From 99e194e683ca3dda2e67a462f657bd49b3f36aef Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Fri, 1 Nov 2019 13:31:23 -0700
Subject: [PATCH] Add CentOS 8

- Add support for CentOS/RHEL 8
---
 extras/vpnupgrade_centos.sh | 19 ++++++++++++++-----
 vpnsetup_centos.sh          | 24 ++++++++++++++++--------
 2 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh
index a5c51e3..5f494e3 100644
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@@ -22,8 +22,8 @@ exiterr2() { exiterr "'yum install' failed."; }
 
 vpnupgrade() {
 
-if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
-  exiterr "This script only supports CentOS/RHEL 6 and 7."
+if ! grep -qs -e "release 6" -e "release 7" -e "release 8" /etc/redhat-release; then
+  exiterr "This script only supports CentOS/RHEL 6, 7 and 8."
 fi
 
 if [ -f /proc/user_beancounters ]; then
@@ -172,17 +172,26 @@ yum -y install epel-release || yum -y install "$epel_url" || exiterr2
 
 # Install necessary packages
 yum -y install nss-devel nspr-devel pkgconfig pam-devel \
-  libcap-ng-devel libselinux-devel curl-devel \
-  flex bison gcc make wget sed || exiterr2
+  libcap-ng-devel libselinux-devel curl-devel nss-tools \
+  flex bison gcc make wget sed tar || exiterr2
 
 REPO1='--enablerepo=*server-optional*'
 REPO2='--enablerepo=*releases-optional*'
+REPO3='--enablerepo=PowerTools'
+
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
   yum "$REPO1" "$REPO2" -y install libevent2-devel fipscheck-devel || exiterr2
-else
+elif grep -qs "release 7" /etc/redhat-release; then
   yum -y install systemd-devel || exiterr2
   yum "$REPO1" "$REPO2" -y install libevent-devel fipscheck-devel || exiterr2
+else
+  if [ -f /usr/sbin/subscription-manager ]; then
+    subscription-manager repos --enable "codeready-builder-for-rhel-8-*-rpms"
+    yum -y install systemd-devel libevent-devel fipscheck-devel || exiterr2
+  else
+    yum "$REPO3" -y install systemd-devel libevent-devel fipscheck-devel || exiterr2
+  fi
 fi
 
 # Compile and install Libreswan
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index a644263..b0ab813 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 6 and 7.
+# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 6, 7 and 8.
 # Works on any dedicated server or virtual private server (VPS) except OpenVZ.
 #
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
@@ -48,8 +48,8 @@ check_ip() {
 
 vpnsetup() {
 
-if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
-  exiterr "This script only supports CentOS/RHEL 6 and 7."
+if ! grep -qs -e "release 6" -e "release 7" -e "release 8" /etc/redhat-release; then
+  exiterr "This script only supports CentOS/RHEL 6, 7 and 8."
 fi
 
 if [ -f /proc/user_beancounters ]; then
@@ -111,7 +111,7 @@ cd /opt/src || exit 1
 
 bigecho "Installing packages required for setup..."
 
-yum -y install wget bind-utils openssl \
+yum -y install wget bind-utils openssl tar \
   iptables iproute gawk grep sed net-tools || exiterr2
 
 bigecho "Trying to auto discover IP of this server..."
@@ -139,9 +139,10 @@ bigecho "Installing packages required for the VPN..."
 REPO1='--enablerepo=epel'
 REPO2='--enablerepo=*server-optional*'
 REPO3='--enablerepo=*releases-optional*'
+REPO4='--enablerepo=PowerTools'
 
 yum -y install nss-devel nspr-devel pkgconfig pam-devel \
-  libcap-ng-devel libselinux-devel curl-devel \
+  libcap-ng-devel libselinux-devel curl-devel nss-tools \
   flex bison gcc make ppp || exiterr2
 
 yum "$REPO1" -y install xl2tpd || exiterr2
@@ -149,9 +150,16 @@ yum "$REPO1" -y install xl2tpd || exiterr2
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
   yum "$REPO2" "$REPO3" -y install libevent2-devel fipscheck-devel || exiterr2
-else
+elif grep -qs "release 7" /etc/redhat-release; then
   yum -y install systemd-devel iptables-services || exiterr2
   yum "$REPO2" "$REPO3" -y install libevent-devel fipscheck-devel || exiterr2
+else
+  if [ -f /usr/sbin/subscription-manager ]; then
+    subscription-manager repos --enable "codeready-builder-for-rhel-8-*-rpms"
+    yum -y install systemd-devel iptables-services libevent-devel fipscheck-devel || exiterr2
+  else
+    yum "$REPO4" -y install systemd-devel iptables-services libevent-devel fipscheck-devel || exiterr2
+  fi
 fi
 
 bigecho "Installing Fail2Ban to protect SSH..."
@@ -441,8 +449,8 @@ chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
 # Apply new IPTables rules
 iptables-restore < "$IPT_FILE"
 
-# Fix xl2tpd on CentOS 7, if kernel module "l2tp_ppp" is unavailable
-if grep -qs "release 7" /etc/redhat-release; then
+# Fix xl2tpd on CentOS 7/8, if kernel module "l2tp_ppp" is unavailable
+if grep -qs -e "release 7" -e "release 8" /etc/redhat-release; then
   if ! modprobe -q l2tp_ppp; then
     sed -i '/^ExecStartPre/s/^/#/' /usr/lib/systemd/system/xl2tpd.service
     systemctl daemon-reload