_downgrade_to_322" = "1" ]; then
|
if [ "$is_downgrade_to_322" = "1" ]; then
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
NOTE: Users downgrading to Libreswan 3.22 should edit
|
NOTE: Users downgrading to Libreswan 3.22 should edit "/etc/ipsec.conf" and replace this line:
|
||||||
"/etc/ipsec.conf" and replace this line:
|
|
||||||
modecfgdns="DNS_SERVER_1, DNS_SERVER_2"
|
modecfgdns="DNS_SERVER_1, DNS_SERVER_2"
|
||||||
with two lines like this:
|
with two lines like this:
|
||||||
modecfgdns1=DNS_SERVER_1
|
modecfgdns1=DNS_SERVER_1
|
||||||
|
Loading…
Reference in New Issue
Block a user