1
0
mirror of synced 2024-11-25 06:16:07 +03:00
This commit is contained in:
hwdsl2 2021-01-07 10:32:20 -06:00
parent 0a8470da38
commit 3b90d2d394
6 changed files with 33 additions and 42 deletions

View File

@ -29,13 +29,13 @@ os_type=$(lsb_release -si 2>/dev/null)
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID") [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in case $os_type in
*[Uu]buntu*) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
*[Dd]ebian*) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
*[Rr]aspbian*) [Rr]aspbian)
os_type=raspbian os_type=raspbian
;; ;;
*) *)
@ -73,7 +73,7 @@ EOF
esac esac
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//') ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//')
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //') swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
@ -84,12 +84,10 @@ EOF
fi fi
swan_ver_cur=4.1 swan_ver_cur=4.1
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
swan_ver_latest=$swan_ver_cur && [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
fi
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To update to the new version, exit the script and run:" echo "To update to the new version, exit the script and run:"
echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh"
@ -139,24 +137,22 @@ Version to install: Libreswan $SWAN_VER
EOF EOF
cat <<'EOF' cat <<'EOF'
NOTE: This script will make the following changes to your IPsec config: NOTE: This script will make the following changes to your VPN configuration:
- Fix obsolete ipsec.conf and/or ikev2.conf options - Fix obsolete ipsec.conf and/or ikev2.conf options
- Optimize VPN ciphers - Optimize VPN ciphers
Your other VPN configuration files will not be modified. Your other VPN config files will not be modified.
EOF EOF
case $SWAN_VER in if [ "$SWAN_VER" != "4.1" ]; then
3.2[679]|3.3[12])
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information. See https://libreswan.org/security/ for more information.
Are you sure you want to install an older version? Are you sure you want to install an older version?
EOF EOF
;; fi
esac
printf "Do you want to continue? [y/N] " printf "Do you want to continue? [y/N] "
read -r response read -r response

View File

@ -52,7 +52,7 @@ EOF
esac esac
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//') ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//')
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //') swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
@ -63,12 +63,10 @@ EOF
fi fi
swan_ver_cur=4.1 swan_ver_cur=4.1
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
swan_ver_latest=$swan_ver_cur && [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
fi
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To update to the new version, exit the script and run:" echo "To update to the new version, exit the script and run:"
echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh"
@ -118,24 +116,22 @@ Version to install: Libreswan $SWAN_VER
EOF EOF
cat <<'EOF' cat <<'EOF'
NOTE: This script will make the following changes to your IPsec config: NOTE: This script will make the following changes to your VPN configuration:
- Fix obsolete ipsec.conf and/or ikev2.conf options - Fix obsolete ipsec.conf and/or ikev2.conf options
- Optimize VPN ciphers - Optimize VPN ciphers
Your other VPN configuration files will not be modified. Your other VPN config files will not be modified.
EOF EOF
case $SWAN_VER in if [ "$SWAN_VER" != "4.1" ]; then
3.2[679]|3.3[12])
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information. See https://libreswan.org/security/ for more information.
Are you sure you want to install an older version? Are you sure you want to install an older version?
EOF EOF
;; fi
esac
printf "Do you want to continue? [y/N] " printf "Do you want to continue? [y/N] "
read -r response read -r response

View File

@ -64,7 +64,7 @@ EOF
esac esac
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//') ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//')
swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //') swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //')
if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
@ -75,12 +75,10 @@ EOF
fi fi
swan_ver_cur=4.1 swan_ver_cur=4.1
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
swan_ver_latest=$swan_ver_cur && [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
fi
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To update to the new version, exit the script and run:" echo "To update to the new version, exit the script and run:"
echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh"
@ -130,24 +128,22 @@ Version to install: Libreswan $SWAN_VER
EOF EOF
cat <<'EOF' cat <<'EOF'
NOTE: This script will make the following changes to your IPsec config: NOTE: This script will make the following changes to your VPN configuration:
- Fix obsolete ipsec.conf and/or ikev2.conf options - Fix obsolete ipsec.conf and/or ikev2.conf options
- Optimize VPN ciphers - Optimize VPN ciphers
Your other VPN configuration files will not be modified. Your other VPN config files will not be modified.
EOF EOF
case $SWAN_VER in if [ "$SWAN_VER" != "4.1" ]; then
3.2[679]|3.3[12])
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information. See https://libreswan.org/security/ for more information.
Are you sure you want to install an older version? Are you sure you want to install an older version?
EOF EOF
;; fi
esac
printf "Do you want to continue? [y/N] " printf "Do you want to continue? [y/N] "
read -r response read -r response

View File

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Script for automatic setup of an IPsec VPN server on Ubuntu and Debian # Script for automatic setup of an IPsec VPN server on Ubuntu and Debian
# Works on any dedicated server or virtual private server (VPS)
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
# #
@ -52,13 +53,13 @@ os_type=$(lsb_release -si 2>/dev/null)
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID") [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in case $os_type in
*[Uu]buntu*) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
*[Dd]ebian*) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
*[Rr]aspbian*) [Rr]aspbian)
os_type=raspbian os_type=raspbian
;; ;;
*) *)

View File

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Script for automatic setup of an IPsec VPN server on Amazon Linux 2 # Script for automatic setup of an IPsec VPN server on Amazon Linux 2
# Works on any dedicated server or virtual private server (VPS)
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
# #

View File

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8 # Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8
# Works on any dedicated server or virtual private server (VPS)
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
# #