1
0
mirror of synced 2024-11-21 20:46:10 +03:00

New Libreswan version

- Use new Libreswan version 5.0.
  Ref: https://lists.libreswan.org/pipermail/swan-announce/2024/000058.html
This commit is contained in:
hwdsl2 2024-05-02 20:44:54 -05:00
parent bf965cfd18
commit 6f2efd3b59
5 changed files with 17 additions and 8 deletions

View File

@ -116,6 +116,7 @@ toggle_ikev2_only() {
confirm_disable_ikev2_only confirm_disable_ikev2_only
bigecho "Disabling IKEv2-only mode..." bigecho "Disabling IKEv2-only mode..."
sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf
sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf
elif [ "$ikev2_only_status" = "DISABLED" ]; then elif [ "$ikev2_only_status" = "DISABLED" ]; then
confirm_enable_ikev2_only confirm_enable_ikev2_only
bigecho "Enabling IKEv2-only mode..." bigecho "Enabling IKEv2-only mode..."

View File

@ -240,7 +240,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.15 SWAN_VER=5.0
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -294,12 +294,13 @@ WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true USE_DH2=true
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
NSSDIR=/etc/ipsec.d
EOF EOF
NPROCS=$(grep -c ^processor /proc/cpuinfo) NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
( (
set -x set -x
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
) )
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
@ -326,6 +327,7 @@ cat > /etc/ipsec.conf <<EOF
version 2.0 version 2.0
config setup config setup
ikev1-policy=accept
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
uniqueids=no uniqueids=no

View File

@ -258,7 +258,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.15 SWAN_VER=5.0
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-amzn-2-swanver" swan_ver_url="$base_url/v1-amzn-2-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -315,6 +315,7 @@ USE_NSS_KDF=false
USE_LINUX_AUDIT=false USE_LINUX_AUDIT=false
USE_SECCOMP=false USE_SECCOMP=false
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
NSSDIR=/etc/ipsec.d
EOF EOF
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
@ -323,7 +324,7 @@ EOF
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
( (
set -x set -x
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
) )
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
@ -350,6 +351,7 @@ cat > /etc/ipsec.conf <<EOF
version 2.0 version 2.0
config setup config setup
ikev1-policy=accept
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
uniqueids=no uniqueids=no

View File

@ -360,7 +360,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.15 SWAN_VER=5.0
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -417,6 +417,7 @@ USE_NSS_KDF=false
USE_LINUX_AUDIT=false USE_LINUX_AUDIT=false
USE_SECCOMP=false USE_SECCOMP=false
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
NSSDIR=/etc/ipsec.d
EOF EOF
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
@ -425,7 +426,7 @@ EOF
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
( (
set -x set -x
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
) )
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
@ -452,6 +453,7 @@ cat > /etc/ipsec.conf <<EOF
version 2.0 version 2.0
config setup config setup
ikev1-policy=accept
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
uniqueids=no uniqueids=no

View File

@ -313,7 +313,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.15 SWAN_VER=5.0
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -368,6 +368,7 @@ USE_DNSSEC=false
USE_DH2=true USE_DH2=true
USE_NSS_KDF=false USE_NSS_KDF=false
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
NSSDIR=/etc/ipsec.d
EOF EOF
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
@ -376,7 +377,7 @@ EOF
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
( (
set -x set -x
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
) )
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
@ -403,6 +404,7 @@ cat > /etc/ipsec.conf <<EOF
version 2.0 version 2.0
config setup config setup
ikev1-policy=accept
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
uniqueids=no uniqueids=no