diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh index 9925c6e..d4d6cdf 100755 --- a/extras/ikev2setup.sh +++ b/extras/ikev2setup.sh @@ -1,6 +1,9 @@ #!/bin/bash # -# Script to set up IKEv2 on Ubuntu, Debian, CentOS/RHEL and Amazon Linux 2 +# Script to set up and manage IKEv2 on Ubuntu, Debian, CentOS/RHEL, +# Rocky Linux, AlmaLinux, Amazon Linux 2 and Alpine Linux +# +# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # # The latest version of this script is available at: # https://github.com/hwdsl2/setup-ipsec-vpn @@ -69,9 +72,11 @@ check_os() { os_type=alpine ;; *) - echo "Error: This script only supports one of the following OS:" >&2 - echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 - echo " Amazon Linux 2 or Alpine Linux" >&2 +cat 1>&2 <<'EOF' +Error: This script only supports one of the following OS: + Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux, + Amazon Linux 2 or Alpine Linux +EOF exit 1 ;; esac @@ -148,7 +153,7 @@ check_container() { show_header() { cat <<'EOF' -IKEv2 Script Copyright (c) 2020-2021 Lin Song 22 Aug 2021 +IKEv2 Script Copyright (c) 2020-2021 Lin Song 19 Sep 2021 EOF } @@ -575,10 +580,12 @@ select_mobike() { echo mobike_enable=0 if [ "$mobike_support" = "1" ]; then - echo - echo "The MOBIKE IKEv2 extension allows VPN clients to change network attachment points," - echo "e.g. switch between mobile data and Wi-Fi and keep the IPsec tunnel up on the new IP." - echo +cat <<'EOF' + +The MOBIKE IKEv2 extension allows VPN clients to change network attachment points, +e.g. switch between mobile data and Wi-Fi and keep the IPsec tunnel up on the new IP. + +EOF printf "Do you want to enable MOBIKE support? [Y/n] " read -r response case $response in @@ -593,15 +600,17 @@ select_mobike() { } select_menu_option() { - echo "IKEv2 is already set up on this server." - echo - echo "Select an option:" - echo " 1) Add a new client" - echo " 2) Export configuration for an existing client" - echo " 3) List existing clients" - echo " 4) Revoke a client certificate" - echo " 5) Remove IKEv2" - echo " 6) Exit" +cat <<'EOF' +IKEv2 is already set up on this server. + +Select an option: + 1) Add a new client + 2) Export configuration for an existing client + 3) List existing clients + 4) Revoke a client certificate + 5) Remove IKEv2 + 6) Exit +EOF read -rp "Option: " selected_option until [[ "$selected_option" =~ ^[1-6]$ ]]; do printf '%s\n' "$selected_option: invalid selection." @@ -1151,27 +1160,33 @@ EOF check_ipsec_conf() { if grep -qs "conn ikev2-cp" /etc/ipsec.conf; then - echo "Error: IKEv2 configuration section found in /etc/ipsec.conf." >&2 - echo " This script cannot automatically remove IKEv2 from this server." >&2 - echo " To manually remove IKEv2, see https://git.io/ikev2" >&2 +cat 1>&2 <<'EOF' +Error: IKEv2 configuration section found in /etc/ipsec.conf. + This script cannot automatically remove IKEv2 from this server. + To manually remove IKEv2, see https://git.io/ikev2 +EOF abort_and_exit fi } confirm_revoke_cert() { - echo "WARNING: You have selected to revoke IKEv2 client certificate '$client_name'." - echo " After revocation, this certificate *cannot* be used by VPN client(s)" - echo " to connect to this VPN server." - echo +cat <&2 - echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 - echo " Amazon Linux 2 or Alpine Linux" >&2 +cat 1>&2 <<'EOF' +Error: This script only supports one of the following OS: + Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux, + Amazon Linux 2 or Alpine Linux +EOF exit 1 ;; esac diff --git a/extras/vpnuninstall.sh b/extras/vpnuninstall.sh index b15eb06..fab8374 100755 --- a/extras/vpnuninstall.sh +++ b/extras/vpnuninstall.sh @@ -57,9 +57,11 @@ check_os() { os_type=alpine ;; *) - echo "Error: This script only supports one of the following OS:" >&2 - echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 - echo " Amazon Linux 2 or Alpine Linux" >&2 +cat 1>&2 <<'EOF' +Error: This script only supports one of the following OS: + Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux, + Amazon Linux 2 or Alpine Linux +EOF exit 1 ;; esac diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh index 1e12a54..336b417 100755 --- a/extras/vpnupgrade.sh +++ b/extras/vpnupgrade.sh @@ -68,9 +68,11 @@ check_os() { os_type=alpine ;; *) - echo "Error: This script only supports one of the following OS:" >&2 - echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 - echo " Amazon Linux 2 or Alpine Linux" >&2 +cat 1>&2 <<'EOF' +Error: This script only supports one of the following OS: + Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux, + Amazon Linux 2 or Alpine Linux +EOF exit 1 ;; esac diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh index ec99397..7448228 100755 --- a/extras/vpnupgrade_centos.sh +++ b/extras/vpnupgrade_centos.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Script to update Libreswan on CentOS and RHEL +# Script to update Libreswan on CentOS/RHEL, Rocky Linux and AlmaLinux # # The latest version of this script is available at: # https://github.com/hwdsl2/setup-ipsec-vpn @@ -52,7 +52,7 @@ check_os() { grep -qi rocky "$rh_file" && os_type=rocky grep -qi alma "$rh_file" && os_type=alma else - exiterr "This script only supports CentOS/RHEL 7 and 8." + exiterr "This script only supports CentOS/RHEL 7/8, Rocky Linux and AlmaLinux." fi } diff --git a/vpnsetup.sh b/vpnsetup.sh index df2e9a1..b6d00c5 100755 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -99,9 +99,11 @@ check_os() { os_type=alpine ;; *) - echo "Error: This script only supports one of the following OS:" >&2 - echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 - echo " Amazon Linux 2 or Alpine Linux" >&2 +cat 1>&2 <<'EOF' +Error: This script only supports one of the following OS: + Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux, + Amazon Linux 2 or Alpine Linux +EOF exit 1 ;; esac diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh index 3659977..e830ac1 100755 --- a/vpnsetup_alpine.sh +++ b/vpnsetup_alpine.sh @@ -1,6 +1,7 @@ #!/bin/bash # # Script for automatic setup of an IPsec VPN server on Alpine Linux +# Works on any dedicated server or virtual private server (VPS) # # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index a00b9d2..eda1bf1 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -1,6 +1,7 @@ #!/bin/bash # -# Script for automatic setup of an IPsec VPN server on CentOS and RHEL +# Script for automatic setup of an IPsec VPN server on CentOS/RHEL, +# Rocky Linux and AlmaLinux # Works on any dedicated server or virtual private server (VPS) # # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! @@ -74,7 +75,7 @@ check_os() { grep -qi rocky "$rh_file" && os_type=rocky grep -qi alma "$rh_file" && os_type=alma else - exiterr "This script only supports CentOS/RHEL 7 and 8." + exiterr "This script only supports CentOS/RHEL 7/8, Rocky Linux and AlmaLinux." fi } diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh index 6889d28..34bc3ec 100755 --- a/vpnsetup_ubuntu.sh +++ b/vpnsetup_ubuntu.sh @@ -168,7 +168,7 @@ wait_for_apt() { done } -install_setup_pkgs_1() { +update_apt_cache() { bigecho "Installing packages required for setup..." export DEBIAN_FRONTEND=noninteractive ( @@ -177,7 +177,7 @@ install_setup_pkgs_1() { ) || exiterr "'apt-get update' failed." } -install_setup_pkgs_2() { +install_setup_pkgs() { ( set -x apt-get -yqq install wget dnsutils openssl \ @@ -625,8 +625,8 @@ vpnsetup() { check_iptables start_setup wait_for_apt - install_setup_pkgs_1 - install_setup_pkgs_2 + update_apt_cache + install_setup_pkgs detect_ip install_vpn_pkgs install_fail2ban