Improve RPi workaround

- Newer Raspbian kernels now support SHA512
2025-02-16 20:13:19 +03:00 · 2020-04-26 00:32:54 -05:00 · 2020-04-26 00:32:54 -05:00 · dbb3c6b436
commit dbb3c6b436
parent c251d6d6ea
2 changed files with 6 additions and 2 deletions
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@ -245,7 +245,9 @@ IKE_NEW="  ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1
 PHASE2_NEW="  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2"

 if uname -m | grep -qi '^arm'; then
-  PHASE2_NEW="  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2"
+  if ! modprobe -q sha512; then
+    PHASE2_NEW="  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2"
+  fi
 fi

 sed -i".old-$(date +%F-%T)" \
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@ -272,7 +272,9 @@ conn xauth-psk
 EOF

 if uname -m | grep -qi '^arm'; then
-  sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
+  if ! modprobe -q sha512; then
+    sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
+  fi
 fi

 # Specify IPsec PSK