Improve error output and clean up

- Output all error messages to STDERR
- Minor improvements and clean up

extras/vpnsetup-debian-7-workaround.sh

@@ -1,14 +1,13 @@
 #!/bin/sh
 #
 # Debian 7 (Wheezy) does NOT have the required libnss version (>= 3.16) for Libreswan.
-# This script provides a workaround by installing newer packages from download.libreswan.org.
-# Debian 7 users: Run this script first, before using my VPN setup script (vpnsetup.sh).
+# This script provides a workaround by installing unofficial packages from download.libreswan.org.
+# Debian 7 users: Run this script first, before using the VPN setup script.
 #
-# IMPORTANT NOTE:
-# These newer packages may not have the latest security updates compared to official Debian packages.
-# They could contain unpatched security vulnerabilities. Use them at your own risk!
+# IMPORTANT: These unofficial packages do not receive the latest security updates compared to
+# official Debian packages. They could contain unpatched vulnerabilities. Use at your own risk!
 #
-# Copyright (C) 2015 Lin Song
+# Copyright (C) 2015-2016 Lin Song <linsongui@gmail.com>
 #
 # This program is free software: you can redistribute it and/or modify it under
 # the terms of the GNU General Public License as published by the Free Software
@@ -21,57 +20,59 @@
 # You should have received a copy of the GNU General Public License along with
 # this program. If not, see http://www.gnu.org/licenses/.
 
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+echoerr() { echo "$@" 1>&2; }
+
 if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" != "7" ]; then
-  echo "This script only supports Debian 7 (Wheezy)."
+  echoerr "This script only supports Debian 7 (Wheezy)."
   exit 1
 fi
 
 if [ "$(uname -m)" != "x86_64" ]; then
-  echo "This script only supports 64-bit Debian 7."
+  echoerr "This script only supports 64-bit Debian 7."
   exit 1
 fi
 
 if [ "$(id -u)" != 0 ]; then
-  echo "Script must be run as root. Try 'sudo sh $0'"
+  echoerr "Script must be run as root. Try 'sudo sh $0'"
   exit 1
 fi
 
 # Create and change to working dir
 mkdir -p /opt/src
-cd /opt/src || { echo "Failed to change directory to /opt/src. Aborting."; exit 1; }
+cd /opt/src || exit 1
 
 # Update package index and install wget
 export DEBIAN_FRONTEND=noninteractive
-apt-get -y update
-apt-get -y install wget
+apt-get -yq update
+apt-get -yq install wget
 
-# Install newer libnss/libnspr packages from download.libreswan.org.
+# Install libnss/libnspr packages from download.libreswan.org.
 # Ref: https://libreswan.org/wiki/3.14_on_Debian_Wheezy
 base_url=https://download.libreswan.org/binaries/debian/wheezy
 
-FILE1=libnspr4_4.10.7-1_amd64.deb
-FILE2=libnspr4-dev_4.10.7-1_amd64.deb
-FILE3=libnss3_3.17.2-1.1_amd64.deb
-FILE4=libnss3-dev_3.17.2-1.1_amd64.deb
-FILE5=libnss3-tools_3.17.2-1.1_amd64.deb
+deb1=libnspr4_4.10.7-1_amd64.deb
+deb2=libnspr4-dev_4.10.7-1_amd64.deb
+deb3=libnss3_3.17.2-1.1_amd64.deb
+deb4=libnss3-dev_3.17.2-1.1_amd64.deb
+deb5=libnss3-tools_3.17.2-1.1_amd64.deb
 
-wget -t 3 -T 30 -nv -O $FILE1 $base_url/$FILE1
-wget -t 3 -T 30 -nv -O $FILE2 $base_url/$FILE2
-wget -t 3 -T 30 -nv -O $FILE3 $base_url/$FILE3
-wget -t 3 -T 30 -nv -O $FILE4 $base_url/$FILE4
-wget -t 3 -T 30 -nv -O $FILE5 $base_url/$FILE5
+wget -t 3 -T 30 -nv -O "$deb1" "$base_url/$deb1"
+wget -t 3 -T 30 -nv -O "$deb2" "$base_url/$deb2"
+wget -t 3 -T 30 -nv -O "$deb3" "$base_url/$deb3"
+wget -t 3 -T 30 -nv -O "$deb4" "$base_url/$deb4"
+wget -t 3 -T 30 -nv -O "$deb5" "$base_url/$deb5"
 
-if [ -s $FILE1 ] && [ -s $FILE2 ] && [ -s $FILE3 ] && [ -s $FILE4 ] && [ -s $FILE5 ]; then
-  dpkg -i $FILE1 $FILE2 $FILE3 $FILE4 $FILE5 && /bin/rm -f $FILE1 $FILE2 $FILE3 $FILE4 $FILE5
+if [ -s "$deb1" ] && [ -s "$deb2" ] && [ -s "$deb3" ] && [ -s "$deb4" ] && [ -s "$deb5" ]; then
+  dpkg -i "$deb1" "$deb2" "$deb3" "$deb4" "$deb5" && /bin/rm -f "$deb1" "$deb2" "$deb3" "$deb4" "$deb5"
   apt-get install -f
   echo
-  echo 'Completed! If no error occurred in the output above, you may now proceed to run vpnsetup.sh.'
-  echo
+  echo 'Completed! If no error, you may now proceed to run the VPN setup script.'
   exit 0
 else
-  echo
-  echo 'Could not retrieve libnss/libnspr package(s) from download.libreswan.org. Aborting.'
-  echo
-  /bin/rm -f $FILE1 $FILE2 $FILE3 $FILE4 $FILE5
+  echoerr
+  echoerr 'Could not download libnss/libnspr package(s). Aborting.'
+  /bin/rm -f "$deb1" "$deb2" "$deb3" "$deb4" "$deb5"
   exit 1
 fi

extras/vpnupgrade_Libreswan.sh

@@ -2,7 +2,7 @@
 #
 # Script to upgrade Libreswan on Ubuntu and Debian
 #
-# Copyright (C) 2016 Lin Song
+# Copyright (C) 2016 Lin Song <linsongui@gmail.com>
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
@@ -10,38 +10,41 @@
 # Attribution required: please include my name in any derivative and let me
 # know how you have improved it!
 
-# Check https://libreswan.org and update version number if necessary
-swan_ver=3.17
+# Check https://libreswan.org for the latest version
+SWAN_VER=3.17
 
 ### Do not edit below this line
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
+echoerr() { echo "$@" 1>&2; }
+
 os_type="$(lsb_release -si 2>/dev/null)"
 if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
-  echo "This script only supports Ubuntu/Debian."
+  echoerr "This script only supports Ubuntu/Debian."
   exit 1
 fi
 
 if [ -f /proc/user_beancounters ]; then
-  echo "This script does NOT support OpenVZ VPS."
+  echoerr "This script does not support OpenVZ VPS."
   exit 1
 fi
 
 if [ "$(id -u)" != 0 ]; then
-  echo "Script must be run as root. Try 'sudo sh $0'"
+  echoerr "Script must be run as root. Try 'sudo sh $0'"
   exit 1
 fi
 
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
 if [ "$?" != "0" ]; then
-  echo "This upgrade script requires Libreswan already installed."
+  echoerr "This upgrade script requires Libreswan already installed."
   exit 1
 fi
 
-/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
+/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER"
 if [ "$?" = "0" ]; then
-  echo "You already have Libreswan version $swan_ver installed! "
+  echo "You already have Libreswan version $SWAN_VER installed! "
+  echo "If you continue, the same version will be re-installed."
   echo
   printf "Do you wish to continue anyway? [y/N] "
   read -r response
@@ -59,7 +62,7 @@ fi
 clear
 
 cat <<EOF
-Welcome! This script will build and install Libreswan $swan_ver on your server.
+Welcome! This script will build and install Libreswan $SWAN_VER on your server.
 Additional packages required for Libreswan compilation will also be installed.
 
 This is intended for use on servers running an older version of Libreswan.
@@ -107,31 +110,28 @@ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
 apt-get -yq --no-install-recommends install xmlto
 
 # Compile and install Libreswan
-swan_file="libreswan-${swan_ver}.tar.gz"
+swan_file="libreswan-${SWAN_VER}.tar.gz"
 swan_url1="https://download.libreswan.org/$swan_file"
-swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
+swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz"
 wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
-[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
-/bin/rm -rf "/opt/src/libreswan-$swan_ver"
+[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
+/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
 tar xzf "$swan_file" && /bin/rm -f "$swan_file"
-cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
-# Workaround for Libreswan compile issues
-cat > Makefile.inc.local <<EOF
-WERROR_CFLAGS =
-EOF
+cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
+echo "WERROR_CFLAGS =" > Makefile.inc.local
 make -s programs && make -s install
 
 # Verify the install and clean up
 cd /opt/src || exit 1
-/bin/rm -rf "/opt/src/libreswan-$swan_ver"
-/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
-[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
+/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
+/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
+[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
 
 # Restart IPsec service
 service ipsec restart
 
 echo
-echo "Libreswan $swan_ver was installed successfully! "
+echo "Libreswan $SWAN_VER was installed successfully! "
 echo
 
 exit 0

extras/vpnupgrade_Libreswan_centos.sh

@@ -2,7 +2,7 @@
 #
 # Script to upgrade Libreswan on CentOS and RHEL
 #
-# Copyright (C) 2016 Lin Song
+# Copyright (C) 2016 Lin Song <linsongui@gmail.com>
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
@@ -10,42 +10,45 @@
 # Attribution required: please include my name in any derivative and let me
 # know how you have improved it!
 
-# Check https://libreswan.org and update version number if necessary
-swan_ver=3.17
+# Check https://libreswan.org for the latest version
+SWAN_VER=3.17
 
 ### Do not edit below this line
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
+echoerr() { echo "$@" 1>&2; }
+
 if [ ! -f /etc/redhat-release ]; then
-  echo "This script only supports CentOS/RHEL."
+  echoerr "This script only supports CentOS/RHEL."
   exit 1
 fi
 
 if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
-  echo "This script only supports CentOS/RHEL 6 and 7."
+  echoerr "This script only supports CentOS/RHEL 6 and 7."
   exit 1
 fi
 
 if [ -f /proc/user_beancounters ]; then
-  echo "This script does NOT support OpenVZ VPS."
+  echoerr "This script does not support OpenVZ VPS."
   exit 1
 fi
 
 if [ "$(id -u)" != 0 ]; then
-  echo "Script must be run as root. Try 'sudo sh $0'"
+  echoerr "Script must be run as root. Try 'sudo sh $0'"
   exit 1
 fi
 
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
 if [ "$?" != "0" ]; then
-  echo "This upgrade script requires Libreswan already installed."
+  echoerr "This upgrade script requires Libreswan already installed."
   exit 1
 fi
 
-/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
+/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER"
 if [ "$?" = "0" ]; then
-  echo "You already have Libreswan version $swan_ver installed! "
+  echo "You already have Libreswan version $SWAN_VER installed! "
+  echo "If you continue, the same version will be re-installed."
   echo
   printf "Do you wish to continue anyway? [y/N] "
   read -r response
@@ -63,7 +66,7 @@ fi
 clear
 
 cat <<EOF
-Welcome! This script will build and install Libreswan $swan_ver on your server.
+Welcome! This script will build and install Libreswan $SWAN_VER on your server.
 Additional packages required for Libreswan compilation will also be installed.
 
 This is intended for use on servers running an older version of Libreswan.
@@ -95,7 +98,7 @@ yum -y install wget
 # Add the EPEL repository
 yum -y install epel-release
 yum list installed epel-release >/dev/null 2>&1
-[ "$?" != "0" ] && { echo "Cannot add EPEL repository. Aborting."; exit 1; }
+[ "$?" != "0" ] && { echoerr "Cannot add EPEL repository. Aborting."; exit 1; }
 
 # Install necessary packages
 yum -y install nss-devel nspr-devel pkgconfig pam-devel \
@@ -112,25 +115,22 @@ elif grep -qs "release 7" /etc/redhat-release; then
 fi
 
 # Compile and install Libreswan
-swan_file="libreswan-${swan_ver}.tar.gz"
+swan_file="libreswan-${SWAN_VER}.tar.gz"
 swan_url1="https://download.libreswan.org/$swan_file"
-swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
+swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz"
 wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
-[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
-/bin/rm -rf "/opt/src/libreswan-$swan_ver"
+[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
+/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
 tar xzf "$swan_file" && /bin/rm -f "$swan_file"
-cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
-# Workaround for Libreswan compile issues
-cat > Makefile.inc.local <<EOF
-WERROR_CFLAGS =
-EOF
+cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
+echo "WERROR_CFLAGS =" > Makefile.inc.local
 make -s programs && make -s install
 
 # Verify the install and clean up
 cd /opt/src || exit 1
-/bin/rm -rf "/opt/src/libreswan-$swan_ver"
-/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
-[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
+/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
+/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
+[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
 
 # Restore SELinux contexts
 restorecon /etc/ipsec.d/*db 2>/dev/null
@@ -141,7 +141,7 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 service ipsec restart
 
 echo
-echo "Libreswan $swan_ver was installed successfully! "
+echo "Libreswan $SWAN_VER was installed successfully! "
 echo
 
 exit 0

vpnsetup.sh

@@ -6,7 +6,7 @@
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN
 # ON YOUR DEDICATED SERVER OR VPS!
 #
-# Copyright (C) 2014-2016 Lin Song
+# Copyright (C) 2014-2016 Lin Song <linsongui@gmail.com>
 # Based on the work of Thomas Sarlandie (Copyright 2012)
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
@@ -30,32 +30,31 @@ VPN_PASSWORD=${VPN_PASSWORD:-'your_vpn_password'}
 
 # ===========================================================
 
+# Check https://libreswan.org for the latest version
+SWAN_VER=3.17
+
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-if [ "$(uname)" = "Darwin" ]; then
-  echo 'DO NOT run this script on your Mac! It should only be used on a server.'
-  exit 1
-fi
+echoerr() { echo "$@" 1>&2; }
 
 os_type="$(lsb_release -si 2>/dev/null)"
 if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
-  echo "This script only supports Ubuntu/Debian."
+  echoerr "This script only supports Ubuntu/Debian."
   exit 1
 fi
 
 if [ -f /proc/user_beancounters ]; then
-  echo "This script does NOT support OpenVZ VPS."
-  echo "Try alternative: https://github.com/Nyr/openvpn-install"
+  echoerr "This script does not support OpenVZ VPS."
   exit 1
 fi
 
 if [ "$(id -u)" != 0 ]; then
-  echo "Script must be run as root. Try 'sudo sh $0'"
+  echoerr "Script must be run as root. Try 'sudo sh $0'"
   exit 1
 fi
 
 if [ ! -f /sys/class/net/eth0/operstate ]; then
-cat <<'EOF'
+cat 1>&2 <<'EOF'
 Network interface 'eth0' is not available. Aborting.
 
 Run 'cat /proc/net/dev' to find the name of the active network interface,
@@ -75,7 +74,7 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
 fi
 
 if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
-  echo "VPN credentials must be specified. Edit the script and re-enter them."
+  echoerr "VPN credentials must be specified. Edit the script and re-enter them."
   exit 1
 fi
 
@@ -133,11 +132,11 @@ PRIVATE_IP=${VPN_PRIVATE_IP:-''}
 # Check IPs for correct format
 IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
 if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid public IP. Edit the script and manually enter IPs."
+  echoerr "Cannot find valid public IP. Edit the script and manually enter IPs."
   exit 1
 fi
 if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid private IP. Edit the script and manually enter IPs."
+  echoerr "Cannot find valid private IP. Edit the script and manually enter IPs."
   exit 1
 fi
 
@@ -153,26 +152,22 @@ apt-get -yq install xl2tpd
 apt-get -yq install fail2ban
 
 # Compile and install Libreswan
-swan_ver=3.17
-swan_file="libreswan-${swan_ver}.tar.gz"
+swan_file="libreswan-${SWAN_VER}.tar.gz"
 swan_url1="https://download.libreswan.org/$swan_file"
-swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
+swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz"
 wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
-[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
-/bin/rm -rf "/opt/src/libreswan-$swan_ver"
+[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
+/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
 tar xzf "$swan_file" && /bin/rm -f "$swan_file"
-cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
-# Workaround for Libreswan compile issues
-cat > Makefile.inc.local <<EOF
-WERROR_CFLAGS =
-EOF
+cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
+echo "WERROR_CFLAGS =" > Makefile.inc.local
 make -s programs && make -s install
 
 # Verify the install and clean up
 cd /opt/src || exit 1
-/bin/rm -rf "/opt/src/libreswan-$swan_ver"
-/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
-[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
+/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
+/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
+[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
 
 # Create IPsec (Libreswan) config
 sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"

vpnsetup_centos.sh

@@ -6,7 +6,7 @@
 # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN
 # ON YOUR DEDICATED SERVER OR VPS!
 #
-# Copyright (C) 2015-2016 Lin Song
+# Copyright (C) 2015-2016 Lin Song <linsongui@gmail.com>
 # Based on the work of Thomas Sarlandie (Copyright 2012)
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
@@ -30,36 +30,35 @@ VPN_PASSWORD=${VPN_PASSWORD:-'your_vpn_password'}
 
 # ===========================================================
 
+# Check https://libreswan.org for the latest version
+SWAN_VER=3.17
+
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-if [ "$(uname)" = "Darwin" ]; then
-  echo 'DO NOT run this script on your Mac! It should only be used on a server.'
-  exit 1
-fi
+echoerr() { echo "$@" 1>&2; }
 
 if [ ! -f /etc/redhat-release ]; then
-  echo "This script only supports CentOS/RHEL."
+  echoerr "This script only supports CentOS/RHEL."
   exit 1
 fi
 
 if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
-  echo "This script only supports CentOS/RHEL 6 and 7."
+  echoerr "This script only supports CentOS/RHEL 6 and 7."
   exit 1
 fi
 
 if [ -f /proc/user_beancounters ]; then
-  echo "This script does NOT support OpenVZ VPS."
-  echo "Try alternative: https://github.com/Nyr/openvpn-install"
+  echoerr "This script does not support OpenVZ VPS."
   exit 1
 fi
 
 if [ "$(id -u)" != 0 ]; then
-  echo "Script must be run as root. Try 'sudo sh $0'"
+  echoerr "Script must be run as root. Try 'sudo sh $0'"
   exit 1
 fi
 
 if [ ! -f /sys/class/net/eth0/operstate ]; then
-cat <<'EOF'
+cat 1>&2 <<'EOF'
 Network interface 'eth0' is not available. Aborting.
 
 Run 'cat /proc/net/dev' to find the name of the active network interface,
@@ -79,7 +78,7 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
 fi
 
 if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
-  echo "VPN credentials must be specified. Edit the script and re-enter them."
+  echoerr "VPN credentials must be specified. Edit the script and re-enter them."
   exit 1
 fi
 
@@ -121,18 +120,18 @@ PRIVATE_IP=${VPN_PRIVATE_IP:-''}
 # Check IPs for correct format
 IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
 if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid public IP. Edit the script and manually enter IPs."
+  echoerr "Cannot find valid public IP. Edit the script and manually enter IPs."
   exit 1
 fi
 if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid private IP. Edit the script and manually enter IPs."
+  echoerr "Cannot find valid private IP. Edit the script and manually enter IPs."
   exit 1
 fi
 
 # Add the EPEL repository
 yum -y install epel-release
 yum list installed epel-release >/dev/null 2>&1
-[ "$?" != "0" ] && { echo "Cannot add EPEL repository. Aborting."; exit 1; }
+[ "$?" != "0" ] && { echoerr "Cannot add EPEL repository. Aborting."; exit 1; }
 
 # Install necessary packages
 yum -y install nss-devel nspr-devel pkgconfig pam-devel \
@@ -158,26 +157,22 @@ elif grep -qs "release 7" /etc/redhat-release; then
 fi
 
 # Compile and install Libreswan
-swan_ver=3.17
-swan_file="libreswan-${swan_ver}.tar.gz"
+swan_file="libreswan-${SWAN_VER}.tar.gz"
 swan_url1="https://download.libreswan.org/$swan_file"
-swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
+swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz"
 wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
-[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
-/bin/rm -rf "/opt/src/libreswan-$swan_ver"
+[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
+/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
 tar xzf "$swan_file" && /bin/rm -f "$swan_file"
-cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
-# Workaround for Libreswan compile issues
-cat > Makefile.inc.local <<EOF
-WERROR_CFLAGS =
-EOF
+cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
+echo "WERROR_CFLAGS =" > Makefile.inc.local
 make -s programs && make -s install
 
 # Verify the install and clean up
 cd /opt/src || exit 1
-/bin/rm -rf "/opt/src/libreswan-$swan_ver"
-/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
-[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; }
+/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
+/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
+[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
 
 # Create IPsec (Libreswan) config
 sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"