mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-25 06:16:07 +03:00
Code Issues Projects Releases Wiki Activity

New Libreswan version

Browse Source 
- Use new Libreswan version 4.4
- Support updating to Libreswan 4.4
- Other small improvements and cleanup
This commit is contained in:
hwdsl2 2021-04-24 16:15:05 -05:00
parent d90c6121b6
commit ac0bde54bb
7 changed files with 40 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
extras/ikev2setup.sh
View File

@ -108,8 +108,7 @@ Error: Libreswan version '$swan_ver' is not supported.
This script requires one of these versions:
3.23, 3.25-3.27, 3.29, 3.31-3.32 or 4.x
To update Libreswan, run:
wget $update_url -O vpnupgrade.sh
sudo sh vpnupgrade.sh
wget $update_url -O vpnup.sh && sudo sh vpnup.sh
EOF
exit 1
;;
@ -238,15 +237,15 @@ check_swan_ver() {
run_swan_update() {
get_update_url
TMPDIR=$(mktemp -d /tmp/vpnupg.XXX 2>/dev/null)
TMPDIR=$(mktemp -d /tmp/vpnup.XXX 2>/dev/null)
if [ -d "$TMPDIR" ]; then
set -x
if wget -t 3 -T 30 -q -O "$TMPDIR/vpnupg.sh" "$update_url"; then
/bin/sh "$TMPDIR/vpnupg.sh"
if wget -t 3 -T 30 -q -O "$TMPDIR/vpnup.sh" "$update_url"; then
/bin/sh "$TMPDIR/vpnup.sh"
fi
{ set +x; } 2>&-
[ ! -s "$TMPDIR/vpnupg.sh" ] && echo "Error: Could not download update script." >&2
/bin/rm -f "$TMPDIR/vpnupg.sh"
[ ! -s "$TMPDIR/vpnup.sh" ] && echo "Error: Could not download update script." >&2
/bin/rm -f "$TMPDIR/vpnup.sh"
/bin/rmdir "$TMPDIR"
else
echo "Error: Could not create temporary directory." >&2
@ -256,7 +255,7 @@ run_swan_update() {
}
select_swan_update() {
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
@ -983,7 +982,6 @@ conn ikev2-cp
ikev2=insist
rekey=no
pfs=no
fragmentation=yes
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
ikelifetime=24h
@ -1079,7 +1077,7 @@ EOF
}
show_swan_update_info() {
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver" "$swan_ver_latest" | sort -C -V; then
echo
@ -1087,8 +1085,7 @@ show_swan_update_info() {
if [ "$in_container" = "0" ]; then
get_update_url
echo " To update, run:"
echo " wget $update_url -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh"
echo " wget $update_url -O vpnup.sh && sudo sh vpnup.sh"
else
echo " To update this Docker image, see: https://git.io/updatedockervpn"
fi

16
extras/vpnupgrade.sh
View File

@ -14,7 +14,7 @@
# know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.3
SWAN_VER=4.4
### DO NOT edit below this line ###
@ -60,14 +60,14 @@ if [ "$(id -u)" != 0 ]; then
fi
case $SWAN_VER in
3.32|4.[123])
3.32|4.[1234])
true
;;
*)
cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of these versions:
3.32, 4.1, 4.2 or 4.3
3.32, 4.1-4.3 or 4.4
EOF
exit 1
;;
@ -83,16 +83,15 @@ EOF
exit 1
fi
swan_ver_cur=4.3
swan_ver_cur=4.4
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh"
echo " wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh"
echo
printf "Do you want to continue anyway? [y/N] "
read -r response
@ -144,7 +143,7 @@ Note: This script will make the following changes to your VPN configuration:
EOF
if [ "$SWAN_VER" != "4.3" ]; then
if [ "$SWAN_VER" != "4.4" ]; then
cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information.
@ -166,7 +165,6 @@ case $response in
;;
esac
# Create and change to working dir
mkdir -p /opt/src
cd /opt/src || exit 1

16
extras/vpnupgrade_amzn.sh
View File

@ -14,7 +14,7 @@
# know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.3
SWAN_VER=4.4
### DO NOT edit below this line ###
@ -39,14 +39,14 @@ if [ "$(id -u)" != 0 ]; then
fi
case $SWAN_VER in
3.32|4.[123])
3.32|4.[1234])
true
;;
*)
cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of these versions:
3.32, 4.1, 4.2 or 4.3
3.32, 4.1-4.3 or 4.4
EOF
exit 1
;;
@ -62,16 +62,15 @@ EOF
exit 1
fi
swan_ver_cur=4.3
swan_ver_cur=4.4
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh"
echo " wget https://git.io/vpnupgrade-amzn -O vpnup.sh && sudo sh vpnup.sh"
echo
printf "Do you want to continue anyway? [y/N] "
read -r response
@ -123,7 +122,7 @@ Note: This script will make the following changes to your VPN configuration:
EOF
if [ "$SWAN_VER" != "4.3" ]; then
if [ "$SWAN_VER" != "4.4" ]; then
cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information.
@ -145,7 +144,6 @@ case $response in
;;
esac
# Create and change to working dir
mkdir -p /opt/src
cd /opt/src || exit 1

16
extras/vpnupgrade_centos.sh
View File

@ -14,7 +14,7 @@
# know how you have improved it!
# Specify which Libreswan version to install. See: https://libreswan.org
SWAN_VER=4.3
SWAN_VER=4.4
### DO NOT edit below this line ###
@ -54,14 +54,14 @@ if [ "$(id -u)" != 0 ]; then
fi
case $SWAN_VER in
3.32|4.[123])
3.32|4.[1234])
true
;;
*)
cat 1>&2 <<EOF
Error: Libreswan version '$SWAN_VER' is not supported.
This script can install one of these versions:
3.32, 4.1, 4.2 or 4.3
3.32, 4.1-4.3 or 4.4
EOF
exit 1
;;
@ -77,16 +77,15 @@ EOF
exit 1
fi
swan_ver_cur=4.3
swan_ver_cur=4.4
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ "$swan_ver_cur" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$swan_ver_cur" "$swan_ver_latest" | sort -C -V; then
echo "Note: A newer version of Libreswan ($swan_ver_latest) is available."
echo " To update to the new version, exit this script and run:"
echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh"
echo " sudo sh vpnupgrade.sh"
echo " wget https://git.io/vpnupgrade-centos -O vpnup.sh && sudo sh vpnup.sh"
echo
printf "Do you want to continue anyway? [y/N] "
read -r response
@ -138,7 +137,7 @@ Note: This script will make the following changes to your VPN configuration:
EOF
if [ "$SWAN_VER" != "4.3" ]; then
if [ "$SWAN_VER" != "4.4" ]; then
cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
See https://libreswan.org/security/ for more information.
@ -160,7 +159,6 @@ case $response in
;;
esac
# Create and change to working dir
mkdir -p /opt/src
cd /opt/src || exit 1

11
vpnsetup.sh
View File

@ -204,7 +204,7 @@ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setu
bigecho "Downloading Libreswan..."
SWAN_VER=4.3
SWAN_VER=4.4
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
@ -268,7 +268,6 @@ version 2.0
config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
interfaces=%defaultroute
uniqueids=no
conn shared
@ -295,7 +294,6 @@ conn l2tp-psk
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
phase2=esp
also=shared
conn xauth-psk
@ -308,8 +306,6 @@ conn xauth-psk
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
fragmentation=yes
cisco-unity=yes
also=shared
@ -522,15 +518,14 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run:
wget https://git.io/vpnupgrade -O vpnupgrade.sh
sudo sh vpnupgrade.sh
wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
EOF
fi

11
vpnsetup_amzn.sh
View File

@ -168,7 +168,7 @@ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setu
bigecho "Downloading Libreswan..."
SWAN_VER=4.3
SWAN_VER=4.4
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
@ -224,7 +224,6 @@ version 2.0
config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
interfaces=%defaultroute
uniqueids=no
conn shared
@ -251,7 +250,6 @@ conn l2tp-psk
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
phase2=esp
also=shared
conn xauth-psk
@ -264,8 +262,6 @@ conn xauth-psk
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
fragmentation=yes
cisco-unity=yes
also=shared
@ -446,15 +442,14 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run:
wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
sudo sh vpnupgrade.sh
wget https://git.io/vpnupgrade-amzn -O vpnup.sh && sudo sh vpnup.sh
EOF
fi

13
vpnsetup_centos.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
#
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8
# Script for automatic setup of an IPsec VPN server on CentOS and RHEL
# Works on any dedicated server or virtual private server (VPS)
#
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
@ -217,7 +217,7 @@ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setu
bigecho "Downloading Libreswan..."
SWAN_VER=4.3
SWAN_VER=4.4
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
@ -273,7 +273,6 @@ version 2.0
config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
interfaces=%defaultroute
uniqueids=no
conn shared
@ -300,7 +299,6 @@ conn l2tp-psk
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
phase2=esp
also=shared
conn xauth-psk
@ -313,8 +311,6 @@ conn xauth-psk
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
fragmentation=yes
cisco-unity=yes
also=shared
@ -534,15 +530,14 @@ service xl2tpd restart 2>/dev/null
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
&& [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
&& printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available.
To update, run:
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
sudo sh vpnupgrade.sh
wget https://git.io/vpnupgrade-centos -O vpnup.sh && sudo sh vpnup.sh
EOF
fi