mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-02-16 20:13:19 +03:00
Code Issues Projects Releases Wiki Activity

Use lowercase variable names

Browse Source
This commit is contained in:
hwdsl2 2016-05-21 05:34:19 -05:00
parent 1493e541b9
commit 9e300f3907
4 changed files with 80 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
extras/vpnupgrade_Libreswan.sh
View File

@ -11,7 +11,7 @@
# know how you have improved it! # know how you have improved it!
# Check https://libreswan.org and update version number if necessary # Check https://libreswan.org and update version number if necessary
SWAN_VER=3.17 swan_ver=3.17
### Do not edit below this line ### Do not edit below this line
@ -39,9 +39,9 @@ if [ "$?" != "0" ]; then
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
echo "You already have Libreswan version $SWAN_VER installed! " echo "You already have Libreswan version $swan_ver installed! "
echo echo
printf "Do you wish to continue anyway? [y/N] " printf "Do you wish to continue anyway? [y/N] "
read -r response read -r response
@ -59,7 +59,7 @@ fi
clear clear
cat <<EOF cat <<EOF
Welcome! This script will build and install Libreswan $SWAN_VER on your server. Welcome! This script will build and install Libreswan $swan_ver on your server.
Additional packages required for Libreswan compilation will also be installed. Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan. This is intended for use on servers running an older version of Libreswan.
@ -106,13 +106,13 @@ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
apt-get -yq --no-install-recommends install xmlto apt-get -yq --no-install-recommends install xmlto
# Compile and install Libreswan # Compile and install Libreswan
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz" swan_file="libreswan-${swan_ver}.tar.gz"
SWAN_URL="https://download.libreswan.org/$SWAN_FILE" swan_url="https://download.libreswan.org/$swan_file"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues # Workaround for Libreswan compile issues
cat > Makefile.inc.local <<EOF cat > Makefile.inc.local <<EOF
WERROR_CFLAGS = WERROR_CFLAGS =
@ -123,11 +123,11 @@ make -s programs && make -s install
service ipsec restart service ipsec restart
# Verify the install # Verify the install
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
echo echo
echo "Libreswan $SWAN_VER was installed successfully! " echo "Libreswan $swan_ver was installed successfully! "
echo echo
exit 0 exit 0

38
extras/vpnupgrade_Libreswan_centos.sh
View File

@ -11,7 +11,7 @@
# know how you have improved it! # know how you have improved it!
# Check https://libreswan.org and update version number if necessary # Check https://libreswan.org and update version number if necessary
SWAN_VER=3.17 swan_ver=3.17
### Do not edit below this line ### Do not edit below this line
@ -48,9 +48,9 @@ if [ "$?" != "0" ]; then
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
echo "You already have Libreswan version $SWAN_VER installed! " echo "You already have Libreswan version $swan_ver installed! "
echo echo
printf "Do you wish to continue anyway? [y/N] " printf "Do you wish to continue anyway? [y/N] "
read -r response read -r response
@ -68,7 +68,7 @@ fi
clear clear
cat <<EOF cat <<EOF
Welcome! This script will build and install Libreswan $SWAN_VER on your server. Welcome! This script will build and install Libreswan $swan_ver on your server.
Additional packages required for Libreswan compilation will also be installed. Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan. This is intended for use on servers running an older version of Libreswan.
@ -110,26 +110,26 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
# Installed Libevent2 # Installed Libevent2
if grep -qs "release 6" /etc/redhat-release; then if grep -qs "release 6" /etc/redhat-release; then
LE2_URL=https://download.libreswan.org/binaries/rhel/6/x86_64 le2_url=https://download.libreswan.org/binaries/rhel/6/x86_64
RPM1=libevent2-2.0.22-1.el6.x86_64.rpm rpm1=libevent2-2.0.22-1.el6.x86_64.rpm
RPM2=libevent2-devel-2.0.22-1.el6.x86_64.rpm rpm2=libevent2-devel-2.0.22-1.el6.x86_64.rpm
wget -t 3 -T 30 -nv -O "$RPM1" "$LE2_URL/$RPM1" wget -t 3 -T 30 -nv -O "$rpm1" "$le2_url/$rpm1"
[ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; } [ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; }
wget -t 3 -T 30 -nv -O "$RPM2" "$LE2_URL/$RPM2" wget -t 3 -T 30 -nv -O "$rpm2" "$le2_url/$rpm2"
[ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; } [ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; }
rpm -ivh --force "$RPM1" "$RPM2" && /bin/rm -f "$RPM1" "$RPM2" rpm -ivh --force "$rpm1" "$rpm2" && /bin/rm -f "$rpm1" "$rpm2"
elif grep -qs "release 7" /etc/redhat-release; then elif grep -qs "release 7" /etc/redhat-release; then
yum -y install libevent-devel yum -y install libevent-devel
fi fi
# Compile and install Libreswan # Compile and install Libreswan
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz" swan_file="libreswan-${swan_ver}.tar.gz"
SWAN_URL="https://download.libreswan.org/$SWAN_FILE" swan_url="https://download.libreswan.org/$swan_file"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues # Workaround for Libreswan compile issues
cat > Makefile.inc.local <<EOF cat > Makefile.inc.local <<EOF
WERROR_CFLAGS = WERROR_CFLAGS =
@ -145,11 +145,11 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
service ipsec restart service ipsec restart
# Verify the install # Verify the install
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
echo echo
echo "Libreswan $SWAN_VER was installed successfully! " echo "Libreswan $swan_ver was installed successfully! "
echo echo
exit 0 exit 0

44
vpnsetup.sh
View File

@ -150,14 +150,14 @@ apt-get -yq install xl2tpd
apt-get -yq install fail2ban apt-get -yq install fail2ban
# Compile and install Libreswan # Compile and install Libreswan
SWAN_VER=3.17 swan_ver=3.17
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz" swan_file="libreswan-${swan_ver}.tar.gz"
SWAN_URL="https://download.libreswan.org/$SWAN_FILE" swan_url="https://download.libreswan.org/$swan_file"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues # Workaround for Libreswan compile issues
cat > Makefile.inc.local <<EOF cat > Makefile.inc.local <<EOF
WERROR_CFLAGS = WERROR_CFLAGS =
@ -165,12 +165,12 @@ EOF
make -s programs && make -s install make -s programs && make -s install
# Verify the install # Verify the install
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
# Create IPsec (Libreswan) config # Create IPsec (Libreswan) config
SYS_DT="$(date +%Y-%m-%d-%H:%M:%S)" sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"
/bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$sys_dt" 2>/dev/null
cat > /etc/ipsec.conf <<EOF cat > /etc/ipsec.conf <<EOF
version 2.0 version 2.0
@ -226,13 +226,13 @@ conn xauth-psk
EOF EOF
# Specify IPsec PSK # Specify IPsec PSK
/bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$sys_dt" 2>/dev/null
cat > /etc/ipsec.secrets <<EOF cat > /etc/ipsec.secrets <<EOF
$PUBLIC_IP %any : PSK "$VPN_IPSEC_PSK" $PUBLIC_IP %any : PSK "$VPN_IPSEC_PSK"
EOF EOF
# Create xl2tpd config # Create xl2tpd config
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
cat > /etc/xl2tpd/xl2tpd.conf <<EOF cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[global] [global]
port = 1701 port = 1701
@ -249,7 +249,7 @@ length bit = yes
EOF EOF
# Set xl2tpd options # Set xl2tpd options
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
cat > /etc/ppp/options.xl2tpd <<EOF cat > /etc/ppp/options.xl2tpd <<EOF
ipcp-accept-local ipcp-accept-local
ipcp-accept-remote ipcp-accept-remote
@ -268,20 +268,20 @@ connect-delay 5000
EOF EOF
# Create VPN credentials # Create VPN credentials
/bin/cp -f /etc/ppp/chap-secrets "/etc/ppp/chap-secrets.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ppp/chap-secrets "/etc/ppp/chap-secrets.old-$sys_dt" 2>/dev/null
cat > /etc/ppp/chap-secrets <<EOF cat > /etc/ppp/chap-secrets <<EOF
# Secrets for authentication using CHAP # Secrets for authentication using CHAP
# client server secret IP addresses # client server secret IP addresses
"$VPN_USER" l2tpd "$VPN_PASSWORD" * "$VPN_USER" l2tpd "$VPN_PASSWORD" *
EOF EOF
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD") VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
# Update sysctl settings # Update sysctl settings
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
cat >> /etc/sysctl.conf <<EOF cat >> /etc/sysctl.conf <<EOF
# Added by hwdsl2 VPN script # Added by hwdsl2 VPN script
@ -318,7 +318,7 @@ fi
# - If IPTables is "empty", simply write out the new rules. # - If IPTables is "empty", simply write out the new rules.
# - If *not* empty, insert new rules and save them with existing ones. # - If *not* empty, insert new rules and save them with existing ones.
if ! grep -qs "hwdsl2 VPN script" /etc/iptables.rules; then if ! grep -qs "hwdsl2 VPN script" /etc/iptables.rules; then
/bin/cp -f /etc/iptables.rules "/etc/iptables.rules.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/iptables.rules "/etc/iptables.rules.old-$sys_dt" 2>/dev/null
service fail2ban stop >/dev/null 2>&1 service fail2ban stop >/dev/null 2>&1
if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then
cat > /etc/iptables.rules <<EOF cat > /etc/iptables.rules <<EOF
@ -379,14 +379,14 @@ iptables-save >> /etc/iptables.rules
fi fi
# Update rules for iptables-persistent # Update rules for iptables-persistent
if [ -f /etc/iptables/rules.v4 ]; then if [ -f /etc/iptables/rules.v4 ]; then
/bin/cp -f /etc/iptables/rules.v4 "/etc/iptables/rules.v4.old-$SYS_DT" /bin/cp -f /etc/iptables/rules.v4 "/etc/iptables/rules.v4.old-$sys_dt"
/bin/cp -f /etc/iptables.rules /etc/iptables/rules.v4 /bin/cp -f /etc/iptables.rules /etc/iptables/rules.v4
fi fi
fi fi
# Create basic IPv6 rules # Create basic IPv6 rules
if ! grep -qs "hwdsl2 VPN script" /etc/ip6tables.rules; then if ! grep -qs "hwdsl2 VPN script" /etc/ip6tables.rules; then
/bin/cp -f /etc/ip6tables.rules "/etc/ip6tables.rules.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ip6tables.rules "/etc/ip6tables.rules.old-$sys_dt" 2>/dev/null
cat > /etc/ip6tables.rules <<EOF cat > /etc/ip6tables.rules <<EOF
# Added by hwdsl2 VPN script # Added by hwdsl2 VPN script
*filter *filter
@ -402,7 +402,7 @@ cat > /etc/ip6tables.rules <<EOF
COMMIT COMMIT
EOF EOF
if [ -f /etc/iptables/rules.v6 ]; then if [ -f /etc/iptables/rules.v6 ]; then
/bin/cp -f /etc/iptables/rules.v6 "/etc/iptables/rules.v6.old-$SYS_DT" /bin/cp -f /etc/iptables/rules.v6 "/etc/iptables/rules.v6.old-$sys_dt"
/bin/cp -f /etc/ip6tables.rules /etc/iptables/rules.v6 /bin/cp -f /etc/ip6tables.rules /etc/iptables/rules.v6
fi fi
fi fi
@ -423,7 +423,7 @@ EOF
# Start services at boot # Start services at boot
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
cat >> /etc/rc.local <<EOF cat >> /etc/rc.local <<EOF

52
vpnsetup_centos.sh
View File

@ -153,27 +153,27 @@ fi
# Installed Libevent2 # Installed Libevent2
if grep -qs "release 6" /etc/redhat-release; then if grep -qs "release 6" /etc/redhat-release; then
LE2_URL=https://download.libreswan.org/binaries/rhel/6/x86_64 le2_url=https://download.libreswan.org/binaries/rhel/6/x86_64
RPM1=libevent2-2.0.22-1.el6.x86_64.rpm rpm1=libevent2-2.0.22-1.el6.x86_64.rpm
RPM2=libevent2-devel-2.0.22-1.el6.x86_64.rpm rpm2=libevent2-devel-2.0.22-1.el6.x86_64.rpm
wget -t 3 -T 30 -nv -O "$RPM1" "$LE2_URL/$RPM1" wget -t 3 -T 30 -nv -O "$rpm1" "$le2_url/$rpm1"
[ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; } [ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; }
wget -t 3 -T 30 -nv -O "$RPM2" "$LE2_URL/$RPM2" wget -t 3 -T 30 -nv -O "$rpm2" "$le2_url/$rpm2"
[ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; } [ "$?" != "0" ] && { echo "Cannot download Libevent2. Aborting."; exit 1; }
rpm -ivh --force "$RPM1" "$RPM2" && /bin/rm -f "$RPM1" "$RPM2" rpm -ivh --force "$rpm1" "$rpm2" && /bin/rm -f "$rpm1" "$rpm2"
elif grep -qs "release 7" /etc/redhat-release; then elif grep -qs "release 7" /etc/redhat-release; then
yum -y install libevent-devel yum -y install libevent-devel
fi fi
# Compile and install Libreswan # Compile and install Libreswan
SWAN_VER=3.17 swan_ver=3.17
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz" swan_file="libreswan-${swan_ver}.tar.gz"
SWAN_URL="https://download.libreswan.org/$SWAN_FILE" swan_url="https://download.libreswan.org/$swan_file"
wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues # Workaround for Libreswan compile issues
cat > Makefile.inc.local <<EOF cat > Makefile.inc.local <<EOF
WERROR_CFLAGS = WERROR_CFLAGS =
@ -181,12 +181,12 @@ EOF
make -s programs && make -s install make -s programs && make -s install
# Verify the install # Verify the install
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
# Create IPsec (Libreswan) config # Create IPsec (Libreswan) config
SYS_DT="$(date +%Y-%m-%d-%H:%M:%S)" sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"
/bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$sys_dt" 2>/dev/null
cat > /etc/ipsec.conf <<EOF cat > /etc/ipsec.conf <<EOF
version 2.0 version 2.0
@ -242,13 +242,13 @@ conn xauth-psk
EOF EOF
# Specify IPsec PSK # Specify IPsec PSK
/bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ipsec.secrets "/etc/ipsec.secrets.old-$sys_dt" 2>/dev/null
cat > /etc/ipsec.secrets <<EOF cat > /etc/ipsec.secrets <<EOF
$PUBLIC_IP %any : PSK "$VPN_IPSEC_PSK" $PUBLIC_IP %any : PSK "$VPN_IPSEC_PSK"
EOF EOF
# Create xl2tpd config # Create xl2tpd config
/bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
cat > /etc/xl2tpd/xl2tpd.conf <<EOF cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[global] [global]
port = 1701 port = 1701
@ -265,7 +265,7 @@ length bit = yes
EOF EOF
# Set xl2tpd options # Set xl2tpd options
/bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
cat > /etc/ppp/options.xl2tpd <<EOF cat > /etc/ppp/options.xl2tpd <<EOF
ipcp-accept-local ipcp-accept-local
ipcp-accept-remote ipcp-accept-remote
@ -284,20 +284,20 @@ connect-delay 5000
EOF EOF
# Create VPN credentials # Create VPN credentials
/bin/cp -f /etc/ppp/chap-secrets "/etc/ppp/chap-secrets.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ppp/chap-secrets "/etc/ppp/chap-secrets.old-$sys_dt" 2>/dev/null
cat > /etc/ppp/chap-secrets <<EOF cat > /etc/ppp/chap-secrets <<EOF
# Secrets for authentication using CHAP # Secrets for authentication using CHAP
# client server secret IP addresses # client server secret IP addresses
"$VPN_USER" l2tpd "$VPN_PASSWORD" * "$VPN_USER" l2tpd "$VPN_PASSWORD" *
EOF EOF
/bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD") VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
# Update sysctl settings # Update sysctl settings
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
/bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
cat >> /etc/sysctl.conf <<EOF cat >> /etc/sysctl.conf <<EOF
# Added by hwdsl2 VPN script # Added by hwdsl2 VPN script
@ -334,7 +334,7 @@ fi
# - If IPTables is "empty", simply write out the new rules. # - If IPTables is "empty", simply write out the new rules.
# - If *not* empty, insert new rules and save them with existing ones. # - If *not* empty, insert new rules and save them with existing ones.
if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/iptables; then if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/iptables; then
/bin/cp -f /etc/sysconfig/iptables "/etc/sysconfig/iptables.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/sysconfig/iptables "/etc/sysconfig/iptables.old-$sys_dt" 2>/dev/null
service fail2ban stop >/dev/null 2>&1 service fail2ban stop >/dev/null 2>&1
if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then
cat > /etc/sysconfig/iptables <<EOF cat > /etc/sysconfig/iptables <<EOF
@ -396,7 +396,7 @@ fi
# Create basic IPv6 rules # Create basic IPv6 rules
if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/ip6tables; then if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/ip6tables; then
/bin/cp -f /etc/sysconfig/ip6tables "/etc/sysconfig/ip6tables.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/sysconfig/ip6tables "/etc/sysconfig/ip6tables.old-$sys_dt" 2>/dev/null
cat > /etc/sysconfig/ip6tables <<EOF cat > /etc/sysconfig/ip6tables <<EOF
# Added by hwdsl2 VPN script # Added by hwdsl2 VPN script
*filter *filter
@ -433,7 +433,7 @@ fi
# Start services at boot # Start services at boot
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
/bin/cp -f /etc/rc.local "/etc/rc.local.old-$SYS_DT" 2>/dev/null /bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
cat >> /etc/rc.local <<EOF cat >> /etc/rc.local <<EOF
# Added by hwdsl2 VPN script # Added by hwdsl2 VPN script