mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 13:06:02 +03:00
Code Issues Projects Releases Wiki Activity

Minor clean up

Browse Source
This commit is contained in:
hwdsl2 2017-11-01 22:15:56 -05:00
parent 70c6d6b540
commit 7190577c99
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vpnsetup.sh
View File

@ -34,10 +34,11 @@ YOUR_PASSWORD=''
# ===================================================== # =====================================================
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SYS_DT="$(date +%F-%T)"
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
exiterr2() { exiterr "'apt-get install' failed."; } exiterr2() { exiterr "'apt-get install' failed."; }
conf_bk() { /bin/cp -f "$1" "$1.old-$(date +%F-%T)" 2>/dev/null; } conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; }
bigecho() { echo; echo "## $1"; echo; } bigecho() { echo; echo "## $1"; echo; }
check_ip() { check_ip() {
@ -382,7 +383,7 @@ fi
# Add IPTables rules for VPN # Add IPTables rules for VPN
if [ "$ipt_flag" = "1" ]; then if [ "$ipt_flag" = "1" ]; then
service fail2ban stop >/dev/null 2>&1 service fail2ban stop >/dev/null 2>&1
iptables-save > "$IPT_FILE.old-$(date +%F-%T)" iptables-save > "$IPT_FILE.old-$SYS_DT"
iptables -I INPUT 1 -p udp --dport 1701 -m policy --dir in --pol none -j DROP iptables -I INPUT 1 -p udp --dport 1701 -m policy --dir in --pol none -j DROP
iptables -I INPUT 2 -m conntrack --ctstate INVALID -j DROP iptables -I INPUT 2 -m conntrack --ctstate INVALID -j DROP
iptables -I INPUT 3 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -I INPUT 3 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

7
vpnsetup_centos.sh
View File

@ -34,10 +34,11 @@ YOUR_PASSWORD=''
# ===================================================== # =====================================================
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SYS_DT="$(date +%F-%T)"
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
exiterr2() { exiterr "'yum install' failed."; } exiterr2() { exiterr "'yum install' failed."; }
conf_bk() { /bin/cp -f "$1" "$1.old-$(date +%F-%T)" 2>/dev/null; } conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; }
bigecho() { echo; echo "## $1"; echo; } bigecho() { echo; echo "## $1"; echo; }
check_ip() { check_ip() {
@ -357,7 +358,7 @@ fi
# Add IPTables rules for VPN # Add IPTables rules for VPN
if [ "$ipt_flag" = "1" ]; then if [ "$ipt_flag" = "1" ]; then
service fail2ban stop >/dev/null 2>&1 service fail2ban stop >/dev/null 2>&1
iptables-save > "$IPT_FILE.old-$(date +%F-%T)" iptables-save > "$IPT_FILE.old-$SYS_DT"
iptables -I INPUT 1 -p udp --dport 1701 -m policy --dir in --pol none -j DROP iptables -I INPUT 1 -p udp --dport 1701 -m policy --dir in --pol none -j DROP
iptables -I INPUT 2 -m conntrack --ctstate INVALID -j DROP iptables -I INPUT 2 -m conntrack --ctstate INVALID -j DROP
iptables -I INPUT 3 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -I INPUT 3 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
@ -438,7 +439,7 @@ iptables-restore < "$IPT_FILE"
# Fix xl2tpd on CentOS 7, if kernel module "l2tp_ppp" is unavailable # Fix xl2tpd on CentOS 7, if kernel module "l2tp_ppp" is unavailable
if grep -qs "release 7" /etc/redhat-release; then if grep -qs "release 7" /etc/redhat-release; then
if ! modprobe -q l2tp_ppp; then if ! modprobe -q l2tp_ppp; then
sed -i '/ExecStartPre/s/^/#/' /usr/lib/systemd/system/xl2tpd.service sed -i '/^ExecStartPre/s/^/#/' /usr/lib/systemd/system/xl2tpd.service
systemctl daemon-reload systemctl daemon-reload
fi fi
fi fi