1
0
mirror of synced 2024-11-28 23:56:04 +03:00

New Libreswan version

- Use new Libreswan version 4.4
- Support updating to Libreswan 4.4
- Other small improvements and cleanup
This commit is contained in:
hwdsl2 2021-04-24 16:15:05 -05:00
parent d90c6121b6
commit ac0bde54bb
7 changed files with 40 additions and 64 deletions

View File

@ -108,8 +108,7 @@ Error: Libreswan version '$swan_ver' is not supported.
This script requires one of these versions: This script requires one of these versions:
3.23, 3.25-3.27, 3.29, 3.31-3.32 or 4.x 3.23, 3.25-3.27, 3.29, 3.31-3.32 or 4.x
To update Libreswan, run: To update Libreswan, run:
wget $update_url -O vpnupgrade.sh wget $update_url -O vpnup.sh && sudo sh vpnup.sh
sudo sh vpnupgrade.sh
EOF EOF
exit 1 exit 1
;; ;;
@ -238,15 +237,15 @@ check_swan_ver() {
run_swan_update() { run_swan_update() {
get_update_url get_update_url
TMPDIR=$(mktemp -d /tmp/vpnupg.XXX 2>/dev/null) TMPDIR=$(mktemp -d /tmp/vpnup.XXX 2>/dev/null)
if [ -d "$TMPDIR" ]; then if [ -d "$TMPDIR" ]; then
set -x set -x
if wget -t 3 -T 30 -q -O "$TMPDIR/vpnupg.sh" "$update_url"; then if wget -t 3 -T 30 -q -O "$TMPDIR/vpnup.sh" "$update_url"; then
/bin/sh "$TMPDIR/vpnupg.sh" /bin/sh "$TMPDIR/vpnup.sh"
fi fi
{ set +x; } 2>&- { set +x; } 2>&-
[ ! -s "$TMPDIR/vpnupg.sh" ] && echo "Error: Could not download update script." >&2 [ ! -s "$TMPDIR/vpnup.sh" ] && echo "Error: Could not download update script." >&2
/bin/rm -f "$TMPDIR/vpnupg.sh" /bin/rm -f "$TMPDIR/vpnup.sh"
/bin/rmdir "$TMPDIR" /bin/rmdir "$TMPDIR"
else else
echo "Error: Could not create temporary directory." >&2 echo "Error: Could not create temporary directory." >&2
@ -256,7 +255,7 @@ run_swan_update() {
} }
select_swan_update() { select_swan_update() {
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver" != "$swan_ver_latest" ] \ && [ "$swan_ver" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then && printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
@ -983,7 +982,6 @@ conn ikev2-cp
ikev2=insist ikev2=insist
rekey=no rekey=no
pfs=no pfs=no
fragmentation=yes
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
ikelifetime=24h ikelifetime=24h
@ -1079,7 +1077,7 @@ EOF
} }
show_swan_update_info() { show_swan_update_info() {
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver" != "$swan_ver_latest" ] \ && [ "$swan_ver" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then && printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then
echo echo
@ -1087,8 +1085,7 @@ show_swan_update_info() {
if [ "$in_container" = "0" ]; then if [ "$in_container" = "0" ]; then
get_update_url get_update_url
echo " To update, run:" echo " To update, run:"
echo " wget $update_url -O vpnupgrade.sh" echo " wget $update_url -O vpnup.sh && sudo sh vpnup.sh"
echo " sudo sh vpnupgrade.sh"
else else
echo " To update this Docker image, see: https://git.io/updatedockervpn" echo " To update this Docker image, see: https://git.io/updatedockervpn"
fi fi

View File

@ -14,7 +14,7 @@
# know how you have improved it! # know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org # Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.3 SWAN_VER=4.4
### DO NOT edit below this line ### ### DO NOT edit below this line ###
@ -60,14 +60,14 @@ if [ "$(id -u)" != 0 ]; then
fi fi
case $SWAN_VER in case $SWAN_VER in
3.32|4.[123]) 3.32|4.[1234])
true true
;; ;;
*) *)
cat 1>&2 <<EOF cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported. Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of these versions: This script can install one of these versions:
3.32, 4.1, 4.2 or 4.3 3.32, 4.1-4.3 or 4.4
EOF EOF
exit 1 exit 1
;; ;;
@ -83,16 +83,15 @@ EOF
exit 1 exit 1
fi fi
swan_ver_cur=4.3 swan_ver_cur=4.4
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \ && [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then && printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo " To update to the new version, exit this script and run:" echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh"
echo " sudo sh vpnupgrade.sh"
echo echo
printf "Do you want to continue anyway? [y/N] " printf "Do you want to continue anyway? [y/N] "
read -r response read -r response
@ -144,7 +143,7 @@ Note: This script will make the following changes to your VPN configuration:
EOF EOF
if [ "$SWAN_VER" != "4.3" ]; then if [ "$SWAN_VER" != "4.4" ]; then
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information. See https://libreswan.org/security/ for more information.
@ -166,7 +165,6 @@ case $response in
;; ;;
esac esac
# Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exit 1

View File

@ -14,7 +14,7 @@
# know how you have improved it! # know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org # Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.3 SWAN_VER=4.4
### DO NOT edit below this line ### ### DO NOT edit below this line ###
@ -39,14 +39,14 @@ if [ "$(id -u)" != 0 ]; then
fi fi
case $SWAN_VER in case $SWAN_VER in
3.32|4.[123]) 3.32|4.[1234])
true true
;; ;;
*) *)
cat 1>&2 <<EOF cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported. Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of these versions: This script can install one of these versions:
3.32, 4.1, 4.2 or 4.3 3.32, 4.1-4.3 or 4.4
EOF EOF
exit 1 exit 1
;; ;;
@ -62,16 +62,15 @@ EOF
exit 1 exit 1
fi fi
swan_ver_cur=4.3 swan_ver_cur=4.4
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \ && [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then && printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo " To update to the new version, exit this script and run:" echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade-amzn -O vpnup.sh && sudo sh vpnup.sh"
echo " sudo sh vpnupgrade.sh"
echo echo
printf "Do you want to continue anyway? [y/N] " printf "Do you want to continue anyway? [y/N] "
read -r response read -r response
@ -123,7 +122,7 @@ Note: This script will make the following changes to your VPN configuration:
EOF EOF
if [ "$SWAN_VER" != "4.3" ]; then if [ "$SWAN_VER" != "4.4" ]; then
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information. See https://libreswan.org/security/ for more information.
@ -145,7 +144,6 @@ case $response in
;; ;;
esac esac
# Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exit 1

View File

@ -14,7 +14,7 @@
# know how you have improved it! # know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org # Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.3 SWAN_VER=4.4
### DO NOT edit below this line ### ### DO NOT edit below this line ###
@ -54,14 +54,14 @@ if [ "$(id -u)" != 0 ]; then
fi fi
case $SWAN_VER in case $SWAN_VER in
3.32|4.[123]) 3.32|4.[1234])
true true
;; ;;
*) *)
cat 1>&2 <<EOF cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported. Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of these versions: This script can install one of these versions:
3.32, 4.1, 4.2 or 4.3 3.32, 4.1-4.3 or 4.4
EOF EOF
exit 1 exit 1
;; ;;
@ -77,16 +77,15 @@ EOF
exit 1 exit 1
fi fi
swan_ver_cur=4.3 swan_ver_cur=4.4
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \ && [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then && printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo " To update to the new version, exit this script and run:" echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh" echo " wget https://git.io/vpnupgrade-centos -O vpnup.sh && sudo sh vpnup.sh"
echo " sudo sh vpnupgrade.sh"
echo echo
printf "Do you want to continue anyway? [y/N] " printf "Do you want to continue anyway? [y/N] "
read -r response read -r response
@ -138,7 +137,7 @@ Note: This script will make the following changes to your VPN configuration:
EOF EOF
if [ "$SWAN_VER" != "4.3" ]; then if [ "$SWAN_VER" != "4.4" ]; then
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information. See https://libreswan.org/security/ for more information.
@ -160,7 +159,6 @@ case $response in
;; ;;
esac esac
# Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exit 1

View File

@ -204,7 +204,7 @@ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setu
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
SWAN_VER=4.3 SWAN_VER=4.4
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file" swan_url2="https://download.libreswan.org/$swan_file"
@ -268,7 +268,6 @@ version 2.0
config setup config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
interfaces=%defaultroute
uniqueids=no uniqueids=no
conn shared conn shared
@ -295,7 +294,6 @@ conn l2tp-psk
leftprotoport=17/1701 leftprotoport=17/1701
rightprotoport=17/%any rightprotoport=17/%any
type=transport type=transport
phase2=esp
also=shared also=shared
conn xauth-psk conn xauth-psk
@ -308,8 +306,6 @@ conn xauth-psk
leftmodecfgserver=yes leftmodecfgserver=yes
rightmodecfgclient=yes rightmodecfgclient=yes
modecfgpull=yes modecfgpull=yes
xauthby=file
fragmentation=yes
cisco-unity=yes cisco-unity=yes
also=shared also=shared
@ -522,15 +518,14 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \ && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run: To update, run:
wget https://git.io/vpnupgrade -O vpnupgrade.sh wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
sudo sh vpnupgrade.sh
EOF EOF
fi fi

View File

@ -168,7 +168,7 @@ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setu
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
SWAN_VER=4.3 SWAN_VER=4.4
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file" swan_url2="https://download.libreswan.org/$swan_file"
@ -224,7 +224,6 @@ version 2.0
config setup config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
interfaces=%defaultroute
uniqueids=no uniqueids=no
conn shared conn shared
@ -251,7 +250,6 @@ conn l2tp-psk
leftprotoport=17/1701 leftprotoport=17/1701
rightprotoport=17/%any rightprotoport=17/%any
type=transport type=transport
phase2=esp
also=shared also=shared
conn xauth-psk conn xauth-psk
@ -264,8 +262,6 @@ conn xauth-psk
leftmodecfgserver=yes leftmodecfgserver=yes
rightmodecfgclient=yes rightmodecfgclient=yes
modecfgpull=yes modecfgpull=yes
xauthby=file
fragmentation=yes
cisco-unity=yes cisco-unity=yes
also=shared also=shared
@ -446,15 +442,14 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \ && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run: To update, run:
wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh wget https://git.io/vpnupgrade-amzn -O vpnup.sh && sudo sh vpnup.sh
sudo sh vpnupgrade.sh
EOF EOF
fi fi

View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8 # Script for automatic setup of an IPsec VPN server on CentOS and RHEL
# Works on any dedicated server or virtual private server (VPS) # Works on any dedicated server or virtual private server (VPS)
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
@ -217,7 +217,7 @@ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setu
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
SWAN_VER=4.3 SWAN_VER=4.4
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file" swan_url2="https://download.libreswan.org/$swan_file"
@ -273,7 +273,6 @@ version 2.0
config setup config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
interfaces=%defaultroute
uniqueids=no uniqueids=no
conn shared conn shared
@ -300,7 +299,6 @@ conn l2tp-psk
leftprotoport=17/1701 leftprotoport=17/1701
rightprotoport=17/%any rightprotoport=17/%any
type=transport type=transport
phase2=esp
also=shared also=shared
conn xauth-psk conn xauth-psk
@ -313,8 +311,6 @@ conn xauth-psk
leftmodecfgserver=yes leftmodecfgserver=yes
rightmodecfgclient=yes rightmodecfgclient=yes
modecfgpull=yes modecfgpull=yes
xauthby=file
fragmentation=yes
cisco-unity=yes cisco-unity=yes
also=shared also=shared
@ -534,15 +530,14 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER" swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \ && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run: To update, run:
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh wget https://git.io/vpnupgrade-centos -O vpnup.sh && sudo sh vpnup.sh
sudo sh vpnupgrade.sh
EOF EOF
fi fi