From 47b5cd01c1ee6738731ff88c382a900de1ed40c3 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Thu, 21 Jan 2021 23:07:24 -0600 Subject: [PATCH] Update IKEv2 script - For the Ubuntu 18.04 NSS bug fix, use mirrors.kernel.org, which is an Ubuntu mirror that supports HTTPS, instead of HTTP-only security.ubuntu.com - Minor fix: When uninstalling IKEv2, delete keys in addition to certificates from the IPsec database --- extras/ikev2setup.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh index 2a550a4..718e13f 100644 --- a/extras/ikev2setup.sh +++ b/extras/ikev2setup.sh @@ -837,8 +837,8 @@ apply_ubuntu1804_nss_fix() { if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then bigecho "Applying fix for NSS bug on Ubuntu 18.04..." - nss_url1="http://security.ubuntu.com/ubuntu/pool/main/n/nss" - nss_url2="http://security.ubuntu.com/ubuntu/pool/universe/n/nss" + nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss" + nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss" nss_deb1="libnss3_3.49.1-1ubuntu1.5_amd64.deb" nss_deb2="libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb" nss_deb3="libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb" @@ -992,9 +992,11 @@ delete_ikev2_conf() { delete_certificates() { bigecho "Deleting certificates from the IPsec database..." certutil -L -d sql:/etc/ipsec.d | grep -v -e '^$' -e 'IKEv2 VPN CA' | tail -n +3 | cut -f1 -d ' ' | while read -r line; do - certutil -D -d sql:/etc/ipsec.d -n "$line" + certutil -F -d sql:/etc/ipsec.d -n "$line" + certutil -D -d sql:/etc/ipsec.d -n "$line" 2>/dev/null done - certutil -D -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" + certutil -F -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" + certutil -D -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" 2>/dev/null } print_ikev2_removed_message() {