mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-02-12 10:09:24 +03:00
Code Issues Projects Releases Wiki Activity

Update IKEv2 script

Browse Source 
- Improve output and clean up
This commit is contained in:
hwdsl2 2021-02-04 23:41:48 -06:00
parent 97624bf292
commit 89eaacc0b8
1 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
extras/ikev2setup.sh
View File

@ -16,8 +16,7 @@
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
bigecho() { echo; echo "## $1"; echo; } bigecho() { echo "## $1"; }
bigecho2() { echo; echo "## $1"; }
check_ip() { check_ip() {
IP_REGEX='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' IP_REGEX='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
@ -264,14 +263,17 @@ EOF
show_start_message() { show_start_message() {
bigecho "Starting IKEv2 setup in auto mode, using default options." bigecho "Starting IKEv2 setup in auto mode, using default options."
echo
} }
show_add_client_message() { show_add_client_message() {
bigecho2 "Adding a new IKEv2 client '$client_name', using default options." bigecho "Adding a new IKEv2 client '$client_name', using default options."
echo
} }
show_export_client_message() { show_export_client_message() {
bigecho2 "Exporting existing IKEv2 client '$client_name', using default options." bigecho "Exporting existing IKEv2 client '$client_name', using default options."
echo
} }
get_export_dir() { get_export_dir() {
@ -563,7 +565,7 @@ cat <<EOF
Below are the IKEv2 setup options you selected. Below are the IKEv2 setup options you selected.
Please double check before continuing! Please double check before continuing!
================================================ ======================================
VPN server address: $server_addr VPN server address: $server_addr
VPN client name: $client_name VPN client name: $client_name
@ -589,7 +591,7 @@ EOF
cat <<EOF cat <<EOF
DNS server(s): $dns_servers DNS server(s): $dns_servers
================================================ ======================================
EOF EOF
@ -607,7 +609,7 @@ EOF
} }
create_client_cert() { create_client_cert() {
bigecho2 "Generating client certificate..." bigecho "Generating client certificate..."
sleep $((RANDOM % 3 + 1)) sleep $((RANDOM % 3 + 1))
@ -617,7 +619,7 @@ create_client_cert() {
-k rsa -g 4096 -v "$client_validity" \ -k rsa -g 4096 -v "$client_validity" \
-d sql:/etc/ipsec.d -t ",," \ -d sql:/etc/ipsec.d -t ",," \
--keyUsage digitalSignature,keyEncipherment \ --keyUsage digitalSignature,keyEncipherment \
--extKeyUsage serverAuth,clientAuth -8 "$client_name" >/dev/null || exit 1 --extKeyUsage serverAuth,clientAuth -8 "$client_name" >/dev/null 2>&1 || exiterr "Failed to create client certificate."
} }
export_p12_file() { export_p12_file() {
@ -638,7 +640,7 @@ EOF
if [ "$use_own_password" = "1" ]; then if [ "$use_own_password" = "1" ]; then
pk12util -d sql:/etc/ipsec.d -n "$client_name" -o "$p12_file" || exit 1 pk12util -d sql:/etc/ipsec.d -n "$client_name" -o "$p12_file" || exit 1
else else
pk12util -W "$p12_password" -d sql:/etc/ipsec.d -n "$client_name" -o "$p12_file" || exit 1 pk12util -W "$p12_password" -d sql:/etc/ipsec.d -n "$client_name" -o "$p12_file" >/dev/null || exit 1
fi fi
if [ "$export_to_home_dir" = "1" ]; then if [ "$export_to_home_dir" = "1" ]; then
@ -654,7 +656,7 @@ install_base64_uuidgen() {
if [ "$os_type" = "ubuntu" ] || [ "$os_type" = "debian" ] || [ "$os_type" = "raspbian" ]; then if [ "$os_type" = "ubuntu" ] || [ "$os_type" = "debian" ] || [ "$os_type" = "raspbian" ]; then
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get -yqq update || exiterr "'apt-get update' failed." apt-get -yqq update || exiterr "'apt-get update' failed."
apt-get -yqq install coreutils uuid-runtime || exiterr "'apt-get install' failed." apt-get -yqq install coreutils uuid-runtime >/dev/null || exiterr "'apt-get install' failed."
else else
yum -yq install coreutils util-linux || exiterr "'yum install' failed." yum -yq install coreutils util-linux || exiterr "'yum install' failed."
fi fi
@ -866,13 +868,13 @@ EOF
} }
create_ca_cert() { create_ca_cert() {
bigecho2 "Generating CA certificate..." bigecho "Generating CA certificate..."
certutil -z <(head -c 1024 /dev/urandom) \ certutil -z <(head -c 1024 /dev/urandom) \
-S -x -n "IKEv2 VPN CA" \ -S -x -n "IKEv2 VPN CA" \
-s "O=IKEv2 VPN,CN=IKEv2 VPN CA" \ -s "O=IKEv2 VPN,CN=IKEv2 VPN CA" \
-k rsa -g 4096 -v 120 \ -k rsa -g 4096 -v 120 \
-d sql:/etc/ipsec.d -t "CT,," -2 >/dev/null <<ANSWERS || exit 1 -d sql:/etc/ipsec.d -t "CT,," -2 >/dev/null 2>&1 <<ANSWERS || exiterr "Failed to create CA certificate."
y y
N N
@ -880,7 +882,7 @@ ANSWERS
} }
create_server_cert() { create_server_cert() {
bigecho2 "Generating VPN server certificate..." bigecho "Generating server certificate..."
sleep $((RANDOM % 3 + 1)) sleep $((RANDOM % 3 + 1))
@ -892,7 +894,7 @@ create_server_cert() {
-d sql:/etc/ipsec.d -t ",," \ -d sql:/etc/ipsec.d -t ",," \
--keyUsage digitalSignature,keyEncipherment \ --keyUsage digitalSignature,keyEncipherment \
--extKeyUsage serverAuth \ --extKeyUsage serverAuth \
--extSAN "dns:$server_addr" >/dev/null || exit 1 --extSAN "dns:$server_addr" >/dev/null 2>&1 || exiterr "Failed to create server certificate."
else else
certutil -z <(head -c 1024 /dev/urandom) \ certutil -z <(head -c 1024 /dev/urandom) \
-S -c "IKEv2 VPN CA" -n "$server_addr" \ -S -c "IKEv2 VPN CA" -n "$server_addr" \
@ -901,7 +903,7 @@ create_server_cert() {
-d sql:/etc/ipsec.d -t ",," \ -d sql:/etc/ipsec.d -t ",," \
--keyUsage digitalSignature,keyEncipherment \ --keyUsage digitalSignature,keyEncipherment \
--extKeyUsage serverAuth \ --extKeyUsage serverAuth \
--extSAN "ip:$server_addr,dns:$server_addr" >/dev/null || exit 1 --extSAN "ip:$server_addr,dns:$server_addr" >/dev/null 2>&1 || exiterr "Failed to create server certificate."
fi fi
} }
@ -1014,7 +1016,7 @@ restart_ipsec_service() {
print_client_added_message() { print_client_added_message() {
cat <<EOF cat <<EOF
=============================================================== ==========================================================
New IKEv2 VPN client "$client_name" added! New IKEv2 VPN client "$client_name" added!
@ -1027,7 +1029,7 @@ EOF
print_client_exported_message() { print_client_exported_message() {
cat <<EOF cat <<EOF
=============================================================== ==========================================================
IKEv2 VPN client "$client_name" configuration exported! IKEv2 VPN client "$client_name" configuration exported!
@ -1062,7 +1064,7 @@ show_swan_update_info() {
print_setup_complete_message() { print_setup_complete_message() {
cat <<EOF cat <<EOF
=============================================================== ==========================================================
IKEv2 VPN setup is now complete! IKEv2 VPN setup is now complete!
@ -1095,9 +1097,7 @@ cat <<'EOF'
Next steps: Configure IKEv2 VPN clients. See: Next steps: Configure IKEv2 VPN clients. See:
https://git.io/ikev2clients https://git.io/ikev2clients
To add more IKEv2 VPN clients, run this script again. ==========================================================
===============================================================
EOF EOF
} }
@ -1133,7 +1133,7 @@ confirm_remove_ikev2() {
} }
delete_ikev2_conf() { delete_ikev2_conf() {
bigecho2 "Deleting /etc/ipsec.d/ikev2.conf..." bigecho "Deleting /etc/ipsec.d/ikev2.conf..."
/bin/rm -f /etc/ipsec.d/ikev2.conf /bin/rm -f /etc/ipsec.d/ikev2.conf
} }