1
0
mirror of synced 2024-11-23 05:26:02 +03:00

Update upgrade scripts

- Support upgrading to Libreswan 3.32
- Update ikev2 setup helper script
This commit is contained in:
hwdsl2 2020-05-11 11:28:37 -05:00
parent b293aa3081
commit 6a285499e3
3 changed files with 22 additions and 21 deletions

View File

@ -46,15 +46,16 @@ EOF
fi fi
case "$swan_ver" in case "$swan_ver" in
3.19|3.2[01235679]|3.31) 3.19|3.2[01235679]|3.3[12])
/bin/true /bin/true
;; ;;
*) *)
cat 1>&2 <<EOF cat 1>&2 <<EOF
Error: Libreswan version '$swan_ver' is not supported. Error: Libreswan version '$swan_ver' is not supported.
This script requires one of these versions: This script requires one of these versions:
3.19-3.23, 3.25-3.27, 3.29 or 3.31 3.19-3.23, 3.25-3.27, 3.29, 3.31 or 3.32
Upgrade Libreswan: https://git.io/vpnupgrade To upgrade Libreswan, see:
https://github.com/hwdsl2/setup-ipsec-vpn#upgrade-libreswan
EOF EOF
exit 1 exit 1
;; ;;
@ -119,7 +120,7 @@ fi
# Check for MOBIKE support # Check for MOBIKE support
mobike_support=0 mobike_support=0
case "$swan_ver" in case "$swan_ver" in
3.2[35679]|3.31) 3.2[35679]|3.3[12])
mobike_support=1 mobike_support=1
;; ;;
esac esac
@ -194,7 +195,7 @@ conn ikev2-cp
EOF EOF
case "$swan_ver" in case "$swan_ver" in
3.2[35679]|3.31) 3.2[35679]|3.3[12])
cat >> /etc/ipsec.conf <<'EOF' cat >> /etc/ipsec.conf <<'EOF'
modecfgdns="8.8.8.8 8.8.4.4" modecfgdns="8.8.8.8 8.8.4.4"
encapsulation=yes encapsulation=yes

View File

@ -11,7 +11,7 @@
# know how you have improved it! # know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org # Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=3.31 SWAN_VER=3.32
### DO NOT edit below this line ### ### DO NOT edit below this line ###
@ -46,14 +46,14 @@ if [ "$(id -u)" != 0 ]; then
fi fi
case "$SWAN_VER" in case "$SWAN_VER" in
3.19|3.2[01235679]|3.31) 3.19|3.2[01235679]|3.3[12])
/bin/true /bin/true
;; ;;
*) *)
cat 1>&2 <<EOF cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported. Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of the following versions: This script can install one of the following versions:
3.19-3.23, 3.25-3.27, 3.29 and 3.31 3.19-3.23, 3.25-3.27, 3.29, 3.31 and 3.32
EOF EOF
exit 1 exit 1
;; ;;
@ -61,7 +61,7 @@ esac
dns_state=0 dns_state=0
case "$SWAN_VER" in case "$SWAN_VER" in
3.2[35679]|3.31) 3.2[35679]|3.3[12])
DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
[ -n "$DNS_SRV1" ] && dns_state=2 [ -n "$DNS_SRV1" ] && dns_state=2
@ -136,7 +136,7 @@ cat <<'EOF'
EOF EOF
fi fi
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ]; then if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
cat <<'EOF' cat <<'EOF'
- Move "ikev2=never" to section "conn shared" - Move "ikev2=never" to section "conn shared"
EOF EOF
@ -149,7 +149,7 @@ cat <<'EOF'
EOF EOF
case "$SWAN_VER" in case "$SWAN_VER" in
3.19|3.2[01235679]) 3.19|3.2[01235679]|3.31)
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See: https://libreswan.org/security/ See: https://libreswan.org/security/
@ -225,7 +225,7 @@ USE_NSS_AVA_COPY = true
USE_NSS_IPSEC_PROFILE = false USE_NSS_IPSEC_PROFILE = false
USE_GLIBC_KERN_FLIP_HEADERS = true USE_GLIBC_KERN_FLIP_HEADERS = true
EOF EOF
if [ "$SWAN_VER" = "3.31" ]; then if [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
echo "USE_DH2 = true" >> Makefile.inc.local echo "USE_DH2 = true" >> Makefile.inc.local
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local
@ -273,7 +273,7 @@ elif [ "$dns_state" = "4" ]; then
sed -i "s/modecfgdns=.*/modecfgdns1=$DNS_SRV1/" /etc/ipsec.conf sed -i "s/modecfgdns=.*/modecfgdns1=$DNS_SRV1/" /etc/ipsec.conf
fi fi
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ]; then if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/ikev2=never/d" /etc/ipsec.conf
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
fi fi

View File

@ -11,7 +11,7 @@
# know how you have improved it! # know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org # Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=3.31 SWAN_VER=3.32
### DO NOT edit below this line ### ### DO NOT edit below this line ###
@ -37,14 +37,14 @@ if [ "$(id -u)" != 0 ]; then
fi fi
case "$SWAN_VER" in case "$SWAN_VER" in
3.19|3.2[01235679]|3.31) 3.19|3.2[01235679]|3.3[12])
/bin/true /bin/true
;; ;;
*) *)
cat 1>&2 <<EOF cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported. Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of the following versions: This script can install one of the following versions:
3.19-3.23, 3.25-3.27, 3.29 and 3.31 3.19-3.23, 3.25-3.27, 3.29, 3.31 and 3.32
EOF EOF
exit 1 exit 1
;; ;;
@ -52,7 +52,7 @@ esac
dns_state=0 dns_state=0
case "$SWAN_VER" in case "$SWAN_VER" in
3.2[35679]|3.31) 3.2[35679]|3.3[12])
DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
[ -n "$DNS_SRV1" ] && dns_state=2 [ -n "$DNS_SRV1" ] && dns_state=2
@ -127,7 +127,7 @@ cat <<'EOF'
EOF EOF
fi fi
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ]; then if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
cat <<'EOF' cat <<'EOF'
- Move "ikev2=never" to section "conn shared" - Move "ikev2=never" to section "conn shared"
EOF EOF
@ -140,7 +140,7 @@ cat <<'EOF'
EOF EOF
case "$SWAN_VER" in case "$SWAN_VER" in
3.19|3.2[01235679]) 3.19|3.2[01235679]|3.31)
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See: https://libreswan.org/security/ See: https://libreswan.org/security/
@ -234,7 +234,7 @@ USE_NSS_AVA_COPY = true
USE_NSS_IPSEC_PROFILE = false USE_NSS_IPSEC_PROFILE = false
USE_GLIBC_KERN_FLIP_HEADERS = true USE_GLIBC_KERN_FLIP_HEADERS = true
EOF EOF
if [ "$SWAN_VER" = "3.31" ]; then if [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
echo "USE_DH2 = true" >> Makefile.inc.local echo "USE_DH2 = true" >> Makefile.inc.local
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local
@ -278,7 +278,7 @@ elif [ "$dns_state" = "4" ]; then
sed -i "s/modecfgdns=.*/modecfgdns1=$DNS_SRV1/" /etc/ipsec.conf sed -i "s/modecfgdns=.*/modecfgdns1=$DNS_SRV1/" /etc/ipsec.conf
fi fi
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ]; then if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/ikev2=never/d" /etc/ipsec.conf
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
fi fi