mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 04:56:03 +03:00
Code Issues Projects Releases Wiki Activity

Improve VPN setup

Browse Source 
- Continue VPN setup (instead of exiting) if fail2ban fails to install.
This commit is contained in:
hwdsl2 2022-09-09 23:53:13 -05:00
parent 098a6b4e5d
commit c5df950ea2
4 changed files with 49 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vpnsetup_alpine.sh
View File

@ -194,7 +194,7 @@ install_fail2ban() {
( (
set -x set -x
apk add -U -q fail2ban apk add -U -q fail2ban
) || exiterr2 )
} }
get_helper_scripts() { get_helper_scripts() {
@ -487,7 +487,7 @@ EOF
chmod +x /etc/network/if-pre-up.d/iptablesload chmod +x /etc/network/if-pre-up.d/iptablesload
sed -i '1c\#!/sbin/openrc-run' /etc/init.d/ipsec sed -i '1c\#!/sbin/openrc-run' /etc/init.d/ipsec
for svc in fail2ban ipsec xl2tpd; do for svc in fail2ban ipsec xl2tpd; do
rc-update add "$svc" default >/dev/null rc-update add "$svc" default >/dev/null 2>&1
done done
} }

34
vpnsetup_amzn.sh
View File

@ -189,12 +189,26 @@ install_vpn_pkgs_2() {
) || exiterr2 ) || exiterr2
} }
create_f2b_config() {
F2B_FILE=/etc/fail2ban/jail.local
if [ ! -f "$F2B_FILE" ]; then
bigecho "Creating basic Fail2Ban rules..."
cat > "$F2B_FILE" <<'EOF'
[ssh-iptables]
enabled = true
filter = sshd
logpath = /var/log/secure
action = iptables[name=SSH, port=ssh, protocol=tcp]
EOF
fi
}
install_fail2ban() { install_fail2ban() {
bigecho "Installing Fail2Ban to protect SSH..." bigecho "Installing Fail2Ban to protect SSH..."
( (
set -x set -x
yum --enablerepo=epel -y -q install fail2ban >/dev/null yum --enablerepo=epel -y -q install fail2ban >/dev/null
) || exiterr2 ) && create_f2b_config
} }
get_helper_scripts() { get_helper_scripts() {
@ -410,20 +424,6 @@ $VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
EOF EOF
} }
create_f2b_config() {
F2B_FILE=/etc/fail2ban/jail.local
if [ ! -f "$F2B_FILE" ]; then
bigecho "Creating basic Fail2Ban rules..."
cat > "$F2B_FILE" <<'EOF'
[ssh-iptables]
enabled = true
filter = sshd
logpath = /var/log/secure
action = iptables[name=SSH, port=ssh, protocol=tcp]
EOF
fi
}
update_sysctl() { update_sysctl() {
bigecho "Updating sysctl settings..." bigecho "Updating sysctl settings..."
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
@ -490,7 +490,8 @@ update_iptables() {
enable_on_boot() { enable_on_boot() {
bigecho "Enabling services on boot..." bigecho "Enabling services on boot..."
systemctl --now mask firewalld 2>/dev/null systemctl --now mask firewalld 2>/dev/null
systemctl enable iptables fail2ban 2>/dev/null systemctl enable iptables 2>/dev/null
systemctl enable fail2ban 2>/dev/null
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
if [ -f /etc/rc.local ]; then if [ -f /etc/rc.local ]; then
conf_bk "/etc/rc.local" conf_bk "/etc/rc.local"
@ -606,7 +607,6 @@ vpnsetup() {
get_libreswan get_libreswan
install_libreswan install_libreswan
create_vpn_config create_vpn_config
create_f2b_config
update_sysctl update_sysctl
update_iptables update_iptables
enable_on_boot enable_on_boot

59
vpnsetup_centos.sh
View File

@ -279,12 +279,36 @@ install_vpn_pkgs_3() {
fi fi
} }
create_f2b_config() {
F2B_FILE=/etc/fail2ban/jail.local
if [ ! -f "$F2B_FILE" ]; then
bigecho "Creating basic Fail2Ban rules..."
cat > "$F2B_FILE" <<'EOF'
[ssh-iptables]
enabled = true
filter = sshd
logpath = /var/log/secure
EOF
if [ "$use_nft" = "1" ]; then
cat >> "$F2B_FILE" <<'EOF'
port = ssh
banaction = nftables-multiport[blocktype=drop]
EOF
else
cat >> "$F2B_FILE" <<'EOF'
action = iptables[name=SSH, port=ssh, protocol=tcp]
EOF
fi
fi
}
install_fail2ban() { install_fail2ban() {
bigecho "Installing Fail2Ban to protect SSH..." bigecho "Installing Fail2Ban to protect SSH..."
( (
set -x set -x
yum "$rp1" -y -q install fail2ban >/dev/null yum "$rp1" -y -q install fail2ban >/dev/null
) || exiterr2 ) && create_f2b_config
} }
get_helper_scripts() { get_helper_scripts() {
@ -500,30 +524,6 @@ $VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
EOF EOF
} }
create_f2b_config() {
F2B_FILE=/etc/fail2ban/jail.local
if [ ! -f "$F2B_FILE" ]; then
bigecho "Creating basic Fail2Ban rules..."
cat > "$F2B_FILE" <<'EOF'
[ssh-iptables]
enabled = true
filter = sshd
logpath = /var/log/secure
EOF
if [ "$use_nft" = "1" ]; then
cat >> "$F2B_FILE" <<'EOF'
port = ssh
banaction = nftables-multiport[blocktype=drop]
EOF
else
cat >> "$F2B_FILE" <<'EOF'
action = iptables[name=SSH, port=ssh, protocol=tcp]
EOF
fi
fi
}
update_sysctl() { update_sysctl() {
bigecho "Updating sysctl settings..." bigecho "Updating sysctl settings..."
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
@ -650,9 +650,11 @@ enable_on_boot() {
if [ "$os_type$os_ver" = "ol9" ]; then if [ "$os_type$os_ver" = "ol9" ]; then
systemctl enable nftables 2>/dev/null systemctl enable nftables 2>/dev/null
elif [ "$use_nft" = "1" ]; then elif [ "$use_nft" = "1" ]; then
systemctl enable nftables fail2ban 2>/dev/null systemctl enable nftables 2>/dev/null
systemctl enable fail2ban 2>/dev/null
else else
systemctl enable iptables fail2ban 2>/dev/null systemctl enable iptables 2>/dev/null
systemctl enable fail2ban 2>/dev/null
fi fi
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
if [ -f /etc/rc.local ]; then if [ -f /etc/rc.local ]; then
@ -778,9 +780,6 @@ vpnsetup() {
get_libreswan get_libreswan
install_libreswan install_libreswan
create_vpn_config create_vpn_config
if [ "$os_type$os_ver" != "ol9" ]; then
create_f2b_config
fi
update_sysctl update_sysctl
update_iptables update_iptables
fix_nss_config fix_nss_config

2
vpnsetup_ubuntu.sh
View File

@ -245,7 +245,7 @@ install_fail2ban() {
( (
set -x set -x
apt-get -yqq install fail2ban >/dev/null apt-get -yqq install fail2ban >/dev/null
) || exiterr2 )
} }
get_helper_scripts() { get_helper_scripts() {