Improve RPi workarounds
- Improve workarounds for systems with ARM CPU (e.g. Raspberry Pi) - Check for ARM architecture instead of checking for Raspbian
This commit is contained in:
parent
fa5abe7825
commit
21228a8caf
@ -163,7 +163,7 @@ fi
|
|||||||
# Update ipsec.conf for Libreswan 3.19 and newer
|
# Update ipsec.conf for Libreswan 3.19 and newer
|
||||||
IKE_NEW=" ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512"
|
IKE_NEW=" ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512"
|
||||||
PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512"
|
PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512"
|
||||||
if grep -qs raspbian /etc/os-release; then
|
if [ "$(uname -m | cut -c1-3)" = "arm" ]; then
|
||||||
PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2"
|
PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2"
|
||||||
fi
|
fi
|
||||||
sed -i".old-$(date +%F-%T)" \
|
sed -i".old-$(date +%F-%T)" \
|
||||||
|
12
vpnsetup.sh
12
vpnsetup.sh
@ -75,7 +75,7 @@ def_iface="$(route 2>/dev/null | grep '^default' | grep -o '[^ ]*$')"
|
|||||||
|
|
||||||
def_iface_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
|
def_iface_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
|
||||||
if [ -n "$def_iface_state" ] && [ "$def_iface_state" != "down" ]; then
|
if [ -n "$def_iface_state" ] && [ "$def_iface_state" != "down" ]; then
|
||||||
if ! grep -qs raspbian /etc/os-release; then
|
if [ "$(uname -m | cut -c1-3)" != "arm" ]; then
|
||||||
case "$def_iface" in
|
case "$def_iface" in
|
||||||
wl*)
|
wl*)
|
||||||
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
|
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
|
||||||
@ -268,14 +268,12 @@ conn xauth-psk
|
|||||||
also=shared
|
also=shared
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Workaround for Raspbian 9
|
# Workarounds for systems with ARM CPU (e.g. Raspberry Pi)
|
||||||
if grep -qs 'Raspbian GNU/Linux 9' /etc/os-release; then
|
# - Set "left" to private IP instead of "%defaultroute"
|
||||||
|
# - Remove unsupported ESP algorithm
|
||||||
|
if [ "$(uname -m | cut -c1-3)" = "arm" ]; then
|
||||||
PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}')
|
PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}')
|
||||||
check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf
|
check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf
|
||||||
fi
|
|
||||||
|
|
||||||
# Remove unsupported ESP algorithm on Raspbian
|
|
||||||
if grep -qs raspbian /etc/os-release; then
|
|
||||||
sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
|
sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user