From 335b4035b9007096c8f8469ea3b3704b2872c753 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sun, 7 Aug 2016 14:00:07 -0500
Subject: [PATCH] Minor clean up

---
 extras/vpnsetup-debian-7-workaround.sh |  6 +++---
 extras/vpnupgrade_centos.sh            |  2 +-
 vpnsetup.sh                            | 16 +++++++++-------
 vpnsetup_centos.sh                     | 20 +++++++++++---------
 4 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/extras/vpnsetup-debian-7-workaround.sh b/extras/vpnsetup-debian-7-workaround.sh
index 0b95208..6230ce8 100644
--- a/extras/vpnsetup-debian-7-workaround.sh
+++ b/extras/vpnsetup-debian-7-workaround.sh
@@ -1,11 +1,11 @@
 #!/bin/sh
 #
 # Debian 7 (Wheezy) does NOT have the required libnss version (>= 3.16) for Libreswan.
-# This script provides a workaround by installing unofficial packages from download.libreswan.org.
+# This script provides a workaround by installing newer packages from libreswan.org.
 # Debian 7 users: Run this script first, before using the VPN setup script.
 #
-# IMPORTANT: These unofficial packages do not receive the latest security updates compared to
-# official Debian packages. They could contain unpatched vulnerabilities. Use at your own risk!
+# IMPORTANT: These unofficial packages may not receive security updates compared to
+# official Debian packages. They could contain vulnerabilities. Use at your own risk!
 #
 # Copyright (C) 2015-2016 Lin Song <linsongui@gmail.com>
 #
diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh
index 9632230..d00d48d 100644
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@@ -104,7 +104,7 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
   curl-devel flex bison gcc make \
   fipscheck-devel unbound-devel xmlto || exiterr2
 
-# Install libevent2 and systemd-devel (CentOS 7)
+# Install libevent2 and systemd-devel
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
   yum -y install libevent2-devel || exiterr2
diff --git a/vpnsetup.sh b/vpnsetup.sh
index 0051e80..1c92d3a 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 #
 # Script for automatic setup of an IPsec VPN server on Ubuntu LTS and Debian 8.
-# Works on dedicated servers and any KVM- or Xen-based Virtual Private Server (VPS).
+# Works on any dedicated server or Virtual Private Server (VPS) except OpenVZ.
 #
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN
-# ON YOUR DEDICATED SERVER OR VPS!
+# ON A DEDICATED SERVER OR VPS!
 #
 # Copyright (C) 2014-2016 Lin Song <linsongui@gmail.com>
 # Based on the work of Thomas Sarlandie (Copyright 2012)
@@ -26,8 +26,8 @@ YOUR_IPSEC_PSK=''
 YOUR_USERNAME=''
 YOUR_PASSWORD=''
 
-# Important Notes:   https://git.io/vpnnotes
-# Setup VPN Clients: https://git.io/vpnclients
+# Important notes:   https://git.io/vpnnotes
+# Setup VPN clients: https://git.io/vpnclients
 
 # =====================================================
 
@@ -55,6 +55,7 @@ cat 1>&2 <<'EOF'
 Error: Network interface 'eth0' is not available.
 
 Please DO NOT run this script on your PC or Mac!
+
 Run 'cat /proc/net/dev' to find the active network interface,
 then use it to replace ALL 'eth0' and 'eth+' in this script.
 EOF
@@ -146,7 +147,7 @@ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
 apt-get -yq --no-install-recommends install xmlto || exiterr2
 apt-get -yq install ppp xl2tpd || exiterr2
 
-# Install Fail2Ban to protect SSH
+# Install Fail2Ban to protect SSH server
 apt-get -yq install fail2ban || exiterr2
 
 # Compile and install Libreswan
@@ -178,6 +179,7 @@ cat > /etc/ipsec.conf <<EOF
 version 2.0
 
 config setup
+  nat_traversal=yes
   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/23
   protostack=netkey
   nhelpers=0
@@ -446,8 +448,8 @@ Password: $VPN_PASSWORD
 
 Write these down. You'll need them to connect!
 
-Important Notes:   https://git.io/vpnnotes
-Setup VPN Clients: https://git.io/vpnclients
+Important notes:   https://git.io/vpnnotes
+Setup VPN clients: https://git.io/vpnclients
 
 ================================================
 
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 3e85a93..6710120 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 #
-# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 6 & 7.
-# Works on dedicated servers and any KVM- or Xen-based Virtual Private Server (VPS).
+# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 6 and 7.
+# Works on any dedicated server or Virtual Private Server (VPS) except OpenVZ.
 #
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN
-# ON YOUR DEDICATED SERVER OR VPS!
+# ON A DEDICATED SERVER OR VPS!
 #
 # Copyright (C) 2015-2016 Lin Song <linsongui@gmail.com>
 # Based on the work of Thomas Sarlandie (Copyright 2012)
@@ -26,8 +26,8 @@ YOUR_IPSEC_PSK=''
 YOUR_USERNAME=''
 YOUR_PASSWORD=''
 
-# Important Notes:   https://git.io/vpnnotes
-# Setup VPN Clients: https://git.io/vpnclients
+# Important notes:   https://git.io/vpnnotes
+# Setup VPN clients: https://git.io/vpnclients
 
 # =====================================================
 
@@ -58,6 +58,7 @@ cat 1>&2 <<'EOF'
 Error: Network interface 'eth0' is not available.
 
 Please DO NOT run this script on your PC or Mac!
+
 Run 'cat /proc/net/dev' to find the active network interface,
 then use it to replace ALL 'eth0' and 'eth+' in this script.
 EOF
@@ -135,10 +136,10 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
   fipscheck-devel unbound-devel xmlto || exiterr2
 yum -y install ppp xl2tpd || exiterr2
 
-# Install Fail2Ban to protect SSH
+# Install Fail2Ban to protect SSH server
 yum -y install fail2ban || exiterr2
 
-# Install libevent2 and systemd-devel (CentOS 7)
+# Install libevent2 and systemd-devel
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
   yum -y install libevent2-devel || exiterr2
@@ -172,6 +173,7 @@ cat > /etc/ipsec.conf <<EOF
 version 2.0
 
 config setup
+  nat_traversal=yes
   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/23
   protostack=netkey
   nhelpers=0
@@ -447,8 +449,8 @@ Password: $VPN_PASSWORD
 
 Write these down. You'll need them to connect!
 
-Important Notes:   https://git.io/vpnnotes
-Setup VPN Clients: https://git.io/vpnclients
+Important notes:   https://git.io/vpnnotes
+Setup VPN clients: https://git.io/vpnclients
 
 ================================================