Reduce output verbosity and clean up

2025-02-23 15:33:15 +03:00 · 2016-05-16 22:42:30 -05:00 · 2016-05-16 22:42:30 -05:00 · f38f8a7a36
commit f38f8a7a36
parent 1190f608d4
4 changed files with 74 additions and 77 deletions
--- a/extras/vpnupgrade_Libreswan.sh
+++ b/extras/vpnupgrade_Libreswan.sh
@ -19,7 +19,7 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 os_type="$(lsb_release -si 2>/dev/null)"
 if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
-  echo "This script only supports Ubuntu or Debian systems."
+  echo "This script only supports Ubuntu/Debian."
  exit 1
 fi
@ -92,15 +92,15 @@ cd /opt/src || exit 1
 # Update package index and install Wget
 export DEBIAN_FRONTEND=noninteractive
-apt-get -y update
+apt-get -yqq update
-apt-get -y install wget
+apt-get -yqq install wget
 # Install necessary packages
-apt-get -y install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
+apt-get -yqq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
        libcap-ng-dev libcap-ng-utils libselinux1-dev \
        libcurl4-nss-dev flex bison gcc make \
        libunbound-dev libnss3-tools libevent-dev
-apt-get -y --no-install-recommends install xmlto
+apt-get -yqq --no-install-recommends install xmlto
 # Compile and install Libreswan
 SWAN_FILE="libreswan-${SWAN_VER}.tar.gz"
@ -108,18 +108,18 @@ SWAN_URL="https://download.libreswan.org/$SWAN_FILE"
 wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
 [ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
-tar xvzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
+tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
 cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
 # Workaround for Libreswan compile issues
 cat > Makefile.inc.local <<EOF
 WERROR_CFLAGS =
 EOF
-make programs && make install
+make -s programs && make -s install
 # Restart IPsec service
 service ipsec restart
-# Check if Libreswan install was successful
+# Verify the install
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
 [ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
--- a/extras/vpnupgrade_Libreswan_centos.sh
+++ b/extras/vpnupgrade_Libreswan_centos.sh
@ -18,7 +18,7 @@ SWAN_VER=3.17
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 if [ ! -f /etc/redhat-release ]; then
-  echo "This script only supports CentOS or RHEL systems."
+  echo "This script only supports CentOS/RHEL."
  exit 1
 fi
@ -106,7 +106,7 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
    curl-devel flex bison gcc make \
    fipscheck-devel unbound-devel xmlto
-# Installed Libevent2. Use backported version for CentOS 6.
+# Installed Libevent2
 if grep -qs "release 6" /etc/redhat-release; then
  LE2_URL=https://download.libreswan.org/binaries/rhel/6/x86_64
  RPM1=libevent2-2.0.22-1.el6.x86_64.rpm
@ -126,13 +126,13 @@ SWAN_URL="https://download.libreswan.org/$SWAN_FILE"
 wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
 [ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
-tar xvzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
+tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
 cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
 # Workaround for Libreswan compile issues
 cat > Makefile.inc.local <<EOF
 WERROR_CFLAGS =
 EOF
-make programs && make install
+make -s programs && make -s install
 # Restore SELinux contexts
 restorecon /etc/ipsec.d/*db 2>/dev/null
@ -142,7 +142,7 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 # Restart IPsec service
 service ipsec restart
-# Check if Libreswan install was successful
+# Verify the install
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
 [ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@ -40,13 +40,13 @@ fi
 os_type="$(lsb_release -si 2>/dev/null)"
 if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
-  echo "This script only supports Ubuntu or Debian systems."
+  echo "This script only supports Ubuntu/Debian."
  exit 1
 fi
 if [ -f /proc/user_beancounters ]; then
  echo "This script does NOT support OpenVZ VPS."
-  echo "Try alternative: https://github.com/Nyr/openvpn-install"
+  echo "Try: https://github.com/Nyr/openvpn-install"
  exit 1
 fi
@ -57,6 +57,9 @@ fi
 if [ ! -f /sys/class/net/eth0/operstate ]; then
  echo "Network interface 'eth0' is not available. Aborting."
  echo
  echo "Run 'cat /proc/net/dev' to find the name of the active network interface,"
  echo "then search and replace ALL 'eth0' and 'eth+' in this script with that name."
  exit 1
 fi
@ -67,21 +70,23 @@ if [ -z "$IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
 fi
 if [ -z "$IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
-  echo "VPN credentials cannot be empty. Edit the script and re-enter."
+  echo "VPN credentials cannot be empty. Edit the script and re-enter them."
  exit 1
 fi
 echo "VPN setup in progress... Please be patient."
 # Create and change to working dir
 mkdir -p /opt/src
 cd /opt/src || exit 1
 # Update package index
 export DEBIAN_FRONTEND=noninteractive
-apt-get -y update
+apt-get -yqq update
 # Make sure basic commands exist
-apt-get -y install wget dnsutils openssl
+apt-get -yqq install wget dnsutils openssl
-apt-get -y install iproute gawk grep sed net-tools
+apt-get -yqq install iproute gawk grep sed net-tools
 if [ "$(sed 's/\..*//' /etc/debian_version)" = "7" ]; then
  echo
@ -101,7 +106,7 @@ echo 'use Ctrl-C to interrupt. Then edit it and manually enter IPs.'
 echo
 # In Amazon EC2, these two variables will be retrieved from metadata.
-# For all other servers, replace them with actual IPs (or comment out).
+# For all other servers, replace them with actual IPs or comment out.
 # If your server only has a public IP, put that IP on both lines.
 PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
 PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
@ -109,31 +114,30 @@ PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/la
 # Try to find IPs for non-EC2 servers
 [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com)
 [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com)
 [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://ipecho.net/plain)
 [ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}')
 [ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(ifconfig eth0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
 # Check IPs for correct format
 IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
 if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid public IP. Edit the script and manually enter."
+  echo "Cannot find valid public IP. Edit the script and manually enter IPs."
  exit 1
 fi
 if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid private IP. Edit the script and manually enter."
+  echo "Cannot find valid private IP. Edit the script and manually enter IPs."
  exit 1
 fi
 # Install necessary packages
-apt-get -y install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
+apt-get -yqq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
        libcap-ng-dev libcap-ng-utils libselinux1-dev \
        libcurl4-nss-dev flex bison gcc make \
        libunbound-dev libnss3-tools libevent-dev
-apt-get -y --no-install-recommends install xmlto
+apt-get -yqq --no-install-recommends install xmlto
-apt-get -y install xl2tpd
+apt-get -yqq install xl2tpd
 # Install Fail2Ban to protect SSH
-apt-get -y install fail2ban
+apt-get -yqq install fail2ban
 # Compile and install Libreswan
 SWAN_VER=3.17
@ -142,19 +146,18 @@ SWAN_URL="https://download.libreswan.org/$SWAN_FILE"
 wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
 [ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
-tar xvzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
+tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
 cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
 # Workaround for Libreswan compile issues
 cat > Makefile.inc.local <<EOF
 WERROR_CFLAGS =
 EOF
-make programs && make install
+make -s programs && make -s install
-# Check if Libreswan install was successful
+# Verify the install
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
 [ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
 # Prepare various config files
 # Create IPsec (Libreswan) config
 SYS_DT="$(date +%Y-%m-%d-%H:%M:%S)"
 /bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$SYS_DT" 2>/dev/null
@ -235,7 +238,7 @@ pppoptfile = /etc/ppp/options.xl2tpd
 length bit = yes
 EOF
-# Specify xl2tpd options
+# Set xl2tpd options
 /bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$SYS_DT" 2>/dev/null
 cat > /etc/ppp/options.xl2tpd <<EOF
 ipcp-accept-local
@ -266,7 +269,7 @@ EOF
 VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
 echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
-# Update sysctl settings for VPN and performance
+# Update sysctl settings
 if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
 /bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$SYS_DT" 2>/dev/null
 cat >> /etc/sysctl.conf <<EOF
@ -301,9 +304,9 @@ net.ipv4.tcp_wmem = 10240 87380 12582912
 EOF
 fi
-# Create basic IPTables rules. First check if there are existing rules.
+# Create basic IPTables rules. First check for existing rules.
-# 1. If IPTables is "empty", write out the new set of rules.
+# - If IPTables is "empty", simply write out the new rules.
-# 2. If *not* empty, insert new rules and save them together with existing ones.
+# - If *not* empty, insert new rules and save them with existing ones.
 if ! grep -qs "hwdsl2 VPN script" /etc/iptables.rules; then
 /bin/cp -f /etc/iptables.rules "/etc/iptables.rules.old-$SYS_DT" 2>/dev/null
 service fail2ban stop >/dev/null 2>&1
@ -330,7 +333,7 @@ cat > /etc/iptables.rules <<EOF
 -A FORWARD -i ppp+ -o eth+ -j ACCEPT
 -A FORWARD -i eth+ -d 192.168.43.0/24 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -s 192.168.43.0/24 -o eth+ -j ACCEPT
-# If you wish to allow traffic between VPN clients themselves, uncomment these lines:
+# To allow traffic between VPN clients themselves, uncomment these lines:
 # -A FORWARD -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
 # -A FORWARD -s 192.168.43.0/24 -d 192.168.43.0/24 -j ACCEPT
 -A FORWARD -j DROP
@ -371,7 +374,7 @@ if [ -f /etc/iptables/rules.v4 ]; then
 fi
 fi
-# Create basic IP6Tables (IPv6) rules
+# Create basic IPv6 rules
 if ! grep -qs "hwdsl2 VPN script" /etc/ip6tables.rules; then
 /bin/cp -f /etc/ip6tables.rules "/etc/ip6tables.rules.old-$SYS_DT" 2>/dev/null
 cat > /etc/ip6tables.rules <<EOF
@ -407,7 +410,7 @@ ip6tables-restore < /etc/ip6tables.rules
 exit 0
 EOF
-# Update rc.local to start services at boot
+# Start services at boot
 if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
 /bin/cp -f /etc/rc.local "/etc/rc.local.old-$SYS_DT" 2>/dev/null
 sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
@ -430,7 +433,7 @@ if [ ! -f /etc/ipsec.d/cert8.db ] ; then
 fi
 # Reload sysctl.conf
-sysctl -p
+sysctl -q -p
 # Update file attributes
 chmod +x /etc/rc.local
@ -443,12 +446,9 @@ iptables-restore < /etc/iptables.rules
 ip6tables-restore < /etc/ip6tables.rules >/dev/null 2>&1
 # Restart services
-service fail2ban stop >/dev/null 2>&1
+service fail2ban restart
-service ipsec stop >/dev/null 2>&1
+service ipsec restart
-service xl2tpd stop >/dev/null 2>&1
+service xl2tpd restart
 service fail2ban start
 service ipsec start
 service xl2tpd start
 echo
 echo '================================================'
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -39,7 +39,7 @@ if [ "$(uname)" = "Darwin" ]; then
 fi
 if [ ! -f /etc/redhat-release ]; then
-  echo "This script only supports CentOS or RHEL systems."
+  echo "This script only supports CentOS/RHEL."
  exit 1
 fi
@ -55,7 +55,7 @@ fi
 if [ -f /proc/user_beancounters ]; then
  echo "This script does NOT support OpenVZ VPS."
-  echo "Try alternative: https://github.com/Nyr/openvpn-install"
+  echo "Try: https://github.com/Nyr/openvpn-install"
  exit 1
 fi
@ -67,8 +67,8 @@ fi
 if [ ! -f /sys/class/net/eth0/operstate ]; then
  echo "Network interface 'eth0' is not available. Aborting."
  echo
-  echo "CentOS 7 users should change interfaces to use old naming convention"
+  echo "Run 'cat /proc/net/dev' to find the name of the active network interface,"
-  echo "before running this script. See: https://wiki.centos.org/FAQ/CentOS7"
+  echo "then search and replace ALL 'eth0' and 'eth+' in this script with that name."
  exit 1
 fi
@ -79,10 +79,12 @@ if [ -z "$IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
 fi
 if [ -z "$IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
-  echo "VPN credentials cannot be empty. Edit the script and re-enter."
+  echo "VPN credentials cannot be empty. Edit the script and re-enter them."
  exit 1
 fi
 echo "VPN setup in progress... Please be patient."
 # Create and change to working dir
 mkdir -p /opt/src
 cd /opt/src || exit 1
@ -99,7 +101,7 @@ echo 'use Ctrl-C to interrupt. Then edit it and manually enter IPs.'
 echo
 # In Amazon EC2, these two variables will be retrieved from metadata.
-# For all other servers, replace them with actual IPs (or comment out).
+# For all other servers, replace them with actual IPs or comment out.
 # If your server only has a public IP, put that IP on both lines.
 PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4')
 PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4')
@ -107,18 +109,17 @@ PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/la
 # Try to find IPs for non-EC2 servers
 [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com)
 [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://ipv4.icanhazip.com)
 [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget -t 3 -T 15 -qO- http://ipecho.net/plain)
 [ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}')
 [ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(ifconfig eth0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
 # Check IPs for correct format
 IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
 if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid public IP. Edit the script and manually enter."
+  echo "Cannot find valid public IP. Edit the script and manually enter IPs."
  exit 1
 fi
 if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid private IP. Edit the script and manually enter."
+  echo "Cannot find valid private IP. Edit the script and manually enter IPs."
  exit 1
 fi
@ -137,12 +138,12 @@ yum -y install ppp xl2tpd
 # Install Fail2Ban to protect SSH
 yum -y install fail2ban
-# Install IP6Tables for CentOS/RHEL 6
+# Install IP6Tables
 if grep -qs "release 6" /etc/redhat-release; then
  yum -y install iptables-ipv6
 fi
-# Installed Libevent2. Use backported version for CentOS 6.
+# Installed Libevent2
 if grep -qs "release 6" /etc/redhat-release; then
  LE2_URL=https://download.libreswan.org/binaries/rhel/6/x86_64
  RPM1=libevent2-2.0.22-1.el6.x86_64.rpm
@ -163,19 +164,18 @@ SWAN_URL="https://download.libreswan.org/$SWAN_FILE"
 wget -t 3 -T 30 -nv -O "$SWAN_FILE" "$SWAN_URL"
 [ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; }
 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
-tar xvzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
+tar xzf "$SWAN_FILE" && /bin/rm -f "$SWAN_FILE"
 cd "libreswan-$SWAN_VER" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; }
 # Workaround for Libreswan compile issues
 cat > Makefile.inc.local <<EOF
 WERROR_CFLAGS =
 EOF
-make programs && make install
+make -s programs && make -s install
-# Check if Libreswan install was successful
+# Verify the install
 /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
 [ "$?" != "0" ] && { echo; echo "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
 # Prepare various config files
 # Create IPsec (Libreswan) config
 SYS_DT="$(date +%Y-%m-%d-%H:%M:%S)"
 /bin/cp -f /etc/ipsec.conf "/etc/ipsec.conf.old-$SYS_DT" 2>/dev/null
@ -256,7 +256,7 @@ pppoptfile = /etc/ppp/options.xl2tpd
 length bit = yes
 EOF
-# Specify xl2tpd options
+# Set xl2tpd options
 /bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$SYS_DT" 2>/dev/null
 cat > /etc/ppp/options.xl2tpd <<EOF
 ipcp-accept-local
@ -287,7 +287,7 @@ EOF
 VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
 echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
-# Update sysctl settings for VPN and performance
+# Update sysctl settings
 if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
 /bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$SYS_DT" 2>/dev/null
 cat >> /etc/sysctl.conf <<EOF
@ -322,9 +322,9 @@ net.ipv4.tcp_wmem = 10240 87380 12582912
 EOF
 fi
-# Create basic IPTables rules. First check if there are existing rules.
+# Create basic IPTables rules. First check for existing rules.
-# 1. If IPTables is "empty", write out the new set of rules.
+# - If IPTables is "empty", simply write out the new rules.
-# 2. If *not* empty, insert new rules and save them together with existing ones.
+# - If *not* empty, insert new rules and save them with existing ones.
 if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/iptables; then
 /bin/cp -f /etc/sysconfig/iptables "/etc/sysconfig/iptables.old-$SYS_DT" 2>/dev/null
 service fail2ban stop >/dev/null 2>&1
@ -351,7 +351,7 @@ cat > /etc/sysconfig/iptables <<EOF
 -A FORWARD -i ppp+ -o eth+ -j ACCEPT
 -A FORWARD -i eth+ -d 192.168.43.0/24 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -s 192.168.43.0/24 -o eth+ -j ACCEPT
-# If you wish to allow traffic between VPN clients themselves, uncomment these lines:
+# To allow traffic between VPN clients themselves, uncomment these lines:
 # -A FORWARD -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
 # -A FORWARD -s 192.168.43.0/24 -d 192.168.43.0/24 -j ACCEPT
 -A FORWARD -j DROP
@ -386,7 +386,7 @@ iptables-save >> /etc/sysconfig/iptables
 fi
 fi
-# Create basic IP6Tables (IPv6) rules
+# Create basic IPv6 rules
 if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/ip6tables; then
 /bin/cp -f /etc/sysconfig/ip6tables "/etc/sysconfig/ip6tables.old-$SYS_DT" 2>/dev/null
 cat > /etc/sysconfig/ip6tables <<EOF
@ -405,7 +405,7 @@ COMMIT
 EOF
 fi
-# Create basic Fail2Ban rules if not present
+# Create basic Fail2Ban rules
 if [ ! -f /etc/fail2ban/jail.local ] ; then
 cat > /etc/fail2ban/jail.local <<EOF
 [DEFAULT]
@ -423,7 +423,7 @@ logpath  = /var/log/secure
 EOF
 fi
-# Update rc.local to start services at boot
+# Start services at boot
 if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
 /bin/cp -f /etc/rc.local "/etc/rc.local.old-$SYS_DT" 2>/dev/null
 cat >> /etc/rc.local <<EOF
@ -451,7 +451,7 @@ restorecon /usr/local/sbin -Rv 2>/dev/null
 restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 # Reload sysctl.conf
-sysctl -p
+sysctl -q -p
 # Update file attributes
 chmod +x /etc/rc.local
@ -462,12 +462,9 @@ iptables-restore < /etc/sysconfig/iptables
 ip6tables-restore < /etc/sysconfig/ip6tables >/dev/null 2>&1
 # Restart services
-service fail2ban stop >/dev/null 2>&1
+service fail2ban restart
-service ipsec stop >/dev/null 2>&1
+service ipsec restart
-service xl2tpd stop >/dev/null 2>&1
+service xl2tpd restart
 service fail2ban start
 service ipsec start
 service xl2tpd start
 echo
 echo '================================================'