Remove CentOS 6

- CentOS 6 was EOL as of Nov. 30, 2020, and the default yum repos are no longer available for installing new packages Ref: https://wiki.centos.org/About/Product
2024-11-22 13:06:02 +03:00 · 2020-12-02 23:40:54 -06:00 · 2020-12-02 23:40:54 -06:00 · 41142ee915
commit 41142ee915
parent 26d5b30434
5 changed files with 41 additions and 100 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -249,12 +249,11 @@ jobs:
    if: github.repository_owner == 'hwdsl2'
    strategy:
      matrix:
-        os_version: ["ubuntu:20.04", "ubuntu:18.04", "debian:10", "debian:9", "centos:6"]
+        os_version: ["ubuntu:20.04", "ubuntu:18.04", "debian:10", "debian:9"]
      fail-fast: false
    container:
      image: ${{ matrix.os_version }}
      env:
        OS_VERSION: ${{ matrix.os_version }}
        EVENT_NAME: ${{ github.event_name }}
      options: --privileged -v /lib/modules:/lib/modules:ro
    steps:
@ -269,28 +268,16 @@ jobs:
          cd /opt/src
          echo "# hwdsl2" > run.sh
-          OS_NAME=$(echo "$OS_VERSION" | head -c6)
+          export DEBIAN_FRONTEND=noninteractive
-          if [ "$OS_NAME" = "centos" ]; then
+          apt-get -yq update
-            yum -y update
+          apt-get -yq dist-upgrade
-            yum -y -q install wget rsyslog
+          apt-get -yq install wget rsyslog
-            service rsyslog start
+          service rsyslog start
-            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup
          else
            export DEBIAN_FRONTEND=noninteractive
            apt-get -yq update
            apt-get -yq dist-upgrade
            apt-get -yq install wget rsyslog
            service rsyslog start
            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup
          fi
          sh vpnsetup.sh
          sleep 5
          if [ "$OS_NAME" = "centos" ]; then
            sed -i '/^logtarget/d' /etc/fail2ban/fail2ban.conf
            echo "logtarget = /var/log/fail2ban.log" >> /etc/fail2ban/fail2ban.conf
          fi
          service fail2ban restart
          sleep 5
          netstat -anpu | grep pluto
@ -299,17 +286,10 @@ jobs:
          iptables -nL | grep -q '192\.168\.42\.0/24'
          iptables -nL -t nat
          iptables -nL -t nat | grep -q '192\.168\.43\.0/24'
-          if [ "$OS_NAME" = "centos" ]; then
+          grep pluto /var/log/auth.log
-            grep pluto /var/log/secure
+          grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"'
-            grep pluto /var/log/secure | grep -q 'added IKEv1 connection "l2tp-psk"'
+          grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"'
-            grep pluto /var/log/secure | grep -q 'added IKEv1 connection "xauth-psk"'
+          grep xl2tpd /var/log/syslog
            grep xl2tpd /var/log/messages
          else
            grep pluto /var/log/auth.log
            grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"'
            grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"'
            grep xl2tpd /var/log/syslog
          fi
          cat /var/log/fail2ban.log
          grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log
@ -339,13 +319,8 @@ jobs:
          ls -ld /etc/ipsec.d/ikev2vpnca*.cer
          ls -ld /etc/ipsec.d/vpnclient*.p12
          sleep 10
-          if [ "$OS_NAME" = "centos" ]; then
+          grep pluto /var/log/auth.log | tail -n 20
-            grep pluto /var/log/secure | tail -n 20
+          grep pluto /var/log/auth.log | grep -q 'added IKEv2 connection "ikev2-cp"'
            grep pluto /var/log/secure | grep -q 'added IKEv2 connection "ikev2-cp"'
          else
            grep pluto /var/log/auth.log | tail -n 20
            grep pluto /var/log/auth.log | grep -q 'added IKEv2 connection "ikev2-cp"'
          fi
          bash ikev2.sh <<ANSWERS
          y
@ -356,32 +331,19 @@ jobs:
          ls -ld /etc/ipsec.d/vpnclient2*.p12
-          if [ "$OS_NAME" = "centos" ]; then
+          sed -i '/pluto/d' /var/log/auth.log
-            sed -i '/pluto/d' /var/log/secure
+          pkill -HUP rsyslog
-            pkill -HUP rsyslog
+          wget -t 3 -T 30 -nv -O vpnupgrade.sh https://git.io/vpnupgrade
            wget -t 3 -T 30 -nv -O vpnupgrade.sh https://git.io/vpnupgrade-centos
          else
            sed -i '/pluto/d' /var/log/auth.log
            pkill -HUP rsyslog
            wget -t 3 -T 30 -nv -O vpnupgrade.sh https://git.io/vpnupgrade
          fi
          sh vpnupgrade.sh <<ANSWERS
          y
          y
          ANSWERS
          sleep 10
-          if [ "$OS_NAME" = "centos" ]; then
+          grep pluto /var/log/auth.log
-            grep pluto /var/log/secure
+          grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"'
-            grep pluto /var/log/secure | grep -q 'added IKEv1 connection "l2tp-psk"'
+          grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"'
-            grep pluto /var/log/secure | grep -q 'added IKEv1 connection "xauth-psk"'
+          grep pluto /var/log/auth.log | grep -q 'added IKEv2 connection "ikev2-cp"'
            grep pluto /var/log/secure | grep -q 'added IKEv2 connection "ikev2-cp"'
          else
            grep pluto /var/log/auth.log
            grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"'
            grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"'
            grep pluto /var/log/auth.log | grep -q 'added IKEv2 connection "ikev2-cp"'
          fi
          ls -ld vpnsetup.sh
          ls -ld ikev2.sh
--- a/README-zh.md
+++ b/README-zh.md
@ -53,17 +53,15 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
 - 封装所有的 VPN 流量在 UDP 协议，不需要 ESP 协议支持
 - 可直接作为 Amazon EC2 实例创建时的用户数据使用
 - 包含 `sysctl.conf` 优化设置，以达到更佳的传输性能
- 已测试： Ubuntu 20.04/18.04/16.04, Debian 10/9 和 CentOS 8/7/6
+- 已测试： Ubuntu 20.04/18.04/16.04, Debian 10/9 和 CentOS 8/7
 ## 系统要求
 一个新创建的 <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> 实例，使用这些映像之一：
 - <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 20.04 (Focal), 18.04 (Bionic) 或者 16.04 (Xenial)</a>
 - <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 10 (Buster)</a>[\*](#debian-10-note)<a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank"> 或者 9 (Stretch)</a>
- <a href="https://wiki.centos.org/Cloud/AWS" target="_blank">CentOS 8 (x86_64)</a>
+- <a href="https://wiki.centos.org/Cloud/AWS" target="_blank">CentOS 8 或者 7</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
+- <a href="https://aws.amazon.com/partners/redhat/faqs/" target="_blank">Red Hat Enterprise Linux (RHEL) 8 或者 7</a>
 - <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
 - <a href="https://aws.amazon.com/partners/redhat/faqs/" target="_blank">Red Hat Enterprise Linux (RHEL) 8, 7 或者 6</a>
 请参见 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">详细步骤</a> 以及 <a href="https://aws.amazon.com/cn/ec2/pricing/" target="_blank">EC2 定价细节</a>。另外，你也可以使用 <a href="aws/README-zh.md" target="_blank">CloudFormation</a> 来快速部署。
@ -77,7 +75,7 @@ wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; 我想建立并使用自己的 VPN ，但是没有可用的服务器**</a>
-高级用户可以在一个 $35 的 <a href="https://www.raspberrypi.org" target="_blank">Raspberry Pi</a> 上搭建 VPN 服务器。参见 <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">[1]</a> <a href="https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/" target="_blank">[2]</a>。
+高级用户可以在一个 $35 的 <a href="https://www.raspberrypi.org" target="_blank">Raspberry Pi</a> 上搭建 VPN 服务器。参见 <a href="https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">[1]</a> <a href="https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/" target="_blank">[2]</a>。
 <a name="debian-10-note"></a>
 \* Debian 10 用户需要使用标准的 Linux 内核（而不是 "cloud" 版本）。更多信息请看 <a href="docs/clients-zh.md#debian-10-内核" target="_blank">这里</a>。   
@ -159,7 +157,7 @@ sh vpnsetup.sh
 在 VPN 已连接时，客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务，编辑 `/etc/ppp/options.xl2tpd` 和 `/etc/ipsec.conf` 并替换 `8.8.8.8` 和 `8.8.4.4`，然后重启服务器。高级用户可以在运行 VPN 脚本时定义 `VPN_DNS_SRV1` 和 `VPN_DNS_SRV2`（可选）。
-使用内核支持有助于提高 IPsec/L2TP 性能。它在以下系统上可用： Ubuntu 16.04-20.04, Debian 9-10 和 CentOS 6-8. Ubuntu 系统需要安装 `linux-modules-extra-$(uname -r)`（或者 `linux-image-extra`），然后运行 `service xl2tpd restart`。
+使用内核支持有助于提高 IPsec/L2TP 性能。它在[所有受支持的系统](#系统要求)上可用。Ubuntu 系统需要安装 `linux-modules-extra-$(uname -r)`（或者 `linux-image-extra`）软件包，然后运行 `service xl2tpd restart`。
 如果需要在安装后更改 IPTables 规则，请编辑 `/etc/iptables.rules` 和/或 `/etc/iptables/rules.v4` (Ubuntu/Debian)，或者 `/etc/sysconfig/iptables` (CentOS/RHEL)。然后重启服务器。
--- a/README.md
+++ b/README.md
@ -53,17 +53,15 @@ For other installation options and how to set up VPN clients, read the sections
 - Encapsulates all VPN traffic in UDP - does not need ESP protocol
 - Can be directly used as "user-data" for a new Amazon EC2 instance
 - Includes `sysctl.conf` optimizations for improved performance
- Tested with Ubuntu 20.04/18.04/16.04, Debian 10/9 and CentOS 8/7/6
+- Tested with Ubuntu 20.04/18.04/16.04, Debian 10/9 and CentOS 8/7
 ## Requirements
 A newly created <a href="https://aws.amazon.com/ec2/" target="_blank">Amazon EC2</a> instance, from one of these images:
 - <a href="https://cloud-images.ubuntu.com/locator/" target="_blank">Ubuntu 20.04 (Focal), 18.04 (Bionic) or 16.04 (Xenial)</a>
 - <a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank">Debian 10 (Buster)</a>[\*](#debian-10-note)<a href="https://wiki.debian.org/Cloud/AmazonEC2Image" target="_blank"> or 9 (Stretch)</a>
- <a href="https://wiki.centos.org/Cloud/AWS" target="_blank">CentOS 8 (x86_64)</a>
+- <a href="https://wiki.centos.org/Cloud/AWS" target="_blank">CentOS 8 or 7</a>
- <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW" target="_blank">CentOS 7 (x86_64) with Updates</a>
+- <a href="https://aws.amazon.com/partners/redhat/faqs/" target="_blank">Red Hat Enterprise Linux (RHEL) 8 or 7</a>
 - <a href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO" target="_blank">CentOS 6 (x86_64) with Updates</a>
 - <a href="https://aws.amazon.com/partners/redhat/faqs/" target="_blank">Red Hat Enterprise Linux (RHEL) 8, 7 or 6</a>
 See <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#vpnsetup" target="_blank">detailed instructions</a> and <a href="https://aws.amazon.com/ec2/pricing/" target="_blank">EC2 pricing</a>. Alternatively, you can deploy rapidly using <a href="aws/README.md" target="_blank">CloudFormation</a>.
@ -77,7 +75,7 @@ This also includes Linux VMs in public clouds, such as <a href="https://blog.ls2
 <a href="https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/#gettingavps" target="_blank">**&raquo; I want to run my own VPN but don't have a server for that**</a>
-Advanced users can set up the VPN server on a $35 <a href="https://www.raspberrypi.org" target="_blank">Raspberry Pi</a>. See <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">[1]</a> <a href="https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/" target="_blank">[2]</a>.
+Advanced users can set up the VPN server on a $35 <a href="https://www.raspberrypi.org" target="_blank">Raspberry Pi</a>. See <a href="https://elasticbyte.net/posts/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" target="_blank">[1]</a> <a href="https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/" target="_blank">[2]</a>.
 <a name="debian-10-note"></a>
 \* Debian 10 users should use the standard Linux kernel (not the "cloud" version). Read more <a href="docs/clients.md#debian-10-kernel" target="_blank">here</a>.   
@ -159,7 +157,7 @@ For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com
 Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`, then reboot your server. Advanced users can define `VPN_DNS_SRV1` and optionally `VPN_DNS_SRV2` when running the VPN setup script.
-Using kernel support could improve IPsec/L2TP performance. It is available on Ubuntu 16.04-20.04, Debian 9-10 and CentOS 6-8. Ubuntu users: Install `linux-modules-extra-$(uname -r)` (or `linux-image-extra`), then run `service xl2tpd restart`.
+Using kernel support could improve IPsec/L2TP performance. It is available on [all supported OS versions](#requirements). Ubuntu users should install the `linux-modules-extra-$(uname -r)` (or `linux-image-extra`) package, then run `service xl2tpd restart`.
 To modify the IPTables rules after install, edit `/etc/iptables.rules` and/or `/etc/iptables/rules.v4` (Ubuntu/Debian), or `/etc/sysconfig/iptables` (CentOS/RHEL). Then reboot your server.
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@ -22,8 +22,8 @@ exiterr2() { exiterr "'yum install' failed."; }
 vpnupgrade() {
-if ! grep -qs -e "release 6" -e "release 7" -e "release 8" /etc/redhat-release; then
+if ! grep -qs -e "release 7" -e "release 8" /etc/redhat-release; then
-  echo "Error: This script only supports CentOS/RHEL 6, 7 and 8." >&2
+  echo "Error: This script only supports CentOS/RHEL 7 and 8." >&2
  echo "For Ubuntu/Debian, use https://git.io/vpnupgrade" >&2
  exit 1
 fi
@ -146,10 +146,7 @@ REPO1='--enablerepo=*server-*optional*'
 REPO2='--enablerepo=*releases-optional*'
 REPO3='--enablerepo=PowerTools'
-if grep -qs "release 6" /etc/redhat-release; then
+if grep -qs "release 7" /etc/redhat-release; then
  yum -y remove libevent-devel
  yum "$REPO1" "$REPO2" -y install libevent2-devel fipscheck-devel || exiterr2
 elif grep -qs "release 7" /etc/redhat-release; then
  yum -y install systemd-devel || exiterr2
  yum "$REPO1" "$REPO2" -y install libevent-devel fipscheck-devel || exiterr2
 else
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 6-8.
+# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8.
 # Works on any dedicated server or virtual private server (VPS) except OpenVZ.
 #
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
@ -49,8 +49,8 @@ check_ip() {
 vpnsetup() {
-if ! grep -qs -e "release 6" -e "release 7" -e "release 8" /etc/redhat-release; then
+if ! grep -qs -e "release 7" -e "release 8" /etc/redhat-release; then
-  echo "Error: This script only supports CentOS/RHEL 6-8." >&2
+  echo "Error: This script only supports CentOS/RHEL 7 and 8." >&2
  echo "For Ubuntu/Debian, use https://git.io/vpnsetup" >&2
  exit 1
 fi
@ -156,16 +156,10 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
 yum "$REPO1" -y install xl2tpd || exiterr2
 use_nft=0
-if grep -qs "release 6" /etc/redhat-release; then
+if grep -qs "release 7" /etc/redhat-release; then
  os_ver=6
  yum -y remove libevent-devel
  yum "$REPO2" "$REPO3" -y install libevent2-devel fipscheck-devel || exiterr2
 elif grep -qs "release 7" /etc/redhat-release; then
  os_ver=7
  yum -y install systemd-devel iptables-services || exiterr2
  yum "$REPO2" "$REPO3" -y install libevent-devel fipscheck-devel || exiterr2
 else
  os_ver=8
  if grep -qs "Red Hat" /etc/redhat-release; then
    REPO4='--enablerepo=codeready-builder-for-rhel-8-*'
  fi
@ -447,13 +441,7 @@ fi
 bigecho "Enabling services on boot..."
-if [ "$os_ver" = "6" ]; then
+systemctl --now mask firewalld 2>/dev/null
  chkconfig iptables on
  chkconfig fail2ban on
 else
  systemctl --now mask firewalld 2>/dev/null
 fi
 if [ "$use_nft" = "1" ]; then
  systemctl enable nftables fail2ban 2>/dev/null
 else
@ -495,11 +483,9 @@ else
 fi
 # Fix xl2tpd if l2tp_ppp is unavailable
-if [ "$os_ver" != "6" ]; then
+if ! modprobe -q l2tp_ppp; then
-  if ! modprobe -q l2tp_ppp; then
+  sed -i '/^ExecStartPre/s/^/#/' /usr/lib/systemd/system/xl2tpd.service
-    sed -i '/^ExecStartPre/s/^/#/' /usr/lib/systemd/system/xl2tpd.service
+  systemctl daemon-reload
    systemctl daemon-reload
  fi
 fi
 mkdir -p /run/pluto