New Libreswan version

- Upgrade Libreswan to 3.27
- Cleanup

extras/vpnupgrade.sh

@@ -11,7 +11,7 @@
 # know how you have improved it!
 
 # Specify which Libreswan version to install. See: https://libreswan.org
-SWAN_VER=3.26
+SWAN_VER=3.27
 
 ### DO NOT edit below this line ###
 
@@ -44,14 +44,14 @@ if [ "$(id -u)" != 0 ]; then
 fi
 
 case "$SWAN_VER" in
-  3.19|3.2[012356])
+  3.19|3.2[0123567])
     /bin/true
     ;;
   *)
 cat 1>&2 <<EOF
 Error: Libreswan version '$SWAN_VER' is not supported.
-  This script can install one of these Libreswan versions:
-  3.19-3.23, 3.25 and 3.26
+  This script can install one of the following versions:
+  3.19-3.23, 3.25-3.26 and 3.27
 EOF
     exit 1
     ;;
@@ -59,7 +59,7 @@ esac
 
 dns_state=0
 case "$SWAN_VER" in
-  3.2[356])
+  3.2[3567])
     DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
     DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
     [ -n "$DNS_SRV1" ] && dns_state=2
@@ -102,7 +102,7 @@ fi
 clear
 
 cat <<EOF
-Welcome! This script will build and install Libreswan $SWAN_VER on your server.
+Welcome! This script will build and install Libreswan on your server.
 Additional packages required for compilation will also be installed.
 
 It is intended for upgrading servers to a newer Libreswan version.

extras/vpnupgrade_centos.sh

@@ -11,7 +11,7 @@
 # know how you have improved it!
 
 # Specify which Libreswan version to install. See: https://libreswan.org
-SWAN_VER=3.26
+SWAN_VER=3.27
 
 ### DO NOT edit below this line ###
 
@@ -35,14 +35,14 @@ if [ "$(id -u)" != 0 ]; then
 fi
 
 case "$SWAN_VER" in
-  3.19|3.2[012356])
+  3.19|3.2[0123567])
     /bin/true
     ;;
   *)
 cat 1>&2 <<EOF
 Error: Libreswan version '$SWAN_VER' is not supported.
-  This script can install one of these Libreswan versions:
-  3.19-3.23, 3.25 and 3.26
+  This script can install one of the following versions:
+  3.19-3.23, 3.25-3.26 and 3.27
 EOF
     exit 1
     ;;
@@ -50,7 +50,7 @@ esac
 
 dns_state=0
 case "$SWAN_VER" in
-  3.2[356])
+  3.2[3567])
     DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
     DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
     [ -n "$DNS_SRV1" ] && dns_state=2
@@ -93,7 +93,7 @@ fi
 clear
 
 cat <<EOF
-Welcome! This script will build and install Libreswan $SWAN_VER on your server.
+Welcome! This script will build and install Libreswan on your server.
 Additional packages required for compilation will also be installed.
 
 It is intended for upgrading servers to a newer Libreswan version.

vpnsetup.sh

@@ -196,7 +196,7 @@ apt-get -yq install fail2ban || exiterr2
 
 bigecho "Compiling and installing Libreswan..."
 
-SWAN_VER=3.26
+SWAN_VER=3.27
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
@@ -206,8 +206,6 @@ fi
 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
 tar xzf "$swan_file" && /bin/rm -f "$swan_file"
 cd "libreswan-$SWAN_VER" || exit 1
-sed -i 's/-lfreebl //' mk/config.mk
-sed -i '/blapi\.h/d' programs/pluto/keys.c
 cat > Makefile.inc.local <<'EOF'
 WERROR_CFLAGS =
 USE_DNSSEC = false
@@ -289,11 +287,6 @@ conn xauth-psk
   also=shared
 EOF
 
-if ip -4 route list 0/0 2>/dev/null | grep -qs ' src '; then
-  PRIVATE_IP=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}')
-  check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf
-fi
-
 if uname -m | grep -qi '^arm'; then
   sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
 fi

vpnsetup_centos.sh

@@ -186,7 +186,7 @@ yum "$REPO1" -y install fail2ban || exiterr2
 
 bigecho "Compiling and installing Libreswan..."
 
-SWAN_VER=3.26
+SWAN_VER=3.27
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
@@ -196,8 +196,6 @@ fi
 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
 tar xzf "$swan_file" && /bin/rm -f "$swan_file"
 cd "libreswan-$SWAN_VER" || exit 1
-sed -i 's/-lfreebl //' mk/config.mk
-sed -i '/blapi\.h/d' programs/pluto/keys.c
 cat > Makefile.inc.local <<'EOF'
 WERROR_CFLAGS =
 USE_DNSSEC = false
@@ -276,11 +274,6 @@ conn xauth-psk
   also=shared
 EOF
 
-if ip -4 route list 0/0 2>/dev/null | grep -qs ' src '; then
-  PRIVATE_IP=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}')
-  check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf
-fi
-
 # Specify IPsec PSK
 conf_bk "/etc/ipsec.secrets"
 cat > /etc/ipsec.secrets <<EOF