Cleanup
This commit is contained in:
parent
cac5191155
commit
b3ad82fd48
@ -26,10 +26,7 @@ exiterr2() { exiterr "'apt-get install' failed."; }
|
|||||||
vpnupgrade() {
|
vpnupgrade() {
|
||||||
|
|
||||||
os_type=$(lsb_release -si 2>/dev/null)
|
os_type=$(lsb_release -si 2>/dev/null)
|
||||||
if [ -z "$os_type" ]; then
|
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
||||||
[ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
|
||||||
[ -f /etc/lsb-release ] && os_type=$(. /etc/lsb-release && printf '%s' "$DISTRIB_ID")
|
|
||||||
fi
|
|
||||||
case $os_type in
|
case $os_type in
|
||||||
*[Uu]buntu*)
|
*[Uu]buntu*)
|
||||||
os_type=ubuntu
|
os_type=ubuntu
|
||||||
@ -42,7 +39,7 @@ case $os_type in
|
|||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Error: This script only supports Ubuntu and Debian." >&2
|
echo "Error: This script only supports Ubuntu and Debian." >&2
|
||||||
echo "For CentOS/RHEL, use https://git.io/vpnsetup-centos" >&2
|
echo "For CentOS/RHEL, use https://git.io/vpnupgrade-centos" >&2
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -55,7 +52,7 @@ if [ "$(id -u)" != 0 ]; then
|
|||||||
exiterr "Script must be run as root. Try 'sudo sh $0'"
|
exiterr "Script must be run as root. Try 'sudo sh $0'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.2[679]|3.3[12]|4.1)
|
3.2[679]|3.3[12]|4.1)
|
||||||
/bin/true
|
/bin/true
|
||||||
;;
|
;;
|
||||||
@ -155,7 +152,7 @@ WARNING: Debian 8 (Jessie) has reached its end-of-life on June 30, 2020.
|
|||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.2[679]|3.3[12])
|
3.2[679]|3.3[12])
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
||||||
@ -281,7 +278,7 @@ elif [ "$dns_state" = "2" ]; then
|
|||||||
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
|
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.29|3.3[12]|4.1)
|
3.29|3.3[12]|4.1)
|
||||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
|
@ -36,7 +36,7 @@ if [ "$(id -u)" != 0 ]; then
|
|||||||
exiterr "Script must be run as root. Try 'sudo sh $0'"
|
exiterr "Script must be run as root. Try 'sudo sh $0'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.2[679]|3.3[12]|4.1)
|
3.2[679]|3.3[12]|4.1)
|
||||||
/bin/true
|
/bin/true
|
||||||
;;
|
;;
|
||||||
@ -125,7 +125,7 @@ NOTE: This script will make the following changes to your IPsec config:
|
|||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.2[679]|3.3[12])
|
3.2[679]|3.3[12])
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
||||||
@ -238,7 +238,7 @@ elif [ "$dns_state" = "2" ]; then
|
|||||||
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
|
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.29|3.3[12]|4.1)
|
3.29|3.3[12]|4.1)
|
||||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
|
@ -39,7 +39,7 @@ if [ "$(id -u)" != 0 ]; then
|
|||||||
exiterr "Script must be run as root. Try 'sudo sh $0'"
|
exiterr "Script must be run as root. Try 'sudo sh $0'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.2[679]|3.3[12]|4.1)
|
3.2[679]|3.3[12]|4.1)
|
||||||
/bin/true
|
/bin/true
|
||||||
;;
|
;;
|
||||||
@ -138,7 +138,7 @@ NOTE: This script will make the following changes to your IPsec config:
|
|||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.2[679]|3.3[12])
|
3.2[679]|3.3[12])
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
WARNING: Older versions of Libreswan could contain known security vulnerabilities.
|
||||||
@ -265,7 +265,7 @@ elif [ "$dns_state" = "2" ]; then
|
|||||||
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
|
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$SWAN_VER" in
|
case $SWAN_VER in
|
||||||
3.29|3.3[12]|4.1)
|
3.29|3.3[12]|4.1)
|
||||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||||
|
16
vpnsetup.sh
16
vpnsetup.sh
@ -1,7 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Script for automatic setup of an IPsec VPN server on Ubuntu and Debian.
|
# Script for automatic setup of an IPsec VPN server on Ubuntu and Debian
|
||||||
# Works on any dedicated server or virtual private server (VPS) except OpenVZ.
|
|
||||||
#
|
#
|
||||||
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
||||||
#
|
#
|
||||||
@ -50,10 +49,7 @@ check_ip() {
|
|||||||
vpnsetup() {
|
vpnsetup() {
|
||||||
|
|
||||||
os_type=$(lsb_release -si 2>/dev/null)
|
os_type=$(lsb_release -si 2>/dev/null)
|
||||||
if [ -z "$os_type" ]; then
|
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
||||||
[ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
|
|
||||||
[ -f /etc/lsb-release ] && os_type=$(. /etc/lsb-release && printf '%s' "$DISTRIB_ID")
|
|
||||||
fi
|
|
||||||
case $os_type in
|
case $os_type in
|
||||||
*[Uu]buntu*)
|
*[Uu]buntu*)
|
||||||
os_type=ubuntu
|
os_type=ubuntu
|
||||||
@ -72,8 +68,8 @@ case $os_type in
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
|
debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
|
||||||
if [ "$debian_ver" = "8" ]; then
|
if [ "$debian_ver" = "8" ] || [ "$debian_ver" = "jessiesid" ]; then
|
||||||
exiterr "Debian 8 is not supported."
|
exiterr "Debian 8 or Ubuntu < 16.04 is not supported."
|
||||||
fi
|
fi
|
||||||
if [ "$debian_ver" = "10" ] && [ ! -e /dev/ppp ]; then
|
if [ "$debian_ver" = "10" ] && [ ! -e /dev/ppp ]; then
|
||||||
exiterr "/dev/ppp is missing. Debian 10 users, see: https://git.io/vpndebian10"
|
exiterr "/dev/ppp is missing. Debian 10 users, see: https://git.io/vpndebian10"
|
||||||
@ -92,7 +88,7 @@ def_iface=$(route 2>/dev/null | grep -m 1 '^default' | grep -o '[^ ]*$')
|
|||||||
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
|
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
|
||||||
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
|
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
|
||||||
if ! uname -m | grep -qi -e '^arm' -e '^aarch64'; then
|
if ! uname -m | grep -qi -e '^arm' -e '^aarch64'; then
|
||||||
case "$def_iface" in
|
case $def_iface in
|
||||||
wl*)
|
wl*)
|
||||||
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
|
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
|
||||||
;;
|
;;
|
||||||
@ -542,7 +538,7 @@ EOF
|
|||||||
|
|
||||||
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
|
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade:
|
Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
|
||||||
wget https://git.io/vpnupgrade -O vpnupgrade.sh
|
wget https://git.io/vpnupgrade -O vpnupgrade.sh
|
||||||
sudo sh vpnupgrade.sh
|
sudo sh vpnupgrade.sh
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Script for automatic setup of an IPsec VPN server on Amazon Linux 2.
|
# Script for automatic setup of an IPsec VPN server on Amazon Linux 2
|
||||||
#
|
#
|
||||||
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
||||||
#
|
#
|
||||||
@ -62,7 +62,7 @@ def_iface=$(route 2>/dev/null | grep -m 1 '^default' | grep -o '[^ ]*$')
|
|||||||
[ -z "$def_iface" ] && def_iface=$(ip -4 route list 0/0 2>/dev/null | grep -m 1 -Po '(?<=dev )(\S+)')
|
[ -z "$def_iface" ] && def_iface=$(ip -4 route list 0/0 2>/dev/null | grep -m 1 -Po '(?<=dev )(\S+)')
|
||||||
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
|
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
|
||||||
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
|
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
|
||||||
case "$def_iface" in
|
case $def_iface in
|
||||||
wl*)
|
wl*)
|
||||||
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
|
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
|
||||||
;;
|
;;
|
||||||
@ -456,7 +456,7 @@ EOF
|
|||||||
|
|
||||||
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
|
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade:
|
Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
|
||||||
wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
|
wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
|
||||||
sudo sh vpnupgrade.sh
|
sudo sh vpnupgrade.sh
|
||||||
|
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8.
|
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8
|
||||||
# Works on any dedicated server or virtual private server (VPS) except OpenVZ.
|
|
||||||
#
|
#
|
||||||
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
||||||
#
|
#
|
||||||
@ -67,7 +66,7 @@ def_iface=$(route 2>/dev/null | grep -m 1 '^default' | grep -o '[^ ]*$')
|
|||||||
[ -z "$def_iface" ] && def_iface=$(ip -4 route list 0/0 2>/dev/null | grep -m 1 -Po '(?<=dev )(\S+)')
|
[ -z "$def_iface" ] && def_iface=$(ip -4 route list 0/0 2>/dev/null | grep -m 1 -Po '(?<=dev )(\S+)')
|
||||||
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
|
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
|
||||||
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
|
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
|
||||||
case "$def_iface" in
|
case $def_iface in
|
||||||
wl*)
|
wl*)
|
||||||
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
|
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
|
||||||
;;
|
;;
|
||||||
@ -523,7 +522,7 @@ EOF
|
|||||||
|
|
||||||
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
|
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade:
|
Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
|
||||||
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
|
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
|
||||||
sudo sh vpnupgrade.sh
|
sudo sh vpnupgrade.sh
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user