mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 04:56:03 +03:00
Code Issues Projects Releases Wiki Activity

Use lowercase variable names

Browse Source
This commit is contained in:
hwdsl2 2016-05-21 05:34:19 -05:00
parent 1493e541b9
commit 9e300f3907
4 changed files with 80 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
extras/vpnupgrade_Libreswan.sh
View File

@ -11,7 +11,7 @@
# know how you have improved it!
# Check https://libreswan.org and update version number if necessary
SWAN_VER=3.17
swan_ver=3.17
### Do not edit below this line
@ -39,9 +39,9 @@ if [ "$?" != "0" ]; then
exit 1
fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
if [ "$?" = "0" ]; then
echo "You already have Libreswan version $SWAN_VER installed! "
echo "You already have Libreswan version $swan_ver installed! "
echo
printf "Do you wish to continue anyway? [y/N] "
read -r response
@ -59,7 +59,7 @@ fi
clear
cat <<EOF
Welcome! This script will build and install Libreswan $SWAN_VER on your server.
Welcome! This script will build and install Libreswan $swan_ver on your server.
Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan.
@ -106,13 +106,13 @@ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
apt-get -yq --no-install-recommends install xmlto
# Compile and install Libreswan
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz"
SWAN_URL="https://download.libreswan.org/$SWAN_FILE"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
swan_file="libreswan-${swan_ver}.tar.gz"
swan_url="https://download.libreswan.org/$swan_file"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues
cat > Makefile.inc.local <<EOF
WERROR_CFLAGS =
@ -123,11 +123,11 @@ make -s programs && make -s install
service ipsec restart
# Verify the install
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
[ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
echo
echo "Libreswan $SWAN_VER was installed successfully! "
echo "Libreswan $swan_ver was installed successfully! "
echo
exit 0

38
extras/vpnupgrade_Libreswan_centos.sh
View File

@ -11,7 +11,7 @@
# know how you have improved it!
# Check https://libreswan.org and update version number if necessary
SWAN_VER=3.17
swan_ver=3.17
### Do not edit below this line
@ -48,9 +48,9 @@ if [ "$?" != "0" ]; then
exit 1
fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
if [ "$?" = "0" ]; then
echo "You already have Libreswan version $SWAN_VER installed! "
echo "You already have Libreswan version $swan_ver installed! "
echo
printf "Do you wish to continue anyway? [y/N] "
read -r response
@ -68,7 +68,7 @@ fi
clear
cat <<EOF
Welcome! This script will build and install Libreswan $SWAN_VER on your server.
Welcome! This script will build and install Libreswan $swan_ver on your server.
Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan.
@ -110,26 +110,26 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
# Installed Libevent2
if grep -qs "release 6" /etc/redhat-release; then
LE2_URL=https://download.libreswan.org/binaries/rhel/6/x86_64
RPM1=libevent2-2.0.22-1.el6.x86_64.rpm
RPM2=libevent2-devel-2.0.22-1.el6.x86_64.rpm
wget -t 3 -T 30 -nv -O "$RPM1" "$LE2_URL/$RPM1"
le2_url=https://download.libreswan.org/binaries/rhel/6/x86_64
rpm1=libevent2-2.0.22-1.el6.x86_64.rpm
rpm2=libevent2-devel-2.0.22-1.el6.x86_64.rpm
wget -t 3 -T 30 -nv -O "$rpm1" "$le2_url/$rpm1"
[ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; }
wget -t 3 -T 30 -nv -O "$RPM2" "$LE2_URL/$RPM2"
wget -t 3 -T 30 -nv -O "$rpm2" "$le2_url/$rpm2"
[ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; }
rpm -ivh --force "$RPM1" "$RPM2" && /bin/rm -f "$RPM1" "$RPM2"
rpm -ivh --force "$rpm1" "$rpm2" && /bin/rm -f "$rpm1" "$rpm2"
elif grep -qs "release 7" /etc/redhat-release; then
yum -y install libevent-devel
fi
# Compile and install Libreswan
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz"
SWAN_URL="https://download.libreswan.org/$SWAN_FILE"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
swan_file="libreswan-${swan_ver}.tar.gz"
swan_url="https://download.libreswan.org/$swan_file"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues
cat > Makefile.inc.local <<EOF
WERROR_CFLAGS =
@ -145,11 +145,11 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
service ipsec restart
# Verify the install
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
[ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
echo
echo "Libreswan $SWAN_VER was installed successfully! "
echo "Libreswan $swan_ver was installed successfully! "
echo
exit 0

44
vpnsetup.sh
View File

@ -150,14 +150,14 @@ apt-get -yq install xl2tpd
apt-get -yq install fail2ban
# Compile and install Libreswan
SWAN_VER=3.17
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz"
SWAN_URL="https://download.libreswan.org/$SWAN_FILE"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
swan_ver=3.17
swan_file="libreswan-${swan_ver}.tar.gz"
swan_url="https://download.libreswan.org/$swan_file"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues
cat > Makefile.inc.local <<EOF
WERROR_CFLAGS =
@ -165,12 +165,12 @@ EOF
make -s programs && make -s install
# Verify the install
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
[ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
# Create IPsec (Libreswan) config
SYS_DT="$(date +%Y-%m-%d-%H:%M:%S)"
/bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$SYS_DT" 2>/dev/null
sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"
/bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$sys_dt" 2>/dev/null
cat > /etc/ipsec.conf <<EOF
version 2.0
@ -226,13 +226,13 @@ conn xauth-psk
EOF
# Specify IPsec PSK
/bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$sys_dt" 2>/dev/null
cat > /etc/ipsec.secrets <<EOF
$PUBLIC_IP %any : PSK "$VPN_IPSEC_PSK"
EOF
# Create xl2tpd config
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[global]
port = 1701
@ -249,7 +249,7 @@ length bit = yes
EOF
# Set xl2tpd options
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
cat > /etc/ppp/options.xl2tpd <<EOF
ipcp-accept-local
ipcp-accept-remote
@ -268,20 +268,20 @@ connect-delay 5000
EOF
# Create VPN credentials
/bin/cp -f /etc/ppp/chap-secrets "/etc/ppp/chap-secrets.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ppp/chap-secrets "/etc/ppp/chap-secrets.old-$sys_dt" 2>/dev/null
cat > /etc/ppp/chap-secrets <<EOF
# Secrets for authentication using CHAP
# client server secret IP addresses
"$VPN_USER" l2tpd "$VPN_PASSWORD" *
EOF
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
# Update sysctl settings
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
cat >> /etc/sysctl.conf <<EOF
# Added by hwdsl2 VPN script
@ -318,7 +318,7 @@ fi
# - If IPTables is "empty", simply write out the new rules.
# - If *not* empty, insert new rules and save them with existing ones.
if ! grep -qs "hwdsl2 VPN script" /etc/iptables.rules; then
/bin/cp -f /etc/iptables.rules "/etc/iptables.rules.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/iptables.rules "/etc/iptables.rules.old-$sys_dt" 2>/dev/null
service fail2ban stop >/dev/null 2>&1
if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then
cat > /etc/iptables.rules <<EOF
@ -379,14 +379,14 @@ iptables-save >> /etc/iptables.rules
fi
# Update rules for iptables-persistent
if [ -f /etc/iptables/rules.v4 ]; then
/bin/cp -f /etc/iptables/rules.v4 "/etc/iptables/rules.v4.old-$SYS_DT"
/bin/cp -f /etc/iptables/rules.v4 "/etc/iptables/rules.v4.old-$sys_dt"
/bin/cp -f /etc/iptables.rules /etc/iptables/rules.v4
fi
fi
# Create basic IPv6 rules
if ! grep -qs "hwdsl2 VPN script" /etc/ip6tables.rules; then
/bin/cp -f /etc/ip6tables.rules "/etc/ip6tables.rules.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ip6tables.rules "/etc/ip6tables.rules.old-$sys_dt" 2>/dev/null
cat > /etc/ip6tables.rules <<EOF
# Added by hwdsl2 VPN script
*filter
@ -402,7 +402,7 @@ cat > /etc/ip6tables.rules <<EOF
COMMIT
EOF
if [ -f /etc/iptables/rules.v6 ]; then
/bin/cp -f /etc/iptables/rules.v6 "/etc/iptables/rules.v6.old-$SYS_DT"
/bin/cp -f /etc/iptables/rules.v6 "/etc/iptables/rules.v6.old-$sys_dt"
/bin/cp -f /etc/ip6tables.rules /etc/iptables/rules.v6
fi
fi
@ -423,7 +423,7 @@ EOF
# Start services at boot
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
cat >> /etc/rc.local <<EOF

52
vpnsetup_centos.sh
View File

@ -153,27 +153,27 @@ fi
# Installed Libevent2
if grep -qs "release 6" /etc/redhat-release; then
LE2_URL=https://download.libreswan.org/binaries/rhel/6/x86_64
RPM1=libevent2-2.0.22-1.el6.x86_64.rpm
RPM2=libevent2-devel-2.0.22-1.el6.x86_64.rpm
wget -t 3 -T 30 -nv -O "$RPM1" "$LE2_URL/$RPM1"
le2_url=https://download.libreswan.org/binaries/rhel/6/x86_64
rpm1=libevent2-2.0.22-1.el6.x86_64.rpm
rpm2=libevent2-devel-2.0.22-1.el6.x86_64.rpm
wget -t 3 -T 30 -nv -O "$rpm1" "$le2_url/$rpm1"
[ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; }
wget -t 3 -T 30 -nv -O "$RPM2" "$LE2_URL/$RPM2"
wget -t 3 -T 30 -nv -O "$rpm2" "$le2_url/$rpm2"
[ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; }
rpm -ivh --force "$RPM1" "$RPM2" && /bin/rm -f "$RPM1" "$RPM2"
rpm -ivh --force "$rpm1" "$rpm2" && /bin/rm -f "$rpm1" "$rpm2"
elif grep -qs "release 7" /etc/redhat-release; then
yum -y install libevent-devel
fi
# Compile and install Libreswan
SWAN_VER=3.17
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz"
SWAN_URL="https://download.libreswan.org/$SWAN_FILE"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
swan_ver=3.17
swan_file="libreswan-${swan_ver}.tar.gz"
swan_url="https://download.libreswan.org/$swan_file"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues
cat > Makefile.inc.local <<EOF
WERROR_CFLAGS =
@ -181,12 +181,12 @@ EOF
make -s programs && make -s install
# Verify the install
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
[ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
# Create IPsec (Libreswan) config
SYS_DT="$(date +%Y-%m-%d-%H:%M:%S)"
/bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$SYS_DT" 2>/dev/null
sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"
/bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$sys_dt" 2>/dev/null
cat > /etc/ipsec.conf <<EOF
version 2.0
@ -242,13 +242,13 @@ conn xauth-psk
EOF
# Specify IPsec PSK
/bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$sys_dt" 2>/dev/null
cat > /etc/ipsec.secrets <<EOF
$PUBLIC_IP %any : PSK "$VPN_IPSEC_PSK"
EOF
# Create xl2tpd config
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[global]
port = 1701
@ -265,7 +265,7 @@ length bit = yes
EOF
# Set xl2tpd options
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
cat > /etc/ppp/options.xl2tpd <<EOF
ipcp-accept-local
ipcp-accept-remote
@ -284,20 +284,20 @@ connect-delay 5000
EOF
# Create VPN credentials
/bin/cp -f /etc/ppp/chap-secrets "/etc/ppp/chap-secrets.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ppp/chap-secrets "/etc/ppp/chap-secrets.old-$sys_dt" 2>/dev/null
cat > /etc/ppp/chap-secrets <<EOF
# Secrets for authentication using CHAP
# client server secret IP addresses
"$VPN_USER" l2tpd "$VPN_PASSWORD" *
EOF
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
# Update sysctl settings
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
cat >> /etc/sysctl.conf <<EOF
# Added by hwdsl2 VPN script
@ -334,7 +334,7 @@ fi
# - If IPTables is "empty", simply write out the new rules.
# - If *not* empty, insert new rules and save them with existing ones.
if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/iptables; then
/bin/cp -f /etc/sysconfig/iptables "/etc/sysconfig/iptables.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/sysconfig/iptables "/etc/sysconfig/iptables.old-$sys_dt" 2>/dev/null
service fail2ban stop >/dev/null 2>&1
if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then
cat > /etc/sysconfig/iptables <<EOF
@ -396,7 +396,7 @@ fi
# Create basic IPv6 rules
if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/ip6tables; then
/bin/cp -f /etc/sysconfig/ip6tables "/etc/sysconfig/ip6tables.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/sysconfig/ip6tables "/etc/sysconfig/ip6tables.old-$sys_dt" 2>/dev/null
cat > /etc/sysconfig/ip6tables <<EOF
# Added by hwdsl2 VPN script
*filter
@ -433,7 +433,7 @@ fi
# Start services at boot
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$SYS_DT" 2>/dev/null
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
cat >> /etc/rc.local <<EOF
# Added by hwdsl2 VPN script