mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2025-02-16 20:13:19 +03:00
Code Issues Projects Releases Wiki Activity

Cleanup

Browse Source 
- Remove Debian 8 from VPN upgrade script, which is EOL on 06/30/2020
- Include OS arch when checking Libreswan version
- Other minor improvements
This commit is contained in:
hwdsl2 2021-01-02 14:25:50 -06:00
parent 753bf5a387
commit de7a529c6c
6 changed files with 42 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
extras/vpnupgrade.sh
View File

@ -26,6 +26,7 @@ exiterr2() { exiterr "'apt-get install' failed."; }
vpnupgrade() {
os_type=$(lsb_release -si 2>/dev/null)
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in
*[Uu]buntu*)
@ -44,6 +45,11 @@ case $os_type in
;;
esac
debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
if [ "$debian_ver" = "8" ] || [ "$debian_ver" = "jessiesid" ]; then
exiterr "Debian 8 or Ubuntu < 16.04 is not supported."
fi
if [ -f /proc/user_beancounters ]; then
exiterr "OpenVZ VPS is not supported."
fi
@ -78,8 +84,7 @@ EOF
fi
swan_ver_cur=4.1
debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanverupg?ver=$swan_ver_cur"
swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$swan_ver_cur
@ -142,16 +147,6 @@ NOTE: This script will make the following changes to your IPsec config:
EOF
debian_ver=$(sed 's/\..*//' /etc/debian_version)
if [ "$debian_ver" = "8" ]; then
cat <<'EOF'
WARNING: Debian 8 (Jessie) has reached its end-of-life on June 30, 2020.
Users should upgrade to a newer Debian version.
See: https://www.debian.org/News/2020/20200709
EOF
fi
case $SWAN_VER in
3.2[679]|3.3[12])
cat <<'EOF'
@ -213,7 +208,7 @@ cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w
USE_DNSSEC=false
EOF
if [ "$SWAN_VER" != "4.1" ] || [ "$debian_ver" = "8" ] || ! grep -qs 'VERSION_CODENAME=' /etc/os-release; then
if [ "$SWAN_VER" != "4.1" ] || ! grep -qs 'VERSION_CODENAME=' /etc/os-release; then
cat >> Makefile.inc.local <<'EOF'
USE_DH31=false
USE_NSS_AVA_COPY=true

3
extras/vpnupgrade_amzn.sh
View File

@ -25,6 +25,7 @@ exiterr2() { exiterr "'yum install' failed."; }
vpnupgrade() {
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if ! grep -qs "Amazon Linux release 2" /etc/system-release; then
echo "Error: This script only supports Amazon Linux 2." >&2
echo "For Ubuntu/Debian, use https://git.io/vpnupgrade" >&2
@ -62,7 +63,7 @@ EOF
fi
swan_ver_cur=4.1
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?ver=$swan_ver_cur"
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$swan_ver_cur

30
extras/vpnupgrade_centos.sh
View File

@ -25,12 +25,22 @@ exiterr2() { exiterr "'yum install' failed."; }
vpnupgrade() {
if ! grep -qs -e "release 7" -e "release 8" /etc/redhat-release; then
if grep -qs "release 7" /etc/redhat-release; then
os_ver=7
elif grep -qs "release 8" /etc/redhat-release; then
os_ver=8
else
echo "Error: This script only supports CentOS/RHEL 7 and 8." >&2
echo "For Ubuntu/Debian, use https://git.io/vpnupgrade" >&2
exit 1
fi
os_type=centos
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if grep -qs "Red Hat" /etc/redhat-release; then
os_type=rhel
fi
if [ -f /proc/user_beancounters ]; then
exiterr "OpenVZ VPS is not supported."
fi
@ -64,18 +74,8 @@ EOF
exit 1
fi
os_type=centos
if grep -qs "Red Hat" /etc/redhat-release; then
os_type=rhel
fi
if grep -qs "release 7" /etc/redhat-release; then
os_ver=7
else
os_ver=8
fi
swan_ver_cur=4.1
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?ver=$swan_ver_cur"
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$swan_ver_cur
@ -179,14 +179,12 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
REPO1='--enablerepo=*server-*optional*'
REPO2='--enablerepo=*releases-optional*'
REPO3='--enablerepo=[Pp]ower[Tt]ools'
[ "$os_type" = "rhel" ] && REPO3='--enablerepo=codeready-builder-for-rhel-8-*'
if grep -qs "release 7" /etc/redhat-release; then
if [ "$os_ver" = "7" ]; then
yum -y install systemd-devel || exiterr2
yum "$REPO1" "$REPO2" -y install libevent-devel fipscheck-devel || exiterr2
else
if grep -qs "Red Hat" /etc/redhat-release; then
REPO3='--enablerepo=codeready-builder-for-rhel-8-*'
fi
yum "$REPO3" -y install systemd-devel libevent-devel fipscheck-devel || exiterr2
fi

3
vpnsetup.sh
View File

@ -49,6 +49,7 @@ check_ip() {
vpnsetup() {
os_type=$(lsb_release -si 2>/dev/null)
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in
*[Uu]buntu*)
@ -197,7 +198,7 @@ SWAN_VER=4.1
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanver?ver=$SWAN_VER"
swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$SWAN_VER

3
vpnsetup_amzn.sh
View File

@ -47,6 +47,7 @@ check_ip() {
vpnsetup() {
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if ! grep -qs "Amazon Linux release 2" /etc/system-release; then
echo "Error: This script only supports Amazon Linux 2." >&2
echo "For Ubuntu/Debian, use https://git.io/vpnsetup" >&2
@ -158,7 +159,7 @@ SWAN_VER=4.1
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?ver=$SWAN_VER"
swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$SWAN_VER

25
vpnsetup_centos.sh
View File

@ -48,12 +48,22 @@ check_ip() {
vpnsetup() {
if ! grep -qs -e "release 7" -e "release 8" /etc/redhat-release; then
if grep -qs "release 7" /etc/redhat-release; then
os_ver=7
elif grep -qs "release 8" /etc/redhat-release; then
os_ver=8
else
echo "Error: This script only supports CentOS/RHEL 7 and 8." >&2
echo "For Ubuntu/Debian, use https://git.io/vpnsetup" >&2
exit 1
fi
os_type=centos
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if grep -qs "Red Hat" /etc/redhat-release; then
os_type=rhel
fi
if [ -f /proc/user_beancounters ]; then
exiterr "OpenVZ VPS is not supported."
fi
@ -147,6 +157,7 @@ REPO1='--enablerepo=epel'
REPO2='--enablerepo=*server-*optional*'
REPO3='--enablerepo=*releases-optional*'
REPO4='--enablerepo=[Pp]ower[Tt]ools'
[ "$os_type" = "rhel" ] && REPO4='--enablerepo=codeready-builder-for-rhel-8-*'
yum -y install nss-devel nspr-devel pkgconfig pam-devel \
libcap-ng-devel libselinux-devel curl-devel nss-tools \
@ -154,19 +165,11 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
yum "$REPO1" -y install xl2tpd || exiterr2
os_type=centos
if grep -qs "Red Hat" /etc/redhat-release; then
os_type=rhel
REPO4='--enablerepo=codeready-builder-for-rhel-8-*'
fi
use_nft=0
if grep -qs "release 7" /etc/redhat-release; then
os_ver=7
if [ "$os_ver" = "7" ]; then
yum -y install systemd-devel iptables-services || exiterr2
yum "$REPO2" "$REPO3" -y install libevent-devel fipscheck-devel || exiterr2
else
os_ver=8
yum "$REPO4" -y install systemd-devel libevent-devel fipscheck-devel || exiterr2
if systemctl is-active --quiet firewalld.service \
|| grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf; then
@ -187,7 +190,7 @@ SWAN_VER=4.1
swan_file="libreswan-$SWAN_VER.tar.gz"
swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
swan_url2="https://download.libreswan.org/$swan_file"
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?ver=$SWAN_VER"
swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url")
if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then
swan_ver_latest=$SWAN_VER