1
0
mirror of synced 2024-11-22 21:16:02 +03:00

Update IKEv2 script

- For the Ubuntu 18.04 NSS bug fix, use mirrors.kernel.org, which
  is an Ubuntu mirror that supports HTTPS, instead of HTTP-only
  security.ubuntu.com
- Minor fix: When uninstalling IKEv2, delete keys in addition to
  certificates from the IPsec database
This commit is contained in:
hwdsl2 2021-01-21 23:07:24 -06:00
parent 0199df0369
commit 47b5cd01c1

View File

@ -837,8 +837,8 @@ apply_ubuntu1804_nss_fix() {
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
bigecho "Applying fix for NSS bug on Ubuntu 18.04..." bigecho "Applying fix for NSS bug on Ubuntu 18.04..."
nss_url1="http://security.ubuntu.com/ubuntu/pool/main/n/nss" nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
nss_url2="http://security.ubuntu.com/ubuntu/pool/universe/n/nss" nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
nss_deb1="libnss3_3.49.1-1ubuntu1.5_amd64.deb" nss_deb1="libnss3_3.49.1-1ubuntu1.5_amd64.deb"
nss_deb2="libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb" nss_deb2="libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb"
nss_deb3="libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb" nss_deb3="libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb"
@ -992,9 +992,11 @@ delete_ikev2_conf() {
delete_certificates() { delete_certificates() {
bigecho "Deleting certificates from the IPsec database..." bigecho "Deleting certificates from the IPsec database..."
certutil -L -d sql:/etc/ipsec.d | grep -v -e '^$' -e 'IKEv2 VPN CA' | tail -n +3 | cut -f1 -d ' ' | while read -r line; do certutil -L -d sql:/etc/ipsec.d | grep -v -e '^$' -e 'IKEv2 VPN CA' | tail -n +3 | cut -f1 -d ' ' | while read -r line; do
certutil -D -d sql:/etc/ipsec.d -n "$line" certutil -F -d sql:/etc/ipsec.d -n "$line"
certutil -D -d sql:/etc/ipsec.d -n "$line" 2>/dev/null
done done
certutil -D -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" certutil -F -d sql:/etc/ipsec.d -n "IKEv2 VPN CA"
certutil -D -d sql:/etc/ipsec.d -n "IKEv2 VPN CA" 2>/dev/null
} }
print_ikev2_removed_message() { print_ikev2_removed_message() {