Improve VPN config

- Increase auto-generated IPsec PSK length to 20 characters - Add a note to README
2024-11-22 04:56:03 +03:00 · 2018-10-27 15:22:53 -05:00 · 2018-10-27 15:22:53 -05:00 · e8723245f0
commit e8723245f0
parent 732ad1e941
4 changed files with 6 additions and 2 deletions
--- a/README-zh.md
+++ b/README-zh.md
@ -102,6 +102,8 @@ nano -w vpnsetup.sh
 sudo sh vpnsetup.sh
 ```

+**注：** 不要在值中使用这些字符： `\ " '`。一个安全的 IPsec PSK 应该至少包含 20 个随机字符。
+
 **选项 3:** 将你自己的 VPN 登录凭证定义为环境变量：

 ```bash
--- a/README.md
+++ b/README.md
@ -102,6 +102,8 @@ nano -w vpnsetup.sh
 sudo sh vpnsetup.sh
 ```

+**Note:** DO NOT use these special characters within values: `\ " '`. A secure IPsec PSK should consist of at least 20 random characters.
+
 **Option 3:** Define your VPN credentials as environment variables:

 ```bash
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@ -103,7 +103,7 @@ fi

 if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
  bigecho "VPN credentials not set by user. Generating random PSK and password..."
-  VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
+  VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 20)"
  VPN_USER=vpnuser
  VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
 fi
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -92,7 +92,7 @@ fi

 if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
  bigecho "VPN credentials not set by user. Generating random PSK and password..."
-  VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
+  VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 20)"
  VPN_USER=vpnuser
  VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
 fi