1
0
mirror of synced 2024-11-22 21:16:02 +03:00

Update IKEv2 script

- Add check for existing certificates for the VPN server and client
- Other minor improvements
This commit is contained in:
hwdsl2 2020-12-30 22:53:19 -06:00
parent 88764568d2
commit 313502293f

View File

@ -137,7 +137,7 @@ if grep -qs "conn ikev2-cp" /etc/ipsec.conf || [ -f /etc/ipsec.d/ikev2.conf ]; t
|| printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+'; then || printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+'; then
echo "Invalid client name." echo "Invalid client name."
else else
echo "Invalid client name. The specified name already exists." echo "Invalid client name. Client '$client_name' already exists."
fi fi
read -rp "Client name: " client_name read -rp "Client name: " client_name
done done
@ -256,14 +256,25 @@ else
done done
fi fi
if certutil -L -d sql:/etc/ipsec.d -n "$server_addr" >/dev/null 2>&1; then
exiterr "Certificate '$server_addr' already exists. Abort."
fi
# Enter client name # Enter client name
echo echo
echo "Provide a name for the IKEv2 VPN client." echo "Provide a name for the IKEv2 VPN client."
echo "Use one word only, no special characters except '-' and '_'." echo "Use one word only, no special characters except '-' and '_'."
read -rp "Client name: [vpnclient] " client_name read -rp "Client name: [vpnclient] " client_name
[ -z "$client_name" ] && client_name=vpnclient [ -z "$client_name" ] && client_name=vpnclient
while [ "${#client_name}" -gt "64" ] || printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+'; do while [ "${#client_name}" -gt "64" ] \
echo "Invalid client name." || printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+' \
|| certutil -L -d sql:/etc/ipsec.d -n "$client_name" >/dev/null 2>&1; do
if [ "${#client_name}" -gt "64" ] \
|| printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+'; then
echo "Invalid client name."
else
echo "Invalid client name. Client '$client_name' already exists."
fi
read -rp "Client name: [vpnclient] " client_name read -rp "Client name: [vpnclient] " client_name
[ -z "$client_name" ] && client_name=vpnclient [ -z "$client_name" ] && client_name=vpnclient
done done
@ -353,12 +364,12 @@ echo
echo -n "Checking for MOBIKE support... " echo -n "Checking for MOBIKE support... "
if [ "$mobike_support" = "1" ]; then if [ "$mobike_support" = "1" ]; then
if [ "$in_container" = "0" ]; then if [ "$in_container" = "0" ]; then
echo "Available" echo "yes"
else else
echo "Running in container, see notes below" echo "running in a container, see notes below"
fi fi
else else
echo "Not available" echo "no"
fi fi
mobike_enable=0 mobike_enable=0
@ -403,6 +414,7 @@ Please double check before continuing!
VPN server address: $server_addr VPN server address: $server_addr
VPN client name: $client_name VPN client name: $client_name
EOF EOF
if [ "$client_validity" = "1" ]; then if [ "$client_validity" = "1" ]; then