Cleanup
- Improve backup of VPN config files
This commit is contained in:
parent
6ff28097db
commit
42c8d288e2
@ -14,6 +14,7 @@
|
|||||||
# know how you have improved it!
|
# know how you have improved it!
|
||||||
|
|
||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
SYS_DT=$(date +%F-%T | tr ':' '_')
|
||||||
|
|
||||||
exiterr() { echo "Error: $1" >&2; exit 1; }
|
exiterr() { echo "Error: $1" >&2; exit 1; }
|
||||||
bigecho() { echo "## $1"; }
|
bigecho() { echo "## $1"; }
|
||||||
@ -266,7 +267,8 @@ update_ikev2_conf() {
|
|||||||
echo >> /etc/ipsec.conf
|
echo >> /etc/ipsec.conf
|
||||||
echo 'include /etc/ipsec.d/*.conf' >> /etc/ipsec.conf
|
echo 'include /etc/ipsec.d/*.conf' >> /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
sed -i -e "/^[[:space:]]\+leftcert=/d" \
|
sed -i".old-$SYS_DT" \
|
||||||
|
-e "/^[[:space:]]\+leftcert=/d" \
|
||||||
-e "/^[[:space:]]\+leftid=/d" /etc/ipsec.d/ikev2.conf
|
-e "/^[[:space:]]\+leftid=/d" /etc/ipsec.d/ikev2.conf
|
||||||
if [ "$use_dns_name" = "1" ]; then
|
if [ "$use_dns_name" = "1" ]; then
|
||||||
sed -i "/conn ikev2-cp/a \ leftid=@$server_addr" /etc/ipsec.d/ikev2.conf
|
sed -i "/conn ikev2-cp/a \ leftid=@$server_addr" /etc/ipsec.d/ikev2.conf
|
||||||
|
@ -11,6 +11,7 @@
|
|||||||
# know how you have improved it!
|
# know how you have improved it!
|
||||||
|
|
||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
SYS_DT=$(date +%F-%T | tr ':' '_')
|
||||||
|
|
||||||
exiterr() { echo "Error: $1" >&2; exit 1; }
|
exiterr() { echo "Error: $1" >&2; exit 1; }
|
||||||
bigecho() { echo "## $1"; }
|
bigecho() { echo "## $1"; }
|
||||||
@ -114,11 +115,11 @@ toggle_ikev2_only() {
|
|||||||
if [ "$ikev2_only_status" = "ENABLED" ]; then
|
if [ "$ikev2_only_status" = "ENABLED" ]; then
|
||||||
confirm_disable_ikev2_only
|
confirm_disable_ikev2_only
|
||||||
bigecho "Disabling IKEv2-only mode..."
|
bigecho "Disabling IKEv2-only mode..."
|
||||||
sed -i "/ikev1-policy=/d" /etc/ipsec.conf
|
sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf
|
||||||
elif [ "$ikev2_only_status" = "DISABLED" ]; then
|
elif [ "$ikev2_only_status" = "DISABLED" ]; then
|
||||||
confirm_enable_ikev2_only
|
confirm_enable_ikev2_only
|
||||||
bigecho "Enabling IKEv2-only mode..."
|
bigecho "Enabling IKEv2-only mode..."
|
||||||
sed -i "/ikev1-policy=/d" /etc/ipsec.conf
|
sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf
|
||||||
sed -i "/config setup/a \ ikev1-policy=drop" /etc/ipsec.conf
|
sed -i "/config setup/a \ ikev1-policy=drop" /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -20,6 +20,7 @@ SWAN_VER=
|
|||||||
### DO NOT edit below this line ###
|
### DO NOT edit below this line ###
|
||||||
|
|
||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
SYS_DT=$(date +%F-%T | tr ':' '_')
|
||||||
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
|
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
|
||||||
|
|
||||||
exiterr() { echo "Error: $1" >&2; exit 1; }
|
exiterr() { echo "Error: $1" >&2; exit 1; }
|
||||||
@ -202,7 +203,7 @@ update_ikev2_script() {
|
|||||||
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
|
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
|
||||||
) || /bin/rm -f ikev2.sh.new
|
) || /bin/rm -f ikev2.sh.new
|
||||||
if [ -s ikev2.sh.new ]; then
|
if [ -s ikev2.sh.new ]; then
|
||||||
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh ikev2.sh.old
|
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh "ikev2.sh.old-$SYS_DT"
|
||||||
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
|
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
|
||||||
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||||
/bin/rm -f ikev2.sh.new
|
/bin/rm -f ikev2.sh.new
|
||||||
@ -227,7 +228,7 @@ update_config() {
|
|||||||
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
|
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
|
||||||
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
|
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
|
||||||
|
|
||||||
sed -i".old-$(date +%F-%T)" \
|
sed -i".old-$SYS_DT" \
|
||||||
-e "s/^[[:space:]]\+auth=/ phase2=/" \
|
-e "s/^[[:space:]]\+auth=/ phase2=/" \
|
||||||
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
|
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
|
||||||
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
|
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
|
||||||
@ -247,7 +248,7 @@ update_config() {
|
|||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
|
|
||||||
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
||||||
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,6 +20,7 @@ SWAN_VER=
|
|||||||
### DO NOT edit below this line ###
|
### DO NOT edit below this line ###
|
||||||
|
|
||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
SYS_DT=$(date +%F-%T | tr ':' '_')
|
||||||
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
|
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
|
||||||
|
|
||||||
exiterr() { echo "Error: $1" >&2; exit 1; }
|
exiterr() { echo "Error: $1" >&2; exit 1; }
|
||||||
@ -197,7 +198,7 @@ update_ikev2_script() {
|
|||||||
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
|
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
|
||||||
) || /bin/rm -f ikev2.sh.new
|
) || /bin/rm -f ikev2.sh.new
|
||||||
if [ -s ikev2.sh.new ]; then
|
if [ -s ikev2.sh.new ]; then
|
||||||
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh ikev2.sh.old
|
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh "ikev2.sh.old-$SYS_DT"
|
||||||
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
|
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
|
||||||
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||||
/bin/rm -f ikev2.sh.new
|
/bin/rm -f ikev2.sh.new
|
||||||
@ -216,7 +217,7 @@ update_config() {
|
|||||||
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
|
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
|
||||||
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
|
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
|
||||||
|
|
||||||
sed -i".old-$(date +%F-%T)" \
|
sed -i".old-$SYS_DT" \
|
||||||
-e "s/^[[:space:]]\+auth=/ phase2=/" \
|
-e "s/^[[:space:]]\+auth=/ phase2=/" \
|
||||||
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
|
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
|
||||||
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
|
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
|
||||||
@ -236,7 +237,7 @@ update_config() {
|
|||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
|
|
||||||
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
||||||
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,6 +20,7 @@ SWAN_VER=
|
|||||||
### DO NOT edit below this line ###
|
### DO NOT edit below this line ###
|
||||||
|
|
||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
SYS_DT=$(date +%F-%T | tr ':' '_')
|
||||||
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
|
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
|
||||||
|
|
||||||
exiterr() { echo "Error: $1" >&2; exit 1; }
|
exiterr() { echo "Error: $1" >&2; exit 1; }
|
||||||
@ -233,7 +234,7 @@ update_ikev2_script() {
|
|||||||
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
|
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
|
||||||
) || /bin/rm -f ikev2.sh.new
|
) || /bin/rm -f ikev2.sh.new
|
||||||
if [ -s ikev2.sh.new ]; then
|
if [ -s ikev2.sh.new ]; then
|
||||||
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh ikev2.sh.old
|
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh "ikev2.sh.old-$SYS_DT"
|
||||||
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
|
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
|
||||||
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||||
/bin/rm -f ikev2.sh.new
|
/bin/rm -f ikev2.sh.new
|
||||||
@ -252,7 +253,7 @@ update_config() {
|
|||||||
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
|
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
|
||||||
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
|
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
|
||||||
|
|
||||||
sed -i".old-$(date +%F-%T)" \
|
sed -i".old-$SYS_DT" \
|
||||||
-e "s/^[[:space:]]\+auth=/ phase2=/" \
|
-e "s/^[[:space:]]\+auth=/ phase2=/" \
|
||||||
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
|
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
|
||||||
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
|
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
|
||||||
@ -272,7 +273,7 @@ update_config() {
|
|||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
|
|
||||||
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
||||||
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,6 +20,7 @@ SWAN_VER=
|
|||||||
### DO NOT edit below this line ###
|
### DO NOT edit below this line ###
|
||||||
|
|
||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
SYS_DT=$(date +%F-%T | tr ':' '_')
|
||||||
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
|
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
|
||||||
|
|
||||||
exiterr() { echo "Error: $1" >&2; exit 1; }
|
exiterr() { echo "Error: $1" >&2; exit 1; }
|
||||||
@ -234,7 +235,7 @@ update_ikev2_script() {
|
|||||||
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
|
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
|
||||||
) || /bin/rm -f ikev2.sh.new
|
) || /bin/rm -f ikev2.sh.new
|
||||||
if [ -s ikev2.sh.new ]; then
|
if [ -s ikev2.sh.new ]; then
|
||||||
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh ikev2.sh.old
|
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh "ikev2.sh.old-$SYS_DT"
|
||||||
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
|
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
|
||||||
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||||
/bin/rm -f ikev2.sh.new
|
/bin/rm -f ikev2.sh.new
|
||||||
@ -259,7 +260,7 @@ update_config() {
|
|||||||
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
|
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
|
||||||
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
|
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
|
||||||
|
|
||||||
sed -i".old-$(date +%F-%T)" \
|
sed -i".old-$SYS_DT" \
|
||||||
-e "s/^[[:space:]]\+auth=/ phase2=/" \
|
-e "s/^[[:space:]]\+auth=/ phase2=/" \
|
||||||
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
|
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
|
||||||
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
|
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
|
||||||
@ -279,7 +280,7 @@ update_config() {
|
|||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
|
|
||||||
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
||||||
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user