1
0
mirror of synced 2024-11-26 14:56:08 +03:00

Update IKEv2 script

- Add check for existing certificates for the VPN server and client
- Other minor improvements
This commit is contained in:
hwdsl2 2020-12-30 22:53:19 -06:00
parent 88764568d2
commit 313502293f

View File

@ -137,7 +137,7 @@ if grep -qs "conn ikev2-cp" /etc/ipsec.conf || [ -f /etc/ipsec.d/ikev2.conf ]; t
|| printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+'; then
echo "Invalid client name."
else
echo "Invalid client name. The specified name already exists."
echo "Invalid client name. Client '$client_name' already exists."
fi
read -rp "Client name: " client_name
done
@ -256,14 +256,25 @@ else
done
fi
if certutil -L -d sql:/etc/ipsec.d -n "$server_addr" >/dev/null 2>&1; then
exiterr "Certificate '$server_addr' already exists. Abort."
fi
# Enter client name
echo
echo "Provide a name for the IKEv2 VPN client."
echo "Use one word only, no special characters except '-' and '_'."
read -rp "Client name: [vpnclient] " client_name
[ -z "$client_name" ] && client_name=vpnclient
while [ "${#client_name}" -gt "64" ] || printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+'; do
echo "Invalid client name."
while [ "${#client_name}" -gt "64" ] \
|| printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+' \
|| certutil -L -d sql:/etc/ipsec.d -n "$client_name" >/dev/null 2>&1; do
if [ "${#client_name}" -gt "64" ] \
|| printf '%s' "$client_name" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+'; then
echo "Invalid client name."
else
echo "Invalid client name. Client '$client_name' already exists."
fi
read -rp "Client name: [vpnclient] " client_name
[ -z "$client_name" ] && client_name=vpnclient
done
@ -353,12 +364,12 @@ echo
echo -n "Checking for MOBIKE support... "
if [ "$mobike_support" = "1" ]; then
if [ "$in_container" = "0" ]; then
echo "Available"
echo "yes"
else
echo "Running in container, see notes below"
echo "running in a container, see notes below"
fi
else
echo "Not available"
echo "no"
fi
mobike_enable=0
@ -403,6 +414,7 @@ Please double check before continuing!
VPN server address: $server_addr
VPN client name: $client_name
EOF
if [ "$client_validity" = "1" ]; then