From 32faed40d5212c11cad27fd7b7c364ea6b4ba680 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sat, 24 Sep 2022 00:58:16 -0500 Subject: [PATCH] Improve IP check - Instead of finding the server's public IP, use the IP address on the default route if it is not a private IP. This makes VPN setup slightly faster by skipping IP detection. - Add a fallback URL for finding the server's public IP. - Cleanup --- docs/ikev2-howto-zh.md | 2 +- docs/ikev2-howto.md | 2 +- extras/ikev2changeaddr.sh | 17 ++++++++++++++--- extras/ikev2setup.sh | 17 ++++++++++++++--- extras/quickstart.sh | 2 +- extras/vpnupgrade.sh | 2 +- extras/vpnupgrade_alpine.sh | 2 +- extras/vpnupgrade_amzn.sh | 2 +- extras/vpnupgrade_centos.sh | 2 +- extras/vpnupgrade_ubuntu.sh | 2 +- vpnsetup.sh | 2 +- vpnsetup_alpine.sh | 19 +++++++++++++++---- vpnsetup_amzn.sh | 19 +++++++++++++++---- vpnsetup_centos.sh | 19 +++++++++++++++---- vpnsetup_ubuntu.sh | 19 +++++++++++++++---- 15 files changed, 97 insertions(+), 31 deletions(-) diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 25e7a3c..7c4534e 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -862,7 +862,7 @@ To customize IKEv2 or client options, run this script without arguments. ```bash PUBLIC_IP=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) - [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) + [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 2 -T 10 -qO- http://ipv4.icanhazip.com) printf '%s\n' "$PUBLIC_IP" ``` diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index a2ded1c..bf8e43f 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -864,7 +864,7 @@ View example steps for manually configuring IKEv2 with Libreswan. ```bash PUBLIC_IP=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) - [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) + [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 2 -T 10 -qO- http://ipv4.icanhazip.com) printf '%s\n' "$PUBLIC_IP" ``` diff --git a/extras/ikev2changeaddr.sh b/extras/ikev2changeaddr.sh index bc27af2..25f13a1 100755 --- a/extras/ikev2changeaddr.sh +++ b/extras/ikev2changeaddr.sh @@ -107,19 +107,30 @@ get_server_address() { show_welcome() { cat </dev/null) + if check_ip "$def_ip" \ + && ! printf '%s' "$def_ip" | grep -Eq '^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'; then + public_ip="$def_ip" + fi +} + get_server_ip() { bigecho "Trying to auto discover IP of this server..." public_ip=${VPN_PUBLIC_IP:-''} + check_ip "$public_ip" || get_default_ip + check_ip "$public_ip" && return 0 check_ip "$public_ip" || public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) - check_ip "$public_ip" || public_ip=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ip1.dynupdate.no-ip.com) } enter_server_address() { diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh index 58ed78e..cd9269a 100755 --- a/extras/ikev2setup.sh +++ b/extras/ikev2setup.sh @@ -157,7 +157,7 @@ confirm_or_abort() { show_header() { cat <<'EOF' -IKEv2 Script Copyright (c) 2020-2022 Lin Song 10 Sept 2022 +IKEv2 Script Copyright (c) 2020-2022 Lin Song 24 Sept 2022 EOF } @@ -361,11 +361,22 @@ get_export_dir() { fi } +get_default_ip() { + def_ip=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}' 2>/dev/null) + if check_ip "$def_ip" \ + && ! printf '%s' "$def_ip" | grep -Eq '^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'; then + public_ip="$def_ip" + fi +} + get_server_ip() { bigecho2 "Trying to auto discover IP of this server..." public_ip=${VPN_PUBLIC_IP:-''} + check_ip "$public_ip" || get_default_ip + check_ip "$public_ip" && return 0 check_ip "$public_ip" || public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) - check_ip "$public_ip" || public_ip=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ip1.dynupdate.no-ip.com) } get_server_address() { @@ -1317,7 +1328,7 @@ EOF check_swan_update() { base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-$os_type-$os_ver-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \ && [ -n "$swan_ver" ] && [ "$swan_ver" != "$swan_ver_latest" ] \ && printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then diff --git a/extras/quickstart.sh b/extras/quickstart.sh index 5934afd..e76b303 100755 --- a/extras/quickstart.sh +++ b/extras/quickstart.sh @@ -265,7 +265,7 @@ run_setup() { if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url1" \ || wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url2" \ - || curl -fsL "$setup_url1" -o "$tmpdir/vpn.sh" 2>/dev/null ); then + || curl -m 30 -fsL "$setup_url1" -o "$tmpdir/vpn.sh" 2>/dev/null ); then VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" \ VPN_PASSWORD="$VPN_PASSWORD" \ VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \ diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh index 331c153..5370300 100755 --- a/extras/vpnupgrade.sh +++ b/extras/vpnupgrade.sh @@ -161,7 +161,7 @@ run_setup() { if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpnup.sh" "$setup_url1" \ || wget -t 3 -T 30 -q -O "$tmpdir/vpnup.sh" "$setup_url2" \ - || curl -fsL "$setup_url1" -o "$tmpdir/vpnup.sh" 2>/dev/null ); then + || curl -m 30 -fsL "$setup_url1" -o "$tmpdir/vpnup.sh" 2>/dev/null ); then VPN_UPDATE_SWAN_VER="$SWAN_VER" /bin/bash "$tmpdir/vpnup.sh" || status=1 else status=1 diff --git a/extras/vpnupgrade_alpine.sh b/extras/vpnupgrade_alpine.sh index e260648..bbbae23 100755 --- a/extras/vpnupgrade_alpine.sh +++ b/extras/vpnupgrade_alpine.sh @@ -72,7 +72,7 @@ get_swan_ver() { swan_ver_cur=4.7 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then swan_ver_cur="$swan_ver_latest" fi diff --git a/extras/vpnupgrade_amzn.sh b/extras/vpnupgrade_amzn.sh index 1b83f3c..8f99280 100755 --- a/extras/vpnupgrade_amzn.sh +++ b/extras/vpnupgrade_amzn.sh @@ -55,7 +55,7 @@ get_swan_ver() { swan_ver_cur=4.7 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-v1-amzn-2-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then swan_ver_cur="$swan_ver_latest" fi diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh index 8c5c636..e335de5 100755 --- a/extras/vpnupgrade_centos.sh +++ b/extras/vpnupgrade_centos.sh @@ -88,7 +88,7 @@ get_swan_ver() { swan_ver_cur=4.7 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then swan_ver_cur="$swan_ver_latest" fi diff --git a/extras/vpnupgrade_ubuntu.sh b/extras/vpnupgrade_ubuntu.sh index a31d947..3cf0504 100755 --- a/extras/vpnupgrade_ubuntu.sh +++ b/extras/vpnupgrade_ubuntu.sh @@ -78,7 +78,7 @@ get_swan_ver() { swan_ver_cur=4.7 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then swan_ver_cur="$swan_ver_latest" fi diff --git a/vpnsetup.sh b/vpnsetup.sh index 5934afd..e76b303 100755 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -265,7 +265,7 @@ run_setup() { if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url1" \ || wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url2" \ - || curl -fsL "$setup_url1" -o "$tmpdir/vpn.sh" 2>/dev/null ); then + || curl -m 30 -fsL "$setup_url1" -o "$tmpdir/vpn.sh" 2>/dev/null ); then VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" \ VPN_PASSWORD="$VPN_PASSWORD" \ VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \ diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh index 885916a..95ffd47 100755 --- a/vpnsetup_alpine.sh +++ b/vpnsetup_alpine.sh @@ -171,11 +171,22 @@ install_setup_pkgs() { ) || exiterr2 } +get_default_ip() { + def_ip=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}' 2>/dev/null) + if check_ip "$def_ip" \ + && ! printf '%s' "$def_ip" | grep -Eq '^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'; then + public_ip="$def_ip" + fi +} + detect_ip() { - bigecho "Trying to auto discover IP of this server..." public_ip=${VPN_PUBLIC_IP:-''} + check_ip "$public_ip" || get_default_ip + check_ip "$public_ip" && return 0 + bigecho "Trying to auto discover IP of this server..." check_ip "$public_ip" || public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) - check_ip "$public_ip" || public_ip=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ip1.dynupdate.no-ip.com) check_ip "$public_ip" || exiterr "Cannot detect this server's public IP. Define it as variable 'VPN_PUBLIC_IP' and re-run this script." } @@ -225,8 +236,8 @@ get_swan_ver() { SWAN_VER=4.7 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" 2>/dev/null | head -n 1) - [ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -fsL "$swan_ver_url" 2>/dev/null | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) + [ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -m 10 -fsL "$swan_ver_url" 2>/dev/null | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then SWAN_VER="$swan_ver_latest" fi diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh index a10d839..7625b62 100755 --- a/vpnsetup_amzn.sh +++ b/vpnsetup_amzn.sh @@ -154,11 +154,22 @@ install_setup_pkgs() { ) || exiterr2 } +get_default_ip() { + def_ip=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}' 2>/dev/null) + if check_ip "$def_ip" \ + && ! printf '%s' "$def_ip" | grep -Eq '^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'; then + public_ip="$def_ip" + fi +} + detect_ip() { - bigecho "Trying to auto discover IP of this server..." public_ip=${VPN_PUBLIC_IP:-''} + check_ip "$public_ip" || get_default_ip + check_ip "$public_ip" && return 0 + bigecho "Trying to auto discover IP of this server..." check_ip "$public_ip" || public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) - check_ip "$public_ip" || public_ip=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ip1.dynupdate.no-ip.com) check_ip "$public_ip" || exiterr "Cannot detect this server's public IP. Define it as variable 'VPN_PUBLIC_IP' and re-run this script." } @@ -239,8 +250,8 @@ get_swan_ver() { SWAN_VER=4.7 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/v1-amzn-2-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" 2>/dev/null | head -n 1) - [ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -fsL "$swan_ver_url" 2>/dev/null | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) + [ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -m 10 -fsL "$swan_ver_url" 2>/dev/null | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then SWAN_VER="$swan_ver_latest" fi diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 89cce4c..f8f58c9 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -202,11 +202,22 @@ install_setup_pkgs() { ) || exiterr2 } +get_default_ip() { + def_ip=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}' 2>/dev/null) + if check_ip "$def_ip" \ + && ! printf '%s' "$def_ip" | grep -Eq '^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'; then + public_ip="$def_ip" + fi +} + detect_ip() { - bigecho "Trying to auto discover IP of this server..." public_ip=${VPN_PUBLIC_IP:-''} + check_ip "$public_ip" || get_default_ip + check_ip "$public_ip" && return 0 + bigecho "Trying to auto discover IP of this server..." check_ip "$public_ip" || public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) - check_ip "$public_ip" || public_ip=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ip1.dynupdate.no-ip.com) check_ip "$public_ip" || exiterr "Cannot detect this server's public IP. Define it as variable 'VPN_PUBLIC_IP' and re-run this script." } @@ -339,8 +350,8 @@ get_swan_ver() { SWAN_VER=4.7 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" 2>/dev/null | head -n 1) - [ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -fsL "$swan_ver_url" 2>/dev/null | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) + [ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -m 10 -fsL "$swan_ver_url" 2>/dev/null | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then SWAN_VER="$swan_ver_latest" fi diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh index 0e952e7..3671bdb 100755 --- a/vpnsetup_ubuntu.sh +++ b/vpnsetup_ubuntu.sh @@ -221,11 +221,22 @@ install_setup_pkgs() { ) || exiterr2 } +get_default_ip() { + def_ip=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}' 2>/dev/null) + if check_ip "$def_ip" \ + && ! printf '%s' "$def_ip" | grep -Eq '^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'; then + public_ip="$def_ip" + fi +} + detect_ip() { - bigecho "Trying to auto discover IP of this server..." public_ip=${VPN_PUBLIC_IP:-''} + check_ip "$public_ip" || get_default_ip + check_ip "$public_ip" && return 0 + bigecho "Trying to auto discover IP of this server..." check_ip "$public_ip" || public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) - check_ip "$public_ip" || public_ip=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ipv4.icanhazip.com) + check_ip "$public_ip" || public_ip=$(wget -t 2 -T 10 -qO- http://ip1.dynupdate.no-ip.com) check_ip "$public_ip" || exiterr "Cannot detect this server's public IP. Define it as variable 'VPN_PUBLIC_IP' and re-run this script." } @@ -276,8 +287,8 @@ get_swan_ver() { SWAN_VER=4.7 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" - swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" 2>/dev/null | head -n 1) - [ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -fsL "$swan_ver_url" 2>/dev/null | head -n 1) + swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) + [ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -m 10 -fsL "$swan_ver_url" 2>/dev/null | head -n 1) if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then SWAN_VER="$swan_ver_latest" fi