1
0
mirror of synced 2024-11-25 22:36:04 +03:00

Improve VPN config

- Increase auto-generated IPsec PSK length to 20 characters
- Add a note to README
This commit is contained in:
hwdsl2 2018-10-27 15:22:53 -05:00
parent 732ad1e941
commit e8723245f0
4 changed files with 6 additions and 2 deletions

View File

@ -102,6 +102,8 @@ nano -w vpnsetup.sh
sudo sh vpnsetup.sh sudo sh vpnsetup.sh
``` ```
**注:** 不要在值中使用这些字符: `\ " '`。一个安全的 IPsec PSK 应该至少包含 20 个随机字符。
**选项 3:** 将你自己的 VPN 登录凭证定义为环境变量: **选项 3:** 将你自己的 VPN 登录凭证定义为环境变量:
```bash ```bash

View File

@ -102,6 +102,8 @@ nano -w vpnsetup.sh
sudo sh vpnsetup.sh sudo sh vpnsetup.sh
``` ```
**Note:** DO NOT use these special characters within values: `\ " '`. A secure IPsec PSK should consist of at least 20 random characters.
**Option 3:** Define your VPN credentials as environment variables: **Option 3:** Define your VPN credentials as environment variables:
```bash ```bash

View File

@ -103,7 +103,7 @@ fi
if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
bigecho "VPN credentials not set by user. Generating random PSK and password..." bigecho "VPN credentials not set by user. Generating random PSK and password..."
VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)" VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 20)"
VPN_USER=vpnuser VPN_USER=vpnuser
VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)" VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
fi fi

View File

@ -92,7 +92,7 @@ fi
if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
bigecho "VPN credentials not set by user. Generating random PSK and password..." bigecho "VPN credentials not set by user. Generating random PSK and password..."
VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)" VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 20)"
VPN_USER=vpnuser VPN_USER=vpnuser
VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)" VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
fi fi