1
0
mirror of synced 2024-11-25 22:36:04 +03:00
- Improve backup of VPN config files
This commit is contained in:
hwdsl2 2022-02-18 21:42:37 -06:00
parent 6ff28097db
commit 42c8d288e2
6 changed files with 22 additions and 15 deletions

View File

@ -14,6 +14,7 @@
# know how you have improved it! # know how you have improved it!
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SYS_DT=$(date +%F-%T | tr ':' '_')
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
bigecho() { echo "## $1"; } bigecho() { echo "## $1"; }
@ -266,7 +267,8 @@ update_ikev2_conf() {
echo >> /etc/ipsec.conf echo >> /etc/ipsec.conf
echo 'include /etc/ipsec.d/*.conf' >> /etc/ipsec.conf echo 'include /etc/ipsec.d/*.conf' >> /etc/ipsec.conf
fi fi
sed -i -e "/^[[:space:]]\+leftcert=/d" \ sed -i".old-$SYS_DT" \
-e "/^[[:space:]]\+leftcert=/d" \
-e "/^[[:space:]]\+leftid=/d" /etc/ipsec.d/ikev2.conf -e "/^[[:space:]]\+leftid=/d" /etc/ipsec.d/ikev2.conf
if [ "$use_dns_name" = "1" ]; then if [ "$use_dns_name" = "1" ]; then
sed -i "/conn ikev2-cp/a \ leftid=@$server_addr" /etc/ipsec.d/ikev2.conf sed -i "/conn ikev2-cp/a \ leftid=@$server_addr" /etc/ipsec.d/ikev2.conf

View File

@ -11,6 +11,7 @@
# know how you have improved it! # know how you have improved it!
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SYS_DT=$(date +%F-%T | tr ':' '_')
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
bigecho() { echo "## $1"; } bigecho() { echo "## $1"; }
@ -114,11 +115,11 @@ toggle_ikev2_only() {
if [ "$ikev2_only_status" = "ENABLED" ]; then if [ "$ikev2_only_status" = "ENABLED" ]; then
confirm_disable_ikev2_only confirm_disable_ikev2_only
bigecho "Disabling IKEv2-only mode..." bigecho "Disabling IKEv2-only mode..."
sed -i "/ikev1-policy=/d" /etc/ipsec.conf sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf
elif [ "$ikev2_only_status" = "DISABLED" ]; then elif [ "$ikev2_only_status" = "DISABLED" ]; then
confirm_enable_ikev2_only confirm_enable_ikev2_only
bigecho "Enabling IKEv2-only mode..." bigecho "Enabling IKEv2-only mode..."
sed -i "/ikev1-policy=/d" /etc/ipsec.conf sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf
sed -i "/config setup/a \ ikev1-policy=drop" /etc/ipsec.conf sed -i "/config setup/a \ ikev1-policy=drop" /etc/ipsec.conf
fi fi
} }

View File

@ -20,6 +20,7 @@ SWAN_VER=
### DO NOT edit below this line ### ### DO NOT edit below this line ###
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SYS_DT=$(date +%F-%T | tr ':' '_')
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER" [ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
@ -202,7 +203,7 @@ update_ikev2_script() {
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url" wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
) || /bin/rm -f ikev2.sh.new ) || /bin/rm -f ikev2.sh.new
if [ -s ikev2.sh.new ]; then if [ -s ikev2.sh.new ]; then
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh ikev2.sh.old [ -s ikev2.sh ] && /bin/cp -f ikev2.sh "ikev2.sh.old-$SYS_DT"
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \ /bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
/bin/rm -f ikev2.sh.new /bin/rm -f ikev2.sh.new
@ -227,7 +228,7 @@ update_config() {
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1 [ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3 [ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
sed -i".old-$(date +%F-%T)" \ sed -i".old-$SYS_DT" \
-e "s/^[[:space:]]\+auth=/ phase2=/" \ -e "s/^[[:space:]]\+auth=/ phase2=/" \
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \ -e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \ -e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
@ -247,7 +248,7 @@ update_config() {
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
fi fi
} }

View File

@ -20,6 +20,7 @@ SWAN_VER=
### DO NOT edit below this line ### ### DO NOT edit below this line ###
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SYS_DT=$(date +%F-%T | tr ':' '_')
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER" [ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
@ -197,7 +198,7 @@ update_ikev2_script() {
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url" wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
) || /bin/rm -f ikev2.sh.new ) || /bin/rm -f ikev2.sh.new
if [ -s ikev2.sh.new ]; then if [ -s ikev2.sh.new ]; then
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh ikev2.sh.old [ -s ikev2.sh ] && /bin/cp -f ikev2.sh "ikev2.sh.old-$SYS_DT"
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \ /bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
/bin/rm -f ikev2.sh.new /bin/rm -f ikev2.sh.new
@ -216,7 +217,7 @@ update_config() {
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1 [ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3 [ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
sed -i".old-$(date +%F-%T)" \ sed -i".old-$SYS_DT" \
-e "s/^[[:space:]]\+auth=/ phase2=/" \ -e "s/^[[:space:]]\+auth=/ phase2=/" \
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \ -e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \ -e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
@ -236,7 +237,7 @@ update_config() {
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
fi fi
} }

View File

@ -20,6 +20,7 @@ SWAN_VER=
### DO NOT edit below this line ### ### DO NOT edit below this line ###
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SYS_DT=$(date +%F-%T | tr ':' '_')
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER" [ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
@ -233,7 +234,7 @@ update_ikev2_script() {
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url" wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
) || /bin/rm -f ikev2.sh.new ) || /bin/rm -f ikev2.sh.new
if [ -s ikev2.sh.new ]; then if [ -s ikev2.sh.new ]; then
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh ikev2.sh.old [ -s ikev2.sh ] && /bin/cp -f ikev2.sh "ikev2.sh.old-$SYS_DT"
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \ /bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
/bin/rm -f ikev2.sh.new /bin/rm -f ikev2.sh.new
@ -252,7 +253,7 @@ update_config() {
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1 [ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3 [ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
sed -i".old-$(date +%F-%T)" \ sed -i".old-$SYS_DT" \
-e "s/^[[:space:]]\+auth=/ phase2=/" \ -e "s/^[[:space:]]\+auth=/ phase2=/" \
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \ -e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \ -e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
@ -272,7 +273,7 @@ update_config() {
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
fi fi
} }

View File

@ -20,6 +20,7 @@ SWAN_VER=
### DO NOT edit below this line ### ### DO NOT edit below this line ###
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SYS_DT=$(date +%F-%T | tr ':' '_')
[ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER" [ -n "$VPN_UPDATE_SWAN_VER" ] && SWAN_VER="$VPN_UPDATE_SWAN_VER"
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
@ -234,7 +235,7 @@ update_ikev2_script() {
wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url" wget -t 3 -T 30 -q -O ikev2.sh.new "$ikev2_url"
) || /bin/rm -f ikev2.sh.new ) || /bin/rm -f ikev2.sh.new
if [ -s ikev2.sh.new ]; then if [ -s ikev2.sh.new ]; then
[ -s ikev2.sh ] && /bin/cp -f ikev2.sh ikev2.sh.old [ -s ikev2.sh ] && /bin/cp -f ikev2.sh "ikev2.sh.old-$SYS_DT"
/bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \ /bin/cp -f ikev2.sh.new ikev2.sh && chmod +x ikev2.sh \
&& ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
/bin/rm -f ikev2.sh.new /bin/rm -f ikev2.sh.new
@ -259,7 +260,7 @@ update_config() {
[ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1 [ -n "$DNS_SRV1" ] && [ -n "$DNS_SRV2" ] && dns_state=1
[ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3 [ "$(grep -c "modecfgdns1=" /etc/ipsec.conf)" -gt "1" ] && dns_state=3
sed -i".old-$(date +%F-%T)" \ sed -i".old-$SYS_DT" \
-e "s/^[[:space:]]\+auth=/ phase2=/" \ -e "s/^[[:space:]]\+auth=/ phase2=/" \
-e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \ -e "s/^[[:space:]]\+forceencaps=/ encapsulation=/" \
-e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \ -e "s/^[[:space:]]\+ike-frag=/ fragmentation=/" \
@ -279,7 +280,7 @@ update_config() {
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
fi fi
} }