Update IKEv2 script

- Improve MOBIKE detection by checking whether the IKEv2 connection is successfully loaded. If not, the server's Linux kernel may not support MOBIKE, and we disable it in ikev2.conf. - This will help prevent the issue where the IKEv2 connection fails to load on some systems due to lack of MOBIKE support. Note that the script already has checks for MOBIKE support that cover common cases. - Related issues: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/330 https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/298 https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/247
2024-11-22 04:56:03 +03:00 · 2022-12-01 21:45:57 -06:00 · 2022-12-01 21:45:57 -06:00 · fec1b7c7a2
commit fec1b7c7a2
parent fad9e0d34d
1 changed files with 16 additions and 1 deletions
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@ -157,7 +157,7 @@ confirm_or_abort() {
 show_header() {
 cat <<'EOF'

-IKEv2 Script   Copyright (c) 2020-2022 Lin Song   30 Oct 2022
+IKEv2 Script   Copyright (c) 2020-2022 Lin Song   1 Dec 2022

 EOF
 }
@ -1247,6 +1247,20 @@ restart_ipsec_service() {
  fi
 }

+check_ikev2_connection() {
+  if grep -qs 'mobike=yes' "$IKEV2_CONF"; then
+    (sleep 3
+    if ! ipsec status | grep -q ikev2-cp; then
+      sed -i '/mobike=yes/s/yes/no/' "$IKEV2_CONF"
+      if [ "$os_type" = "alpine" ]; then
+        ipsec auto --add ikev2-cp >/dev/null
+      else
+        restart_ipsec_service >/dev/null
+      fi
+    fi) >/dev/null 2>&1 &
+  fi
+}
+
 create_crl() {
  bigecho "Revoking client certificate..."
  if ! crlutil -L -d "$CERT_DB" -n "$CA_NAME" >/dev/null 2>&1; then
@ -1717,6 +1731,7 @@ ikev2setup() {
  else
    restart_ipsec_service
  fi
+  check_ikev2_connection
  print_setup_complete
  print_client_info
  if [ "$in_container" = 0 ]; then