diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index c86fbbc..36a65f5 100644
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -45,8 +45,8 @@ case $os_type in
     ;;
 esac
 
-debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
-if [ "$debian_ver" = "8" ] || [ "$debian_ver" = "jessiesid" ]; then
+os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
+if [ "$os_ver" = "8" ] || [ "$os_ver" = "jessiesid" ]; then
   exiterr "Debian 8 or Ubuntu < 16.04 is not supported."
 fi
 
@@ -84,14 +84,14 @@ EOF
 fi
 
 swan_ver_cur=4.1
-swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
+swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
 swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
 if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
   swan_ver_latest=$swan_ver_cur
 fi
 if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
-  echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest."
-  echo "To download and run the latest version:"
+  echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
+  echo "To update to the new version, exit the script and run:"
   echo "  wget https://git.io/vpnupgrade -O vpnupgrade.sh"
   echo "  sudo sh vpnupgrade.sh"
   echo
diff --git a/extras/vpnupgrade_amzn.sh b/extras/vpnupgrade_amzn.sh
index ea73162..d0c2ea6 100644
--- a/extras/vpnupgrade_amzn.sh
+++ b/extras/vpnupgrade_amzn.sh
@@ -69,8 +69,8 @@ if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9
   swan_ver_latest=$swan_ver_cur
 fi
 if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
-  echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest."
-  echo "To download and run the latest version:"
+  echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
+  echo "To update to the new version, exit the script and run:"
   echo "  wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh"
   echo "  sudo sh vpnupgrade.sh"
   echo
diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh
index 7abe411..71e394c 100644
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@@ -25,6 +25,12 @@ exiterr2() { exiterr "'yum install' failed."; }
 
 vpnupgrade() {
 
+os_type=centos
+os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
+if grep -qs "Red Hat" /etc/redhat-release; then
+  os_type=rhel
+fi
+
 if grep -qs "release 7" /etc/redhat-release; then
   os_ver=7
 elif grep -qs "release 8" /etc/redhat-release; then
@@ -35,12 +41,6 @@ else
   exit 1
 fi
 
-os_type=centos
-os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
-if grep -qs "Red Hat" /etc/redhat-release; then
-  os_type=rhel
-fi
-
 if [ -f /proc/user_beancounters ]; then
   exiterr "OpenVZ VPS is not supported."
 fi
@@ -81,8 +81,8 @@ if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9
   swan_ver_latest=$swan_ver_cur
 fi
 if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
-  echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest."
-  echo "To download and run the latest version:"
+  echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
+  echo "To update to the new version, exit the script and run:"
   echo "  wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh"
   echo "  sudo sh vpnupgrade.sh"
   echo
diff --git a/vpnsetup.sh b/vpnsetup.sh
index a9b2fad..e4cf447 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -68,11 +68,11 @@ case $os_type in
     ;;
 esac
 
-debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
-if [ "$debian_ver" = "8" ] || [ "$debian_ver" = "jessiesid" ]; then
+os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
+if [ "$os_ver" = "8" ] || [ "$os_ver" = "jessiesid" ]; then
   exiterr "Debian 8 or Ubuntu < 16.04 is not supported."
 fi
-if [ "$debian_ver" = "10" ] && [ ! -e /dev/ppp ]; then
+if [ "$os_ver" = "10" ] && [ ! -e /dev/ppp ]; then
   exiterr "/dev/ppp is missing. Debian 10 users, see: https://git.io/vpndebian10"
 fi
 
@@ -150,7 +150,7 @@ PKG_LK=/var/lib/dpkg/lock
 while fuser "$APT_LK" "$PKG_LK" >/dev/null 2>&1 \
   || lsof "$APT_LK" >/dev/null 2>&1 || lsof "$PKG_LK" >/dev/null 2>&1; do
   [ "$count" = "0" ] && bigecho "Waiting for apt to be available..."
-  [ "$count" -ge "60" ] && exiterr "Could not get apt/dpkg lock."
+  [ "$count" -ge "100" ] && exiterr "Could not get apt/dpkg lock."
   count=$((count+1))
   printf '%s' '.'
   sleep 3
@@ -198,11 +198,6 @@ SWAN_VER=4.1
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
-swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
-swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
-if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
-  swan_ver_latest=$SWAN_VER
-fi
 if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
   exit 1
 fi
@@ -260,7 +255,6 @@ version 2.0
 
 config setup
   virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
-  protostack=netkey
   interfaces=%defaultroute
   uniqueids=no
 
@@ -514,6 +508,18 @@ service fail2ban restart 2>/dev/null
 service ipsec restart 2>/dev/null
 service xl2tpd restart 2>/dev/null
 
+swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
+  && [ "$SWAN_VER" != "$swan_ver_latest" ]; then
+cat <<EOF
+
+Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
+  wget https://git.io/vpnupgrade -O vpnupgrade.sh
+  sudo sh vpnupgrade.sh
+EOF
+fi
+
 cat <<EOF
 
 ================================================
@@ -537,15 +543,6 @@ IKEv2 guide:       https://git.io/ikev2
 
 EOF
 
-if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
-cat <<EOF
-Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
-  wget https://git.io/vpnupgrade -O vpnupgrade.sh
-  sudo sh vpnupgrade.sh
-
-EOF
-fi
-
 }
 
 ## Defer setup until we have the complete script
diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh
index 8c0883d..56eebad 100644
--- a/vpnsetup_amzn.sh
+++ b/vpnsetup_amzn.sh
@@ -159,11 +159,6 @@ SWAN_VER=4.1
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
-swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
-swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
-if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
-  swan_ver_latest=$SWAN_VER
-fi
 if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
   exit 1
 fi
@@ -210,7 +205,6 @@ version 2.0
 
 config setup
   virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
-  protostack=netkey
   interfaces=%defaultroute
   uniqueids=no
 
@@ -432,6 +426,18 @@ service fail2ban restart 2>/dev/null
 service ipsec restart 2>/dev/null
 service xl2tpd restart 2>/dev/null
 
+swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
+  && [ "$SWAN_VER" != "$swan_ver_latest" ]; then
+cat <<EOF
+
+Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
+  wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
+  sudo sh vpnupgrade.sh
+EOF
+fi
+
 cat <<EOF
 
 ================================================
@@ -455,15 +461,6 @@ IKEv2 guide:       https://git.io/ikev2
 
 EOF
 
-if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
-cat <<EOF
-Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
-  wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
-  sudo sh vpnupgrade.sh
-
-EOF
-fi
-
 }
 
 ## Defer setup until we have the complete script
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index e75aa18..31b8fc8 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -48,6 +48,12 @@ check_ip() {
 
 vpnsetup() {
 
+os_type=centos
+os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
+if grep -qs "Red Hat" /etc/redhat-release; then
+  os_type=rhel
+fi
+
 if grep -qs "release 7" /etc/redhat-release; then
   os_ver=7
 elif grep -qs "release 8" /etc/redhat-release; then
@@ -58,12 +64,6 @@ else
   exit 1
 fi
 
-os_type=centos
-os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
-if grep -qs "Red Hat" /etc/redhat-release; then
-  os_type=rhel
-fi
-
 if [ -f /proc/user_beancounters ]; then
   exiterr "OpenVZ VPS is not supported."
 fi
@@ -190,11 +190,6 @@ SWAN_VER=4.1
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
-swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
-swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
-if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
-  swan_ver_latest=$SWAN_VER
-fi
 if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
   exit 1
 fi
@@ -241,7 +236,6 @@ version 2.0
 
 config setup
   virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
-  protostack=netkey
   interfaces=%defaultroute
   uniqueids=no
 
@@ -500,6 +494,18 @@ service fail2ban restart 2>/dev/null
 service ipsec restart 2>/dev/null
 service xl2tpd restart 2>/dev/null
 
+swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
+  && [ "$SWAN_VER" != "$swan_ver_latest" ]; then
+cat <<EOF
+
+Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
+  wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
+  sudo sh vpnupgrade.sh
+EOF
+fi
+
 cat <<EOF
 
 ================================================
@@ -523,15 +529,6 @@ IKEv2 guide:       https://git.io/ikev2
 
 EOF
 
-if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
-cat <<EOF
-Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
-  wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
-  sudo sh vpnupgrade.sh
-
-EOF
-fi
-
 }
 
 ## Defer setup until we have the complete script