mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-25 06:16:07 +03:00
Code Issues Projects Releases Wiki Activity

Fix NSS config

Browse Source 
- Update NSS config on e.g. AlmaLinux 9 to allow the SHA1 signature
  algorithm. This fixes the issue where IKEv2 clients cannot connect.
- Fixes #1206.
This commit is contained in:
hwdsl2 2022-07-31 23:40:09 -05:00
parent 0fe30b0479
commit 95be4b83fb
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
vpnsetup_centos.sh
View File

@ -608,6 +608,16 @@ update_iptables() {
fi fi
} }
fix_nss_config() {
nss_conf="/etc/crypto-policies/back-ends/nss.config"
if [ -s "$nss_conf" ]; then
if ! grep -q ":SHA1:" "$nss_conf" \
&& ! grep -q " allow=SHA1:" "$nss_conf"; then
sed -i "/ALL allow=/s/ allow=/ allow=SHA1:/" "$nss_conf"
fi
fi
}
apply_gcp_mtu_fix() { apply_gcp_mtu_fix() {
if dmidecode -s system-product-name 2>/dev/null | grep -qi 'Google Compute Engine' \ if dmidecode -s system-product-name 2>/dev/null | grep -qi 'Google Compute Engine' \
&& ifconfig 2>/dev/null | grep "$NET_IFACE" | head -n 1 | grep -qi 'mtu 1460'; then && ifconfig 2>/dev/null | grep "$NET_IFACE" | head -n 1 | grep -qi 'mtu 1460'; then
@ -754,6 +764,7 @@ vpnsetup() {
fi fi
update_sysctl update_sysctl
update_iptables update_iptables
fix_nss_config
apply_gcp_mtu_fix apply_gcp_mtu_fix
enable_on_boot enable_on_boot
start_services start_services