mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 04:56:03 +03:00
Code Issues Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
hwdsl2 2021-01-03 14:05:13 -06:00
parent dabf765978
commit a5a1f4adb1
6 changed files with 61 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
extras/vpnupgrade.sh
View File

@ -45,8 +45,8 @@ case $os_type in
;; ;;
esac esac
debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9') os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
if [ "$debian_ver" = "8" ] || [ "$debian_ver" = "jessiesid" ]; then if [ "$os_ver" = "8" ] || [ "$os_ver" = "jessiesid" ]; then
exiterr "Debian 8 or Ubuntu < 16.04 is not supported." exiterr "Debian 8 or Ubuntu < 16.04 is not supported."
fi fi
@ -84,14 +84,14 @@ EOF
fi fi
swan_ver_cur=4.1 swan_ver_cur=4.1
swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$swan_ver_cur swan_ver_latest=$swan_ver_cur
fi fi
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To download and run the latest version:" echo "To update to the new version, exit the script and run:"
echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh" echo " sudo sh vpnupgrade.sh"
echo echo

4
extras/vpnupgrade_amzn.sh
View File

@ -69,8 +69,8 @@ if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9
swan_ver_latest=$swan_ver_cur swan_ver_latest=$swan_ver_cur
fi fi
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To download and run the latest version:" echo "To update to the new version, exit the script and run:"
echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh" echo " sudo sh vpnupgrade.sh"
echo echo

16
extras/vpnupgrade_centos.sh
View File

@ -25,6 +25,12 @@ exiterr2() { exiterr "'yum install' failed."; }
vpnupgrade() { vpnupgrade() {
os_type=centos
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if grep -qs "Red Hat" /etc/redhat-release; then
os_type=rhel
fi
if grep -qs "release 7" /etc/redhat-release; then if grep -qs "release 7" /etc/redhat-release; then
os_ver=7 os_ver=7
elif grep -qs "release 8" /etc/redhat-release; then elif grep -qs "release 8" /etc/redhat-release; then
@ -35,12 +41,6 @@ else
exit 1 exit 1
fi fi
os_type=centos
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if grep -qs "Red Hat" /etc/redhat-release; then
os_type=rhel
fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
exiterr "OpenVZ VPS is not supported." exiterr "OpenVZ VPS is not supported."
fi fi
@ -81,8 +81,8 @@ if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9
swan_ver_latest=$swan_ver_cur swan_ver_latest=$swan_ver_cur
fi fi
if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo "To download and run the latest version:" echo "To update to the new version, exit the script and run:"
echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh" echo " sudo sh vpnupgrade.sh"
echo echo

35
vpnsetup.sh
View File

@ -68,11 +68,11 @@ case $os_type in
;; ;;
esac esac
debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9') os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
if [ "$debian_ver" = "8" ] || [ "$debian_ver" = "jessiesid" ]; then if [ "$os_ver" = "8" ] || [ "$os_ver" = "jessiesid" ]; then
exiterr "Debian 8 or Ubuntu < 16.04 is not supported." exiterr "Debian 8 or Ubuntu < 16.04 is not supported."
fi fi
if [ "$debian_ver" = "10" ] && [ ! -e /dev/ppp ]; then if [ "$os_ver" = "10" ] && [ ! -e /dev/ppp ]; then
exiterr "/dev/ppp is missing. Debian 10 users, see: https://git.io/vpndebian10" exiterr "/dev/ppp is missing. Debian 10 users, see: https://git.io/vpndebian10"
fi fi
@ -150,7 +150,7 @@ PKG_LK=/var/lib/dpkg/lock
while fuser "$APT_LK" "$PKG_LK" >/dev/null 2>&1 \ while fuser "$APT_LK" "$PKG_LK" >/dev/null 2>&1 \
|| lsof "$APT_LK" >/dev/null 2>&1 || lsof "$PKG_LK" >/dev/null 2>&1; do || lsof "$APT_LK" >/dev/null 2>&1 || lsof "$PKG_LK" >/dev/null 2>&1; do
[ "$count" = "0" ] && bigecho "Waiting for apt to be available..." [ "$count" = "0" ] && bigecho "Waiting for apt to be available..."
[ "$count" -ge "60" ] && exiterr "Could not get apt/dpkg lock." [ "$count" -ge "100" ] && exiterr "Could not get apt/dpkg lock."
count=$((count+1)) count=$((count+1))
printf '%s' '.' printf '%s' '.'
sleep 3 sleep 3
@ -198,11 +198,6 @@ SWAN_VER=4.1
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file" swan_url2="https://download.libreswan.org/$swan_file"
swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$SWAN_VER
fi
if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
exit 1 exit 1
fi fi
@ -260,7 +255,6 @@ version 2.0
config setup config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
protostack=netkey
interfaces=%defaultroute interfaces=%defaultroute
uniqueids=no uniqueids=no
@ -514,6 +508,18 @@ service fail2ban restart 2>/dev/null
service ipsec restart 2>/dev/null service ipsec restart 2>/dev/null
service xl2tpd restart 2>/dev/null service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
wget https://git.io/vpnupgrade -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF
fi
cat <<EOF cat <<EOF
================================================ ================================================
@ -537,15 +543,6 @@ IKEv2 guide: https://git.io/ikev2
EOF EOF
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF
Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
wget https://git.io/vpnupgrade -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF
fi
} }
## Defer setup until we have the complete script ## Defer setup until we have the complete script

27
vpnsetup_amzn.sh
View File

@ -159,11 +159,6 @@ SWAN_VER=4.1
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file" swan_url2="https://download.libreswan.org/$swan_file"
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$SWAN_VER
fi
if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
exit 1 exit 1
fi fi
@ -210,7 +205,6 @@ version 2.0
config setup config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
protostack=netkey
interfaces=%defaultroute interfaces=%defaultroute
uniqueids=no uniqueids=no
@ -432,6 +426,18 @@ service fail2ban restart 2>/dev/null
service ipsec restart 2>/dev/null service ipsec restart 2>/dev/null
service xl2tpd restart 2>/dev/null service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF
fi
cat <<EOF cat <<EOF
================================================ ================================================
@ -455,15 +461,6 @@ IKEv2 guide: https://git.io/ikev2
EOF EOF
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF
Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF
fi
} }
## Defer setup until we have the complete script ## Defer setup until we have the complete script

39
vpnsetup_centos.sh
View File

@ -48,6 +48,12 @@ check_ip() {
vpnsetup() { vpnsetup() {
os_type=centos
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if grep -qs "Red Hat" /etc/redhat-release; then
os_type=rhel
fi
if grep -qs "release 7" /etc/redhat-release; then if grep -qs "release 7" /etc/redhat-release; then
os_ver=7 os_ver=7
elif grep -qs "release 8" /etc/redhat-release; then elif grep -qs "release 8" /etc/redhat-release; then
@ -58,12 +64,6 @@ else
exit 1 exit 1
fi fi
os_type=centos
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if grep -qs "Red Hat" /etc/redhat-release; then
os_type=rhel
fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
exiterr "OpenVZ VPS is not supported." exiterr "OpenVZ VPS is not supported."
fi fi
@ -190,11 +190,6 @@ SWAN_VER=4.1
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file" swan_url2="https://download.libreswan.org/$swan_file"
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$SWAN_VER
fi
if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
exit 1 exit 1
fi fi
@ -241,7 +236,6 @@ version 2.0
config setup config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
protostack=netkey
interfaces=%defaultroute interfaces=%defaultroute
uniqueids=no uniqueids=no
@ -500,6 +494,18 @@ service fail2ban restart 2>/dev/null
service ipsec restart 2>/dev/null service ipsec restart 2>/dev/null
service xl2tpd restart 2>/dev/null service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
&& [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To update, run:
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF
fi
cat <<EOF cat <<EOF
================================================ ================================================
@ -523,15 +529,6 @@ IKEv2 guide: https://git.io/ikev2
EOF EOF
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF
Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
sudo sh vpnupgrade.sh
EOF
fi
} }
## Defer setup until we have the complete script ## Defer setup until we have the complete script