1
0
mirror of synced 2024-11-27 23:36:02 +03:00

Compare commits

..

No commits in common. "6a872207f4ef243059f87b0e7790a8507684035a" and "8973b8d6c052f378067ba80f185f6aed1dd5b0b4" have entirely different histories.

10 changed files with 168 additions and 167 deletions

View File

@ -36,16 +36,44 @@ check_root() {
} }
check_os() { check_os() {
os_type=$(lsb_release -si 2>/dev/null) os_type=centos
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID") rh_file="/etc/redhat-release"
case $os_type in if grep -qs "Red Hat" "$rh_file"; then
[Aa]lpine) os_type=rhel
os_type=alpine fi
;; [ -f /etc/oracle-release ] && os_type=ol
*) if grep -qs "release 7" "$rh_file" || grep -qs "release 8" "$rh_file" \
os_type=other || grep -qs "release 9" "$rh_file"; then
;; grep -qs -i rocky "$rh_file" && os_type=rocky
esac grep -qs -i alma "$rh_file" && os_type=alma
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
else
os_type=$(lsb_release -si 2>/dev/null)
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)
os_type=raspbian
;;
[Aa]lpine)
os_type=alpine
;;
*)
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux,
Oracle Linux, Amazon Linux 2 or Alpine Linux
EOF
exit 1
;;
esac
fi
} }
check_libreswan() { check_libreswan() {

View File

@ -46,26 +46,23 @@ check_container() {
} }
check_os() { check_os() {
os_type=centos
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
rh_file="/etc/redhat-release" rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then if grep -qs "Red Hat" "$rh_file"; then
os_type=centos os_type=rhel
if grep -q "Red Hat" "$rh_file"; then fi
os_type=rhel [ -f /etc/oracle-release ] && os_type=ol
fi grep -qs -i rocky "$rh_file" && os_type=rocky
[ -f /etc/oracle-release ] && os_type=ol grep -qs -i alma "$rh_file" && os_type=alma
grep -qi rocky "$rh_file" && os_type=rocky if grep -qs "release 7" "$rh_file"; then
grep -qi alma "$rh_file" && os_type=alma os_ver=7
if grep -q "release 7" "$rh_file"; then elif grep -qs "release 8" "$rh_file"; then
os_ver=7 os_ver=8
elif grep -q "release 8" "$rh_file"; then grep -qi stream "$rh_file" && os_ver=8s
os_ver=8 elif grep -qs "release 9" "$rh_file"; then
grep -qi stream "$rh_file" && os_ver=8s os_ver=9
elif grep -q "release 9" "$rh_file"; then grep -qi stream "$rh_file" && os_ver=9s
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn os_type=amzn
os_ver=2 os_ver=2
@ -76,7 +73,7 @@ check_os() {
[Uu]buntu) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
[Dd]ebian|[Kk]ali) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
[Rr]aspbian) [Rr]aspbian)
@ -157,7 +154,7 @@ confirm_or_abort() {
show_header() { show_header() {
cat <<'EOF' cat <<'EOF'
IKEv2 Script Copyright (c) 2020-2022 Lin Song 10 Aug 2022 IKEv2 Script Copyright (c) 2020-2022 Lin Song 9 Aug 2022
EOF EOF
} }
@ -214,7 +211,6 @@ check_arguments() {
if [ "$use_defaults" = "1" ] && check_ikev2_exists; then if [ "$use_defaults" = "1" ] && check_ikev2_exists; then
echo "Error: Invalid parameter '--auto'. IKEv2 is already set up on this server." >&2 echo "Error: Invalid parameter '--auto'. IKEv2 is already set up on this server." >&2
echo " To manage VPN clients, re-run this script without '--auto'." >&2 echo " To manage VPN clients, re-run this script without '--auto'." >&2
echo " To change IKEv2 server address, see https://vpnsetup.net/ikev2" >&2
exit 1 exit 1
fi fi
if [ "$((add_client + export_client + list_clients + revoke_client + delete_client))" -gt 1 ]; then if [ "$((add_client + export_client + list_clients + revoke_client + delete_client))" -gt 1 ]; then
@ -764,7 +760,17 @@ export_p12_file() {
p12_file="$export_dir$client_name.p12" p12_file="$export_dir$client_name.p12"
p12_file_enc="$export_dir$client_name.enc.p12" p12_file_enc="$export_dir$client_name.enc.p12"
pk12util -W "$p12_password" -d "$CERT_DB" -n "$client_name" -o "$p12_file_enc" >/dev/null || exit 1 pk12util -W "$p12_password" -d "$CERT_DB" -n "$client_name" -o "$p12_file_enc" >/dev/null || exit 1
if [ "$os_ver" = "bookwormsid" ] || openssl version 2>/dev/null | grep -q "^OpenSSL 3"; then if [ "$os_type" = "alpine" ] || { [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "11" ]; }; then
pem_file="$export_dir$client_name.temp.pem"
openssl pkcs12 -in "$p12_file_enc" -out "$pem_file" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file_enc" \
-name "$client_name" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
if [ "$use_config_password" = "0" ]; then
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file" \
-name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi
/bin/rm -f "$pem_file"
elif [ "$os_ver" = "bookwormsid" ] || openssl version 2>/dev/null | grep -q "^OpenSSL 3"; then
ca_crt="$export_dir$client_name.ca.crt" ca_crt="$export_dir$client_name.ca.crt"
client_crt="$export_dir$client_name.client.crt" client_crt="$export_dir$client_name.client.crt"
client_key="$export_dir$client_name.client.key" client_key="$export_dir$client_name.client.key"
@ -782,16 +788,6 @@ export_p12_file() {
-legacy -name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1 -legacy -name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi fi
/bin/rm -f "$pem_file" /bin/rm -f "$pem_file"
elif [ "$os_type" = "alpine" ] || [ "$os_ver" = "kalirolling" ] || [ "$os_type$os_ver" = "ubuntu11" ]; then
pem_file="$export_dir$client_name.temp.pem"
openssl pkcs12 -in "$p12_file_enc" -out "$pem_file" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file_enc" \
-name "$client_name" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
if [ "$use_config_password" = "0" ]; then
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file" \
-name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi
/bin/rm -f "$pem_file"
elif [ "$use_config_password" = "0" ]; then elif [ "$use_config_password" = "0" ]; then
pk12util -W "" -d "$CERT_DB" -n "$client_name" -o "$p12_file" >/dev/null || exit 1 pk12util -W "" -d "$CERT_DB" -n "$client_name" -o "$p12_file" >/dev/null || exit 1
fi fi
@ -1155,7 +1151,6 @@ EOF
} }
apply_ubuntu1804_nss_fix() { apply_ubuntu1804_nss_fix() {
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss" nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss" nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"

View File

@ -69,29 +69,25 @@ EOF
} }
check_os() { check_os() {
os_type=centos
rh_file="/etc/redhat-release" rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then if grep -qs "Red Hat" "$rh_file"; then
os_type=centos os_type=rhel
if grep -q "Red Hat" "$rh_file"; then fi
os_type=rhel [ -f /etc/oracle-release ] && os_type=ol
fi grep -qs -i rocky "$rh_file" && os_type=rocky
[ -f /etc/oracle-release ] && os_type=ol grep -qs -i alma "$rh_file" && os_type=alma
grep -qi rocky "$rh_file" && os_type=rocky if grep -qs "release 7" "$rh_file"; then
grep -qi alma "$rh_file" && os_type=alma os_ver=7
if grep -q "release 7" "$rh_file"; then elif grep -qs "release 8" "$rh_file"; then
os_ver=7 os_ver=8
elif grep -q "release 8" "$rh_file"; then grep -qi stream "$rh_file" && os_ver=8s
os_ver=8 if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
grep -qi stream "$rh_file" && os_ver=8s exiterr "CentOS Linux 8 is EOL and not supported."
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi fi
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
elif grep -qs "Amazon Linux release 2" /etc/system-release; then elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn os_type=amzn
os_ver=2 os_ver=2
@ -102,7 +98,7 @@ check_os() {
[Uu]buntu) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
[Dd]ebian|[Kk]ali) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
[Rr]aspbian) [Rr]aspbian)

View File

@ -34,18 +34,16 @@ check_root() {
} }
check_os() { check_os() {
os_type=centos
rh_file="/etc/redhat-release" rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then if grep -qs "Red Hat" "$rh_file"; then
os_type=centos os_type=rhel
if grep -q "Red Hat" "$rh_file"; then fi
os_type=rhel [ -f /etc/oracle-release ] && os_type=ol
fi if grep -qs "release 7" "$rh_file" || grep -qs "release 8" "$rh_file" \
[ -f /etc/oracle-release ] && os_type=ol || grep -qs "release 9" "$rh_file"; then
grep -qi rocky "$rh_file" && os_type=rocky grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma grep -qs -i alma "$rh_file" && os_type=alma
if ! grep -q -E "release (7|8|9)" "$rh_file"; then
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn os_type=amzn
else else
@ -55,7 +53,7 @@ check_os() {
[Uu]buntu) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
[Dd]ebian|[Kk]ali) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
[Rr]aspbian) [Rr]aspbian)

View File

@ -37,29 +37,25 @@ check_vz() {
} }
check_os() { check_os() {
os_type=centos
rh_file="/etc/redhat-release" rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then if grep -qs "Red Hat" "$rh_file"; then
os_type=centos os_type=rhel
if grep -q "Red Hat" "$rh_file"; then fi
os_type=rhel [ -f /etc/oracle-release ] && os_type=ol
fi grep -qs -i rocky "$rh_file" && os_type=rocky
[ -f /etc/oracle-release ] && os_type=ol grep -qs -i alma "$rh_file" && os_type=alma
grep -qi rocky "$rh_file" && os_type=rocky if grep -qs "release 7" "$rh_file"; then
grep -qi alma "$rh_file" && os_type=alma os_ver=7
if grep -q "release 7" "$rh_file"; then elif grep -qs "release 8" "$rh_file"; then
os_ver=7 os_ver=8
elif grep -q "release 8" "$rh_file"; then grep -qi stream "$rh_file" && os_ver=8s
os_ver=8 if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
grep -qi stream "$rh_file" && os_ver=8s exiterr "CentOS Linux 8 is EOL and not supported."
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi fi
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
elif grep -qs "Amazon Linux release 2" /etc/system-release; then elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn os_type=amzn
os_ver=2 os_ver=2
@ -70,7 +66,7 @@ check_os() {
[Uu]buntu) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
[Dd]ebian|[Kk]ali) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
[Rr]aspbian) [Rr]aspbian)

View File

@ -40,29 +40,25 @@ check_vz() {
} }
check_os() { check_os() {
os_type=centos
rh_file="/etc/redhat-release" rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then if grep -qs "Red Hat" "$rh_file"; then
os_type=centos os_type=rhel
if grep -q "Red Hat" "$rh_file"; then fi
os_type=rhel [ -f /etc/oracle-release ] && os_type=ol
fi grep -qs -i rocky "$rh_file" && os_type=rocky
[ -f /etc/oracle-release ] && os_type=ol grep -qs -i alma "$rh_file" && os_type=alma
grep -qi rocky "$rh_file" && os_type=rocky if grep -qs "release 7" "$rh_file"; then
grep -qi alma "$rh_file" && os_type=alma os_ver=7
if grep -q "release 7" "$rh_file"; then elif grep -qs "release 8" "$rh_file"; then
os_ver=7 os_ver=8
elif grep -q "release 8" "$rh_file"; then grep -qi stream "$rh_file" && os_ver=8s
os_ver=8 if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
grep -qi stream "$rh_file" && os_ver=8s exiterr "CentOS Linux 8 is EOL and not supported."
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi fi
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else else
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS: Error: This script only supports one of the following OS:
@ -170,7 +166,7 @@ install_pkgs_2() {
erp="--enablerepo" erp="--enablerepo"
rp1="$erp=*server-*optional*" rp1="$erp=*server-*optional*"
rp2="$erp=*releases-optional*" rp2="$erp=*releases-optional*"
if [ "$os_type$os_ver" = "ol7" ]; then if [ "$os_type" = "ol" ] && [ "$os_ver" = "7" ]; then
rp2="$erp=ol7_optional_latest" rp2="$erp=ol7_optional_latest"
fi fi
if [ "$os_ver" = "7" ]; then if [ "$os_ver" = "7" ]; then

View File

@ -46,7 +46,7 @@ check_os() {
[Uu]buntu) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
[Dd]ebian|[Kk]ali) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
[Rr]aspbian) [Rr]aspbian)

View File

@ -69,29 +69,25 @@ EOF
} }
check_os() { check_os() {
os_type=centos
rh_file="/etc/redhat-release" rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then if grep -qs "Red Hat" "$rh_file"; then
os_type=centos os_type=rhel
if grep -q "Red Hat" "$rh_file"; then fi
os_type=rhel [ -f /etc/oracle-release ] && os_type=ol
fi grep -qs -i rocky "$rh_file" && os_type=rocky
[ -f /etc/oracle-release ] && os_type=ol grep -qs -i alma "$rh_file" && os_type=alma
grep -qi rocky "$rh_file" && os_type=rocky if grep -qs "release 7" "$rh_file"; then
grep -qi alma "$rh_file" && os_type=alma os_ver=7
if grep -q "release 7" "$rh_file"; then elif grep -qs "release 8" "$rh_file"; then
os_ver=7 os_ver=8
elif grep -q "release 8" "$rh_file"; then grep -qi stream "$rh_file" && os_ver=8s
os_ver=8 if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
grep -qi stream "$rh_file" && os_ver=8s exiterr "CentOS Linux 8 is EOL and not supported."
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi fi
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
elif grep -qs "Amazon Linux release 2" /etc/system-release; then elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn os_type=amzn
os_ver=2 os_ver=2
@ -102,7 +98,7 @@ check_os() {
[Uu]buntu) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
[Dd]ebian|[Kk]ali) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
[Rr]aspbian) [Rr]aspbian)

View File

@ -74,29 +74,25 @@ EOF
} }
check_os() { check_os() {
os_type=centos
rh_file="/etc/redhat-release" rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then if grep -qs "Red Hat" "$rh_file"; then
os_type=centos os_type=rhel
if grep -q "Red Hat" "$rh_file"; then fi
os_type=rhel [ -f /etc/oracle-release ] && os_type=ol
fi grep -qs -i rocky "$rh_file" && os_type=rocky
[ -f /etc/oracle-release ] && os_type=ol grep -qs -i alma "$rh_file" && os_type=alma
grep -qi rocky "$rh_file" && os_type=rocky if grep -qs "release 7" "$rh_file"; then
grep -qi alma "$rh_file" && os_type=alma os_ver=7
if grep -q "release 7" "$rh_file"; then elif grep -qs "release 8" "$rh_file"; then
os_ver=7 os_ver=8
elif grep -q "release 8" "$rh_file"; then grep -qi stream "$rh_file" && os_ver=8s
os_ver=8 if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
grep -qi stream "$rh_file" && os_ver=8s exiterr "CentOS Linux 8 is EOL and not supported."
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi fi
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else else
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS: Error: This script only supports one of the following OS:

View File

@ -79,7 +79,7 @@ check_os() {
[Uu]buntu) [Uu]buntu)
os_type=ubuntu os_type=ubuntu
;; ;;
[Dd]ebian|[Kk]ali) [Dd]ebian)
os_type=debian os_type=debian
;; ;;
[Rr]aspbian) [Rr]aspbian)