mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 04:56:03 +03:00
Code Issues Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
hwdsl2 2021-09-19 21:51:14 -05:00
parent 4a8e24a61c
commit a47ced7899
9 changed files with 75 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
extras/ikev2setup.sh
View File

@ -1,6 +1,9 @@
#!/bin/bash
#
# Script to set up IKEv2 on Ubuntu, Debian, CentOS/RHEL and Amazon Linux 2
# Script to set up and manage IKEv2 on Ubuntu, Debian, CentOS/RHEL,
# Rocky Linux, AlmaLinux, Amazon Linux 2 and Alpine Linux
#
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
#
# The latest version of this script is available at:
# https://github.com/hwdsl2/setup-ipsec-vpn
@ -69,9 +72,11 @@ check_os() {
os_type=alpine
;;
*)
echo "Error: This script only supports one of the following OS:" >&2
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2
echo " Amazon Linux 2 or Alpine Linux" >&2
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1
;;
esac
@ -148,7 +153,7 @@ check_container() {
show_header() {
cat <<'EOF'
IKEv2 Script Copyright (c) 2020-2021 Lin Song 22 Aug 2021
IKEv2 Script Copyright (c) 2020-2021 Lin Song 19 Sep 2021
EOF
}
@ -575,10 +580,12 @@ select_mobike() {
echo
mobike_enable=0
if [ "$mobike_support" = "1" ]; then
echo
echo "The MOBIKE IKEv2 extension allows VPN clients to change network attachment points,"
echo "e.g. switch between mobile data and Wi-Fi and keep the IPsec tunnel up on the new IP."
echo
cat <<'EOF'
The MOBIKE IKEv2 extension allows VPN clients to change network attachment points,
e.g. switch between mobile data and Wi-Fi and keep the IPsec tunnel up on the new IP.
EOF
printf "Do you want to enable MOBIKE support? [Y/n] "
read -r response
case $response in
@ -593,15 +600,17 @@ select_mobike() {
}
select_menu_option() {
echo "IKEv2 is already set up on this server."
echo
echo "Select an option:"
echo " 1) Add a new client"
echo " 2) Export configuration for an existing client"
echo " 3) List existing clients"
echo " 4) Revoke a client certificate"
echo " 5) Remove IKEv2"
echo " 6) Exit"
cat <<'EOF'
IKEv2 is already set up on this server.
Select an option:
1) Add a new client
2) Export configuration for an existing client
3) List existing clients
4) Revoke a client certificate
5) Remove IKEv2
6) Exit
EOF
read -rp "Option: " selected_option
until [[ "$selected_option" =~ ^[1-6]$ ]]; do
printf '%s\n' "$selected_option: invalid selection."
@ -1151,27 +1160,33 @@ EOF
check_ipsec_conf() {
if grep -qs "conn ikev2-cp" /etc/ipsec.conf; then
echo "Error: IKEv2 configuration section found in /etc/ipsec.conf." >&2
echo " This script cannot automatically remove IKEv2 from this server." >&2
echo " To manually remove IKEv2, see https://git.io/ikev2" >&2
cat 1>&2 <<'EOF'
Error: IKEv2 configuration section found in /etc/ipsec.conf.
This script cannot automatically remove IKEv2 from this server.
To manually remove IKEv2, see https://git.io/ikev2
EOF
abort_and_exit
fi
}
confirm_revoke_cert() {
echo "WARNING: You have selected to revoke IKEv2 client certificate '$client_name'."
echo " After revocation, this certificate *cannot* be used by VPN client(s)"
echo " to connect to this VPN server."
echo
cat <<EOF
WARNING: You have selected to revoke IKEv2 client certificate '$client_name'.
After revocation, this certificate *cannot* be used by VPN client(s)
to connect to this VPN server.
EOF
confirm_or_abort "Are you sure you want to revoke '$client_name'? [y/N] "
}
confirm_remove_ikev2() {
echo "WARNING: This option will remove IKEv2 from this VPN server, but keep the IPsec/L2TP"
echo " and IPsec/XAuth (\"Cisco IPsec\") modes, if installed. All IKEv2 configuration"
echo " including certificates and keys will be permanently deleted."
echo " This *cannot* be undone! "
echo
cat <<'EOF'
WARNING: This option will remove IKEv2 from this VPN server, but keep the IPsec/L2TP
and IPsec/XAuth ("Cisco IPsec") modes, if installed. All IKEv2 configuration
including certificates and keys will be *permanently deleted*.
This *cannot* be undone!
EOF
confirm_or_abort "Are you sure you want to remove IKEv2? [y/N] "
}

8
extras/quickstart.sh
View File

@ -77,9 +77,11 @@ check_os() {
os_type=alpine
;;
*)
echo "Error: This script only supports one of the following OS:" >&2
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2
echo " Amazon Linux 2 or Alpine Linux" >&2
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1
;;
esac

8
extras/vpnuninstall.sh
View File

@ -57,9 +57,11 @@ check_os() {
os_type=alpine
;;
*)
echo "Error: This script only supports one of the following OS:" >&2
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2
echo " Amazon Linux 2 or Alpine Linux" >&2
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1
;;
esac

8
extras/vpnupgrade.sh
View File

@ -68,9 +68,11 @@ check_os() {
os_type=alpine
;;
*)
echo "Error: This script only supports one of the following OS:" >&2
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2
echo " Amazon Linux 2 or Alpine Linux" >&2
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1
;;
esac

4
extras/vpnupgrade_centos.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Script to update Libreswan on CentOS and RHEL
# Script to update Libreswan on CentOS/RHEL, Rocky Linux and AlmaLinux
#
# The latest version of this script is available at:
# https://github.com/hwdsl2/setup-ipsec-vpn
@ -52,7 +52,7 @@ check_os() {
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
else
exiterr "This script only supports CentOS/RHEL 7 and 8."
exiterr "This script only supports CentOS/RHEL 7/8, Rocky Linux and AlmaLinux."
fi
}

8
vpnsetup.sh
View File

@ -99,9 +99,11 @@ check_os() {
os_type=alpine
;;
*)
echo "Error: This script only supports one of the following OS:" >&2
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2
echo " Amazon Linux 2 or Alpine Linux" >&2
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1
;;
esac

1
vpnsetup_alpine.sh
View File

@ -1,6 +1,7 @@
#!/bin/bash
#
# Script for automatic setup of an IPsec VPN server on Alpine Linux
# Works on any dedicated server or virtual private server (VPS)
#
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
#

5
vpnsetup_centos.sh
View File

@ -1,6 +1,7 @@
#!/bin/bash
#
# Script for automatic setup of an IPsec VPN server on CentOS and RHEL
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL,
# Rocky Linux and AlmaLinux
# Works on any dedicated server or virtual private server (VPS)
#
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
@ -74,7 +75,7 @@ check_os() {
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
else
exiterr "This script only supports CentOS/RHEL 7 and 8."
exiterr "This script only supports CentOS/RHEL 7/8, Rocky Linux and AlmaLinux."
fi
}

8
vpnsetup_ubuntu.sh
View File

@ -168,7 +168,7 @@ wait_for_apt() {
done
}
install_setup_pkgs_1() {
update_apt_cache() {
bigecho "Installing packages required for setup..."
export DEBIAN_FRONTEND=noninteractive
(
@ -177,7 +177,7 @@ install_setup_pkgs_1() {
) || exiterr "'apt-get update' failed."
}
install_setup_pkgs_2() {
install_setup_pkgs() {
(
set -x
apt-get -yqq install wget dnsutils openssl \
@ -625,8 +625,8 @@ vpnsetup() {
check_iptables
start_setup
wait_for_apt
install_setup_pkgs_1
install_setup_pkgs_2
update_apt_cache
install_setup_pkgs
detect_ip
install_vpn_pkgs
install_fail2ban