mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 13:06:02 +03:00
Code Issues Projects Releases Wiki Activity

New Libreswan version

Browse Source 
- Use new Libreswan version 4.9.
- Compilation of Libreswan 4.9 on Ubuntu 18.04 requires newer
  versions of NSS packages. They are installed in a similar way
  as apply_ubuntu1804_nss_fix in ikev2setup.sh.
  Ref: https://github.com/libreswan/libreswan/issues/892
This commit is contained in:
hwdsl2 2022-10-21 00:10:58 -05:00
parent f82e65d871
commit 28d1f494f0
4 changed files with 37 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
vpnsetup_alpine.sh
View File

@ -230,7 +230,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.7 SWAN_VER=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -284,7 +284,6 @@ WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true USE_DH2=true
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
USE_GLIBC_KERN_FLIP_HEADERS=true
EOF EOF
NPROCS=$(grep -c ^processor /proc/cpuinfo) NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1

4
vpnsetup_amzn.sh
View File

@ -244,7 +244,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.7 SWAN_VER=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-amzn-2-swanver" swan_ver_url="$base_url/v1-amzn-2-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -298,6 +298,8 @@ WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true USE_DH2=true
USE_NSS_KDF=false USE_NSS_KDF=false
USE_LINUX_AUDIT=false
USE_SECCOMP=false
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
EOF EOF
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then

4
vpnsetup_centos.sh
View File

@ -350,7 +350,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.7 SWAN_VER=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -404,6 +404,8 @@ WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true USE_DH2=true
USE_NSS_KDF=false USE_NSS_KDF=false
USE_LINUX_AUDIT=false
USE_SECCOMP=false
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
EOF EOF
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then

31
vpnsetup_ubuntu.sh
View File

@ -260,6 +260,34 @@ install_vpn_pkgs() {
) || exiterr2 ) || exiterr2
} }
install_nss_pkgs() {
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
bigecho "Installing NSS packages on Ubuntu 18.04..."
if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
nss_dl=0
if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$nss_url1/$nss_deb1" \
&& wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$nss_url1/$nss_deb2" \
&& wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$nss_url2/$nss_deb3"; then
apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
else
nss_dl=1
echo "Error: Could not download NSS packages." >&2
fi
/bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
/bin/rmdir "$tmpdir"
[ "$nss_dl" = 1 ] && exit 1
else
exiterr "Could not create temporary directory."
fi
fi
}
install_fail2ban() { install_fail2ban() {
bigecho "Installing Fail2Ban to protect SSH..." bigecho "Installing Fail2Ban to protect SSH..."
( (
@ -290,7 +318,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.7 SWAN_VER=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -731,6 +759,7 @@ vpnsetup() {
install_setup_pkgs install_setup_pkgs
detect_ip detect_ip
install_vpn_pkgs install_vpn_pkgs
install_nss_pkgs
install_fail2ban install_fail2ban
get_helper_scripts get_helper_scripts
get_libreswan get_libreswan