Improve script outputs

extras/vpnupgrade.sh

@@ -72,7 +72,7 @@ Your existing VPN configuration files will NOT be modified.
 
 EOF
 
-if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" = "7" ]; then
+if [ "$(sed 's/\..*//' /etc/debian_version)" = "7" ]; then
 cat <<'EOF'
 IMPORTANT: Workaround required for Debian 7 (Wheezy).
 You must first run the script at: https://git.io/vpndeb7

vpnsetup.sh

@@ -39,6 +39,7 @@ SYS_DT="$(date +%Y-%m-%d-%H:%M:%S)"; export SYS_DT
 exiterr()  { echo "Error: $1" >&2; exit 1; }
 exiterr2() { echo "Error: 'apt-get install' failed." >&2; exit 1; }
 conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; }
+print_status() { echo; echo "## $1"; echo; }
 
 check_ip() {
   IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
@@ -88,8 +89,7 @@ fi
 [ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD"
 
 if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
-  echo "VPN credentials not set by user. Generating random PSK and password..."
-  echo
+  print_status "VPN credentials not set by user. Generating random PSK and password..."
   VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
   VPN_USER=vpnuser
   VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
@@ -105,7 +105,7 @@ case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
     ;;
 esac
 
-if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" = "7" ]; then
+if [ "$(sed 's/\..*//' /etc/debian_version)" = "7" ]; then
 cat <<'EOF'
 IMPORTANT: Workaround required for Debian 7 (Wheezy).
 You must first run the script at: https://git.io/vpndeb7
@@ -117,28 +117,27 @@ EOF
   sleep 30
 fi
 
-echo "VPN setup in progress... Please be patient."
-echo
+print_status "VPN setup in progress... Please be patient."
 
 # Create and change to working dir
 mkdir -p /opt/src
 cd /opt/src || exiterr "Cannot enter /opt/src."
 
-# Update package index
+print_status "Populating apt-get cache..."
+
 export DEBIAN_FRONTEND=noninteractive
 apt-get -yq update || exiterr "'apt-get update' failed."
 
-# Make sure basic commands exist
+print_status "Installing packages required for setup..."
+
 apt-get -yq install wget dnsutils openssl || exiterr2
 apt-get -yq install iproute gawk grep sed net-tools || exiterr2
 
+print_status "Trying to auto discover IPs of this server..."
+
 cat <<'EOF'
-
-Trying to auto discover IPs of this server...
-
 In case the script hangs here for more than a few minutes,
 use Ctrl-C to interrupt. Then edit it and manually enter IPs.
-
 EOF
 
 # In case auto IP discovery fails, you may manually enter server IPs here.
@@ -156,7 +155,8 @@ check_ip "$PUBLIC_IP" || exiterr "Cannot find valid public IP. Edit the script a
 check_ip "$PRIVATE_IP" || PRIVATE_IP=$(ifconfig "$NET_IF0" | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
 check_ip "$PRIVATE_IP" || exiterr "Cannot find valid private IP. Edit the script and manually enter IPs."
 
-# Install necessary packages
+print_status "Installing packages required for the VPN..."
+
 apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
   libcap-ng-dev libcap-ng-utils libselinux1-dev \
   libcurl4-nss-dev flex bison gcc make \
@@ -164,10 +164,12 @@ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
 apt-get -yq --no-install-recommends install xmlto || exiterr2
 apt-get -yq install ppp xl2tpd || exiterr2
 
-# Install Fail2Ban to protect SSH server
+print_status "Installing Fail2Ban to protect SSH..."
+
 apt-get -yq install fail2ban || exiterr2
 
-# Compile and install Libreswan
+print_status "Compiling and installing Libreswan..."
+
 swan_ver=3.18
 swan_file="libreswan-$swan_ver.tar.gz"
 swan_url1="https://download.libreswan.org/$swan_file"
@@ -191,6 +193,8 @@ if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"; then
   exiterr "Libreswan $swan_ver failed to build."
 fi
 
+print_status "Creating VPN configuration..."
+
 # Create IPsec (Libreswan) config
 conf_bk "/etc/ipsec.conf"
 cat > /etc/ipsec.conf <<EOF
@@ -302,7 +306,8 @@ cat > /etc/ipsec.d/passwd <<EOF
 $VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
 EOF
 
-# Update sysctl settings
+print_status "Updating sysctl settings..."
+
 if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
   conf_bk "/etc/sysctl.conf"
 cat >> /etc/sysctl.conf <<EOF
@@ -337,6 +342,8 @@ net.ipv4.tcp_wmem = 10240 87380 12582912
 EOF
 fi
 
+print_status "Updating IPTables rules..."
+
 # Check if IPTables rules need updating
 ipt_flag=0
 IPT_FILE="/etc/iptables.rules"
@@ -378,7 +385,8 @@ if [ "$ipt_flag" = "1" ]; then
   fi
 fi
 
-# Load IPTables rules at boot
+print_status "Enabling services on boot..."
+
 mkdir -p /etc/network/if-pre-up.d
 cat > /etc/network/if-pre-up.d/iptablesload <<'EOF'
 #!/bin/sh
@@ -386,10 +394,9 @@ iptables-restore < /etc/iptables.rules
 exit 0
 EOF
 
-# Start services at boot
 for svc in fail2ban ipsec xl2tpd; do
   update-rc.d "$svc" enable >/dev/null 2>&1
-  systemctl enable "$svc" >/dev/null 2>&1
+  systemctl enable "$svc" 2>/dev/null
 done
 if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
   if [ -f /etc/rc.local ]; then
@@ -411,6 +418,8 @@ EOF
   fi
 fi
 
+print_status "Starting services..."
+
 # Reload sysctl.conf
 sysctl -e -q -p
 

vpnsetup_centos.sh

@@ -39,6 +39,7 @@ SYS_DT="$(date +%Y-%m-%d-%H:%M:%S)"; export SYS_DT
 exiterr()  { echo "Error: $1" >&2; exit 1; }
 exiterr2() { echo "Error: 'yum install' failed." >&2; exit 1; }
 conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; }
+print_status() { echo; echo "## $1"; echo; }
 
 check_ip() {
   IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
@@ -84,8 +85,7 @@ fi
 [ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD"
 
 if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
-  echo "VPN credentials not set by user. Generating random PSK and password..."
-  echo
+  print_status "VPN credentials not set by user. Generating random PSK and password..."
   VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
   VPN_USER=vpnuser
   VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
@@ -101,24 +101,22 @@ case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
     ;;
 esac
 
-echo "VPN setup in progress... Please be patient."
-echo
+print_status "VPN setup in progress... Please be patient."
 
 # Create and change to working dir
 mkdir -p /opt/src
 cd /opt/src || exiterr "Cannot enter /opt/src."
 
-# Make sure basic commands exist
+print_status "Installing packages required for setup..."
+
 yum -y install wget bind-utils openssl || exiterr2
 yum -y install iproute gawk grep sed net-tools || exiterr2
 
+print_status "Trying to auto discover IPs of this server..."
+
 cat <<'EOF'
-
-Trying to auto discover IPs of this server...
-
 In case the script hangs here for more than a few minutes,
 use Ctrl-C to interrupt. Then edit it and manually enter IPs.
-
 EOF
 
 # In case auto IP discovery fails, you may manually enter server IPs here.
@@ -136,20 +134,18 @@ check_ip "$PUBLIC_IP" || exiterr "Cannot find valid public IP. Edit the script a
 check_ip "$PRIVATE_IP" || PRIVATE_IP=$(ifconfig "$NET_IF0" | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
 check_ip "$PRIVATE_IP" || exiterr "Cannot find valid private IP. Edit the script and manually enter IPs."
 
-# Add the EPEL repository
+print_status "Adding the EPEL repository..."
+
 yum -y install epel-release || exiterr2
 
-# Install necessary packages
+print_status "Installing packages required for the VPN..."
+
 yum -y install nss-devel nspr-devel pkgconfig pam-devel \
   libcap-ng-devel libselinux-devel \
   curl-devel flex bison gcc make \
   fipscheck-devel unbound-devel xmlto || exiterr2
 yum -y install ppp xl2tpd || exiterr2
 
-# Install Fail2Ban to protect SSH server
-yum -y install fail2ban || exiterr2
-
-# Install libevent2 and systemd-devel
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
   yum -y install libevent2-devel || exiterr2
@@ -157,7 +153,12 @@ else
   yum -y install libevent-devel systemd-devel || exiterr2
 fi
 
-# Compile and install Libreswan
+print_status "Installing Fail2Ban to protect SSH..."
+
+yum -y install fail2ban || exiterr2
+
+print_status "Compiling and installing Libreswan..."
+
 swan_ver=3.18
 swan_file="libreswan-$swan_ver.tar.gz"
 swan_url1="https://download.libreswan.org/$swan_file"
@@ -178,6 +179,8 @@ if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"; then
   exiterr "Libreswan $swan_ver failed to build."
 fi
 
+print_status "Creating VPN configuration..."
+
 # Create IPsec (Libreswan) config
 conf_bk "/etc/ipsec.conf"
 cat > /etc/ipsec.conf <<EOF
@@ -289,7 +292,8 @@ cat > /etc/ipsec.d/passwd <<EOF
 $VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
 EOF
 
-# Update sysctl settings
+print_status "Updating sysctl settings..."
+
 if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
   conf_bk "/etc/sysctl.conf"
 cat >> /etc/sysctl.conf <<EOF
@@ -324,6 +328,8 @@ net.ipv4.tcp_wmem = 10240 87380 12582912
 EOF
 fi
 
+print_status "Updating IPTables rules..."
+
 # Check if IPTables rules need updating
 ipt_flag=0
 IPT_FILE="/etc/sysconfig/iptables"
@@ -358,7 +364,8 @@ if [ "$ipt_flag" = "1" ]; then
   iptables-save >> "$IPT_FILE"
 fi
 
-# Create basic Fail2Ban rules
+print_status "Creating basic Fail2Ban rules..."
+
 if [ ! -f /etc/fail2ban/jail.local ] ; then
 cat > /etc/fail2ban/jail.local <<'EOF'
 [ssh-iptables]
@@ -369,14 +376,15 @@ logpath  = /var/log/secure
 EOF
 fi
 
-# Start services at boot
+print_status "Enabling services on boot..."
+
 if grep -qs "release 6" /etc/redhat-release; then
   chkconfig iptables on
   chkconfig fail2ban on
 else
   systemctl --now mask firewalld
   yum -y install iptables-services || exiterr2
-  systemctl enable iptables fail2ban >/dev/null 2>&1
+  systemctl enable iptables fail2ban
 fi
 if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
   if [ -f /etc/rc.local ]; then
@@ -394,6 +402,8 @@ echo 1 > /proc/sys/net/ipv4/ip_forward
 EOF
 fi
 
+print_status "Starting services..."
+
 # Restore SELinux contexts
 restorecon /etc/ipsec.d/*db 2>/dev/null
 restorecon /usr/local/sbin -Rv 2>/dev/null