1
0
mirror of synced 2024-11-23 05:26:02 +03:00

Improve RPi workarounds

- Improve workarounds for systems with ARM CPU (e.g. Raspberry Pi)
- Check for ARM architecture instead of checking for Raspbian
This commit is contained in:
hwdsl2 2018-02-03 16:55:54 -06:00
parent fa5abe7825
commit 21228a8caf
2 changed files with 6 additions and 8 deletions

View File

@ -163,7 +163,7 @@ fi
# Update ipsec.conf for Libreswan 3.19 and newer # Update ipsec.conf for Libreswan 3.19 and newer
IKE_NEW=" ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512" IKE_NEW=" ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512"
PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512" PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512"
if grep -qs raspbian /etc/os-release; then if [ "$(uname -m | cut -c1-3)" = "arm" ]; then
PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2" PHASE2_NEW=" phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2"
fi fi
sed -i".old-$(date +%F-%T)" \ sed -i".old-$(date +%F-%T)" \

View File

@ -75,7 +75,7 @@ def_iface="$(route 2>/dev/null | grep '^default' | grep -o '[^ ]*$')"
def_iface_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null) def_iface_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
if [ -n "$def_iface_state" ] && [ "$def_iface_state" != "down" ]; then if [ -n "$def_iface_state" ] && [ "$def_iface_state" != "down" ]; then
if ! grep -qs raspbian /etc/os-release; then if [ "$(uname -m | cut -c1-3)" != "arm" ]; then
case "$def_iface" in case "$def_iface" in
wl*) wl*)
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!" exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
@ -268,14 +268,12 @@ conn xauth-psk
also=shared also=shared
EOF EOF
# Workaround for Raspbian 9 # Workarounds for systems with ARM CPU (e.g. Raspberry Pi)
if grep -qs 'Raspbian GNU/Linux 9' /etc/os-release; then # - Set "left" to private IP instead of "%defaultroute"
# - Remove unsupported ESP algorithm
if [ "$(uname -m | cut -c1-3)" = "arm" ]; then
PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}') PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}')
check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf
fi
# Remove unsupported ESP algorithm on Raspbian
if grep -qs raspbian /etc/os-release; then
sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
fi fi