New Libreswan version
- Use new Libreswan version 5.0. Ref: https://lists.libreswan.org/pipermail/swan-announce/2024/000058.html
This commit is contained in:
parent
bf965cfd18
commit
6f2efd3b59
@ -116,6 +116,7 @@ toggle_ikev2_only() {
|
|||||||
confirm_disable_ikev2_only
|
confirm_disable_ikev2_only
|
||||||
bigecho "Disabling IKEv2-only mode..."
|
bigecho "Disabling IKEv2-only mode..."
|
||||||
sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf
|
sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf
|
||||||
|
sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf
|
||||||
elif [ "$ikev2_only_status" = "DISABLED" ]; then
|
elif [ "$ikev2_only_status" = "DISABLED" ]; then
|
||||||
confirm_enable_ikev2_only
|
confirm_enable_ikev2_only
|
||||||
bigecho "Enabling IKEv2-only mode..."
|
bigecho "Enabling IKEv2-only mode..."
|
||||||
|
@ -240,7 +240,7 @@ get_helper_scripts() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
get_swan_ver() {
|
get_swan_ver() {
|
||||||
SWAN_VER=4.15
|
SWAN_VER=5.0
|
||||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||||
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
||||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||||
@ -294,12 +294,13 @@ WERROR_CFLAGS=-w -s
|
|||||||
USE_DNSSEC=false
|
USE_DNSSEC=false
|
||||||
USE_DH2=true
|
USE_DH2=true
|
||||||
FINALNSSDIR=/etc/ipsec.d
|
FINALNSSDIR=/etc/ipsec.d
|
||||||
|
NSSDIR=/etc/ipsec.d
|
||||||
EOF
|
EOF
|
||||||
NPROCS=$(grep -c ^processor /proc/cpuinfo)
|
NPROCS=$(grep -c ^processor /proc/cpuinfo)
|
||||||
[ -z "$NPROCS" ] && NPROCS=1
|
[ -z "$NPROCS" ] && NPROCS=1
|
||||||
(
|
(
|
||||||
set -x
|
set -x
|
||||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||||
)
|
)
|
||||||
cd /opt/src || exit 1
|
cd /opt/src || exit 1
|
||||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||||
@ -326,6 +327,7 @@ cat > /etc/ipsec.conf <<EOF
|
|||||||
version 2.0
|
version 2.0
|
||||||
|
|
||||||
config setup
|
config setup
|
||||||
|
ikev1-policy=accept
|
||||||
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
||||||
uniqueids=no
|
uniqueids=no
|
||||||
|
|
||||||
|
@ -258,7 +258,7 @@ get_helper_scripts() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
get_swan_ver() {
|
get_swan_ver() {
|
||||||
SWAN_VER=4.15
|
SWAN_VER=5.0
|
||||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||||
swan_ver_url="$base_url/v1-amzn-2-swanver"
|
swan_ver_url="$base_url/v1-amzn-2-swanver"
|
||||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||||
@ -315,6 +315,7 @@ USE_NSS_KDF=false
|
|||||||
USE_LINUX_AUDIT=false
|
USE_LINUX_AUDIT=false
|
||||||
USE_SECCOMP=false
|
USE_SECCOMP=false
|
||||||
FINALNSSDIR=/etc/ipsec.d
|
FINALNSSDIR=/etc/ipsec.d
|
||||||
|
NSSDIR=/etc/ipsec.d
|
||||||
EOF
|
EOF
|
||||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||||
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
||||||
@ -323,7 +324,7 @@ EOF
|
|||||||
[ -z "$NPROCS" ] && NPROCS=1
|
[ -z "$NPROCS" ] && NPROCS=1
|
||||||
(
|
(
|
||||||
set -x
|
set -x
|
||||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||||
)
|
)
|
||||||
cd /opt/src || exit 1
|
cd /opt/src || exit 1
|
||||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||||
@ -350,6 +351,7 @@ cat > /etc/ipsec.conf <<EOF
|
|||||||
version 2.0
|
version 2.0
|
||||||
|
|
||||||
config setup
|
config setup
|
||||||
|
ikev1-policy=accept
|
||||||
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
||||||
uniqueids=no
|
uniqueids=no
|
||||||
|
|
||||||
|
@ -360,7 +360,7 @@ get_helper_scripts() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
get_swan_ver() {
|
get_swan_ver() {
|
||||||
SWAN_VER=4.15
|
SWAN_VER=5.0
|
||||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||||
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
||||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||||
@ -417,6 +417,7 @@ USE_NSS_KDF=false
|
|||||||
USE_LINUX_AUDIT=false
|
USE_LINUX_AUDIT=false
|
||||||
USE_SECCOMP=false
|
USE_SECCOMP=false
|
||||||
FINALNSSDIR=/etc/ipsec.d
|
FINALNSSDIR=/etc/ipsec.d
|
||||||
|
NSSDIR=/etc/ipsec.d
|
||||||
EOF
|
EOF
|
||||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||||
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
||||||
@ -425,7 +426,7 @@ EOF
|
|||||||
[ -z "$NPROCS" ] && NPROCS=1
|
[ -z "$NPROCS" ] && NPROCS=1
|
||||||
(
|
(
|
||||||
set -x
|
set -x
|
||||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||||
)
|
)
|
||||||
cd /opt/src || exit 1
|
cd /opt/src || exit 1
|
||||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||||
@ -452,6 +453,7 @@ cat > /etc/ipsec.conf <<EOF
|
|||||||
version 2.0
|
version 2.0
|
||||||
|
|
||||||
config setup
|
config setup
|
||||||
|
ikev1-policy=accept
|
||||||
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
||||||
uniqueids=no
|
uniqueids=no
|
||||||
|
|
||||||
|
@ -313,7 +313,7 @@ get_helper_scripts() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
get_swan_ver() {
|
get_swan_ver() {
|
||||||
SWAN_VER=4.15
|
SWAN_VER=5.0
|
||||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||||
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
||||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||||
@ -368,6 +368,7 @@ USE_DNSSEC=false
|
|||||||
USE_DH2=true
|
USE_DH2=true
|
||||||
USE_NSS_KDF=false
|
USE_NSS_KDF=false
|
||||||
FINALNSSDIR=/etc/ipsec.d
|
FINALNSSDIR=/etc/ipsec.d
|
||||||
|
NSSDIR=/etc/ipsec.d
|
||||||
EOF
|
EOF
|
||||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||||
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
||||||
@ -376,7 +377,7 @@ EOF
|
|||||||
[ -z "$NPROCS" ] && NPROCS=1
|
[ -z "$NPROCS" ] && NPROCS=1
|
||||||
(
|
(
|
||||||
set -x
|
set -x
|
||||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||||
)
|
)
|
||||||
cd /opt/src || exit 1
|
cd /opt/src || exit 1
|
||||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||||
@ -403,6 +404,7 @@ cat > /etc/ipsec.conf <<EOF
|
|||||||
version 2.0
|
version 2.0
|
||||||
|
|
||||||
config setup
|
config setup
|
||||||
|
ikev1-policy=accept
|
||||||
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
||||||
uniqueids=no
|
uniqueids=no
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user