mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-27 15:26:08 +03:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: mirror:24ce5bedd8edefbcb3a16acd1ae82768833bcbaa
Branches Tags
mirror:master
..
compare: mirror:e23dee31ca7676b15ca87beb74078503647b30ee
Branches Tags
mirror:master

No commits in common. "24ce5bedd8edefbcb3a16acd1ae82768833bcbaa" and "e23dee31ca7676b15ca87beb74078503647b30ee" have entirely different histories.
24ce5bedd8 ... e23dee31ca

4 changed files with 36 additions and 32 deletions
Show Stats Expand all files Collapse all files

17
vpnsetup_alpine.sh
View File

@ -105,18 +105,22 @@ check_creds() {
[ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK" [ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK"
[ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME" [ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME"
[ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD" [ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD"
if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
bigecho "VPN credentials not set by user. Generating random PSK and password..." bigecho "VPN credentials not set by user. Generating random PSK and password..."
VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20) VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20)
VPN_USER=vpnuser VPN_USER=vpnuser
VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16) VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16)
fi fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them." exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi fi
if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then
exiterr "VPN credentials must not contain non-ASCII characters." exiterr "VPN credentials must not contain non-ASCII characters."
fi fi
case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
*[\\\"\']*) *[\\\"\']*)
exiterr "VPN credentials must not contain these special characters: \\ \" '" exiterr "VPN credentials must not contain these special characters: \\ \" '"
@ -215,32 +219,29 @@ get_swan_ver() {
SWAN_VER=4.6 SWAN_VER=4.6
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" 2>/dev/null | head -n 1) swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
[ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -fsL "$swan_ver_url" 2>/dev/null | head -n 1)
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
SWAN_VER="$swan_ver_latest" SWAN_VER="$swan_ver_latest"
fi fi
} }
check_libreswan() { check_libreswan() {
check_result=0
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//') swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
ipsec_bin="/usr/local/sbin/ipsec" ipsec_bin="/usr/local/sbin/ipsec"
if [ -n "$swan_ver_old" ] && printf '%s' "$ipsec_ver" | grep -qi 'libreswan' \ if [ -n "$swan_ver_old" ] && printf '%s' "$ipsec_ver" | grep -qi 'libreswan' \
&& [ "$(find "$ipsec_bin" -mmin -10080)" ]; then && [ "$(find "$ipsec_bin" -mmin -10080)" ]; then
check_result=1
return 0 return 0
fi fi
get_swan_ver get_swan_ver
if [ -s "$ipsec_bin" ] && [ "$swan_ver_old" = "$SWAN_VER" ]; then if [ -s "$ipsec_bin" ] && [ "$swan_ver_old" = "$SWAN_VER" ]; then
touch "$ipsec_bin" touch "$ipsec_bin"
fi fi
[ "$swan_ver_old" = "$SWAN_VER" ] && check_result=1 [ "$swan_ver_old" = "$SWAN_VER" ]
} }
get_libreswan() { get_libreswan() {
if [ "$check_result" = "0" ]; then if ! check_libreswan; then
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
cd /opt/src || exit 1 cd /opt/src || exit 1
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
@ -258,7 +259,7 @@ get_libreswan() {
} }
install_libreswan() { install_libreswan() {
if [ "$check_result" = "0" ]; then if ! check_libreswan; then
bigecho "Compiling and installing Libreswan, please wait..." bigecho "Compiling and installing Libreswan, please wait..."
cd "libreswan-$SWAN_VER" || exit 1 cd "libreswan-$SWAN_VER" || exit 1
sed -i '28s/stdlib\.h/sys\/types.h/' include/fd.h sed -i '28s/stdlib\.h/sys\/types.h/' include/fd.h
@ -275,6 +276,7 @@ EOF
set -x set -x
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
) )
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then
@ -572,7 +574,6 @@ vpnsetup() {
check_dns check_dns
check_server_dns check_server_dns
check_client_name check_client_name
check_libreswan
start_setup start_setup
install_setup_pkgs install_setup_pkgs
detect_ip detect_ip

17
vpnsetup_amzn.sh
View File

@ -87,18 +87,22 @@ check_creds() {
[ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK" [ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK"
[ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME" [ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME"
[ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD" [ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD"
if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
bigecho "VPN credentials not set by user. Generating random PSK and password..." bigecho "VPN credentials not set by user. Generating random PSK and password..."
VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20) VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20)
VPN_USER=vpnuser VPN_USER=vpnuser
VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16) VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16)
fi fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them." exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi fi
if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then
exiterr "VPN credentials must not contain non-ASCII characters." exiterr "VPN credentials must not contain non-ASCII characters."
fi fi
case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
*[\\\"\']*) *[\\\"\']*)
exiterr "VPN credentials must not contain these special characters: \\ \" '" exiterr "VPN credentials must not contain these special characters: \\ \" '"
@ -215,32 +219,29 @@ get_swan_ver() {
SWAN_VER=4.6 SWAN_VER=4.6
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-amzn-2-swanver" swan_ver_url="$base_url/v1-amzn-2-swanver"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" 2>/dev/null | head -n 1) swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
[ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -fsL "$swan_ver_url" 2>/dev/null | head -n 1)
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
SWAN_VER="$swan_ver_latest" SWAN_VER="$swan_ver_latest"
fi fi
} }
check_libreswan() { check_libreswan() {
check_result=0
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//') swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
ipsec_bin="/usr/local/sbin/ipsec" ipsec_bin="/usr/local/sbin/ipsec"
if [ -n "$swan_ver_old" ] && printf '%s' "$ipsec_ver" | grep -qi 'libreswan' \ if [ -n "$swan_ver_old" ] && printf '%s' "$ipsec_ver" | grep -qi 'libreswan' \
&& [ "$(find "$ipsec_bin" -mmin -10080)" ]; then && [ "$(find "$ipsec_bin" -mmin -10080)" ]; then
check_result=1
return 0 return 0
fi fi
get_swan_ver get_swan_ver
if [ -s "$ipsec_bin" ] && [ "$swan_ver_old" = "$SWAN_VER" ]; then if [ -s "$ipsec_bin" ] && [ "$swan_ver_old" = "$SWAN_VER" ]; then
touch "$ipsec_bin" touch "$ipsec_bin"
fi fi
[ "$swan_ver_old" = "$SWAN_VER" ] && check_result=1 [ "$swan_ver_old" = "$SWAN_VER" ]
} }
get_libreswan() { get_libreswan() {
if [ "$check_result" = "0" ]; then if ! check_libreswan; then
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
cd /opt/src || exit 1 cd /opt/src || exit 1
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
@ -258,7 +259,7 @@ get_libreswan() {
} }
install_libreswan() { install_libreswan() {
if [ "$check_result" = "0" ]; then if ! check_libreswan; then
bigecho "Compiling and installing Libreswan, please wait..." bigecho "Compiling and installing Libreswan, please wait..."
cd "libreswan-$SWAN_VER" || exit 1 cd "libreswan-$SWAN_VER" || exit 1
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
@ -277,6 +278,7 @@ EOF
set -x set -x
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
) )
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then
@ -588,7 +590,6 @@ vpnsetup() {
check_dns check_dns
check_server_dns check_server_dns
check_client_name check_client_name
check_libreswan
start_setup start_setup
install_setup_pkgs install_setup_pkgs
detect_ip detect_ip

17
vpnsetup_centos.sh
View File

@ -115,18 +115,22 @@ check_creds() {
[ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK" [ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK"
[ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME" [ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME"
[ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD" [ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD"
if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
bigecho "VPN credentials not set by user. Generating random PSK and password..." bigecho "VPN credentials not set by user. Generating random PSK and password..."
VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20) VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20)
VPN_USER=vpnuser VPN_USER=vpnuser
VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16) VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16)
fi fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them." exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi fi
if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then
exiterr "VPN credentials must not contain non-ASCII characters." exiterr "VPN credentials must not contain non-ASCII characters."
fi fi
case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
*[\\\"\']*) *[\\\"\']*)
exiterr "VPN credentials must not contain these special characters: \\ \" '" exiterr "VPN credentials must not contain these special characters: \\ \" '"
@ -286,32 +290,29 @@ get_swan_ver() {
SWAN_VER=4.6 SWAN_VER=4.6
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" 2>/dev/null | head -n 1) swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
[ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -fsL "$swan_ver_url" 2>/dev/null | head -n 1)
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
SWAN_VER="$swan_ver_latest" SWAN_VER="$swan_ver_latest"
fi fi
} }
check_libreswan() { check_libreswan() {
check_result=0
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//') swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
ipsec_bin="/usr/local/sbin/ipsec" ipsec_bin="/usr/local/sbin/ipsec"
if [ -n "$swan_ver_old" ] && printf '%s' "$ipsec_ver" | grep -qi 'libreswan' \ if [ -n "$swan_ver_old" ] && printf '%s' "$ipsec_ver" | grep -qi 'libreswan' \
&& [ "$(find "$ipsec_bin" -mmin -10080)" ]; then && [ "$(find "$ipsec_bin" -mmin -10080)" ]; then
check_result=1
return 0 return 0
fi fi
get_swan_ver get_swan_ver
if [ -s "$ipsec_bin" ] && [ "$swan_ver_old" = "$SWAN_VER" ]; then if [ -s "$ipsec_bin" ] && [ "$swan_ver_old" = "$SWAN_VER" ]; then
touch "$ipsec_bin" touch "$ipsec_bin"
fi fi
[ "$swan_ver_old" = "$SWAN_VER" ] && check_result=1 [ "$swan_ver_old" = "$SWAN_VER" ]
} }
get_libreswan() { get_libreswan() {
if [ "$check_result" = "0" ]; then if ! check_libreswan; then
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
cd /opt/src || exit 1 cd /opt/src || exit 1
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
@ -329,7 +330,7 @@ get_libreswan() {
} }
install_libreswan() { install_libreswan() {
if [ "$check_result" = "0" ]; then if ! check_libreswan; then
bigecho "Compiling and installing Libreswan, please wait..." bigecho "Compiling and installing Libreswan, please wait..."
cd "libreswan-$SWAN_VER" || exit 1 cd "libreswan-$SWAN_VER" || exit 1
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
@ -348,6 +349,7 @@ EOF
set -x set -x
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
) )
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then
@ -716,7 +718,6 @@ vpnsetup() {
check_dns check_dns
check_server_dns check_server_dns
check_client_name check_client_name
check_libreswan
start_setup start_setup
install_setup_pkgs install_setup_pkgs
detect_ip detect_ip

17
vpnsetup_ubuntu.sh
View File

@ -113,18 +113,22 @@ check_creds() {
[ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK" [ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK"
[ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME" [ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME"
[ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD" [ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD"
if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
bigecho "VPN credentials not set by user. Generating random PSK and password..." bigecho "VPN credentials not set by user. Generating random PSK and password..."
VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20) VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20)
VPN_USER=vpnuser VPN_USER=vpnuser
VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16) VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16)
fi fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them." exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi fi
if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then
exiterr "VPN credentials must not contain non-ASCII characters." exiterr "VPN credentials must not contain non-ASCII characters."
fi fi
case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
*[\\\"\']*) *[\\\"\']*)
exiterr "VPN credentials must not contain these special characters: \\ \" '" exiterr "VPN credentials must not contain these special characters: \\ \" '"
@ -255,32 +259,29 @@ get_swan_ver() {
SWAN_VER=4.6 SWAN_VER=4.6
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" 2>/dev/null | head -n 1) swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
[ -z "$swan_ver_latest" ] && swan_ver_latest=$(curl -fsL "$swan_ver_url" 2>/dev/null | head -n 1)
if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
SWAN_VER="$swan_ver_latest" SWAN_VER="$swan_ver_latest"
fi fi
} }
check_libreswan() { check_libreswan() {
check_result=0
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//') swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
ipsec_bin="/usr/local/sbin/ipsec" ipsec_bin="/usr/local/sbin/ipsec"
if [ -n "$swan_ver_old" ] && printf '%s' "$ipsec_ver" | grep -qi 'libreswan' \ if [ -n "$swan_ver_old" ] && printf '%s' "$ipsec_ver" | grep -qi 'libreswan' \
&& [ "$(find "$ipsec_bin" -mmin -10080)" ]; then && [ "$(find "$ipsec_bin" -mmin -10080)" ]; then
check_result=1
return 0 return 0
fi fi
get_swan_ver get_swan_ver
if [ -s "$ipsec_bin" ] && [ "$swan_ver_old" = "$SWAN_VER" ]; then if [ -s "$ipsec_bin" ] && [ "$swan_ver_old" = "$SWAN_VER" ]; then
touch "$ipsec_bin" touch "$ipsec_bin"
fi fi
[ "$swan_ver_old" = "$SWAN_VER" ] && check_result=1 [ "$swan_ver_old" = "$SWAN_VER" ]
} }
get_libreswan() { get_libreswan() {
if [ "$check_result" = "0" ]; then if ! check_libreswan; then
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
cd /opt/src || exit 1 cd /opt/src || exit 1
swan_file="libreswan-$SWAN_VER.tar.gz" swan_file="libreswan-$SWAN_VER.tar.gz"
@ -298,7 +299,7 @@ get_libreswan() {
} }
install_libreswan() { install_libreswan() {
if [ "$check_result" = "0" ]; then if ! check_libreswan; then
bigecho "Compiling and installing Libreswan, please wait..." bigecho "Compiling and installing Libreswan, please wait..."
cd "libreswan-$SWAN_VER" || exit 1 cd "libreswan-$SWAN_VER" || exit 1
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
@ -325,6 +326,7 @@ EOF
set -x set -x
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
) )
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then
@ -691,7 +693,6 @@ vpnsetup() {
check_server_dns check_server_dns
check_client_name check_client_name
check_iptables check_iptables
check_libreswan
start_setup start_setup
wait_for_apt wait_for_apt
update_apt_cache update_apt_cache