From 371b5c3e7f8925862be1954e7c57fa73ddaa3608 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Fri, 3 Jun 2016 17:10:03 -0500
Subject: [PATCH] Minor improvements and clean up

---
 extras/vpnupgrade_Libreswan.sh        | 12 +++++----
 extras/vpnupgrade_Libreswan_centos.sh | 10 +++++---
 vpnsetup.sh                           | 36 +++++++++++++--------------
 vpnsetup_centos.sh                    | 34 ++++++++++++-------------
 4 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/extras/vpnupgrade_Libreswan.sh b/extras/vpnupgrade_Libreswan.sh
index 1f4f4dd..2c113ca 100644
--- a/extras/vpnupgrade_Libreswan.sh
+++ b/extras/vpnupgrade_Libreswan.sh
@@ -96,7 +96,7 @@ cd /opt/src || exit 1
 
 # Update package index and install Wget
 export DEBIAN_FRONTEND=noninteractive
-apt-get -yqq update
+apt-get -yq update
 apt-get -yq install wget
 
 # Install necessary packages
@@ -120,13 +120,15 @@ WERROR_CFLAGS =
 EOF
 make -s programs && make -s install
 
-# Restart IPsec service
-service ipsec restart
-
-# Verify the install
+# Verify the install and clean up
+cd /opt/src || exit 1
+/bin/rm -rf "/opt/src/libreswan-$swan_ver"
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
 [ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
 
+# Restart IPsec service
+service ipsec restart
+
 echo
 echo "Libreswan $swan_ver was installed successfully! "
 echo
diff --git a/extras/vpnupgrade_Libreswan_centos.sh b/extras/vpnupgrade_Libreswan_centos.sh
index fe3fe56..7c85498 100644
--- a/extras/vpnupgrade_Libreswan_centos.sh
+++ b/extras/vpnupgrade_Libreswan_centos.sh
@@ -130,6 +130,12 @@ WERROR_CFLAGS =
 EOF
 make -s programs && make -s install
 
+# Verify the install and clean up
+cd /opt/src || exit 1
+/bin/rm -rf "/opt/src/libreswan-$swan_ver"
+/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
+[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
+
 # Restore SELinux contexts
 restorecon /etc/ipsec.d/*db 2>/dev/null
 restorecon /usr/local/sbin -Rv 2>/dev/null
@@ -138,10 +144,6 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 # Restart IPsec service
 service ipsec restart
 
-# Verify the install
-/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
-[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
-
 echo
 echo "Libreswan $swan_ver was installed successfully! "
 echo
diff --git a/vpnsetup.sh b/vpnsetup.sh
index f086b9c..384182c 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -15,21 +15,20 @@
 # Attribution required: please include my name in any derivative and let me
 # know how you have improved it!
 
-# =====================================================
+# ===========================================================
 
 # Define your own values for these variables
-# - IPsec pre-shared key, VPN username and password
 # - All values MUST be placed inside 'single quotes'
 # - DO NOT use these characters within values:  \ " '
 
-VPN_IPSEC_PSK=${VPN_IPSEC_PSK:-'your_ipsec_psk'}
+VPN_IPSEC_PSK=${VPN_IPSEC_PSK:-'your_ipsec_pre_shared_key'}
 VPN_USER=${VPN_USER:-'your_vpn_username'}
 VPN_PASSWORD=${VPN_PASSWORD:-'your_vpn_password'}
 
 # Important Notes:   https://git.io/vpnnotes
 # Setup VPN Clients: https://git.io/vpnclients
 
-# =====================================================
+# ===========================================================
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
@@ -65,7 +64,7 @@ EOF
 exit 1
 fi
 
-[ "$VPN_IPSEC_PSK" = "your_ipsec_psk" ] && VPN_IPSEC_PSK=''
+[ "$VPN_IPSEC_PSK" = "your_ipsec_pre_shared_key" ] && VPN_IPSEC_PSK=''
 [ "$VPN_USER" = "your_vpn_username" ] && VPN_USER=''
 [ "$VPN_PASSWORD" = "your_vpn_password" ] && VPN_PASSWORD=''
 
@@ -101,7 +100,7 @@ cd /opt/src || exit 1
 
 # Update package index
 export DEBIAN_FRONTEND=noninteractive
-apt-get -yqq update
+apt-get -yq update
 
 # Make sure basic commands exist
 apt-get -yq install wget dnsutils openssl
@@ -122,8 +121,8 @@ PUBLIC_IP=${VPN_PUBLIC_IP:-''}
 PRIVATE_IP=${VPN_PRIVATE_IP:-''}
 
 # In Amazon EC2, these two variables will be retrieved from metadata
-[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
-[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
+[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
+[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
 
 # Try to find IPs for non-EC2 servers
 [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com)
@@ -168,7 +167,9 @@ WERROR_CFLAGS =
 EOF
 make -s programs && make -s install
 
-# Verify the install
+# Verify the install and clean up
+cd /opt/src || exit 1
+/bin/rm -rf "/opt/src/libreswan-$swan_ver"
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
 [ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
 
@@ -346,9 +347,6 @@ cat > /etc/iptables.rules <<EOF
 -A FORWARD -i ppp+ -o eth+ -j ACCEPT
 -A FORWARD -i eth+ -d 192.168.43.0/24 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -s 192.168.43.0/24 -o eth+ -j ACCEPT
-# To allow traffic between VPN clients themselves, uncomment these lines:
-# -A FORWARD -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
-# -A FORWARD -s 192.168.43.0/24 -d 192.168.43.0/24 -j ACCEPT
 -A FORWARD -j DROP
 COMMIT
 *nat
@@ -371,9 +369,6 @@ iptables -I FORWARD 2 -i eth+ -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED
 iptables -I FORWARD 3 -i ppp+ -o eth+ -j ACCEPT
 iptables -I FORWARD 4 -i eth+ -d 192.168.43.0/24 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 iptables -I FORWARD 5 -s 192.168.43.0/24 -o eth+ -j ACCEPT
-# iptables -I FORWARD 6 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
-# iptables -I FORWARD 7 -s 192.168.43.0/24 -d 192.168.43.0/24 -j ACCEPT
-iptables -A FORWARD -j DROP
 iptables -t nat -I POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
 iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"
 
@@ -440,7 +435,7 @@ EOF
 fi
 
 # Reload sysctl.conf
-sysctl -q -p
+sysctl -q -p 2>/dev/null
 
 # Update file attributes
 chmod +x /etc/rc.local
@@ -453,9 +448,12 @@ iptables-restore < /etc/iptables.rules
 ip6tables-restore < /etc/ip6tables.rules >/dev/null 2>&1
 
 # Restart services
-service fail2ban restart
-service ipsec restart
-service xl2tpd restart
+service fail2ban stop >/dev/null 2>&1
+service ipsec stop >/dev/null 2>&1
+service xl2tpd stop >/dev/null 2>&1
+service fail2ban start
+service ipsec start
+service xl2tpd start
 
 cat <<EOF
 
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index ecf7568..21e5e30 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -15,21 +15,20 @@
 # Attribution required: please include my name in any derivative and let me
 # know how you have improved it!
 
-# =====================================================
+# ===========================================================
 
 # Define your own values for these variables
-# - IPsec pre-shared key, VPN username and password
 # - All values MUST be placed inside 'single quotes'
 # - DO NOT use these characters within values:  \ " '
 
-VPN_IPSEC_PSK=${VPN_IPSEC_PSK:-'your_ipsec_psk'}
+VPN_IPSEC_PSK=${VPN_IPSEC_PSK:-'your_ipsec_pre_shared_key'}
 VPN_USER=${VPN_USER:-'your_vpn_username'}
 VPN_PASSWORD=${VPN_PASSWORD:-'your_vpn_password'}
 
 # Important Notes:   https://git.io/vpnnotes
 # Setup VPN Clients: https://git.io/vpnclients
 
-# =====================================================
+# ===========================================================
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
@@ -74,7 +73,7 @@ EOF
 exit 1
 fi
 
-[ "$VPN_IPSEC_PSK" = "your_ipsec_psk" ] && VPN_IPSEC_PSK=''
+[ "$VPN_IPSEC_PSK" = "your_ipsec_pre_shared_key" ] && VPN_IPSEC_PSK=''
 [ "$VPN_USER" = "your_vpn_username" ] && VPN_USER=''
 [ "$VPN_PASSWORD" = "your_vpn_password" ] && VPN_PASSWORD=''
 
@@ -115,8 +114,8 @@ PUBLIC_IP=${VPN_PUBLIC_IP:-''}
 PRIVATE_IP=${VPN_PRIVATE_IP:-''}
 
 # In Amazon EC2, these two variables will be retrieved from metadata
-[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
-[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
+[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
+[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
 
 # Try to find IPs for non-EC2 servers
 [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com)
@@ -178,7 +177,9 @@ WERROR_CFLAGS =
 EOF
 make -s programs && make -s install
 
-# Verify the install
+# Verify the install and clean up
+cd /opt/src || exit 1
+/bin/rm -rf "/opt/src/libreswan-$swan_ver"
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
 [ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
 
@@ -356,9 +357,6 @@ cat > /etc/sysconfig/iptables <<EOF
 -A FORWARD -i ppp+ -o eth+ -j ACCEPT
 -A FORWARD -i eth+ -d 192.168.43.0/24 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -s 192.168.43.0/24 -o eth+ -j ACCEPT
-# To allow traffic between VPN clients themselves, uncomment these lines:
-# -A FORWARD -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
-# -A FORWARD -s 192.168.43.0/24 -d 192.168.43.0/24 -j ACCEPT
 -A FORWARD -j DROP
 COMMIT
 *nat
@@ -380,9 +378,6 @@ iptables -I FORWARD 2 -i eth+ -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED
 iptables -I FORWARD 3 -i ppp+ -o eth+ -j ACCEPT
 iptables -I FORWARD 4 -i eth+ -d 192.168.43.0/24 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 iptables -I FORWARD 5 -s 192.168.43.0/24 -o eth+ -j ACCEPT
-# iptables -I FORWARD 6 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
-# iptables -I FORWARD 7 -s 192.168.43.0/24 -d 192.168.43.0/24 -j ACCEPT
-iptables -A FORWARD -j DROP
 iptables -t nat -I POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
 iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"
 
@@ -449,7 +444,7 @@ restorecon /usr/local/sbin -Rv 2>/dev/null
 restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 
 # Reload sysctl.conf
-sysctl -q -p
+sysctl -q -p 2>/dev/null
 
 # Update file attributes
 chmod +x /etc/rc.local
@@ -460,9 +455,12 @@ iptables-restore < /etc/sysconfig/iptables
 ip6tables-restore < /etc/sysconfig/ip6tables >/dev/null 2>&1
 
 # Restart services
-service fail2ban restart
-service ipsec restart
-service xl2tpd restart
+service fail2ban stop >/dev/null 2>&1
+service ipsec stop >/dev/null 2>&1
+service xl2tpd stop >/dev/null 2>&1
+service fail2ban start
+service ipsec start
+service xl2tpd start
 
 cat <<EOF