mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-03-03 19:33:16 +03:00
Code Issues Projects Releases Wiki Activity

Improve quick start script

Browse Source 
- The VPN quick start script now supports most of the environment
  variables (such as VPN_DNS_SRV1) that are currently supported by
  vpnsetup.sh and ikev2.sh. This change enables customization by
  advanced users when running the quick start script.
This commit is contained in:
hwdsl2 2022-02-25 23:41:49 -06:00
parent f7c5ecf504
commit d37a2fb811
1 changed files with 88 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
extras/quickstart.sh
View File

@ -17,10 +17,37 @@
# Attribution required: please include my name in any derivative and let me # Attribution required: please include my name in any derivative and let me
# know how you have improved it! # know how you have improved it!
# =====================================================
# Define your own values for these variables
# - IPsec pre-shared key, VPN username and password
# - All values MUST be placed inside 'single quotes'
# - DO NOT use these special characters within values: \ " '
YOUR_IPSEC_PSK=''
YOUR_USERNAME=''
YOUR_PASSWORD=''
# Important notes: https://git.io/vpnnotes
# Setup VPN clients: https://git.io/vpnclients
# IKEv2 guide: https://git.io/ikev2
# =====================================================
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
exiterr() { echo "Error: $1" >&2; exit 1; } exiterr() { echo "Error: $1" >&2; exit 1; }
check_ip() {
IP_REGEX='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX"
}
check_dns_name() {
FQDN_REGEX='^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$'
printf '%s' "$1" | tr -d '\n' | grep -Eq "$FQDN_REGEX"
}
check_root() { check_root() {
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
@ -124,6 +151,53 @@ check_iface() {
fi fi
} }
check_creds() {
[ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK"
[ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME"
[ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD"
if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
return 0
fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi
if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then
exiterr "VPN credentials must not contain non-ASCII characters."
fi
case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
*[\\\"\']*)
exiterr "VPN credentials must not contain these special characters: \\ \" '"
;;
esac
}
check_dns() {
if { [ -n "$VPN_DNS_SRV1" ] && ! check_ip "$VPN_DNS_SRV1"; } \
|| { [ -n "$VPN_DNS_SRV2" ] && ! check_ip "$VPN_DNS_SRV2"; }; then
exiterr "The DNS server specified is invalid."
fi
}
check_server_dns() {
if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then
exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
fi
}
check_client_name() {
if [ -n "$VPN_CLIENT_NAME" ]; then
name_len="$(printf '%s' "$VPN_CLIENT_NAME" | wc -m)"
if [ "$name_len" -gt "64" ] || printf '%s' "$VPN_CLIENT_NAME" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+' \
|| case $VPN_CLIENT_NAME in -*) true;; *) false;; esac; then
exiterr "Invalid client name. Use one word only, no special characters except '-' and '_'."
fi
fi
}
check_iptables() { check_iptables() {
if [ "$os_type" = "ubuntu" ] || [ "$os_type" = "debian" ] || [ "$os_type" = "raspbian" ]; then if [ "$os_type" = "ubuntu" ] || [ "$os_type" = "debian" ] || [ "$os_type" = "raspbian" ]; then
if [ -x /sbin/iptables ] && ! iptables -nL INPUT >/dev/null 2>&1; then if [ -x /sbin/iptables ] && ! iptables -nL INPUT >/dev/null 2>&1; then
@ -192,9 +266,18 @@ run_setup() {
if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url" \ if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url" \
|| curl -fsL "$setup_url" -o "$tmpdir/vpn.sh" 2>/dev/null ); then || curl -fsL "$setup_url" -o "$tmpdir/vpn.sh" 2>/dev/null ); then
if /bin/bash "$tmpdir/vpn.sh"; then if VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" VPN_PASSWORD="$VPN_PASSWORD" \
VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \
VPN_L2TP_LOCAL="$VPN_L2TP_LOCAL" VPN_L2TP_POOL="$VPN_L2TP_POOL" \
VPN_XAUTH_NET="$VPN_XAUTH_NET" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \
VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \
/bin/bash "$tmpdir/vpn.sh"; then
if [ -s /opt/src/ikev2.sh ] && [ ! -f /etc/ipsec.d/ikev2.conf ]; then if [ -s /opt/src/ikev2.sh ] && [ ! -f /etc/ipsec.d/ikev2.conf ]; then
sleep 1 sleep 1
VPN_DNS_NAME="$VPN_DNS_NAME" VPN_PUBLIC_IP="$VPN_PUBLIC_IP" \
VPN_CLIENT_NAME="$VPN_CLIENT_NAME" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \
VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \
VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \
/bin/bash /opt/src/ikev2.sh --auto || status=1 /bin/bash /opt/src/ikev2.sh --auto || status=1
fi fi
else else
@ -217,6 +300,10 @@ quickstart() {
check_lxc check_lxc
check_os check_os
check_iface check_iface
check_creds
check_dns
check_server_dns
check_client_name
check_iptables check_iptables
install_pkgs install_pkgs
get_setup_url get_setup_url