mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 13:06:02 +03:00
Code Issues Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
hwdsl2 2021-09-19 21:51:14 -05:00
parent 4a8e24a61c
commit a47ced7899
9 changed files with 75 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
extras/ikev2setup.sh
View File

@ -1,6 +1,9 @@
#!/bin/bash #!/bin/bash
# #
# Script to set up IKEv2 on Ubuntu, Debian, CentOS/RHEL and Amazon Linux 2 # Script to set up and manage IKEv2 on Ubuntu, Debian, CentOS/RHEL,
# Rocky Linux, AlmaLinux, Amazon Linux 2 and Alpine Linux
#
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
# #
# The latest version of this script is available at: # The latest version of this script is available at:
# https://github.com/hwdsl2/setup-ipsec-vpn # https://github.com/hwdsl2/setup-ipsec-vpn
@ -69,9 +72,11 @@ check_os() {
os_type=alpine os_type=alpine
;; ;;
*) *)
echo "Error: This script only supports one of the following OS:" >&2 cat 1>&2 <<'EOF'
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 Error: This script only supports one of the following OS:
echo " Amazon Linux 2 or Alpine Linux" >&2 Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1 exit 1
;; ;;
esac esac
@ -148,7 +153,7 @@ check_container() {
show_header() { show_header() {
cat <<'EOF' cat <<'EOF'
IKEv2 Script Copyright (c) 2020-2021 Lin Song 22 Aug 2021 IKEv2 Script Copyright (c) 2020-2021 Lin Song 19 Sep 2021
EOF EOF
} }
@ -575,10 +580,12 @@ select_mobike() {
echo echo
mobike_enable=0 mobike_enable=0
if [ "$mobike_support" = "1" ]; then if [ "$mobike_support" = "1" ]; then
echo cat <<'EOF'
echo "The MOBIKE IKEv2 extension allows VPN clients to change network attachment points,"
echo "e.g. switch between mobile data and Wi-Fi and keep the IPsec tunnel up on the new IP." The MOBIKE IKEv2 extension allows VPN clients to change network attachment points,
echo e.g. switch between mobile data and Wi-Fi and keep the IPsec tunnel up on the new IP.
EOF
printf "Do you want to enable MOBIKE support? [Y/n] " printf "Do you want to enable MOBIKE support? [Y/n] "
read -r response read -r response
case $response in case $response in
@ -593,15 +600,17 @@ select_mobike() {
} }
select_menu_option() { select_menu_option() {
echo "IKEv2 is already set up on this server." cat <<'EOF'
echo IKEv2 is already set up on this server.
echo "Select an option:"
echo " 1) Add a new client" Select an option:
echo " 2) Export configuration for an existing client" 1) Add a new client
echo " 3) List existing clients" 2) Export configuration for an existing client
echo " 4) Revoke a client certificate" 3) List existing clients
echo " 5) Remove IKEv2" 4) Revoke a client certificate
echo " 6) Exit" 5) Remove IKEv2
6) Exit
EOF
read -rp "Option: " selected_option read -rp "Option: " selected_option
until [[ "$selected_option" =~ ^[1-6]$ ]]; do until [[ "$selected_option" =~ ^[1-6]$ ]]; do
printf '%s\n' "$selected_option: invalid selection." printf '%s\n' "$selected_option: invalid selection."
@ -1151,27 +1160,33 @@ EOF
check_ipsec_conf() { check_ipsec_conf() {
if grep -qs "conn ikev2-cp" /etc/ipsec.conf; then if grep -qs "conn ikev2-cp" /etc/ipsec.conf; then
echo "Error: IKEv2 configuration section found in /etc/ipsec.conf." >&2 cat 1>&2 <<'EOF'
echo " This script cannot automatically remove IKEv2 from this server." >&2 Error: IKEv2 configuration section found in /etc/ipsec.conf.
echo " To manually remove IKEv2, see https://git.io/ikev2" >&2 This script cannot automatically remove IKEv2 from this server.
To manually remove IKEv2, see https://git.io/ikev2
EOF
abort_and_exit abort_and_exit
fi fi
} }
confirm_revoke_cert() { confirm_revoke_cert() {
echo "WARNING: You have selected to revoke IKEv2 client certificate '$client_name'." cat <<EOF
echo " After revocation, this certificate *cannot* be used by VPN client(s)" WARNING: You have selected to revoke IKEv2 client certificate '$client_name'.
echo " to connect to this VPN server." After revocation, this certificate *cannot* be used by VPN client(s)
echo to connect to this VPN server.
EOF
confirm_or_abort "Are you sure you want to revoke '$client_name'? [y/N] " confirm_or_abort "Are you sure you want to revoke '$client_name'? [y/N] "
} }
confirm_remove_ikev2() { confirm_remove_ikev2() {
echo "WARNING: This option will remove IKEv2 from this VPN server, but keep the IPsec/L2TP" cat <<'EOF'
echo " and IPsec/XAuth (\"Cisco IPsec\") modes, if installed. All IKEv2 configuration" WARNING: This option will remove IKEv2 from this VPN server, but keep the IPsec/L2TP
echo " including certificates and keys will be permanently deleted." and IPsec/XAuth ("Cisco IPsec") modes, if installed. All IKEv2 configuration
echo " This *cannot* be undone! " including certificates and keys will be *permanently deleted*.
echo This *cannot* be undone!
EOF
confirm_or_abort "Are you sure you want to remove IKEv2? [y/N] " confirm_or_abort "Are you sure you want to remove IKEv2? [y/N] "
} }

8
extras/quickstart.sh
View File

@ -77,9 +77,11 @@ check_os() {
os_type=alpine os_type=alpine
;; ;;
*) *)
echo "Error: This script only supports one of the following OS:" >&2 cat 1>&2 <<'EOF'
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 Error: This script only supports one of the following OS:
echo " Amazon Linux 2 or Alpine Linux" >&2 Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1 exit 1
;; ;;
esac esac

8
extras/vpnuninstall.sh
View File

@ -57,9 +57,11 @@ check_os() {
os_type=alpine os_type=alpine
;; ;;
*) *)
echo "Error: This script only supports one of the following OS:" >&2 cat 1>&2 <<'EOF'
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 Error: This script only supports one of the following OS:
echo " Amazon Linux 2 or Alpine Linux" >&2 Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1 exit 1
;; ;;
esac esac

8
extras/vpnupgrade.sh
View File

@ -68,9 +68,11 @@ check_os() {
os_type=alpine os_type=alpine
;; ;;
*) *)
echo "Error: This script only supports one of the following OS:" >&2 cat 1>&2 <<'EOF'
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 Error: This script only supports one of the following OS:
echo " Amazon Linux 2 or Alpine Linux" >&2 Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1 exit 1
;; ;;
esac esac

4
extras/vpnupgrade_centos.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# #
# Script to update Libreswan on CentOS and RHEL # Script to update Libreswan on CentOS/RHEL, Rocky Linux and AlmaLinux
# #
# The latest version of this script is available at: # The latest version of this script is available at:
# https://github.com/hwdsl2/setup-ipsec-vpn # https://github.com/hwdsl2/setup-ipsec-vpn
@ -52,7 +52,7 @@ check_os() {
grep -qi rocky "$rh_file" && os_type=rocky grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma grep -qi alma "$rh_file" && os_type=alma
else else
exiterr "This script only supports CentOS/RHEL 7 and 8." exiterr "This script only supports CentOS/RHEL 7/8, Rocky Linux and AlmaLinux."
fi fi
} }

8
vpnsetup.sh
View File

@ -99,9 +99,11 @@ check_os() {
os_type=alpine os_type=alpine
;; ;;
*) *)
echo "Error: This script only supports one of the following OS:" >&2 cat 1>&2 <<'EOF'
echo " Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux," >&2 Error: This script only supports one of the following OS:
echo " Amazon Linux 2 or Alpine Linux" >&2 Ubuntu, Debian, CentOS/RHEL 7/8, Rocky Linux, AlmaLinux,
Amazon Linux 2 or Alpine Linux
EOF
exit 1 exit 1
;; ;;
esac esac

1
vpnsetup_alpine.sh
View File

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# Script for automatic setup of an IPsec VPN server on Alpine Linux # Script for automatic setup of an IPsec VPN server on Alpine Linux
# Works on any dedicated server or virtual private server (VPS)
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
# #

5
vpnsetup_centos.sh
View File

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# Script for automatic setup of an IPsec VPN server on CentOS and RHEL # Script for automatic setup of an IPsec VPN server on CentOS/RHEL,
# Rocky Linux and AlmaLinux
# Works on any dedicated server or virtual private server (VPS) # Works on any dedicated server or virtual private server (VPS)
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
@ -74,7 +75,7 @@ check_os() {
grep -qi rocky "$rh_file" && os_type=rocky grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma grep -qi alma "$rh_file" && os_type=alma
else else
exiterr "This script only supports CentOS/RHEL 7 and 8." exiterr "This script only supports CentOS/RHEL 7/8, Rocky Linux and AlmaLinux."
fi fi
} }

8
vpnsetup_ubuntu.sh
View File

@ -168,7 +168,7 @@ wait_for_apt() {
done done
} }
install_setup_pkgs_1() { update_apt_cache() {
bigecho "Installing packages required for setup..." bigecho "Installing packages required for setup..."
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
( (
@ -177,7 +177,7 @@ install_setup_pkgs_1() {
) || exiterr "'apt-get update' failed." ) || exiterr "'apt-get update' failed."
} }
install_setup_pkgs_2() { install_setup_pkgs() {
( (
set -x set -x
apt-get -yqq install wget dnsutils openssl \ apt-get -yqq install wget dnsutils openssl \
@ -625,8 +625,8 @@ vpnsetup() {
check_iptables check_iptables
start_setup start_setup
wait_for_apt wait_for_apt
install_setup_pkgs_1 update_apt_cache
install_setup_pkgs_2 install_setup_pkgs
detect_ip detect_ip
install_vpn_pkgs install_vpn_pkgs
install_fail2ban install_fail2ban