From 2991302d574faedec95ac9f7259b465c399a531e Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Tue, 15 Oct 2024 22:35:39 -0500 Subject: [PATCH] Improve nftables rules - Fixed an issue where AlmaLinux 9 users may encounter the error "unsupported xtables compat expression" for xt target "MASQUERADE", which prevents nftables rules from loading. This could happen if the server already has OpenVPN and/or WireGuard installed before installing the IPsec VPN. --- vpnsetup_centos.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index a6837e3..b6f39d0 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -728,6 +728,9 @@ start_services() { restorecon /usr/local/sbin -Rv 2>/dev/null restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null if [ "$use_nft" = 1 ]; then + if ! nft -c -f "$IPT_FILE" >/dev/null 2>&1; then + sed -i '/ip6 saddr fddd:\(2c4\|1194\):/s/xt target "MASQUERADE"/masquerade/' "$IPT_FILE" + fi nft -f "$IPT_FILE" else iptables-restore < "$IPT_FILE"