Cleanup
This commit is contained in:
parent
0a8470da38
commit
3b90d2d394
@ -29,13 +29,13 @@ os_type=$(lsb_release -si 2>/dev/null)
|
|||||||
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
|
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
|
||||||
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
||||||
case $os_type in
|
case $os_type in
|
||||||
*[Uu]buntu*)
|
[Uu]buntu)
|
||||||
os_type=ubuntu
|
os_type=ubuntu
|
||||||
;;
|
;;
|
||||||
*[Dd]ebian*)
|
[Dd]ebian)
|
||||||
os_type=debian
|
os_type=debian
|
||||||
;;
|
;;
|
||||||
*[Rr]aspbian*)
|
[Rr]aspbian)
|
||||||
os_type=raspbian
|
os_type=raspbian
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -73,7 +73,7 @@ EOF
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
||||||
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//')
|
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//')
|
||||||
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
|
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
|
||||||
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
||||||
cat 1>&2 <<'EOF'
|
cat 1>&2 <<'EOF'
|
||||||
@ -84,12 +84,10 @@ EOF
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
swan_ver_cur=4.1
|
swan_ver_cur=4.1
|
||||||
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
|
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
|
||||||
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
|
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
|
||||||
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
|
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
|
||||||
swan_ver_latest=$swan_ver_cur
|
&& [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
|
||||||
fi
|
|
||||||
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
|
|
||||||
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
|
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
|
||||||
echo "To update to the new version, exit the script and run:"
|
echo "To update to the new version, exit the script and run:"
|
||||||
echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh"
|
echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh"
|
||||||
@ -139,24 +137,22 @@ Version to install: Libreswan $SWAN_VER
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
NOTE: This script will make the following changes to your IPsec config:
|
NOTE: This script will make the following changes to your VPN configuration:
|
||||||
- Fix obsolete ipsec.conf and/or ikev2.conf options
|
- Fix obsolete ipsec.conf and/or ikev2.conf options
|
||||||
- Optimize VPN ciphers
|
- Optimize VPN ciphers
|
||||||
|
|
||||||
Your other VPN configuration files will not be modified.
|
Your other VPN config files will not be modified.
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
case $SWAN_VER in
|
if [ "$SWAN_VER" != "4.1" ]; then
|
||||||
3.2[679]|3.3[12])
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
||||||
See https://libreswan.org/security/ for more information.
|
See https://libreswan.org/security/ for more information.
|
||||||
Are you sure you want to install an older version?
|
Are you sure you want to install an older version?
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
;;
|
fi
|
||||||
esac
|
|
||||||
|
|
||||||
printf "Do you want to continue? [y/N] "
|
printf "Do you want to continue? [y/N] "
|
||||||
read -r response
|
read -r response
|
||||||
|
@ -52,7 +52,7 @@ EOF
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
||||||
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//')
|
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//')
|
||||||
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
|
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
|
||||||
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
||||||
cat 1>&2 <<'EOF'
|
cat 1>&2 <<'EOF'
|
||||||
@ -63,12 +63,10 @@ EOF
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
swan_ver_cur=4.1
|
swan_ver_cur=4.1
|
||||||
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
|
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
|
||||||
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
|
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
|
||||||
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
|
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
|
||||||
swan_ver_latest=$swan_ver_cur
|
&& [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
|
||||||
fi
|
|
||||||
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
|
|
||||||
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
|
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
|
||||||
echo "To update to the new version, exit the script and run:"
|
echo "To update to the new version, exit the script and run:"
|
||||||
echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh"
|
echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh"
|
||||||
@ -118,24 +116,22 @@ Version to install: Libreswan $SWAN_VER
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
NOTE: This script will make the following changes to your IPsec config:
|
NOTE: This script will make the following changes to your VPN configuration:
|
||||||
- Fix obsolete ipsec.conf and/or ikev2.conf options
|
- Fix obsolete ipsec.conf and/or ikev2.conf options
|
||||||
- Optimize VPN ciphers
|
- Optimize VPN ciphers
|
||||||
|
|
||||||
Your other VPN configuration files will not be modified.
|
Your other VPN config files will not be modified.
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
case $SWAN_VER in
|
if [ "$SWAN_VER" != "4.1" ]; then
|
||||||
3.2[679]|3.3[12])
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
||||||
See https://libreswan.org/security/ for more information.
|
See https://libreswan.org/security/ for more information.
|
||||||
Are you sure you want to install an older version?
|
Are you sure you want to install an older version?
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
;;
|
fi
|
||||||
esac
|
|
||||||
|
|
||||||
printf "Do you want to continue? [y/N] "
|
printf "Do you want to continue? [y/N] "
|
||||||
read -r response
|
read -r response
|
||||||
|
@ -64,7 +64,7 @@ EOF
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
||||||
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//')
|
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//')
|
||||||
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
|
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
|
||||||
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
|
||||||
cat 1>&2 <<'EOF'
|
cat 1>&2 <<'EOF'
|
||||||
@ -75,12 +75,10 @@ EOF
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
swan_ver_cur=4.1
|
swan_ver_cur=4.1
|
||||||
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
|
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
|
||||||
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
|
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
|
||||||
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
|
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
|
||||||
swan_ver_latest=$swan_ver_cur
|
&& [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
|
||||||
fi
|
|
||||||
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
|
|
||||||
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
|
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
|
||||||
echo "To update to the new version, exit the script and run:"
|
echo "To update to the new version, exit the script and run:"
|
||||||
echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh"
|
echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh"
|
||||||
@ -130,24 +128,22 @@ Version to install: Libreswan $SWAN_VER
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
NOTE: This script will make the following changes to your IPsec config:
|
NOTE: This script will make the following changes to your VPN configuration:
|
||||||
- Fix obsolete ipsec.conf and/or ikev2.conf options
|
- Fix obsolete ipsec.conf and/or ikev2.conf options
|
||||||
- Optimize VPN ciphers
|
- Optimize VPN ciphers
|
||||||
|
|
||||||
Your other VPN configuration files will not be modified.
|
Your other VPN config files will not be modified.
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
case $SWAN_VER in
|
if [ "$SWAN_VER" != "4.1" ]; then
|
||||||
3.2[679]|3.3[12])
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
||||||
See https://libreswan.org/security/ for more information.
|
See https://libreswan.org/security/ for more information.
|
||||||
Are you sure you want to install an older version?
|
Are you sure you want to install an older version?
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
;;
|
fi
|
||||||
esac
|
|
||||||
|
|
||||||
printf "Do you want to continue? [y/N] "
|
printf "Do you want to continue? [y/N] "
|
||||||
read -r response
|
read -r response
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Script for automatic setup of an IPsec VPN server on Ubuntu and Debian
|
# Script for automatic setup of an IPsec VPN server on Ubuntu and Debian
|
||||||
|
# Works on any dedicated server or virtual private server (VPS)
|
||||||
#
|
#
|
||||||
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
||||||
#
|
#
|
||||||
@ -52,13 +53,13 @@ os_type=$(lsb_release -si 2>/dev/null)
|
|||||||
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
|
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
|
||||||
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
||||||
case $os_type in
|
case $os_type in
|
||||||
*[Uu]buntu*)
|
[Uu]buntu)
|
||||||
os_type=ubuntu
|
os_type=ubuntu
|
||||||
;;
|
;;
|
||||||
*[Dd]ebian*)
|
[Dd]ebian)
|
||||||
os_type=debian
|
os_type=debian
|
||||||
;;
|
;;
|
||||||
*[Rr]aspbian*)
|
[Rr]aspbian)
|
||||||
os_type=raspbian
|
os_type=raspbian
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Script for automatic setup of an IPsec VPN server on Amazon Linux 2
|
# Script for automatic setup of an IPsec VPN server on Amazon Linux 2
|
||||||
|
# Works on any dedicated server or virtual private server (VPS)
|
||||||
#
|
#
|
||||||
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
||||||
#
|
#
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8
|
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8
|
||||||
|
# Works on any dedicated server or virtual private server (VPS)
|
||||||
#
|
#
|
||||||
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user