mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-02-08 00:09:24 +03:00
Code Issues Projects Releases Wiki Activity

New Libreswan version

Browse Source 
- Use new Libreswan version 4.2
- Support updating to Libreswan 4.2 from older versions. The upgrade
  scripts can now install one of these versions: 3.32, 4.1 or 4.2.
- Other small improvements
- Update tests
This commit is contained in:
hwdsl2 2021-02-04 01:47:04 -06:00
parent d178512b98
commit 1808095bb7
8 changed files with 175 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.github/workflows/main.yml vendored
View File

@ -243,7 +243,7 @@ jobs:
fi
sed -i '/swan_ver_url/s/^/#/' vpnupgrade.sh
sed -i '/^SWAN_VER=/s/4.1/3.32/' vpnupgrade.sh
sed -i 's/^SWAN_VER=.*/SWAN_VER=3.32/' vpnupgrade.sh
sh vpnupgrade.sh <<ANSWERS
y
ANSWERS
@ -269,7 +269,33 @@ jobs:
pkill -HUP rsyslog
fi
sed -i '/^SWAN_VER=/s/3.32/4.1/' vpnupgrade.sh
sed -i 's/^SWAN_VER=.*/SWAN_VER=4.1/' vpnupgrade.sh
sh vpnupgrade.sh <<ANSWERS
y
ANSWERS
if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
systemctl restart ipsec
sleep 10
grep pluto /var/log/secure
else
sleep 10
grep pluto /var/log/auth.log
fi
ipsec status
ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp
if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
sed -i '/pluto/d' /var/log/secure
pkill -HUP rsyslog
else
sed -i '/pluto/d' /var/log/auth.log
pkill -HUP rsyslog
fi
sed -i 's/^SWAN_VER=.*/SWAN_VER=4.2/' vpnupgrade.sh
sh vpnupgrade.sh <<ANSWERS
y
ANSWERS
@ -503,7 +529,7 @@ jobs:
wget -t 3 -T 30 -nv -O vpnupgrade.sh https://git.io/vpnupgrade
sed -i '/swan_ver_url/s/^/#/' vpnupgrade.sh
sed -i '/^SWAN_VER=/s/4.1/3.32/' vpnupgrade.sh
sed -i 's/^SWAN_VER=.*/SWAN_VER=3.32/' vpnupgrade.sh
sh vpnupgrade.sh <<ANSWERS
y
ANSWERS
@ -518,7 +544,22 @@ jobs:
sed -i '/pluto/d' /var/log/auth.log
pkill -HUP rsyslog
sed -i '/^SWAN_VER=/s/3.32/4.1/' vpnupgrade.sh
sed -i 's/^SWAN_VER=.*/SWAN_VER=4.1/' vpnupgrade.sh
sh vpnupgrade.sh <<ANSWERS
y
ANSWERS
sleep 10
grep pluto /var/log/auth.log
ipsec status
ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp
sed -i '/pluto/d' /var/log/auth.log
pkill -HUP rsyslog
sed -i 's/^SWAN_VER=.*/SWAN_VER=4.2/' vpnupgrade.sh
sh vpnupgrade.sh <<ANSWERS
y
ANSWERS

8
extras/ikev2setup.sh
View File

@ -218,7 +218,8 @@ check_swan_ver() {
select_swan_update() {
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$swan_ver" != "$swan_ver_latest" ]; then
&& [ "$swan_ver" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo " It is recommended to update Libreswan before setting up IKEv2."
if [ "$in_container" = "0" ]; then
@ -1038,11 +1039,12 @@ EOF
show_swan_update_info() {
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$swan_ver" != "$swan_ver_latest" ]; then
&& [ "$swan_ver" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then
echo
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
if [ "$in_container" = "0" ]; then
echo "To update to the new version, run:"
echo " To update, run:"
update_url=vpnupgrade
if [ "$os_type" = "centos" ] || [ "$os_type" = "rhel" ]; then
update_url=vpnupgrade-centos

45
extras/vpnupgrade.sh
View File

@ -14,7 +14,7 @@
# know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.1
SWAN_VER=4.2
### DO NOT edit below this line ###
@ -59,14 +59,14 @@ if [ "$(id -u)" != 0 ]; then
fi
case $SWAN_VER in
3.2[679]|3.3[12]|4.1)
3.32|4.[12])
/bin/true
;;
*)
cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of the following versions:
3.26-3.27, 3.29, 3.31-3.32 or 4.1
This script can install one of these versions:
3.32, 4.1 or 4.2
EOF
exit 1
;;
@ -83,13 +83,14 @@ EOF
exit 1
fi
swan_ver_cur=4.1
swan_ver_cur=4.2
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To update to the new version, exit the script and run:"
echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh"
echo
@ -137,7 +138,7 @@ Version to install: Libreswan $SWAN_VER
EOF
cat <<'EOF'
NOTE: This script will make the following changes to your VPN configuration:
Note: This script will make the following changes to your VPN configuration:
- Fix obsolete ipsec.conf and/or ikev2.conf options
- Optimize VPN ciphers
@ -145,7 +146,7 @@ NOTE: This script will make the following changes to your VPN configuration:
EOF
if [ "$SWAN_VER" != "4.1" ]; then
if [ "$SWAN_VER" != "4.2" ]; then
cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information.
@ -179,7 +180,7 @@ apt-get -yq update || exiterr "'apt-get update' failed."
# Install necessary packages
apt-get -yq install libnss3-dev libnspr4-dev pkg-config \
libpam0g-dev libcap-ng-dev libcap-ng-utils libselinux1-dev \
libcurl4-nss-dev libnss3-tools libevent-dev \
libcurl4-nss-dev libnss3-tools libevent-dev libsystemd-dev \
flex bison gcc make wget sed || exiterr2
# Compile and install Libreswan
@ -192,19 +193,12 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1
[ "$SWAN_VER" = "3.26" ] && sed -i 's/-lfreebl //' mk/config.mk
[ "$SWAN_VER" = "3.26" ] && sed -i '/blapi\.h/d' programs/pluto/keys.c
if [ "$SWAN_VER" = "3.31" ]; then
sed -i '916iif (!st->st_seen_fragvid) { return FALSE; }' programs/pluto/ikev2.c
sed -i '1033s/if (/if (LIN(POLICY_IKE_FRAG_ALLOW, sk->ike->sa.st_connection->policy) \&\& sk->ike->sa.st_seen_fragvid \&\& /' \
programs/pluto/ikev2_message.c
fi
[ "$SWAN_VER" = "4.1" ] && sed -i 's/ sysv )/ sysvinit )/' programs/setup/setup.in
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w
USE_DNSSEC=false
EOF
if [ "$SWAN_VER" != "4.1" ] || ! grep -qs 'VERSION_CODENAME=' /etc/os-release; then
if [ "$SWAN_VER" = "3.32" ] || ! grep -qs 'VERSION_CODENAME=' /etc/os-release; then
cat >> Makefile.inc.local <<'EOF'
USE_DH31=false
USE_NSS_AVA_COPY=true
@ -212,19 +206,14 @@ USE_NSS_IPSEC_PROFILE=false
USE_GLIBC_KERN_FLIP_HEADERS=true
EOF
fi
if [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ] || [ "$SWAN_VER" = "4.1" ]; then
echo "USE_DH2=true" >> Makefile.inc.local
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
fi
fi
if [ "$SWAN_VER" = "4.1" ]; then
if [ "$SWAN_VER" != "3.32" ]; then
echo "USE_NSS_KDF=false" >> Makefile.inc.local
echo "FINALNSSDIR=/etc/ipsec.d" >> Makefile.inc.local
fi
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
apt-get -yq install libsystemd-dev || exiterr2
fi
NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1
make "-j$((NPROCS+1))" -s base && make -s install-base
@ -269,12 +258,8 @@ elif [ "$dns_state" = "2" ]; then
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
fi
case $SWAN_VER in
3.29|3.3[12]|4.1)
sed -i "/ikev2=never/d" /etc/ipsec.conf
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
;;
esac
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
@ -297,8 +282,8 @@ EOF
if [ "$dns_state" = "3" ]; then
cat <<'EOF'
IMPORTANT: Users upgrading to Libreswan 3.23 or newer must edit /etc/ipsec.conf
and replace all occurrences of these two lines:
IMPORTANT: You must edit /etc/ipsec.conf and replace
all occurrences of these two lines:
modecfgdns1=DNS_SERVER_1
modecfgdns2=DNS_SERVER_2

38
extras/vpnupgrade_amzn.sh
View File

@ -14,7 +14,7 @@
# know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.1
SWAN_VER=4.2
### DO NOT edit below this line ###
@ -38,14 +38,14 @@ if [ "$(id -u)" != 0 ]; then
fi
case $SWAN_VER in
3.2[679]|3.3[12]|4.1)
3.32|4.[12])
/bin/true
;;
*)
cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of the following versions:
3.26-3.27, 3.29, 3.31-3.32 or 4.1
This script can install one of these versions:
3.32, 4.1 or 4.2
EOF
exit 1
;;
@ -62,13 +62,14 @@ EOF
exit 1
fi
swan_ver_cur=4.1
swan_ver_cur=4.2
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To update to the new version, exit the script and run:"
echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh"
echo
@ -116,7 +117,7 @@ Version to install: Libreswan $SWAN_VER
EOF
cat <<'EOF'
NOTE: This script will make the following changes to your VPN configuration:
Note: This script will make the following changes to your VPN configuration:
- Fix obsolete ipsec.conf and/or ikev2.conf options
- Optimize VPN ciphers
@ -124,7 +125,7 @@ NOTE: This script will make the following changes to your VPN configuration:
EOF
if [ "$SWAN_VER" != "4.1" ]; then
if [ "$SWAN_VER" != "4.2" ]; then
cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information.
@ -170,25 +171,16 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1
[ "$SWAN_VER" = "3.26" ] && sed -i 's/-lfreebl //' mk/config.mk
[ "$SWAN_VER" = "3.26" ] && sed -i '/blapi\.h/d' programs/pluto/keys.c
if [ "$SWAN_VER" = "3.31" ]; then
sed -i '916iif (!st->st_seen_fragvid) { return FALSE; }' programs/pluto/ikev2.c
sed -i '1033s/if (/if (LIN(POLICY_IKE_FRAG_ALLOW, sk->ike->sa.st_connection->policy) \&\& sk->ike->sa.st_seen_fragvid \&\& /' \
programs/pluto/ikev2_message.c
fi
[ "$SWAN_VER" = "4.1" ] && sed -i 's/ sysv )/ sysvinit )/' programs/setup/setup.in
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w
USE_DNSSEC=false
EOF
if [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ] || [ "$SWAN_VER" = "4.1" ]; then
echo "USE_DH2=true" >> Makefile.inc.local
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
fi
fi
if [ "$SWAN_VER" = "4.1" ]; then
if [ "$SWAN_VER" != "3.32" ]; then
echo "USE_NSS_KDF=false" >> Makefile.inc.local
echo "FINALNSSDIR=/etc/ipsec.d" >> Makefile.inc.local
fi
@ -235,12 +227,8 @@ elif [ "$dns_state" = "2" ]; then
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
fi
case $SWAN_VER in
3.29|3.3[12]|4.1)
sed -i "/ikev2=never/d" /etc/ipsec.conf
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
;;
esac
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
@ -263,8 +251,8 @@ EOF
if [ "$dns_state" = "3" ]; then
cat <<'EOF'
IMPORTANT: Users upgrading to Libreswan 3.23 or newer must edit /etc/ipsec.conf
and replace all occurrences of these two lines:
IMPORTANT: You must edit /etc/ipsec.conf and replace
all occurrences of these two lines:
modecfgdns1=DNS_SERVER_1
modecfgdns2=DNS_SERVER_2

38
extras/vpnupgrade_centos.sh
View File

@ -14,7 +14,7 @@
# know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.1
SWAN_VER=4.2
### DO NOT edit below this line ###
@ -50,14 +50,14 @@ if [ "$(id -u)" != 0 ]; then
fi
case $SWAN_VER in
3.2[679]|3.3[12]|4.1)
3.32|4.[12])
/bin/true
;;
*)
cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of the following versions:
3.26-3.27, 3.29, 3.31-3.32 or 4.1
This script can install one of these versions:
3.32, 4.1 or 4.2
EOF
exit 1
;;
@ -74,13 +74,14 @@ EOF
exit 1
fi
swan_ver_cur=4.1
swan_ver_cur=4.2
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To update to the new version, exit the script and run:"
echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh"
echo
@ -128,7 +129,7 @@ Version to install: Libreswan $SWAN_VER
EOF
cat <<'EOF'
NOTE: This script will make the following changes to your VPN configuration:
Note: This script will make the following changes to your VPN configuration:
- Fix obsolete ipsec.conf and/or ikev2.conf options
- Optimize VPN ciphers
@ -136,7 +137,7 @@ NOTE: This script will make the following changes to your VPN configuration:
EOF
if [ "$SWAN_VER" != "4.1" ]; then
if [ "$SWAN_VER" != "4.2" ]; then
cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information.
@ -194,25 +195,16 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1
[ "$SWAN_VER" = "3.26" ] && sed -i 's/-lfreebl //' mk/config.mk
[ "$SWAN_VER" = "3.26" ] && sed -i '/blapi\.h/d' programs/pluto/keys.c
if [ "$SWAN_VER" = "3.31" ]; then
sed -i '916iif (!st->st_seen_fragvid) { return FALSE; }' programs/pluto/ikev2.c
sed -i '1033s/if (/if (LIN(POLICY_IKE_FRAG_ALLOW, sk->ike->sa.st_connection->policy) \&\& sk->ike->sa.st_seen_fragvid \&\& /' \
programs/pluto/ikev2_message.c
fi
[ "$SWAN_VER" = "4.1" ] && sed -i 's/ sysv )/ sysvinit )/' programs/setup/setup.in
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w
USE_DNSSEC=false
EOF
if [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ] || [ "$SWAN_VER" = "4.1" ]; then
echo "USE_DH2=true" >> Makefile.inc.local
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
fi
fi
if [ "$SWAN_VER" = "4.1" ]; then
if [ "$SWAN_VER" != "3.32" ]; then
echo "USE_NSS_KDF=false" >> Makefile.inc.local
echo "FINALNSSDIR=/etc/ipsec.d" >> Makefile.inc.local
fi
@ -259,12 +251,8 @@ elif [ "$dns_state" = "2" ]; then
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
fi
case $SWAN_VER in
3.29|3.3[12]|4.1)
sed -i "/ikev2=never/d" /etc/ipsec.conf
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
;;
esac
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
@ -287,8 +275,8 @@ EOF
if [ "$dns_state" = "3" ]; then
cat <<'EOF'
IMPORTANT: Users upgrading to Libreswan 3.23 or newer must edit /etc/ipsec.conf
and replace all occurrences of these two lines:
IMPORTANT: You must edit /etc/ipsec.conf and replace
all occurrences of these two lines:
modecfgdns1=DNS_SERVER_1
modecfgdns2=DNS_SERVER_2

14
vpnsetup.sh
View File

@ -187,7 +187,7 @@ bigecho "Installing packages required for the VPN..."
apt-get -yq install libnss3-dev libnspr4-dev pkg-config \
libpam0g-dev libcap-ng-dev libcap-ng-utils libselinux1-dev \
libcurl4-nss-dev flex bison gcc make libnss3-tools \
libevent-dev ppp xl2tpd || exiterr2
libevent-dev libsystemd-dev ppp xl2tpd || exiterr2
bigecho "Installing Fail2Ban to protect SSH..."
@ -195,7 +195,7 @@ apt-get -yq install fail2ban || exiterr2
bigecho "Compiling and installing Libreswan..."
SWAN_VER=4.1
SWAN_VER=4.2
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
@ -205,7 +205,6 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1
sed -i 's/ sysv )/ sysvinit )/' programs/setup/setup.in
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w
USE_DNSSEC=false
@ -224,9 +223,6 @@ fi
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
fi
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
apt-get -yq install libsystemd-dev || exiterr2
fi
NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1
make "-j$((NPROCS+1))" -s base && make -s install-base
@ -514,10 +510,12 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$SWAN_VER" != "$swan_ver_latest" ]; then
&& [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run:
wget https://git.io/vpnupgrade -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF

9
vpnsetup_amzn.sh
View File

@ -156,7 +156,7 @@ yum "$REPO1" -y install fail2ban || exiterr2
bigecho "Compiling and installing Libreswan..."
SWAN_VER=4.1
SWAN_VER=4.2
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
@ -166,7 +166,6 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1
sed -i 's/ sysv )/ sysvinit )/' programs/setup/setup.in
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w
USE_DNSSEC=false
@ -432,10 +431,12 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$SWAN_VER" != "$swan_ver_latest" ]; then
&& [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run:
wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF

9
vpnsetup_centos.sh
View File

@ -187,7 +187,7 @@ yum "$REPO1" -y install fail2ban || exiterr2
bigecho "Compiling and installing Libreswan..."
SWAN_VER=4.1
SWAN_VER=4.2
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
@ -197,7 +197,6 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1
sed -i 's/ sysv )/ sysvinit )/' programs/setup/setup.in
cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w
USE_DNSSEC=false
@ -500,10 +499,12 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$SWAN_VER" != "$swan_ver_latest" ]; then
&& [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run:
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF