mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-01-31 20:41:42 +03:00
Code Issues Projects Releases Wiki Activity

Improve Libreswan versions

Browse Source 
- Add compilation workarounds specific to Libreswan 3.23/3.25 to the VPN
  setup scripts, so that users may install those versions by modifying
  SWAN_VER before running the scripts
- Cleanup
This commit is contained in:
hwdsl2 2018-09-11 00:03:04 -05:00
parent 8d90a3877c
commit 2fe44b172e
2 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
vpnsetup.sh
View File

@ -180,9 +180,7 @@ case "$(uname -r)" in
l2tp_file="$l2tp_dir.tar.gz" l2tp_file="$l2tp_dir.tar.gz"
l2tp_url="https://github.com/xelerance/xl2tpd/archive/v$L2TP_VER.tar.gz" l2tp_url="https://github.com/xelerance/xl2tpd/archive/v$L2TP_VER.tar.gz"
apt-get -yq install libpcap0.8-dev || exiterr2 apt-get -yq install libpcap0.8-dev || exiterr2
if ! wget -t 3 -T 30 -nv -O "$l2tp_file" "$l2tp_url"; then wget -t 3 -T 30 -nv -O "$l2tp_file" "$l2tp_url" || exit 1
exit 1
fi
/bin/rm -rf "/opt/src/$l2tp_dir" /bin/rm -rf "/opt/src/$l2tp_dir"
tar xzf "$l2tp_file" && /bin/rm -f "$l2tp_file" tar xzf "$l2tp_file" && /bin/rm -f "$l2tp_file"
cd "$l2tp_dir" && make -s 2>/dev/null && PREFIX=/usr make -s install cd "$l2tp_dir" && make -s 2>/dev/null && PREFIX=/usr make -s install
@ -198,8 +196,6 @@ apt-get -yq install fail2ban || exiterr2
bigecho "Compiling and installing Libreswan..." bigecho "Compiling and installing Libreswan..."
# Note: DO NOT EDIT. To install a different Libreswan version,
# run the upgrade scripts in this repo after install.
SWAN_VER=3.22 SWAN_VER=3.22
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
@ -210,10 +206,12 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1 cd "libreswan-$SWAN_VER" || exit 1
sed -i '/^#define LSWBUF_CANARY/s/-2$/((char) -2)/' include/lswlog.h [ "$SWAN_VER" = "3.22" ] && sed -i '/^#define LSWBUF_CANARY/s/-2$/((char) -2)/' include/lswlog.h
sed -i '/docker-targets\.mk/d' Makefile
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS = WERROR_CFLAGS =
USE_DNSSEC = false USE_DNSSEC = false
USE_GLIBC_KERN_FLIP_HEADERS = true
EOF EOF
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
apt-get -yq install libsystemd-dev || exiterr2 apt-get -yq install libsystemd-dev || exiterr2
@ -291,6 +289,13 @@ conn xauth-psk
also=shared also=shared
EOF EOF
case "$SWAN_VER" in
3.2[35])
sed -i "/modecfgdns/d" /etc/ipsec.conf
echo " modecfgdns=\"$DNS_SRV1, $DNS_SRV2\"" >> /etc/ipsec.conf
;;
esac
if ip -4 route list 0/0 2>/dev/null | grep -qs ' src '; then if ip -4 route list 0/0 2>/dev/null | grep -qs ' src '; then
PRIVATE_IP=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}') PRIVATE_IP=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}')
check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf

17
vpnsetup_centos.sh
View File

@ -170,9 +170,7 @@ case "$(uname -r)" in
l2tp_file="$l2tp_dir.tar.gz" l2tp_file="$l2tp_dir.tar.gz"
l2tp_url="https://github.com/xelerance/xl2tpd/archive/v$L2TP_VER.tar.gz" l2tp_url="https://github.com/xelerance/xl2tpd/archive/v$L2TP_VER.tar.gz"
yum "$REPO2" "$REPO3" -y install libpcap-devel || exiterr2 yum "$REPO2" "$REPO3" -y install libpcap-devel || exiterr2
if ! wget -t 3 -T 30 -nv -O "$l2tp_file" "$l2tp_url"; then wget -t 3 -T 30 -nv -O "$l2tp_file" "$l2tp_url" || exit 1
exit 1
fi
/bin/rm -rf "/opt/src/$l2tp_dir" /bin/rm -rf "/opt/src/$l2tp_dir"
tar xzf "$l2tp_file" && /bin/rm -f "$l2tp_file" tar xzf "$l2tp_file" && /bin/rm -f "$l2tp_file"
cd "$l2tp_dir" && make -s 2>/dev/null && PREFIX=/usr make -s install cd "$l2tp_dir" && make -s 2>/dev/null && PREFIX=/usr make -s install
@ -188,8 +186,6 @@ yum "$REPO1" -y install fail2ban || exiterr2
bigecho "Compiling and installing Libreswan..." bigecho "Compiling and installing Libreswan..."
# Note: DO NOT EDIT. To install a different Libreswan version,
# run the upgrade scripts in this repo after install.
SWAN_VER=3.22 SWAN_VER=3.22
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
@ -200,10 +196,12 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1 cd "libreswan-$SWAN_VER" || exit 1
sed -i '/^#define LSWBUF_CANARY/s/-2$/((char) -2)/' include/lswlog.h [ "$SWAN_VER" = "3.22" ] && sed -i '/^#define LSWBUF_CANARY/s/-2$/((char) -2)/' include/lswlog.h
sed -i '/docker-targets\.mk/d' Makefile
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS = WERROR_CFLAGS =
USE_DNSSEC = false USE_DNSSEC = false
USE_GLIBC_KERN_FLIP_HEADERS = true
EOF EOF
NPROCS="$(grep -c ^processor /proc/cpuinfo)" NPROCS="$(grep -c ^processor /proc/cpuinfo)"
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
@ -278,6 +276,13 @@ conn xauth-psk
also=shared also=shared
EOF EOF
case "$SWAN_VER" in
3.2[35])
sed -i "/modecfgdns/d" /etc/ipsec.conf
echo " modecfgdns=\"$DNS_SRV1, $DNS_SRV2\"" >> /etc/ipsec.conf
;;
esac
if ip -4 route list 0/0 2>/dev/null | grep -qs ' src '; then if ip -4 route list 0/0 2>/dev/null | grep -qs ' src '; then
PRIVATE_IP=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}') PRIVATE_IP=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}')
check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf