Add version check

- Check for latest supported Libreswan version, and remind users who use
  a non-latest version of the VPN scripts that they can upgrade
- Other minor improvements

extras/vpnupgrade.sh

@@ -27,14 +27,25 @@ vpnupgrade() {
 
 os_type=$(lsb_release -si 2>/dev/null)
 if [ -z "$os_type" ]; then
-  [ -f /etc/os-release  ] && os_type=$(. /etc/os-release  && printf '%s' "$ID")
+  [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
   [ -f /etc/lsb-release ] && os_type=$(. /etc/lsb-release && printf '%s' "$DISTRIB_ID")
 fi
-if ! printf '%s' "$os_type" | head -n 1 | grep -qiF -e ubuntu -e debian -e raspbian; then
+case $os_type in
-  echo "Error: This script only supports Ubuntu and Debian." >&2
+  *[Uu]buntu*)
-  echo "For CentOS/RHEL, use https://git.io/vpnupgrade-centos" >&2
+    os_type=ubuntu
-  exit 1
+    ;;
-fi
+  *[Dd]ebian*)
+    os_type=debian
+    ;;
+  *[Rr]aspbian*)
+    os_type=raspbian
+    ;;
+  *)
+    echo "Error: This script only supports Ubuntu and Debian." >&2
+    echo "For CentOS/RHEL, use https://git.io/vpnsetup-centos" >&2
+    exit 1
+    ;;
+esac
 
 if [ -f /proc/user_beancounters ]; then
   exiterr "OpenVZ VPS is not supported."
@@ -69,6 +80,32 @@ EOF
   exit 1
 fi
 
+swan_ver_cur=4.1
+debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
+swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanverupg?ver=$swan_ver_cur"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
+  swan_ver_latest=$swan_ver_cur
+fi
+if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
+  echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest."
+  echo "To download and run the latest version:"
+  echo "  wget https://git.io/vpnupgrade -O vpnupgrade.sh"
+  echo "  sudo sh vpnupgrade.sh"
+  echo
+  printf "Do you want to continue anyway? [y/N] "
+  read -r response
+  case $response in
+    [yY][eE][sS]|[yY])
+      echo
+      ;;
+    *)
+      echo "Abort. No changes were made."
+      exit 1
+      ;;
+  esac
+fi
+
 if [ "$swan_ver_old" = "$SWAN_VER" ]; then
   echo "You already have Libreswan version $SWAN_VER installed! "
   echo "If you continue, the same version will be re-installed."

extras/vpnupgrade_amzn.sh

@@ -61,6 +61,31 @@ EOF
   exit 1
 fi
 
+swan_ver_cur=4.1
+swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?ver=$swan_ver_cur"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
+  swan_ver_latest=$swan_ver_cur
+fi
+if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
+  echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest."
+  echo "To download and run the latest version:"
+  echo "  wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh"
+  echo "  sudo sh vpnupgrade.sh"
+  echo
+  printf "Do you want to continue anyway? [y/N] "
+  read -r response
+  case $response in
+    [yY][eE][sS]|[yY])
+      echo
+      ;;
+    *)
+      echo "Abort. No changes were made."
+      exit 1
+      ;;
+  esac
+fi
+
 if [ "$swan_ver_old" = "$SWAN_VER" ]; then
   echo "You already have Libreswan version $SWAN_VER installed! "
   echo "If you continue, the same version will be re-installed."

extras/vpnupgrade_centos.sh

@@ -64,6 +64,41 @@ EOF
   exit 1
 fi
 
+os_type=centos
+if grep -qs "Red Hat" /etc/redhat-release; then
+  os_type=rhel
+fi
+if grep -qs "release 7" /etc/redhat-release; then
+  os_ver=7
+else
+  os_ver=8
+fi
+
+swan_ver_cur=4.1
+swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?ver=$swan_ver_cur"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
+  swan_ver_latest=$swan_ver_cur
+fi
+if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then
+  echo "Note: A newer version of this script is available, which can install Libreswan $swan_ver_latest."
+  echo "To download and run the latest version:"
+  echo "  wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh"
+  echo "  sudo sh vpnupgrade.sh"
+  echo
+  printf "Do you want to continue anyway? [y/N] "
+  read -r response
+  case $response in
+    [yY][eE][sS]|[yY])
+      echo
+      ;;
+    *)
+      echo "Abort. No changes were made."
+      exit 1
+      ;;
+  esac
+fi
+
 if [ "$swan_ver_old" = "$SWAN_VER" ]; then
   echo "You already have Libreswan version $SWAN_VER installed! "
   echo "If you continue, the same version will be re-installed."

vpnsetup.sh

@@ -51,16 +51,27 @@ vpnsetup() {
 
 os_type=$(lsb_release -si 2>/dev/null)
 if [ -z "$os_type" ]; then
-  [ -f /etc/os-release  ] && os_type=$(. /etc/os-release  && printf '%s' "$ID")
+  [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
   [ -f /etc/lsb-release ] && os_type=$(. /etc/lsb-release && printf '%s' "$DISTRIB_ID")
 fi
-if ! printf '%s' "$os_type" | head -n 1 | grep -qiF -e ubuntu -e debian -e raspbian; then
+case $os_type in
-  echo "Error: This script only supports Ubuntu and Debian." >&2
+  *[Uu]buntu*)
-  echo "For CentOS/RHEL, use https://git.io/vpnsetup-centos" >&2
+    os_type=ubuntu
-  exit 1
+    ;;
-fi
+  *[Dd]ebian*)
+    os_type=debian
+    ;;
+  *[Rr]aspbian*)
+    os_type=raspbian
+    ;;
+  *)
+    echo "Error: This script only supports Ubuntu and Debian." >&2
+    echo "For CentOS/RHEL, use https://git.io/vpnsetup-centos" >&2
+    exit 1
+    ;;
+esac
 
-debian_ver=$(sed 's/\..*//' /etc/debian_version)
+debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
 if [ "$debian_ver" = "8" ]; then
   exiterr "Debian 8 is not supported."
 fi
@@ -69,7 +80,7 @@ if [ "$debian_ver" = "10" ] && [ ! -e /dev/ppp ]; then
 fi
 
 if [ -f /proc/user_beancounters ]; then
-  exiterr "OpenVZ VPS is not supported. Try OpenVPN: github.com/Nyr/openvpn-install"
+  exiterr "OpenVZ VPS is not supported."
 fi
 
 if [ "$(id -u)" != 0 ]; then
@@ -190,6 +201,11 @@ SWAN_VER=4.1
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
+swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanver?ver=$SWAN_VER"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
+  swan_ver_latest=$SWAN_VER
+fi
 if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
   exit 1
 fi
@@ -524,6 +540,15 @@ IKEv2 guide:       https://git.io/ikev2
 
 EOF
 
+if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
+cat <<EOF
+Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade:
+  wget https://git.io/vpnupgrade -O vpnupgrade.sh
+  sudo sh vpnupgrade.sh
+
+EOF
+fi
+
 }
 
 ## Defer setup until we have the complete script

vpnsetup_amzn.sh

@@ -158,6 +158,11 @@ SWAN_VER=4.1
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
+swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?ver=$SWAN_VER"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
+  swan_ver_latest=$SWAN_VER
+fi
 if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
   exit 1
 fi
@@ -449,6 +454,15 @@ IKEv2 guide:       https://git.io/ikev2
 
 EOF
 
+if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
+cat <<EOF
+Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade:
+  wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh
+  sudo sh vpnupgrade.sh
+
+EOF
+fi
+
 }
 
 ## Defer setup until we have the complete script

vpnsetup_centos.sh

@@ -56,7 +56,7 @@ if ! grep -qs -e "release 7" -e "release 8" /etc/redhat-release; then
 fi
 
 if [ -f /proc/user_beancounters ]; then
-  exiterr "OpenVZ VPS is not supported. Try OpenVPN: github.com/Nyr/openvpn-install"
+  exiterr "OpenVZ VPS is not supported."
 fi
 
 if [ "$(id -u)" != 0 ]; then
@@ -155,14 +155,19 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
 
 yum "$REPO1" -y install xl2tpd || exiterr2
 
+os_type=centos
+if grep -qs "Red Hat" /etc/redhat-release; then
+  os_type=rhel
+  REPO4='--enablerepo=codeready-builder-for-rhel-8-*'
+fi
+
 use_nft=0
 if grep -qs "release 7" /etc/redhat-release; then
+  os_ver=7
   yum -y install systemd-devel iptables-services || exiterr2
   yum "$REPO2" "$REPO3" -y install libevent-devel fipscheck-devel || exiterr2
 else
-  if grep -qs "Red Hat" /etc/redhat-release; then
+  os_ver=8
-    REPO4='--enablerepo=codeready-builder-for-rhel-8-*'
-  fi
   yum "$REPO4" -y install systemd-devel libevent-devel fipscheck-devel || exiterr2
   if systemctl is-active --quiet firewalld.service \
     || grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf; then
@@ -183,6 +188,11 @@ SWAN_VER=4.1
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
+swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?ver=$SWAN_VER"
+swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
+if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
+  swan_ver_latest=$SWAN_VER
+fi
 if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then
   exit 1
 fi
@@ -511,6 +521,15 @@ IKEv2 guide:       https://git.io/ikev2
 
 EOF
 
+if [ "$SWAN_VER" != "$swan_ver_latest" ]; then
+cat <<EOF
+Note: A newer version of Libreswan ($swan_ver_latest) is available. To upgrade:
+  wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
+  sudo sh vpnupgrade.sh
+
+EOF
+fi
+
 }
 
 ## Defer setup until we have the complete script