1
0
mirror of synced 2024-11-25 14:26:09 +03:00
This commit is contained in:
hwdsl2 2020-12-31 23:09:58 -06:00
parent cac5191155
commit b3ad82fd48
6 changed files with 23 additions and 31 deletions

View File

@ -26,10 +26,7 @@ exiterr2() { exiterr "'apt-get install' failed."; }
vpnupgrade() { vpnupgrade() {
os_type=$(lsb_release -si 2>/dev/null) os_type=$(lsb_release -si 2>/dev/null)
if [ -z "$os_type" ]; then [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
[ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
[ -f /etc/lsb-release ] && os_type=$(. /etc/lsb-release && printf '%s' "$DISTRIB_ID")
fi
case $os_type in case $os_type in
*[Uu]buntu*) *[Uu]buntu*)
os_type=ubuntu os_type=ubuntu
@ -42,7 +39,7 @@ case $os_type in
;; ;;
*) *)
echo "Error: This script only supports Ubuntu and Debian." >&2 echo "Error: This script only supports Ubuntu and Debian." >&2
echo "For CentOS/RHEL, use https://git.io/vpnsetup-centos" >&2 echo "For CentOS/RHEL, use https://git.io/vpnupgrade-centos" >&2
exit 1 exit 1
;; ;;
esac esac
@ -55,7 +52,7 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
fi fi
case "$SWAN_VER" in case $SWAN_VER in
3.2[679]|3.3[12]|4.1) 3.2[679]|3.3[12]|4.1)
/bin/true /bin/true
;; ;;
@ -155,7 +152,7 @@ WARNING: Debian 8 (Jessie) has reached its end-of-life on June 30, 2020.
EOF EOF
fi fi
case "$SWAN_VER" in case $SWAN_VER in
3.2[679]|3.3[12]) 3.2[679]|3.3[12])
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
@ -281,7 +278,7 @@ elif [ "$dns_state" = "2" ]; then
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
fi fi
case "$SWAN_VER" in case $SWAN_VER in
3.29|3.3[12]|4.1) 3.29|3.3[12]|4.1)
sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/ikev2=never/d" /etc/ipsec.conf
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf

View File

@ -36,7 +36,7 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
fi fi
case "$SWAN_VER" in case $SWAN_VER in
3.2[679]|3.3[12]|4.1) 3.2[679]|3.3[12]|4.1)
/bin/true /bin/true
;; ;;
@ -125,7 +125,7 @@ NOTE: This script will make the following changes to your IPsec config:
EOF EOF
case "$SWAN_VER" in case $SWAN_VER in
3.2[679]|3.3[12]) 3.2[679]|3.3[12])
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
@ -238,7 +238,7 @@ elif [ "$dns_state" = "2" ]; then
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
fi fi
case "$SWAN_VER" in case $SWAN_VER in
3.29|3.3[12]|4.1) 3.29|3.3[12]|4.1)
sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/ikev2=never/d" /etc/ipsec.conf
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf

View File

@ -39,7 +39,7 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
fi fi
case "$SWAN_VER" in case $SWAN_VER in
3.2[679]|3.3[12]|4.1) 3.2[679]|3.3[12]|4.1)
/bin/true /bin/true
;; ;;
@ -138,7 +138,7 @@ NOTE: This script will make the following changes to your IPsec config:
EOF EOF
case "$SWAN_VER" in case $SWAN_VER in
3.2[679]|3.3[12]) 3.2[679]|3.3[12])
cat <<'EOF' cat <<'EOF'
WARNING: Older versions of Libreswan could contain known security vulnerabilities. WARNING: Older versions of Libreswan could contain known security vulnerabilities.
@ -265,7 +265,7 @@ elif [ "$dns_state" = "2" ]; then
sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf sed -i "s/^[[:space:]]\+modecfgdns1=.\+/ modecfgdns=$DNS_SRV1/" /etc/ipsec.conf
fi fi
case "$SWAN_VER" in case $SWAN_VER in
3.29|3.3[12]|4.1) 3.29|3.3[12]|4.1)
sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/ikev2=never/d" /etc/ipsec.conf
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf

View File

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Script for automatic setup of an IPsec VPN server on Ubuntu and Debian. # Script for automatic setup of an IPsec VPN server on Ubuntu and Debian
# Works on any dedicated server or virtual private server (VPS) except OpenVZ.
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
# #
@ -50,10 +49,7 @@ check_ip() {
vpnsetup() { vpnsetup() {
os_type=$(lsb_release -si 2>/dev/null) os_type=$(lsb_release -si 2>/dev/null)
if [ -z "$os_type" ]; then [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
[ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
[ -f /etc/lsb-release ] && os_type=$(. /etc/lsb-release && printf '%s' "$DISTRIB_ID")
fi
case $os_type in case $os_type in
*[Uu]buntu*) *[Uu]buntu*)
os_type=ubuntu os_type=ubuntu
@ -72,8 +68,8 @@ case $os_type in
esac esac
debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9') debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
if [ "$debian_ver" = "8" ]; then if [ "$debian_ver" = "8" ] || [ "$debian_ver" = "jessiesid" ]; then
exiterr "Debian 8 is not supported." exiterr "Debian 8 or Ubuntu < 16.04 is not supported."
fi fi
if [ "$debian_ver" = "10" ] && [ ! -e /dev/ppp ]; then if [ "$debian_ver" = "10" ] && [ ! -e /dev/ppp ]; then
exiterr "/dev/ppp is missing. Debian 10 users, see: https://git.io/vpndebian10" exiterr "/dev/ppp is missing. Debian 10 users, see: https://git.io/vpndebian10"
@ -92,7 +88,7 @@ def_iface=$(route 2>/dev/null | grep -m 1 '^default' | grep -o '[^ ]*$')
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null) def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
if ! uname -m | grep -qi -e '^arm' -e '^aarch64'; then if ! uname -m | grep -qi -e '^arm' -e '^aarch64'; then
case "$def_iface" in case $def_iface in
wl*) wl*)
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!" exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
;; ;;
@ -542,7 +538,7 @@ EOF
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade: Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
wget https://git.io/vpnupgrade -O vpnupgrade.sh wget https://git.io/vpnupgrade -O vpnupgrade.sh
sudo sh vpnupgrade.sh sudo sh vpnupgrade.sh

View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Script for automatic setup of an IPsec VPN server on Amazon Linux 2. # Script for automatic setup of an IPsec VPN server on Amazon Linux 2
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
# #
@ -62,7 +62,7 @@ def_iface=$(route 2>/dev/null | grep -m 1 '^default' | grep -o '[^ ]*$')
[ -z "$def_iface" ] && def_iface=$(ip -4 route list 0/0 2>/dev/null | grep -m 1 -Po '(?<=dev )(\S+)') [ -z "$def_iface" ] && def_iface=$(ip -4 route list 0/0 2>/dev/null | grep -m 1 -Po '(?<=dev )(\S+)')
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null) def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
case "$def_iface" in case $def_iface in
wl*) wl*)
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!" exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
;; ;;
@ -456,7 +456,7 @@ EOF
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade: Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
sudo sh vpnupgrade.sh sudo sh vpnupgrade.sh

View File

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8. # Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8
# Works on any dedicated server or virtual private server (VPS) except OpenVZ.
# #
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
# #
@ -67,7 +66,7 @@ def_iface=$(route 2>/dev/null | grep -m 1 '^default' | grep -o '[^ ]*$')
[ -z "$def_iface" ] && def_iface=$(ip -4 route list 0/0 2>/dev/null | grep -m 1 -Po '(?<=dev )(\S+)') [ -z "$def_iface" ] && def_iface=$(ip -4 route list 0/0 2>/dev/null | grep -m 1 -Po '(?<=dev )(\S+)')
def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null) def_state=$(cat "/sys/class/net/$def_iface/operstate" 2>/dev/null)
if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then if [ -n "$def_state" ] && [ "$def_state" != "down" ]; then
case "$def_iface" in case $def_iface in
wl*) wl*)
exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!" exiterr "Wireless interface '$def_iface' detected. DO NOT run this script on your PC or Mac!"
;; ;;
@ -523,7 +522,7 @@ EOF
if [ "$SWAN_VER" != "$swan_ver_latest" ]; then if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
cat <<EOF cat <<EOF
Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade: Note: A newer Libreswan version $swan_ver_latest is available. To upgrade:
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
sudo sh vpnupgrade.sh sudo sh vpnupgrade.sh