mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 21:16:02 +03:00
Code Issues Projects Releases Wiki Activity

New Libreswan version

Browse Source 
- Upgrade Libreswan to 3.27
- Cleanup
This commit is contained in:
hwdsl2 2018-10-09 12:32:28 -05:00
parent 4f41fcba9a
commit a04d2d32e8
4 changed files with 14 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
extras/vpnupgrade.sh
View File

@ -11,7 +11,7 @@
# know how you have improved it! # know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org # Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=3.26 SWAN_VER=3.27
### DO NOT edit below this line ### ### DO NOT edit below this line ###
@ -44,14 +44,14 @@ if [ "$(id -u)" != 0 ]; then
fi fi
case "$SWAN_VER" in case "$SWAN_VER" in
3.19|3.2[012356]) 3.19|3.2[0123567])
/bin/true /bin/true
;; ;;
*) *)
cat 1>&2 <<EOF cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported. Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of these Libreswan versions: This script can install one of the following versions:
3.19-3.23, 3.25 and 3.26 3.19-3.23, 3.25-3.26 and 3.27
EOF EOF
exit 1 exit 1
;; ;;
@ -59,7 +59,7 @@ esac
dns_state=0 dns_state=0
case "$SWAN_VER" in case "$SWAN_VER" in
3.2[356]) 3.2[3567])
DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
[ -n "$DNS_SRV1" ] && dns_state=2 [ -n "$DNS_SRV1" ] && dns_state=2
@ -102,7 +102,7 @@ fi
clear clear
cat <<EOF cat <<EOF
Welcome! This script will build and install Libreswan $SWAN_VER on your server. Welcome! This script will build and install Libreswan on your server.
Additional packages required for compilation will also be installed. Additional packages required for compilation will also be installed.
It is intended for upgrading servers to a newer Libreswan version. It is intended for upgrading servers to a newer Libreswan version.

12
extras/vpnupgrade_centos.sh
View File

@ -11,7 +11,7 @@
# know how you have improved it! # know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org # Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=3.26 SWAN_VER=3.27
### DO NOT edit below this line ### ### DO NOT edit below this line ###
@ -35,14 +35,14 @@ if [ "$(id -u)" != 0 ]; then
fi fi
case "$SWAN_VER" in case "$SWAN_VER" in
3.19|3.2[012356]) 3.19|3.2[0123567])
/bin/true /bin/true
;; ;;
*) *)
cat 1>&2 <<EOF cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported. Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of these Libreswan versions: This script can install one of the following versions:
3.19-3.23, 3.25 and 3.26 3.19-3.23, 3.25-3.26 and 3.27
EOF EOF
exit 1 exit 1
;; ;;
@ -50,7 +50,7 @@ esac
dns_state=0 dns_state=0
case "$SWAN_VER" in case "$SWAN_VER" in
3.2[356]) 3.2[3567])
DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) DNS_SRV2=$(grep "modecfgdns2=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2)
[ -n "$DNS_SRV1" ] && dns_state=2 [ -n "$DNS_SRV1" ] && dns_state=2
@ -93,7 +93,7 @@ fi
clear clear
cat <<EOF cat <<EOF
Welcome! This script will build and install Libreswan $SWAN_VER on your server. Welcome! This script will build and install Libreswan on your server.
Additional packages required for compilation will also be installed. Additional packages required for compilation will also be installed.
It is intended for upgrading servers to a newer Libreswan version. It is intended for upgrading servers to a newer Libreswan version.

9
vpnsetup.sh
View File

@ -196,7 +196,7 @@ apt-get -yq install fail2ban || exiterr2
bigecho "Compiling and installing Libreswan..." bigecho "Compiling and installing Libreswan..."
SWAN_VER=3.26 SWAN_VER=3.27
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file" swan_url2="https://download.libreswan.org/$swan_file"
@ -206,8 +206,6 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1 cd "libreswan-$SWAN_VER" || exit 1
sed -i 's/-lfreebl //' mk/config.mk
sed -i '/blapi\.h/d' programs/pluto/keys.c
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS = WERROR_CFLAGS =
USE_DNSSEC = false USE_DNSSEC = false
@ -289,11 +287,6 @@ conn xauth-psk
also=shared also=shared
EOF EOF
if ip -4 route list 0/0 2>/dev/null | grep -qs ' src '; then
PRIVATE_IP=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}')
check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf
fi
if uname -m | grep -qi '^arm'; then if uname -m | grep -qi '^arm'; then
sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
fi fi

9
vpnsetup_centos.sh
View File

@ -186,7 +186,7 @@ yum "$REPO1" -y install fail2ban || exiterr2
bigecho "Compiling and installing Libreswan..." bigecho "Compiling and installing Libreswan..."
SWAN_VER=3.26 SWAN_VER=3.27
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file" swan_url2="https://download.libreswan.org/$swan_file"
@ -196,8 +196,6 @@ fi
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || exit 1 cd "libreswan-$SWAN_VER" || exit 1
sed -i 's/-lfreebl //' mk/config.mk
sed -i '/blapi\.h/d' programs/pluto/keys.c
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS = WERROR_CFLAGS =
USE_DNSSEC = false USE_DNSSEC = false
@ -276,11 +274,6 @@ conn xauth-psk
also=shared also=shared
EOF EOF
if ip -4 route list 0/0 2>/dev/null | grep -qs ' src '; then
PRIVATE_IP=$(ip -4 route get 1 | sed 's/ uid .*//' | awk '{print $NF;exit}')
check_ip "$PRIVATE_IP" && sed -i "s/left=%defaultroute/left=$PRIVATE_IP/" /etc/ipsec.conf
fi
# Specify IPsec PSK # Specify IPsec PSK
conf_bk "/etc/ipsec.secrets" conf_bk "/etc/ipsec.secrets"
cat > /etc/ipsec.secrets <<EOF cat > /etc/ipsec.secrets <<EOF