Improve VPN setup
- Retrieve latest supported Libreswan version before install - Cleanup
This commit is contained in:
hwdsl2
parent
a4e4f45ff6
commit
9022caf9f4
@ -60,7 +60,6 @@ check_vz() {
|
|||||||
|
|
||||||
check_os() {
|
check_os() {
|
||||||
os_type=$(lsb_release -si 2>/dev/null)
|
os_type=$(lsb_release -si 2>/dev/null)
|
||||||
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
|
|
||||||
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
||||||
case $os_type in
|
case $os_type in
|
||||||
[Aa]lpine)
|
[Aa]lpine)
|
||||||
@ -133,9 +132,6 @@ check_dns() {
|
|||||||
|
|
||||||
start_setup() {
|
start_setup() {
|
||||||
bigecho "VPN setup in progress... Please be patient."
|
bigecho "VPN setup in progress... Please be patient."
|
||||||
# shellcheck disable=SC2154
|
|
||||||
trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
|
|
||||||
trap 'finish $? $((dlo+1))' EXIT
|
|
||||||
mkdir -p /opt/src
|
mkdir -p /opt/src
|
||||||
cd /opt/src || exit 1
|
cd /opt/src || exit 1
|
||||||
}
|
}
|
||||||
@ -174,18 +170,17 @@ install_fail2ban() {
|
|||||||
) || exiterr2
|
) || exiterr2
|
||||||
}
|
}
|
||||||
|
|
||||||
get_ikev2_script() {
|
get_swan_ver() {
|
||||||
bigecho "Downloading IKEv2 script..."
|
base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
|
||||||
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
|
swan_ver_url="$base_url/$os_type/$os_ver/swanver"
|
||||||
(
|
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
|
||||||
set -x
|
SWAN_VER=4.6
|
||||||
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
|
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
|
||||||
) || /bin/rm -f ikev2.sh
|
SWAN_VER="$swan_ver_latest"
|
||||||
[ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_libreswan() {
|
check_libreswan() {
|
||||||
SWAN_VER=4.6
|
|
||||||
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
||||||
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
|
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
|
||||||
[ "$swan_ver_old" = "$SWAN_VER" ]
|
[ "$swan_ver_old" = "$SWAN_VER" ]
|
||||||
@ -235,6 +230,16 @@ EOF
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_ikev2_script() {
|
||||||
|
bigecho "Downloading IKEv2 script..."
|
||||||
|
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
|
||||||
|
(
|
||||||
|
set -x
|
||||||
|
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
|
||||||
|
) || /bin/rm -f ikev2.sh
|
||||||
|
[ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
create_vpn_config() {
|
create_vpn_config() {
|
||||||
bigecho "Creating VPN configuration..."
|
bigecho "Creating VPN configuration..."
|
||||||
|
|
||||||
@ -497,27 +502,6 @@ IKEv2 guide: https://git.io/ikev2
|
|||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
check_swan_ver() {
|
|
||||||
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
|
|
||||||
[ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
|
|
||||||
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
|
|
||||||
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
|
|
||||||
&& [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
|
|
||||||
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
|
|
||||||
cat <<EOF
|
|
||||||
Note: A newer version of Libreswan ($swan_ver_latest) is available.
|
|
||||||
To update, run:
|
|
||||||
wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
|
|
||||||
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
finish() {
|
|
||||||
check_swan_ver "$1" "$2"
|
|
||||||
exit "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
vpnsetup() {
|
vpnsetup() {
|
||||||
check_root
|
check_root
|
||||||
check_vz
|
check_vz
|
||||||
@ -530,9 +514,10 @@ vpnsetup() {
|
|||||||
detect_ip
|
detect_ip
|
||||||
install_vpn_pkgs
|
install_vpn_pkgs
|
||||||
install_fail2ban
|
install_fail2ban
|
||||||
get_ikev2_script
|
get_swan_ver
|
||||||
get_libreswan
|
get_libreswan
|
||||||
install_libreswan
|
install_libreswan
|
||||||
|
get_ikev2_script
|
||||||
create_vpn_config
|
create_vpn_config
|
||||||
update_sysctl
|
update_sysctl
|
||||||
update_iptables
|
update_iptables
|
||||||
|
|||||||
@ -53,7 +53,6 @@ check_root() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
check_os() {
|
check_os() {
|
||||||
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
|
|
||||||
if ! grep -qs "Amazon Linux release 2" /etc/system-release; then
|
if ! grep -qs "Amazon Linux release 2" /etc/system-release; then
|
||||||
exiterr "This script only supports Amazon Linux 2."
|
exiterr "This script only supports Amazon Linux 2."
|
||||||
fi
|
fi
|
||||||
@ -115,9 +114,6 @@ check_dns() {
|
|||||||
|
|
||||||
start_setup() {
|
start_setup() {
|
||||||
bigecho "VPN setup in progress... Please be patient."
|
bigecho "VPN setup in progress... Please be patient."
|
||||||
# shellcheck disable=SC2154
|
|
||||||
trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
|
|
||||||
trap 'finish $? $((dlo+1))' EXIT
|
|
||||||
mkdir -p /opt/src
|
mkdir -p /opt/src
|
||||||
cd /opt/src || exit 1
|
cd /opt/src || exit 1
|
||||||
}
|
}
|
||||||
@ -174,18 +170,17 @@ install_fail2ban() {
|
|||||||
) || exiterr2
|
) || exiterr2
|
||||||
}
|
}
|
||||||
|
|
||||||
get_ikev2_script() {
|
get_swan_ver() {
|
||||||
bigecho "Downloading IKEv2 script..."
|
base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
|
||||||
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
|
swan_ver_url="$base_url/amzn/2/swanver"
|
||||||
(
|
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
|
||||||
set -x
|
SWAN_VER=4.6
|
||||||
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
|
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
|
||||||
) || /bin/rm -f ikev2.sh
|
SWAN_VER="$swan_ver_latest"
|
||||||
[ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_libreswan() {
|
check_libreswan() {
|
||||||
SWAN_VER=4.6
|
|
||||||
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
||||||
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
|
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
|
||||||
[ "$swan_ver_old" = "$SWAN_VER" ]
|
[ "$swan_ver_old" = "$SWAN_VER" ]
|
||||||
@ -237,6 +232,16 @@ EOF
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_ikev2_script() {
|
||||||
|
bigecho "Downloading IKEv2 script..."
|
||||||
|
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
|
||||||
|
(
|
||||||
|
set -x
|
||||||
|
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
|
||||||
|
) || /bin/rm -f ikev2.sh
|
||||||
|
[ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
create_vpn_config() {
|
create_vpn_config() {
|
||||||
bigecho "Creating VPN configuration..."
|
bigecho "Creating VPN configuration..."
|
||||||
|
|
||||||
@ -510,27 +515,6 @@ IKEv2 guide: https://git.io/ikev2
|
|||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
check_swan_ver() {
|
|
||||||
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
|
|
||||||
[ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
|
|
||||||
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
|
|
||||||
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
|
|
||||||
&& [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
|
|
||||||
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
|
|
||||||
cat <<EOF
|
|
||||||
Note: A newer version of Libreswan ($swan_ver_latest) is available.
|
|
||||||
To update, run:
|
|
||||||
wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
|
|
||||||
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
finish() {
|
|
||||||
check_swan_ver "$1" "$2"
|
|
||||||
exit "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
vpnsetup() {
|
vpnsetup() {
|
||||||
check_root
|
check_root
|
||||||
check_os
|
check_os
|
||||||
@ -544,9 +528,10 @@ vpnsetup() {
|
|||||||
install_vpn_pkgs_1
|
install_vpn_pkgs_1
|
||||||
install_vpn_pkgs_2
|
install_vpn_pkgs_2
|
||||||
install_fail2ban
|
install_fail2ban
|
||||||
get_ikev2_script
|
get_swan_ver
|
||||||
get_libreswan
|
get_libreswan
|
||||||
install_libreswan
|
install_libreswan
|
||||||
|
get_ikev2_script
|
||||||
create_vpn_config
|
create_vpn_config
|
||||||
create_f2b_config
|
create_f2b_config
|
||||||
update_sysctl
|
update_sysctl
|
||||||
|
|||||||
@ -62,7 +62,6 @@ check_vz() {
|
|||||||
|
|
||||||
check_os() {
|
check_os() {
|
||||||
os_type=centos
|
os_type=centos
|
||||||
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
|
|
||||||
rh_file="/etc/redhat-release"
|
rh_file="/etc/redhat-release"
|
||||||
if grep -qs "Red Hat" "$rh_file"; then
|
if grep -qs "Red Hat" "$rh_file"; then
|
||||||
os_type=rhel
|
os_type=rhel
|
||||||
@ -135,9 +134,6 @@ check_dns() {
|
|||||||
|
|
||||||
start_setup() {
|
start_setup() {
|
||||||
bigecho "VPN setup in progress... Please be patient."
|
bigecho "VPN setup in progress... Please be patient."
|
||||||
# shellcheck disable=SC2154
|
|
||||||
trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
|
|
||||||
trap 'finish $? $((dlo+1))' EXIT
|
|
||||||
mkdir -p /opt/src
|
mkdir -p /opt/src
|
||||||
cd /opt/src || exit 1
|
cd /opt/src || exit 1
|
||||||
}
|
}
|
||||||
@ -229,18 +225,17 @@ install_fail2ban() {
|
|||||||
) || exiterr2
|
) || exiterr2
|
||||||
}
|
}
|
||||||
|
|
||||||
get_ikev2_script() {
|
get_swan_ver() {
|
||||||
bigecho "Downloading IKEv2 script..."
|
base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
|
||||||
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
|
swan_ver_url="$base_url/$os_type/$os_ver/swanver"
|
||||||
(
|
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
|
||||||
set -x
|
SWAN_VER=4.6
|
||||||
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
|
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
|
||||||
) || /bin/rm -f ikev2.sh
|
SWAN_VER="$swan_ver_latest"
|
||||||
[ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_libreswan() {
|
check_libreswan() {
|
||||||
SWAN_VER=4.6
|
|
||||||
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
||||||
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
|
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
|
||||||
[ "$swan_ver_old" = "$SWAN_VER" ]
|
[ "$swan_ver_old" = "$SWAN_VER" ]
|
||||||
@ -292,6 +287,16 @@ EOF
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_ikev2_script() {
|
||||||
|
bigecho "Downloading IKEv2 script..."
|
||||||
|
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
|
||||||
|
(
|
||||||
|
set -x
|
||||||
|
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
|
||||||
|
) || /bin/rm -f ikev2.sh
|
||||||
|
[ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
create_vpn_config() {
|
create_vpn_config() {
|
||||||
bigecho "Creating VPN configuration..."
|
bigecho "Creating VPN configuration..."
|
||||||
|
|
||||||
@ -606,27 +611,6 @@ IKEv2 guide: https://git.io/ikev2
|
|||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
check_swan_ver() {
|
|
||||||
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
|
|
||||||
[ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
|
|
||||||
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
|
|
||||||
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
|
|
||||||
&& [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
|
|
||||||
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
|
|
||||||
cat <<EOF
|
|
||||||
Note: A newer version of Libreswan ($swan_ver_latest) is available.
|
|
||||||
To update, run:
|
|
||||||
wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
|
|
||||||
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
finish() {
|
|
||||||
check_swan_ver "$1" "$2"
|
|
||||||
exit "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
vpnsetup() {
|
vpnsetup() {
|
||||||
check_root
|
check_root
|
||||||
check_vz
|
check_vz
|
||||||
@ -642,9 +626,10 @@ vpnsetup() {
|
|||||||
install_vpn_pkgs_2
|
install_vpn_pkgs_2
|
||||||
install_vpn_pkgs_3
|
install_vpn_pkgs_3
|
||||||
install_fail2ban
|
install_fail2ban
|
||||||
get_ikev2_script
|
get_swan_ver
|
||||||
get_libreswan
|
get_libreswan
|
||||||
install_libreswan
|
install_libreswan
|
||||||
|
get_ikev2_script
|
||||||
create_vpn_config
|
create_vpn_config
|
||||||
create_f2b_config
|
create_f2b_config
|
||||||
update_sysctl
|
update_sysctl
|
||||||
|
|||||||
@ -61,7 +61,6 @@ check_vz() {
|
|||||||
|
|
||||||
check_os() {
|
check_os() {
|
||||||
os_type=$(lsb_release -si 2>/dev/null)
|
os_type=$(lsb_release -si 2>/dev/null)
|
||||||
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
|
|
||||||
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
||||||
case $os_type in
|
case $os_type in
|
||||||
[Uu]buntu)
|
[Uu]buntu)
|
||||||
@ -147,9 +146,6 @@ check_iptables() {
|
|||||||
|
|
||||||
start_setup() {
|
start_setup() {
|
||||||
bigecho "VPN setup in progress... Please be patient."
|
bigecho "VPN setup in progress... Please be patient."
|
||||||
# shellcheck disable=SC2154
|
|
||||||
trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
|
|
||||||
trap 'finish $? $((dlo+1))' EXIT
|
|
||||||
mkdir -p /opt/src
|
mkdir -p /opt/src
|
||||||
cd /opt/src || exit 1
|
cd /opt/src || exit 1
|
||||||
}
|
}
|
||||||
@ -212,18 +208,17 @@ install_fail2ban() {
|
|||||||
) || exiterr2
|
) || exiterr2
|
||||||
}
|
}
|
||||||
|
|
||||||
get_ikev2_script() {
|
get_swan_ver() {
|
||||||
bigecho "Downloading IKEv2 script..."
|
base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
|
||||||
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
|
swan_ver_url="$base_url/$os_type/$os_ver/swanver"
|
||||||
(
|
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
|
||||||
set -x
|
SWAN_VER=4.6
|
||||||
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
|
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
|
||||||
) || /bin/rm -f ikev2.sh
|
SWAN_VER="$swan_ver_latest"
|
||||||
[ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_libreswan() {
|
check_libreswan() {
|
||||||
SWAN_VER=4.6
|
|
||||||
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
|
||||||
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
|
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
|
||||||
[ "$swan_ver_old" = "$SWAN_VER" ]
|
[ "$swan_ver_old" = "$SWAN_VER" ]
|
||||||
@ -283,6 +278,16 @@ EOF
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_ikev2_script() {
|
||||||
|
bigecho "Downloading IKEv2 script..."
|
||||||
|
ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
|
||||||
|
(
|
||||||
|
set -x
|
||||||
|
wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
|
||||||
|
) || /bin/rm -f ikev2.sh
|
||||||
|
[ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
create_vpn_config() {
|
create_vpn_config() {
|
||||||
bigecho "Creating VPN configuration..."
|
bigecho "Creating VPN configuration..."
|
||||||
|
|
||||||
@ -594,27 +599,6 @@ EOF
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_swan_ver() {
|
|
||||||
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
|
|
||||||
[ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
|
|
||||||
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
|
|
||||||
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
|
|
||||||
&& [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
|
|
||||||
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
|
|
||||||
cat <<EOF
|
|
||||||
Note: A newer version of Libreswan ($swan_ver_latest) is available.
|
|
||||||
To update, run:
|
|
||||||
wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
|
|
||||||
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
finish() {
|
|
||||||
check_swan_ver "$1" "$2"
|
|
||||||
exit "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
vpnsetup() {
|
vpnsetup() {
|
||||||
check_root
|
check_root
|
||||||
check_vz
|
check_vz
|
||||||
@ -630,9 +614,10 @@ vpnsetup() {
|
|||||||
detect_ip
|
detect_ip
|
||||||
install_vpn_pkgs
|
install_vpn_pkgs
|
||||||
install_fail2ban
|
install_fail2ban
|
||||||
get_ikev2_script
|
get_swan_ver
|
||||||
get_libreswan
|
get_libreswan
|
||||||
install_libreswan
|
install_libreswan
|
||||||
|
get_ikev2_script
|
||||||
create_vpn_config
|
create_vpn_config
|
||||||
update_sysctl
|
update_sysctl
|
||||||
update_iptables
|
update_iptables
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user