1
0
mirror of synced 2024-12-02 01:26:03 +03:00
This commit is contained in:
hwdsl2 2020-05-14 22:41:13 -05:00
parent d44b09d577
commit f38e2ea4f2
6 changed files with 49 additions and 31 deletions

View File

@ -84,7 +84,7 @@ Write these down. You'll need them to connect!
EOF EOF
printf "Do you wish to continue? [y/N] " printf "Do you want to continue? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
@ -93,9 +93,7 @@ case $response in
echo echo
;; ;;
*) *)
echo echo "Abort. No changes were made."
echo "Aborting. No changes were made."
echo
exit 1 exit 1
;; ;;
esac esac

View File

@ -63,7 +63,6 @@ if [ "$(grep -c "^\"$VPN_USER\" " /etc/ppp/chap-secrets)" = "0" ] \
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Error: The specified VPN user does not exist in /etc/ppp/chap-secrets Error: The specified VPN user does not exist in /etc/ppp/chap-secrets
and/or /etc/ipsec.d/passwd. and/or /etc/ipsec.d/passwd.
Aborting. No changes were made.
EOF EOF
exit 1 exit 1
fi fi
@ -73,7 +72,6 @@ if [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ppp/chap-secrets)" = "1" ] \
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Error: Cannot delete the only VPN user from /etc/ppp/chap-secrets Error: Cannot delete the only VPN user from /etc/ppp/chap-secrets
and/or /etc/ipsec.d/passwd. and/or /etc/ipsec.d/passwd.
Aborting. No changes were made.
EOF EOF
exit 1 exit 1
fi fi
@ -97,7 +95,7 @@ Username: $VPN_USER
EOF EOF
printf "Do you wish to continue? [y/N] " printf "Do you want to continue? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
@ -106,9 +104,7 @@ case $response in
echo echo
;; ;;
*) *)
echo echo "Abort. No changes were made."
echo "Aborting. No changes were made."
echo
exit 1 exit 1
;; ;;
esac esac

View File

@ -70,8 +70,8 @@ EOF
exit 1 exit 1
fi fi
command -v certutil >/dev/null 2>&1 || { echo >&2 "Error: Command 'certutil' not found. Aborting."; exit 1; } command -v certutil >/dev/null 2>&1 || { echo >&2 "Error: Command 'certutil' not found. Abort."; exit 1; }
command -v pk12util >/dev/null 2>&1 || { echo >&2 "Error: Command 'pk12util' not found. Aborting."; exit 1; } command -v pk12util >/dev/null 2>&1 || { echo >&2 "Error: Command 'pk12util' not found. Abort."; exit 1; }
clear clear
@ -85,7 +85,7 @@ You can use the default options and just press enter if you are OK with them.
EOF EOF
echo "Do you want IKEv2 VPN clients to connect to this server using a DNS name," echo "Do you want IKEv2 VPN clients to connect to this server using a DNS name,"
printf "e.g. vpn.example.com, instead of its IP address [y/N]? " printf "e.g. vpn.example.com, instead of its IP address? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
@ -108,11 +108,11 @@ if [ "$use_dns_name" = "1" ]; then
else else
public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short)
[ -z "$public_ip" ] && public_ip=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com) [ -z "$public_ip" ] && public_ip=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com)
read -rp "Enter the IPv4 address of this VPN server [$public_ip]: " server_addr read -rp "Enter the IPv4 address of this VPN server: [$public_ip] " server_addr
[ -z "$server_addr" ] && server_addr="$public_ip" [ -z "$server_addr" ] && server_addr="$public_ip"
until check_ip "$server_addr"; do until check_ip "$server_addr"; do
echo "Invalid IP address." echo "Invalid IP address."
read -rp "Enter the IPv4 address of this VPN server [$public_ip]: " server_addr read -rp "Enter the IPv4 address of this VPN server: [$public_ip] " server_addr
[ -z "$server_addr" ] && server_addr="$public_ip" [ -z "$server_addr" ] && server_addr="$public_ip"
done done
fi fi
@ -141,7 +141,7 @@ fi
mobike_enable=0 mobike_enable=0
if [ "$mobike_support" = "1" ]; then if [ "$mobike_support" = "1" ]; then
echo echo
printf "Do you want to enable MOBIKE support [Y/n]? " printf "Do you want to enable MOBIKE support? [Y/n] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]|'') [yY][eE][sS]|[yY]|'')
@ -153,15 +153,38 @@ if [ "$mobike_support" = "1" ]; then
esac esac
fi fi
echo cat <<EOF
printf "We are ready to set up IKEv2 now. Continue [y/N]? "
Below are the IKEv2 setup options you selected.
Please double check before continuing!
================================================
VPN server address: $server_addr
EOF
if [ "$mobike_support" = "1" ]; then
if [ "$mobike_enable" = "1" ]; then
echo "Enable MOBIKE support: Yes"
else
echo "Enable MOBIKE support: No"
fi
fi
cat <<'EOF'
================================================
EOF
printf "We are ready to set up IKEv2 now. Do you want to continue? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
echo echo
;; ;;
*) *)
echo "Aborting. Your configuration was not changed." echo "Abort. No changes were made."
exit 1 exit 1
;; ;;
esac esac
@ -281,14 +304,17 @@ pk12util -o "vpnclient-$SYS_DT.p12" -n "vpnclient" -d sql:/etc/ipsec.d
bigecho "Restarting IPsec service..." bigecho "Restarting IPsec service..."
mkdir -p /run/pluto
service ipsec restart service ipsec restart
cat <<EOF cat <<EOF
================================================= =================================================
IKEv2 VPN setup is now complete! IKEv2 VPN setup is now complete!
Files exported to the current folder: Files exported to the current folder:
vpnclient-$SYS_DT.p12 vpnclient-$SYS_DT.p12
vpnca-$SYS_DT.cer (for iOS clients) vpnca-$SYS_DT.cer (for iOS clients)

View File

@ -123,7 +123,7 @@ Write these down. You'll need them to connect!
EOF EOF
printf "Do you wish to continue? [y/N] " printf "Do you want to continue? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
@ -132,9 +132,7 @@ case $response in
echo echo
;; ;;
*) *)
echo echo "Abort. No changes were made."
echo "Aborting. No changes were made."
echo
exit 1 exit 1
;; ;;
esac esac

View File

@ -89,14 +89,14 @@ if printf '%s' "$ipsec_ver" | grep -qF "$SWAN_VER"; then
echo "You already have Libreswan version $SWAN_VER installed! " echo "You already have Libreswan version $SWAN_VER installed! "
echo "If you continue, the same version will be re-installed." echo "If you continue, the same version will be re-installed."
echo echo
printf "Do you wish to continue anyway? [y/N] " printf "Do you want to continue anyway? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
echo echo
;; ;;
*) *)
echo "Aborting." echo "Abort. No changes were made."
exit 1 exit 1
;; ;;
esac esac
@ -170,7 +170,7 @@ EOF
;; ;;
esac esac
printf "Do you wish to continue? [y/N] " printf "Do you want to continue? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
@ -179,7 +179,7 @@ case $response in
echo echo
;; ;;
*) *)
echo "Aborting." echo "Abort. No changes were made."
exit 1 exit 1
;; ;;
esac esac

View File

@ -80,14 +80,14 @@ if printf '%s' "$ipsec_ver" | grep -qF "$SWAN_VER"; then
echo "You already have Libreswan version $SWAN_VER installed! " echo "You already have Libreswan version $SWAN_VER installed! "
echo "If you continue, the same version will be re-installed." echo "If you continue, the same version will be re-installed."
echo echo
printf "Do you wish to continue anyway? [y/N] " printf "Do you want to continue anyway? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
echo echo
;; ;;
*) *)
echo "Aborting." echo "Abort. No changes were made."
exit 1 exit 1
;; ;;
esac esac
@ -161,7 +161,7 @@ EOF
;; ;;
esac esac
printf "Do you wish to continue? [y/N] " printf "Do you want to continue? [y/N] "
read -r response read -r response
case $response in case $response in
[yY][eE][sS]|[yY]) [yY][eE][sS]|[yY])
@ -170,7 +170,7 @@ case $response in
echo echo
;; ;;
*) *)
echo "Aborting." echo "Abort. No changes were made."
exit 1 exit 1
;; ;;
esac esac