Minor improvements and clean up
This commit is contained in:
parent
9b541c6da3
commit
7bece1681d
@ -42,8 +42,8 @@ cd /opt/src || exiterr "Cannot enter /opt/src."
|
|||||||
|
|
||||||
# Update package index and install wget
|
# Update package index and install wget
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt-get -yq update
|
apt-get -yq update || exiterr "'apt-get update' failed."
|
||||||
apt-get -yq install wget
|
apt-get -yq install wget || exiterr "Failed to install 'wget'."
|
||||||
|
|
||||||
# Install libnss/libnspr packages from download.libreswan.org.
|
# Install libnss/libnspr packages from download.libreswan.org.
|
||||||
# Ref: https://libreswan.org/wiki/3.14_on_Debian_Wheezy
|
# Ref: https://libreswan.org/wiki/3.14_on_Debian_Wheezy
|
||||||
|
@ -18,6 +18,7 @@ swan_ver=3.17
|
|||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
exiterr() { echo "Error: ${1}" >&2; exit 1; }
|
exiterr() { echo "Error: ${1}" >&2; exit 1; }
|
||||||
|
exiterr2() { echo "Error: 'apt-get install' failed." >&2; exit 1; }
|
||||||
|
|
||||||
os_type="$(lsb_release -si 2>/dev/null)"
|
os_type="$(lsb_release -si 2>/dev/null)"
|
||||||
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
|
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
|
||||||
@ -99,15 +100,15 @@ cd /opt/src || exiterr "Cannot enter /opt/src."
|
|||||||
|
|
||||||
# Update package index and install Wget
|
# Update package index and install Wget
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt-get -yq update
|
apt-get -yq update || exiterr "'apt-get update' failed."
|
||||||
apt-get -yq install wget
|
apt-get -yq install wget || exiterr2
|
||||||
|
|
||||||
# Install necessary packages
|
# Install necessary packages
|
||||||
apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
|
apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
|
||||||
libcap-ng-dev libcap-ng-utils libselinux1-dev \
|
libcap-ng-dev libcap-ng-utils libselinux1-dev \
|
||||||
libcurl4-nss-dev flex bison gcc make \
|
libcurl4-nss-dev flex bison gcc make \
|
||||||
libunbound-dev libnss3-tools libevent-dev
|
libunbound-dev libnss3-tools libevent-dev || exiterr2
|
||||||
apt-get -yq --no-install-recommends install xmlto
|
apt-get -yq --no-install-recommends install xmlto || exiterr2
|
||||||
|
|
||||||
# Compile and install Libreswan
|
# Compile and install Libreswan
|
||||||
swan_file="libreswan-${swan_ver}.tar.gz"
|
swan_file="libreswan-${swan_ver}.tar.gz"
|
||||||
@ -120,7 +121,7 @@ tar xzf "$swan_file" && /bin/rm -f "$swan_file"
|
|||||||
cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
|
cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
|
||||||
echo "WERROR_CFLAGS =" > Makefile.inc.local
|
echo "WERROR_CFLAGS =" > Makefile.inc.local
|
||||||
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
|
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
|
||||||
apt-get -yq install libsystemd-dev
|
apt-get -yq install libsystemd-dev || exiterr2
|
||||||
fi
|
fi
|
||||||
make -s programs && make -s install
|
make -s programs && make -s install
|
||||||
|
|
||||||
|
@ -18,6 +18,7 @@ swan_ver=3.17
|
|||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
exiterr() { echo "Error: ${1}" >&2; exit 1; }
|
exiterr() { echo "Error: ${1}" >&2; exit 1; }
|
||||||
|
exiterr2() { echo "Error: 'yum install' failed." >&2; exit 1; }
|
||||||
|
|
||||||
if [ ! -f /etc/redhat-release ]; then
|
if [ ! -f /etc/redhat-release ]; then
|
||||||
exiterr "This script only supports CentOS/RHEL."
|
exiterr "This script only supports CentOS/RHEL."
|
||||||
@ -92,25 +93,23 @@ mkdir -p /opt/src
|
|||||||
cd /opt/src || exiterr "Cannot enter /opt/src."
|
cd /opt/src || exiterr "Cannot enter /opt/src."
|
||||||
|
|
||||||
# Install Wget
|
# Install Wget
|
||||||
yum -y install wget
|
yum -y install wget || exiterr2
|
||||||
|
|
||||||
# Add the EPEL repository
|
# Add the EPEL repository
|
||||||
yum -y install epel-release
|
yum -y install epel-release || exiterr2
|
||||||
yum list installed epel-release >/dev/null 2>&1
|
|
||||||
[ "$?" != "0" ] && exiterr "Cannot add EPEL repository."
|
|
||||||
|
|
||||||
# Install necessary packages
|
# Install necessary packages
|
||||||
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
|
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
|
||||||
libcap-ng-devel libselinux-devel \
|
libcap-ng-devel libselinux-devel \
|
||||||
curl-devel flex bison gcc make \
|
curl-devel flex bison gcc make \
|
||||||
fipscheck-devel unbound-devel xmlto
|
fipscheck-devel unbound-devel xmlto || exiterr2
|
||||||
|
|
||||||
# Install libevent2 and systemd-devel (CentOS 7)
|
# Install libevent2 and systemd-devel (CentOS 7)
|
||||||
if grep -qs "release 6" /etc/redhat-release; then
|
if grep -qs "release 6" /etc/redhat-release; then
|
||||||
yum -y remove libevent-devel
|
yum -y remove libevent-devel
|
||||||
yum -y install libevent2-devel
|
yum -y install libevent2-devel || exiterr2
|
||||||
elif grep -qs "release 7" /etc/redhat-release; then
|
elif grep -qs "release 7" /etc/redhat-release; then
|
||||||
yum -y install libevent-devel systemd-devel
|
yum -y install libevent-devel systemd-devel || exiterr2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Compile and install Libreswan
|
# Compile and install Libreswan
|
||||||
|
39
vpnsetup.sh
39
vpnsetup.sh
@ -34,6 +34,7 @@ YOUR_PASSWORD=''
|
|||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
exiterr() { echo "Error: ${1}" >&2; exit 1; }
|
exiterr() { echo "Error: ${1}" >&2; exit 1; }
|
||||||
|
exiterr2() { echo "Error: 'apt-get install' failed." >&2; exit 1; }
|
||||||
|
|
||||||
os_type="$(lsb_release -si 2>/dev/null)"
|
os_type="$(lsb_release -si 2>/dev/null)"
|
||||||
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
|
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
|
||||||
@ -81,10 +82,10 @@ IMPORTANT: Workaround required for Debian 7 (Wheezy).
|
|||||||
You must first run the script at: https://git.io/vpndeb7
|
You must first run the script at: https://git.io/vpndeb7
|
||||||
If not already done so, press Ctrl-C to interrupt now.
|
If not already done so, press Ctrl-C to interrupt now.
|
||||||
|
|
||||||
Pausing for 60 seconds...
|
Pausing for 30 seconds...
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
sleep 60
|
sleep 30
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
@ -98,11 +99,11 @@ cd /opt/src || exiterr "Cannot enter /opt/src."
|
|||||||
|
|
||||||
# Update package index
|
# Update package index
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt-get -yq update
|
apt-get -yq update || exiterr "'apt-get update' failed."
|
||||||
|
|
||||||
# Make sure basic commands exist
|
# Make sure basic commands exist
|
||||||
apt-get -yq install wget dnsutils openssl
|
apt-get -yq install wget dnsutils openssl || exiterr2
|
||||||
apt-get -yq install iproute gawk grep sed net-tools
|
apt-get -yq install iproute gawk grep sed net-tools || exiterr2
|
||||||
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
|
|
||||||
@ -142,12 +143,12 @@ fi
|
|||||||
apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
|
apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
|
||||||
libcap-ng-dev libcap-ng-utils libselinux1-dev \
|
libcap-ng-dev libcap-ng-utils libselinux1-dev \
|
||||||
libcurl4-nss-dev flex bison gcc make \
|
libcurl4-nss-dev flex bison gcc make \
|
||||||
libunbound-dev libnss3-tools libevent-dev
|
libunbound-dev libnss3-tools libevent-dev || exiterr2
|
||||||
apt-get -yq --no-install-recommends install xmlto
|
apt-get -yq --no-install-recommends install xmlto || exiterr2
|
||||||
apt-get -yq install xl2tpd
|
apt-get -yq install ppp xl2tpd || exiterr2
|
||||||
|
|
||||||
# Install Fail2Ban to protect SSH
|
# Install Fail2Ban to protect SSH
|
||||||
apt-get -yq install fail2ban
|
apt-get -yq install fail2ban || exiterr2
|
||||||
|
|
||||||
# Compile and install Libreswan
|
# Compile and install Libreswan
|
||||||
swan_ver=3.17
|
swan_ver=3.17
|
||||||
@ -161,7 +162,7 @@ tar xzf "$swan_file" && /bin/rm -f "$swan_file"
|
|||||||
cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
|
cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
|
||||||
echo "WERROR_CFLAGS =" > Makefile.inc.local
|
echo "WERROR_CFLAGS =" > Makefile.inc.local
|
||||||
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
|
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
|
||||||
apt-get -yq install libsystemd-dev
|
apt-get -yq install libsystemd-dev || exiterr2
|
||||||
fi
|
fi
|
||||||
make -s programs && make -s install
|
make -s programs && make -s install
|
||||||
|
|
||||||
@ -235,7 +236,7 @@ EOF
|
|||||||
|
|
||||||
# Create xl2tpd config
|
# Create xl2tpd config
|
||||||
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
|
||||||
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
|
cat > /etc/xl2tpd/xl2tpd.conf <<'EOF'
|
||||||
[global]
|
[global]
|
||||||
port = 1701
|
port = 1701
|
||||||
|
|
||||||
@ -252,7 +253,7 @@ EOF
|
|||||||
|
|
||||||
# Set xl2tpd options
|
# Set xl2tpd options
|
||||||
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
|
||||||
cat > /etc/ppp/options.xl2tpd <<EOF
|
cat > /etc/ppp/options.xl2tpd <<'EOF'
|
||||||
ipcp-accept-local
|
ipcp-accept-local
|
||||||
ipcp-accept-remote
|
ipcp-accept-remote
|
||||||
ms-dns 8.8.8.8
|
ms-dns 8.8.8.8
|
||||||
@ -279,12 +280,14 @@ EOF
|
|||||||
|
|
||||||
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
|
||||||
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
|
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
|
||||||
echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
|
cat > /etc/ipsec.d/passwd <<EOF
|
||||||
|
$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
|
||||||
|
EOF
|
||||||
|
|
||||||
# Update sysctl settings
|
# Update sysctl settings
|
||||||
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
|
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
|
||||||
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
|
||||||
cat >> /etc/sysctl.conf <<EOF
|
cat >> /etc/sysctl.conf <<'EOF'
|
||||||
|
|
||||||
# Added by hwdsl2 VPN script
|
# Added by hwdsl2 VPN script
|
||||||
kernel.msgmnb = 65536
|
kernel.msgmnb = 65536
|
||||||
@ -355,8 +358,8 @@ COMMIT
|
|||||||
:INPUT ACCEPT [0:0]
|
:INPUT ACCEPT [0:0]
|
||||||
:OUTPUT ACCEPT [0:0]
|
:OUTPUT ACCEPT [0:0]
|
||||||
:POSTROUTING ACCEPT [0:0]
|
:POSTROUTING ACCEPT [0:0]
|
||||||
-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"
|
-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source $PRIVATE_IP
|
||||||
-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
|
-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source $PRIVATE_IP
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
@ -392,7 +395,7 @@ fi
|
|||||||
|
|
||||||
# Load IPTables rules at system boot
|
# Load IPTables rules at system boot
|
||||||
mkdir -p /etc/network/if-pre-up.d
|
mkdir -p /etc/network/if-pre-up.d
|
||||||
cat > /etc/network/if-pre-up.d/iptablesload <<EOF
|
cat > /etc/network/if-pre-up.d/iptablesload <<'EOF'
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
iptables-restore < /etc/iptables.rules
|
iptables-restore < /etc/iptables.rules
|
||||||
exit 0
|
exit 0
|
||||||
@ -402,7 +405,7 @@ EOF
|
|||||||
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
|
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
|
||||||
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
|
||||||
sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
|
sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
|
||||||
cat >> /etc/rc.local <<EOF
|
cat >> /etc/rc.local <<'EOF'
|
||||||
|
|
||||||
# Added by hwdsl2 VPN script
|
# Added by hwdsl2 VPN script
|
||||||
service fail2ban restart || /bin/true
|
service fail2ban restart || /bin/true
|
||||||
|
@ -34,6 +34,7 @@ YOUR_PASSWORD=''
|
|||||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
exiterr() { echo "Error: ${1}" >&2; exit 1; }
|
exiterr() { echo "Error: ${1}" >&2; exit 1; }
|
||||||
|
exiterr2() { echo "Error: 'yum install' failed." >&2; exit 1; }
|
||||||
|
|
||||||
if [ ! -f /etc/redhat-release ]; then
|
if [ ! -f /etc/redhat-release ]; then
|
||||||
exiterr "This script only supports CentOS/RHEL."
|
exiterr "This script only supports CentOS/RHEL."
|
||||||
@ -88,8 +89,8 @@ mkdir -p /opt/src
|
|||||||
cd /opt/src || exiterr "Cannot enter /opt/src."
|
cd /opt/src || exiterr "Cannot enter /opt/src."
|
||||||
|
|
||||||
# Make sure basic commands exist
|
# Make sure basic commands exist
|
||||||
yum -y install wget bind-utils openssl
|
yum -y install wget bind-utils openssl || exiterr2
|
||||||
yum -y install iproute gawk grep sed net-tools
|
yum -y install iproute gawk grep sed net-tools || exiterr2
|
||||||
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
|
|
||||||
@ -126,26 +127,24 @@ if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Add the EPEL repository
|
# Add the EPEL repository
|
||||||
yum -y install epel-release
|
yum -y install epel-release || exiterr2
|
||||||
yum list installed epel-release >/dev/null 2>&1
|
|
||||||
[ "$?" != "0" ] && exiterr "Cannot add EPEL repository."
|
|
||||||
|
|
||||||
# Install necessary packages
|
# Install necessary packages
|
||||||
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
|
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
|
||||||
libcap-ng-devel libselinux-devel \
|
libcap-ng-devel libselinux-devel \
|
||||||
curl-devel flex bison gcc make \
|
curl-devel flex bison gcc make \
|
||||||
fipscheck-devel unbound-devel xmlto
|
fipscheck-devel unbound-devel xmlto || exiterr2
|
||||||
yum -y install ppp xl2tpd
|
yum -y install ppp xl2tpd || exiterr2
|
||||||
|
|
||||||
# Install Fail2Ban to protect SSH
|
# Install Fail2Ban to protect SSH
|
||||||
yum -y install fail2ban
|
yum -y install fail2ban || exiterr2
|
||||||
|
|
||||||
# Install libevent2 and systemd-devel (CentOS 7)
|
# Install libevent2 and systemd-devel (CentOS 7)
|
||||||
if grep -qs "release 6" /etc/redhat-release; then
|
if grep -qs "release 6" /etc/redhat-release; then
|
||||||
yum -y remove libevent-devel
|
yum -y remove libevent-devel
|
||||||
yum -y install libevent2-devel
|
yum -y install libevent2-devel || exiterr2
|
||||||
elif grep -qs "release 7" /etc/redhat-release; then
|
elif grep -qs "release 7" /etc/redhat-release; then
|
||||||
yum -y install libevent-devel systemd-devel
|
yum -y install libevent-devel systemd-devel || exiterr2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Compile and install Libreswan
|
# Compile and install Libreswan
|
||||||
@ -231,7 +230,7 @@ EOF
|
|||||||
|
|
||||||
# Create xl2tpd config
|
# Create xl2tpd config
|
||||||
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
|
||||||
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
|
cat > /etc/xl2tpd/xl2tpd.conf <<'EOF'
|
||||||
[global]
|
[global]
|
||||||
port = 1701
|
port = 1701
|
||||||
|
|
||||||
@ -248,7 +247,7 @@ EOF
|
|||||||
|
|
||||||
# Set xl2tpd options
|
# Set xl2tpd options
|
||||||
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
|
||||||
cat > /etc/ppp/options.xl2tpd <<EOF
|
cat > /etc/ppp/options.xl2tpd <<'EOF'
|
||||||
ipcp-accept-local
|
ipcp-accept-local
|
||||||
ipcp-accept-remote
|
ipcp-accept-remote
|
||||||
ms-dns 8.8.8.8
|
ms-dns 8.8.8.8
|
||||||
@ -275,12 +274,14 @@ EOF
|
|||||||
|
|
||||||
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
|
||||||
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
|
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
|
||||||
echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
|
cat > /etc/ipsec.d/passwd <<EOF
|
||||||
|
$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
|
||||||
|
EOF
|
||||||
|
|
||||||
# Update sysctl settings
|
# Update sysctl settings
|
||||||
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
|
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
|
||||||
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
|
||||||
cat >> /etc/sysctl.conf <<EOF
|
cat >> /etc/sysctl.conf <<'EOF'
|
||||||
|
|
||||||
# Added by hwdsl2 VPN script
|
# Added by hwdsl2 VPN script
|
||||||
kernel.msgmnb = 65536
|
kernel.msgmnb = 65536
|
||||||
@ -350,8 +351,8 @@ COMMIT
|
|||||||
:PREROUTING ACCEPT [0:0]
|
:PREROUTING ACCEPT [0:0]
|
||||||
:OUTPUT ACCEPT [0:0]
|
:OUTPUT ACCEPT [0:0]
|
||||||
:POSTROUTING ACCEPT [0:0]
|
:POSTROUTING ACCEPT [0:0]
|
||||||
-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"
|
-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source $PRIVATE_IP
|
||||||
-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
|
-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source $PRIVATE_IP
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
@ -382,7 +383,7 @@ fi
|
|||||||
|
|
||||||
# Create basic Fail2Ban rules
|
# Create basic Fail2Ban rules
|
||||||
if [ ! -f /etc/fail2ban/jail.local ] ; then
|
if [ ! -f /etc/fail2ban/jail.local ] ; then
|
||||||
cat > /etc/fail2ban/jail.local <<EOF
|
cat > /etc/fail2ban/jail.local <<'EOF'
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
ignoreip = 127.0.0.1/8
|
ignoreip = 127.0.0.1/8
|
||||||
bantime = 600
|
bantime = 600
|
||||||
@ -401,7 +402,7 @@ fi
|
|||||||
# Start services at boot
|
# Start services at boot
|
||||||
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
|
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
|
||||||
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
|
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
|
||||||
cat >> /etc/rc.local <<EOF
|
cat >> /etc/rc.local <<'EOF'
|
||||||
|
|
||||||
# Added by hwdsl2 VPN script
|
# Added by hwdsl2 VPN script
|
||||||
iptables-restore < /etc/sysconfig/iptables
|
iptables-restore < /etc/sysconfig/iptables
|
||||||
|
Loading…
Reference in New Issue
Block a user