1
0
mirror of synced 2024-11-28 23:56:04 +03:00

Update IKEv2 script

- Improve MOBIKE detection by checking whether the IKEv2 connection
  is successfully loaded. If not, the server's Linux kernel may not
  support MOBIKE, and we disable it in ikev2.conf.
- This will help prevent the issue where the IKEv2 connection fails
  to load on some systems due to lack of MOBIKE support. Note that
  the script already has checks for MOBIKE support that cover common
  cases.
- Related issues:
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/330
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/298
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/247
This commit is contained in:
hwdsl2 2022-12-01 21:45:57 -06:00
parent fad9e0d34d
commit fec1b7c7a2

View File

@ -157,7 +157,7 @@ confirm_or_abort() {
show_header() { show_header() {
cat <<'EOF' cat <<'EOF'
IKEv2 Script Copyright (c) 2020-2022 Lin Song 30 Oct 2022 IKEv2 Script Copyright (c) 2020-2022 Lin Song 1 Dec 2022
EOF EOF
} }
@ -1247,6 +1247,20 @@ restart_ipsec_service() {
fi fi
} }
check_ikev2_connection() {
if grep -qs 'mobike=yes' "$IKEV2_CONF"; then
(sleep 3
if ! ipsec status | grep -q ikev2-cp; then
sed -i '/mobike=yes/s/yes/no/' "$IKEV2_CONF"
if [ "$os_type" = "alpine" ]; then
ipsec auto --add ikev2-cp >/dev/null
else
restart_ipsec_service >/dev/null
fi
fi) >/dev/null 2>&1 &
fi
}
create_crl() { create_crl() {
bigecho "Revoking client certificate..." bigecho "Revoking client certificate..."
if ! crlutil -L -d "$CERT_DB" -n "$CA_NAME" >/dev/null 2>&1; then if ! crlutil -L -d "$CERT_DB" -n "$CA_NAME" >/dev/null 2>&1; then
@ -1717,6 +1731,7 @@ ikev2setup() {
else else
restart_ipsec_service restart_ipsec_service
fi fi
check_ikev2_connection
print_setup_complete print_setup_complete
print_client_info print_client_info
if [ "$in_container" = 0 ]; then if [ "$in_container" = 0 ]; then