Update upgrade scripts
- Support upgrading to Libreswan 3.32 - Update ikev2 setup helper script
This commit is contained in:
parent
b293aa3081
commit
6a285499e3
@ -46,15 +46,16 @@ EOF
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
case "$swan_ver" in
|
case "$swan_ver" in
|
||||||
3.19|3.2[01235679]|3.31)
|
3.19|3.2[01235679]|3.3[12])
|
||||||
/bin/true
|
/bin/true
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
cat 1>&2 <<EOF
|
cat 1>&2 <<EOF
|
||||||
Error: Libreswan version '$swan_ver' is not supported.
|
Error: Libreswan version '$swan_ver' is not supported.
|
||||||
This script requires one of these versions:
|
This script requires one of these versions:
|
||||||
3.19-3.23, 3.25-3.27, 3.29 or 3.31
|
3.19-3.23, 3.25-3.27, 3.29, 3.31 or 3.32
|
||||||
Upgrade Libreswan: https://git.io/vpnupgrade
|
To upgrade Libreswan, see:
|
||||||
|
https://github.com/hwdsl2/setup-ipsec-vpn#upgrade-libreswan
|
||||||
EOF
|
EOF
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
@ -119,7 +120,7 @@ fi
|
|||||||
# Check for MOBIKE support
|
# Check for MOBIKE support
|
||||||
mobike_support=0
|
mobike_support=0
|
||||||
case "$swan_ver" in
|
case "$swan_ver" in
|
||||||
3.2[35679]|3.31)
|
3.2[35679]|3.3[12])
|
||||||
mobike_support=1
|
mobike_support=1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -194,7 +195,7 @@ conn ikev2-cp
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
case "$swan_ver" in
|
case "$swan_ver" in
|
||||||
3.2[35679]|3.31)
|
3.2[35679]|3.3[12])
|
||||||
cat >> /etc/ipsec.conf <<'EOF'
|
cat >> /etc/ipsec.conf <<'EOF'
|
||||||
modecfgdns="8.8.8.8 8.8.4.4"
|
modecfgdns="8.8.8.8 8.8.4.4"
|
||||||
encapsulation=yes
|
encapsulation=yes
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
# know how you have improved it!
|
# know how you have improved it!
|
||||||
|
|
||||||
# Specify which Libreswan version to install. See: https://libreswan.org
|
# Specify which Libreswan version to install. See: https://libreswan.org
|
||||||
SWAN_VER=3.31
|
SWAN_VER=3.32
|
||||||
|
|
||||||
### DO NOT edit below this line ###
|
### DO NOT edit below this line ###
|
||||||
|
|
||||||
@ -46,14 +46,14 @@ if [ "$(id -u)" != 0 ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case "$SWAN_VER" in
|
||||||
3.19|3.2[01235679]|3.31)
|
3.19|3.2[01235679]|3.3[12])
|
||||||
/bin/true
|
/bin/true
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
cat 1>&2 <<EOF
|
cat 1>&2 <<EOF
|
||||||
Error: Libreswan version '$SWAN_VER' is not supported.
|
Error: Libreswan version '$SWAN_VER' is not supported.
|
||||||
This script can install one of the following versions:
|
This script can install one of the following versions:
|
||||||
3.19-3.23, 3.25-3.27, 3.29 and 3.31
|
3.19-3.23, 3.25-3.27, 3.29, 3.31 and 3.32
|
||||||
EOF
|
EOF
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
@ -61,7 +61,7 @@ esac
|
|||||||
|
|
||||||
dns_state=0
|
dns_state=0
|
||||||
case "$SWAN_VER" in
|
case "$SWAN_VER" in
|
||||||
3.2[35679]|3.31)
|
3.2[35679]|3.3[12])
|
||||||
DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
|
DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
|
||||||
DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
|
DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
|
||||||
[ -n "$DNS_SRV1" ] && dns_state=2
|
[ -n "$DNS_SRV1" ] && dns_state=2
|
||||||
@ -136,7 +136,7 @@ cat <<'EOF'
|
|||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ]; then
|
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
- Move "ikev2=never" to section "conn shared"
|
- Move "ikev2=never" to section "conn shared"
|
||||||
EOF
|
EOF
|
||||||
@ -149,7 +149,7 @@ cat <<'EOF'
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case "$SWAN_VER" in
|
||||||
3.19|3.2[01235679])
|
3.19|3.2[01235679]|3.31)
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
||||||
See: https://libreswan.org/security/
|
See: https://libreswan.org/security/
|
||||||
@ -225,7 +225,7 @@ USE_NSS_AVA_COPY = true
|
|||||||
USE_NSS_IPSEC_PROFILE = false
|
USE_NSS_IPSEC_PROFILE = false
|
||||||
USE_GLIBC_KERN_FLIP_HEADERS = true
|
USE_GLIBC_KERN_FLIP_HEADERS = true
|
||||||
EOF
|
EOF
|
||||||
if [ "$SWAN_VER" = "3.31" ]; then
|
if [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
|
||||||
echo "USE_DH2 = true" >> Makefile.inc.local
|
echo "USE_DH2 = true" >> Makefile.inc.local
|
||||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||||
echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local
|
echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local
|
||||||
@ -273,7 +273,7 @@ elif [ "$dns_state" = "4" ]; then
|
|||||||
sed -i "s/modecfgdns=.*/modecfgdns1=$DNS_SRV1/" /etc/ipsec.conf
|
sed -i "s/modecfgdns=.*/modecfgdns1=$DNS_SRV1/" /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ]; then
|
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
|
||||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
# know how you have improved it!
|
# know how you have improved it!
|
||||||
|
|
||||||
# Specify which Libreswan version to install. See: https://libreswan.org
|
# Specify which Libreswan version to install. See: https://libreswan.org
|
||||||
SWAN_VER=3.31
|
SWAN_VER=3.32
|
||||||
|
|
||||||
### DO NOT edit below this line ###
|
### DO NOT edit below this line ###
|
||||||
|
|
||||||
@ -37,14 +37,14 @@ if [ "$(id -u)" != 0 ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case "$SWAN_VER" in
|
||||||
3.19|3.2[01235679]|3.31)
|
3.19|3.2[01235679]|3.3[12])
|
||||||
/bin/true
|
/bin/true
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
cat 1>&2 <<EOF
|
cat 1>&2 <<EOF
|
||||||
Error: Libreswan version '$SWAN_VER' is not supported.
|
Error: Libreswan version '$SWAN_VER' is not supported.
|
||||||
This script can install one of the following versions:
|
This script can install one of the following versions:
|
||||||
3.19-3.23, 3.25-3.27, 3.29 and 3.31
|
3.19-3.23, 3.25-3.27, 3.29, 3.31 and 3.32
|
||||||
EOF
|
EOF
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
@ -52,7 +52,7 @@ esac
|
|||||||
|
|
||||||
dns_state=0
|
dns_state=0
|
||||||
case "$SWAN_VER" in
|
case "$SWAN_VER" in
|
||||||
3.2[35679]|3.31)
|
3.2[35679]|3.3[12])
|
||||||
DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
|
DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
|
||||||
DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
|
DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
|
||||||
[ -n "$DNS_SRV1" ] && dns_state=2
|
[ -n "$DNS_SRV1" ] && dns_state=2
|
||||||
@ -127,7 +127,7 @@ cat <<'EOF'
|
|||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ]; then
|
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
- Move "ikev2=never" to section "conn shared"
|
- Move "ikev2=never" to section "conn shared"
|
||||||
EOF
|
EOF
|
||||||
@ -140,7 +140,7 @@ cat <<'EOF'
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case "$SWAN_VER" in
|
||||||
3.19|3.2[01235679])
|
3.19|3.2[01235679]|3.31)
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
||||||
See: https://libreswan.org/security/
|
See: https://libreswan.org/security/
|
||||||
@ -234,7 +234,7 @@ USE_NSS_AVA_COPY = true
|
|||||||
USE_NSS_IPSEC_PROFILE = false
|
USE_NSS_IPSEC_PROFILE = false
|
||||||
USE_GLIBC_KERN_FLIP_HEADERS = true
|
USE_GLIBC_KERN_FLIP_HEADERS = true
|
||||||
EOF
|
EOF
|
||||||
if [ "$SWAN_VER" = "3.31" ]; then
|
if [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
|
||||||
echo "USE_DH2 = true" >> Makefile.inc.local
|
echo "USE_DH2 = true" >> Makefile.inc.local
|
||||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||||
echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local
|
echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local
|
||||||
@ -278,7 +278,7 @@ elif [ "$dns_state" = "4" ]; then
|
|||||||
sed -i "s/modecfgdns=.*/modecfgdns1=$DNS_SRV1/" /etc/ipsec.conf
|
sed -i "s/modecfgdns=.*/modecfgdns1=$DNS_SRV1/" /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ]; then
|
if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] || [ "$SWAN_VER" = "3.32" ]; then
|
||||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user