1
0
mirror of synced 2024-11-26 14:56:08 +03:00

Improve VPN setup

- Update uninstall script: For CentOS/RHEL 8, try to automatically
  restore nftables rules to the version before VPN setup.
- Cleanup
This commit is contained in:
hwdsl2 2021-09-09 00:14:26 -05:00
parent 263ffe97cc
commit 5f9a6fa8ce

View File

@ -135,9 +135,10 @@ stop_services() {
remove_ipsec() { remove_ipsec() {
bigecho "Removing IPsec..." bigecho "Removing IPsec..."
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec /bin/rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec /usr/local/share/doc/libreswan
rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \ /bin/rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service /etc/init.d/ipsec \
/etc/init.d/ipsec /usr/lib/systemd/system/ipsec.service /usr/lib/systemd/system/ipsec.service /etc/logrotate.d/libreswan \
/usr/lib/tmpfiles.d/libreswan.conf
} }
remove_xl2tpd() { remove_xl2tpd() {
@ -217,6 +218,16 @@ update_iptables_rules() {
fi fi
fi fi
else else
nft_bk=$(find /etc/sysconfig -maxdepth 1 -name 'nftables.conf.old-*-*-*-*_*_*' -print0 \
| xargs -r -0 ls -1 -t | head -1)
if [ -f "$nft_bk" ] \
&& [ "$(diff -y --suppress-common-lines "$IPT_FILE" "$nft_bk" | wc -l)" = "25" ]; then
bigecho "Restoring nftables rules..."
conf_bk "$IPT_FILE"
/bin/cp -f "$nft_bk" "$IPT_FILE" && /bin/rm -f "$nft_bk"
nft flush ruleset
systemctl restart nftables
else
cat <<'EOF' cat <<'EOF'
Note: This script cannot automatically remove nftables rules for the VPN. Note: This script cannot automatically remove nftables rules for the VPN.
@ -227,13 +238,14 @@ Note: This script cannot automatically remove nftables rules for the VPN.
EOF EOF
fi fi
fi fi
fi
} }
remove_config_files() { remove_config_files() {
bigecho "Removing VPN configuration..." bigecho "Removing VPN configuration..."
rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \ /bin/rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \
/etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto /etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto
rm -rf /etc/ipsec.d /etc/xl2tpd /bin/rm -rf /etc/ipsec.d /etc/xl2tpd
} }
remove_vpn() { remove_vpn() {