mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-28 23:56:04 +03:00
Code Issues Projects Releases Wiki Activity

Minor improvements and clean up

Browse Source
This commit is contained in:
hwdsl2 2016-06-20 22:35:45 -05:00
parent 990f8cdf24
commit de6f4a45ad
4 changed files with 80 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
extras/vpnupgrade_Libreswan.sh
View File

@ -10,8 +10,8 @@
# Attribution required: please include my name in any derivative and let me # Attribution required: please include my name in any derivative and let me
# know how you have improved it! # know how you have improved it!
# Check https://libreswan.org for the latest version # Check for the latest version at https://libreswan.org and update as necessary
SWAN_VER=3.17 swan_ver=3.17
### Do not edit below this line ### Do not edit below this line
@ -35,15 +35,20 @@ if [ "$(id -u)" != 0 ]; then
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan" if [ -z "$swan_ver" ]; then
if [ "$?" != "0" ]; then echoerr "Libreswan version 'swan_ver' not specified. Aborting."
echoerr "This upgrade script requires Libreswan already installed."
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
if [ "$?" != "0" ]; then
echoerr "This script requires Libreswan already installed. Aborting."
exit 1
fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
echo "You already have Libreswan version $SWAN_VER installed! " echo "You already have Libreswan version $swan_ver installed! "
echo "If you continue, the same version will be re-installed." echo "If you continue, the same version will be re-installed."
echo echo
printf "Do you wish to continue anyway? [y/N] " printf "Do you wish to continue anyway? [y/N] "
@ -62,7 +67,7 @@ fi
clear clear
cat <<EOF cat <<EOF
Welcome! This script will build and install Libreswan $SWAN_VER on your server. Welcome! This script will build and install Libreswan $swan_ver on your server.
Additional packages required for Libreswan compilation will also be installed. Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan. This is intended for use on servers running an older version of Libreswan.
@ -70,10 +75,10 @@ Your existing VPN configuration files will NOT be modified.
EOF EOF
if [ "$(sed 's/\..*//' /etc/debian_version)" = "7" ]; then if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" = "7" ]; then
cat <<'EOF' cat <<'EOF'
IMPORTANT: Workaround required for Debian 7 (Wheezy). IMPORTANT: Workaround required for Debian 7 (Wheezy).
First, run the script at: https://git.io/vpndebian7 You must first run the script at: https://git.io/vpndeb7
Continue only after completing this workaround. Continue only after completing this workaround.
EOF EOF
@ -110,28 +115,28 @@ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
apt-get -yq --no-install-recommends install xmlto apt-get -yq --no-install-recommends install xmlto
# Compile and install Libreswan # Compile and install Libreswan
swan_file="libreswan-${SWAN_VER}.tar.gz" swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
echo "WERROR_CFLAGS =" > Makefile.inc.local echo "WERROR_CFLAGS =" > Makefile.inc.local
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr; echoerr "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
# Restart IPsec service # Restart IPsec service
service ipsec restart service ipsec restart
echo echo
echo "Libreswan $SWAN_VER was installed successfully! " echo "Libreswan $swan_ver was installed successfully! "
echo echo
exit 0 exit 0

37
extras/vpnupgrade_Libreswan_centos.sh
View File

@ -10,8 +10,8 @@
# Attribution required: please include my name in any derivative and let me # Attribution required: please include my name in any derivative and let me
# know how you have improved it! # know how you have improved it!
# Check https://libreswan.org for the latest version # Check for the latest version at https://libreswan.org and update as necessary
SWAN_VER=3.17 swan_ver=3.17
### Do not edit below this line ### Do not edit below this line
@ -39,15 +39,20 @@ if [ "$(id -u)" != 0 ]; then
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan" if [ -z "$swan_ver" ]; then
if [ "$?" != "0" ]; then echoerr "Libreswan version 'swan_ver' not specified. Aborting."
echoerr "This upgrade script requires Libreswan already installed."
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
if [ "$?" != "0" ]; then
echoerr "This script requires Libreswan already installed. Aborting."
exit 1
fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
echo "You already have Libreswan version $SWAN_VER installed! " echo "You already have Libreswan version $swan_ver installed! "
echo "If you continue, the same version will be re-installed." echo "If you continue, the same version will be re-installed."
echo echo
printf "Do you wish to continue anyway? [y/N] " printf "Do you wish to continue anyway? [y/N] "
@ -66,7 +71,7 @@ fi
clear clear
cat <<EOF cat <<EOF
Welcome! This script will build and install Libreswan $SWAN_VER on your server. Welcome! This script will build and install Libreswan $swan_ver on your server.
Additional packages required for Libreswan compilation will also be installed. Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan. This is intended for use on servers running an older version of Libreswan.
@ -115,22 +120,22 @@ elif grep -qs "release 7" /etc/redhat-release; then
fi fi
# Compile and install Libreswan # Compile and install Libreswan
swan_file="libreswan-${SWAN_VER}.tar.gz" swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
echo "WERROR_CFLAGS =" > Makefile.inc.local echo "WERROR_CFLAGS =" > Makefile.inc.local
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr; echoerr "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
# Restore SELinux contexts # Restore SELinux contexts
restorecon /etc/ipsec.d/*db 2>/dev/null restorecon /etc/ipsec.d/*db 2>/dev/null
@ -141,7 +146,7 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
service ipsec restart service ipsec restart
echo echo
echo "Libreswan $SWAN_VER was installed successfully! " echo "Libreswan $swan_ver was installed successfully! "
echo echo
exit 0 exit 0

38
vpnsetup.sh
View File

@ -15,7 +15,7 @@
# Attribution required: please include my name in any derivative and let me # Attribution required: please include my name in any derivative and let me
# know how you have improved it! # know how you have improved it!
# =========================================================== # =====================================================
# Define your own values for these variables # Define your own values for these variables
# - IPsec pre-shared key, VPN username and password # - IPsec pre-shared key, VPN username and password
@ -29,10 +29,7 @@ YOUR_PASSWORD=''
# Important Notes: https://git.io/vpnnotes # Important Notes: https://git.io/vpnnotes
# Setup VPN Clients: https://git.io/vpnclients # Setup VPN Clients: https://git.io/vpnclients
# =========================================================== # =====================================================
# Check https://libreswan.org for the latest version
SWAN_VER=3.17
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@ -59,8 +56,8 @@ if [ -z "$eth0_state" ] || [ "$eth0_state" = "down" ]; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Network interface 'eth0' is not available. Aborting. Network interface 'eth0' is not available. Aborting.
Run 'cat /proc/net/dev' to find the name of the active network interface, Run 'cat /proc/net/dev' to find the active network interface,
then search and replace ALL 'eth0' and 'eth+' in this script with that name. then use it to replace ALL 'eth0' and 'eth+' in this script.
EOF EOF
exit 1 exit 1
fi fi
@ -82,10 +79,10 @@ if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
exit 1 exit 1
fi fi
if [ "$(sed 's/\..*//' /etc/debian_version)" = "7" ]; then if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" = "7" ]; then
cat <<'EOF' cat <<'EOF'
IMPORTANT: Workaround required for Debian 7 (Wheezy). IMPORTANT: Workaround required for Debian 7 (Wheezy).
First, run the script at: https://git.io/vpndebian7 You must first run the script at: https://git.io/vpndeb7
If not already done so, press Ctrl-C to interrupt now. If not already done so, press Ctrl-C to interrupt now.
Pausing for 60 seconds... Pausing for 60 seconds...
@ -94,8 +91,10 @@ EOF
sleep 60 sleep 60
fi fi
echo "VPN setup in progress... Please be patient." cat <<'EOF'
echo VPN setup in progress... Please be patient.
EOF
# Create and change to working dir # Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
@ -156,22 +155,23 @@ apt-get -yq install xl2tpd
apt-get -yq install fail2ban apt-get -yq install fail2ban
# Compile and install Libreswan # Compile and install Libreswan
swan_file="libreswan-${SWAN_VER}.tar.gz" swan_ver=3.17
swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
echo "WERROR_CFLAGS =" > Makefile.inc.local echo "WERROR_CFLAGS =" > Makefile.inc.local
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr; echoerr "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
# Create IPsec (Libreswan) config # Create IPsec (Libreswan) config
sys_dt="$(date +%Y-%m-%d-%H:%M:%S)" sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"
@ -444,7 +444,7 @@ EOF
fi fi
# Reload sysctl.conf # Reload sysctl.conf
sysctl -q -p 2>/dev/null sysctl -e -q -p
# Update file attributes # Update file attributes
chmod +x /etc/rc.local chmod +x /etc/rc.local

34
vpnsetup_centos.sh
View File

@ -15,7 +15,7 @@
# Attribution required: please include my name in any derivative and let me # Attribution required: please include my name in any derivative and let me
# know how you have improved it! # know how you have improved it!
# =========================================================== # =====================================================
# Define your own values for these variables # Define your own values for these variables
# - IPsec pre-shared key, VPN username and password # - IPsec pre-shared key, VPN username and password
@ -29,10 +29,7 @@ YOUR_PASSWORD=''
# Important Notes: https://git.io/vpnnotes # Important Notes: https://git.io/vpnnotes
# Setup VPN Clients: https://git.io/vpnclients # Setup VPN Clients: https://git.io/vpnclients
# =========================================================== # =====================================================
# Check https://libreswan.org for the latest version
SWAN_VER=3.17
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@ -63,8 +60,8 @@ if [ -z "$eth0_state" ] || [ "$eth0_state" = "down" ]; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Network interface 'eth0' is not available. Aborting. Network interface 'eth0' is not available. Aborting.
Run 'cat /proc/net/dev' to find the name of the active network interface, Run 'cat /proc/net/dev' to find the active network interface,
then search and replace ALL 'eth0' and 'eth+' in this script with that name. then use it to replace ALL 'eth0' and 'eth+' in this script.
EOF EOF
exit 1 exit 1
fi fi
@ -86,8 +83,10 @@ if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
exit 1 exit 1
fi fi
echo "VPN setup in progress... Please be patient." cat <<'EOF'
echo VPN setup in progress... Please be patient.
EOF
# Create and change to working dir # Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
@ -161,22 +160,23 @@ elif grep -qs "release 7" /etc/redhat-release; then
fi fi
# Compile and install Libreswan # Compile and install Libreswan
swan_file="libreswan-${SWAN_VER}.tar.gz" swan_ver=3.17
swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
echo "WERROR_CFLAGS =" > Makefile.inc.local echo "WERROR_CFLAGS =" > Makefile.inc.local
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr; echoerr "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
# Create IPsec (Libreswan) config # Create IPsec (Libreswan) config
sys_dt="$(date +%Y-%m-%d-%H:%M:%S)" sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"
@ -448,7 +448,7 @@ restorecon /usr/local/sbin -Rv 2>/dev/null
restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
# Reload sysctl.conf # Reload sysctl.conf
sysctl -q -p 2>/dev/null sysctl -e -q -p
# Update file attributes # Update file attributes
chmod +x /etc/rc.local chmod +x /etc/rc.local