From 4c0c13410226565f4dfe703b22006f29b4f20d44 Mon Sep 17 00:00:00 2001 From: Dustin Oprea <myselfasunder@gmail.com> Date: Tue, 17 May 2016 23:37:56 -0400 Subject: [PATCH 1/4] Default the PSK, username, and password from the environment. --- vpnsetup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vpnsetup.sh b/vpnsetup.sh index 1597e62..3baaa64 100644 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -22,9 +22,9 @@ # - All values MUST be quoted using 'single quotes' # - DO NOT use these characters inside values: \ " ' -IPSEC_PSK='' -VPN_USER='' -VPN_PASSWORD='' +IPSEC_PSK="$VPNSETUP_IPSEC_PSK" +VPN_USER="$VPNSETUP_USERNAME" +VPN_PASSWORD="$VPNSETUP_PASSWORD" # Important Notes: https://git.io/vpnnotes # Setup VPN Clients: https://git.io/vpnclients From cb946063d2ef112d3f98a30c544900ebc8934e72 Mon Sep 17 00:00:00 2001 From: Dustin Oprea <myselfasunder@gmail.com> Date: Wed, 18 May 2016 00:08:17 -0400 Subject: [PATCH 2/4] We default the IPs from the environment, too. --- vpnsetup.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/vpnsetup.sh b/vpnsetup.sh index 3baaa64..aa2b473 100644 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -22,9 +22,11 @@ # - All values MUST be quoted using 'single quotes' # - DO NOT use these characters inside values: \ " ' -IPSEC_PSK="$VPNSETUP_IPSEC_PSK" -VPN_USER="$VPNSETUP_USERNAME" -VPN_PASSWORD="$VPNSETUP_PASSWORD" +IPSEC_PSK="$VPN_IPSEC_PSK" +VPN_USER="$VPN_USERNAME" +VPN_PASSWORD="$VPN_PASSWORD" +PUBLIC_IP="$VPN_PUBLIC_IP" +PRIVATE_IP="$VPN_PRIVATE_IP" # Important Notes: https://git.io/vpnnotes # Setup VPN Clients: https://git.io/vpnclients @@ -108,8 +110,8 @@ echo # In Amazon EC2, these two variables will be retrieved from metadata. # For all other servers, replace them with actual IPs or comment out. # If your server only has a public IP, put that IP on both lines. -PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4') -PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4') +[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4') +[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4') # Try to find IPs for non-EC2 servers [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) From 6fb736775b02344ad91b9a89119737a495ee8ee1 Mon Sep 17 00:00:00 2001 From: Dustin Oprea <myselfasunder@gmail.com> Date: Wed, 18 May 2016 02:50:27 -0400 Subject: [PATCH 3/4] Removed quotes due to restrictions. --- vpnsetup.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vpnsetup.sh b/vpnsetup.sh index aa2b473..8842ef3 100644 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -22,11 +22,11 @@ # - All values MUST be quoted using 'single quotes' # - DO NOT use these characters inside values: \ " ' -IPSEC_PSK="$VPN_IPSEC_PSK" -VPN_USER="$VPN_USERNAME" -VPN_PASSWORD="$VPN_PASSWORD" -PUBLIC_IP="$VPN_PUBLIC_IP" -PRIVATE_IP="$VPN_PRIVATE_IP" +IPSEC_PSK=$VPN_IPSEC_PSK +VPN_USER=$VPN_USERNAME +VPN_PASSWORD=$VPN_PASSWORD +PUBLIC_IP=$VPN_PUBLIC_IP +PRIVATE_IP=$VPN_PRIVATE_IP # Important Notes: https://git.io/vpnnotes # Setup VPN Clients: https://git.io/vpnclients From d692e243c09ed8db63656b82a86f32bf067debc5 Mon Sep 17 00:00:00 2001 From: Dustin Oprea <myselfasunder@gmail.com> Date: Wed, 18 May 2016 22:46:28 -0400 Subject: [PATCH 4/4] Renamed PSK variable and adjusted IP variables. --- vpnsetup.sh | 29 +++++++++++++++-------------- vpnsetup_centos.sh | 33 ++++++++++++++++++--------------- 2 files changed, 33 insertions(+), 29 deletions(-) diff --git a/vpnsetup.sh b/vpnsetup.sh index 8842ef3..9c66219 100644 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -18,15 +18,13 @@ # ===================================================== # Define your own values for these variables -# - IPsec Pre-Shared Key, VPN Username and Password # - All values MUST be quoted using 'single quotes' # - DO NOT use these characters inside values: \ " ' +# - IPsec Pre-Shared Key, VPN Username and Password -IPSEC_PSK=$VPN_IPSEC_PSK -VPN_USER=$VPN_USERNAME +VPN_IPSEC_PSK=$VPN_IPSEC_PSK +VPN_USER=$VPN_USER VPN_PASSWORD=$VPN_PASSWORD -PUBLIC_IP=$VPN_PUBLIC_IP -PRIVATE_IP=$VPN_PRIVATE_IP # Important Notes: https://git.io/vpnnotes # Setup VPN Clients: https://git.io/vpnclients @@ -65,13 +63,13 @@ if [ ! -f /sys/class/net/eth0/operstate ]; then exit 1 fi -if [ -z "$IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then - IPSEC_PSK="$(< /dev/urandom tr -dc 'A-HJ-NPR-Za-km-z2-9' | head -c 16)" +if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then + VPN_IPSEC_PSK="$(< /dev/urandom tr -dc 'A-HJ-NPR-Za-km-z2-9' | head -c 16)" VPN_USER=vpnuser VPN_PASSWORD="$(< /dev/urandom tr -dc 'A-HJ-NPR-Za-km-z2-9' | head -c 16)" fi -if [ -z "$IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then +if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then echo "VPN credentials cannot be empty. Edit the script and re-enter them." exit 1 fi @@ -107,9 +105,12 @@ echo 'In case the script hangs here for more than a few minutes,' echo 'use Ctrl-C to interrupt. Then edit it and manually enter IPs.' echo -# In Amazon EC2, these two variables will be retrieved from metadata. -# For all other servers, replace them with actual IPs or comment out. -# If your server only has a public IP, put that IP on both lines. +# In case auto IP discovery fails, you may manually enter server IPs here. +# If your server only has a public IP, put that public IP on both lines. +PUBLIC_IP=$VPN_PUBLIC_IP +PRIVATE_IP=$VPN_PRIVATE_IP + +# In Amazon EC2, these two variables will be retrieved from metadata [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4') [ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4') @@ -220,7 +221,7 @@ EOF # Specify IPsec PSK /bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$SYS_DT" 2>/dev/null cat > /etc/ipsec.secrets <<EOF -$PUBLIC_IP %any : PSK "$IPSEC_PSK" +$PUBLIC_IP %any : PSK "$VPN_IPSEC_PSK" EOF # Create xl2tpd config @@ -460,7 +461,7 @@ echo echo 'Connect to your new VPN with these details:' echo echo "Server IP: $PUBLIC_IP" -echo "IPsec PSK: $IPSEC_PSK" +echo "IPsec PSK: $VPN_IPSEC_PSK" echo "Username: $VPN_USER" echo "Password: $VPN_PASSWORD" echo @@ -472,4 +473,4 @@ echo echo '================================================' echo -exit 0 +exit 0 \ No newline at end of file diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 3710442..0305192 100644 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -18,13 +18,13 @@ # ===================================================== # Define your own values for these variables -# - IPsec Pre-Shared Key, VPN Username and Password # - All values MUST be quoted using 'single quotes' # - DO NOT use these characters inside values: \ " ' +# - IPsec Pre-Shared Key, VPN Username and Password -IPSEC_PSK='' -VPN_USER='' -VPN_PASSWORD='' +VPN_IPSEC_PSK=$VPN_IPSEC_PSK +VPN_USER=$VPN_USER +VPN_PASSWORD=$VPN_PASSWORD # Important Notes: https://git.io/vpnnotes # Setup VPN Clients: https://git.io/vpnclients @@ -72,13 +72,13 @@ if [ ! -f /sys/class/net/eth0/operstate ]; then exit 1 fi -if [ -z "$IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then - IPSEC_PSK="$(< /dev/urandom tr -dc 'A-HJ-NPR-Za-km-z2-9' | head -c 16)" +if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then + VPN_IPSEC_PSK="$(< /dev/urandom tr -dc 'A-HJ-NPR-Za-km-z2-9' | head -c 16)" VPN_USER=vpnuser VPN_PASSWORD="$(< /dev/urandom tr -dc 'A-HJ-NPR-Za-km-z2-9' | head -c 16)" fi -if [ -z "$IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then +if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then echo "VPN credentials cannot be empty. Edit the script and re-enter them." exit 1 fi @@ -100,11 +100,14 @@ echo 'In case the script hangs here for more than a few minutes,' echo 'use Ctrl-C to interrupt. Then edit it and manually enter IPs.' echo -# In Amazon EC2, these two variables will be retrieved from metadata. -# For all other servers, replace them with actual IPs or comment out. -# If your server only has a public IP, put that IP on both lines. -PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4') -PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4') +# In case auto IP discovery fails, you may manually enter server IPs here. +# If your server only has a public IP, put that public IP on both lines. +PUBLIC_IP=$VPN_PUBLIC_IP +PRIVATE_IP=$VPN_PRIVATE_IP + +# In Amazon EC2, these two variables will be retrieved from metadata +[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4') +[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4') # Try to find IPs for non-EC2 servers [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) @@ -236,7 +239,7 @@ EOF # Specify IPsec PSK /bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$SYS_DT" 2>/dev/null cat > /etc/ipsec.secrets <<EOF -$PUBLIC_IP %any : PSK "$IPSEC_PSK" +$PUBLIC_IP %any : PSK "$VPN_IPSEC_PSK" EOF # Create xl2tpd config @@ -474,7 +477,7 @@ echo echo 'Connect to your new VPN with these details:' echo echo "Server IP: $PUBLIC_IP" -echo "IPsec PSK: $IPSEC_PSK" +echo "IPsec PSK: $VPN_IPSEC_PSK" echo "Username: $VPN_USER" echo "Password: $VPN_PASSWORD" echo @@ -486,4 +489,4 @@ echo echo '================================================' echo -exit 0 +exit 0 \ No newline at end of file