Update IKEv2 script
- Apply fix for NSS bug on Ubuntu 18.04. Ubuntu 18.04 has NSS (libnss3) version 3.35, which has a bug with iteration counts that results in "incorrect password" errors when trying to import a generated ".p12" file to Windows. To fix this, we install newer versions of libnss3 related packages from the official Ubuntu repo. Ref: #414 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes https://packages.ubuntu.com/focal/amd64/libnss3 - Other minor improvements
This commit is contained in:
hwdsl2
parent
7d9f2c6603
commit
5e1b3e1ae9
@ -833,6 +833,26 @@ EOF
|
|||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
|
apply_ubuntu1804_nss_fix() {
|
||||||
|
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
|
||||||
|
bigecho "Applying fix for NSS bug on Ubuntu 18.04..."
|
||||||
|
|
||||||
|
nss_url1="http://security.ubuntu.com/ubuntu/pool/main/n/nss"
|
||||||
|
nss_url2="http://security.ubuntu.com/ubuntu/pool/universe/n/nss"
|
||||||
|
nss_deb1="libnss3_3.49.1-1ubuntu1.5_amd64.deb"
|
||||||
|
nss_deb2="libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb"
|
||||||
|
nss_deb3="libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb"
|
||||||
|
if wget -t 3 -T 30 -nv -O "/tmp/$nss_deb1" "$nss_url1/$nss_deb1" \
|
||||||
|
&& wget -t 3 -T 30 -nv -O "/tmp/$nss_deb2" "$nss_url1/$nss_deb2" \
|
||||||
|
&& wget -t 3 -T 30 -nv -O "/tmp/$nss_deb3" "$nss_url2/$nss_deb3"; then
|
||||||
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
apt-get -yqq update
|
||||||
|
apt-get -yqq install "/tmp/$nss_deb1" "/tmp/$nss_deb2" "/tmp/$nss_deb3"
|
||||||
|
fi
|
||||||
|
/bin/rm -f "/tmp/$nss_deb1" "/tmp/$nss_deb2" "/tmp/$nss_deb3"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
restart_ipsec_service() {
|
restart_ipsec_service() {
|
||||||
bigecho "Restarting IPsec service..."
|
bigecho "Restarting IPsec service..."
|
||||||
|
|
||||||
@ -847,6 +867,9 @@ cat <<EOF
|
|||||||
|
|
||||||
New IKEv2 VPN client "$client_name" added!
|
New IKEv2 VPN client "$client_name" added!
|
||||||
|
|
||||||
|
VPN server address: $server_addr
|
||||||
|
VPN client name: $client_name
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -857,6 +880,9 @@ cat <<EOF
|
|||||||
|
|
||||||
IKEv2 VPN client "$client_name" configuration exported!
|
IKEv2 VPN client "$client_name" configuration exported!
|
||||||
|
|
||||||
|
VPN server address: $server_addr
|
||||||
|
VPN client name: $client_name
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1063,6 +1089,7 @@ ikev2setup() {
|
|||||||
use_own_password=0
|
use_own_password=0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
apply_ubuntu1804_nss_fix
|
||||||
create_ca_cert
|
create_ca_cert
|
||||||
create_server_cert
|
create_server_cert
|
||||||
create_client_cert
|
create_client_cert
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user