mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-24 05:46:09 +03:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: mirror:6a872207f4ef243059f87b0e7790a8507684035a
Branches Tags
mirror:master
..
compare: mirror:8973b8d6c052f378067ba80f185f6aed1dd5b0b4
Branches Tags
mirror:master

No commits in common. "6a872207f4ef243059f87b0e7790a8507684035a" and "8973b8d6c052f378067ba80f185f6aed1dd5b0b4" have entirely different histories.
6a872207f4 ... 8973b8d6c0

10 changed files with 168 additions and 167 deletions
Show Stats Expand all files Collapse all files

30
extras/ikev2changeaddr.sh
View File

@ -36,16 +36,44 @@ check_root() {
}
check_os() {
os_type=centos
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
if grep -qs "release 7" "$rh_file" || grep -qs "release 8" "$rh_file" \
|| grep -qs "release 9" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
else
os_type=$(lsb_release -si 2>/dev/null)
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)
os_type=raspbian
;;
[Aa]lpine)
os_type=alpine
;;
*)
os_type=other
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux,
Oracle Linux, Amazon Linux 2 or Alpine Linux
EOF
exit 1
;;
esac
fi
}
check_libreswan() {

47
extras/ikev2setup.sh
View File

@ -46,26 +46,23 @@ check_container() {
}
check_os() {
rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
os_ver=7
elif grep -q "release 8" "$rh_file"; then
elif grep -qs "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
elif grep -q "release 9" "$rh_file"; then
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
os_ver=2
@ -76,7 +73,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian|[Kk]ali)
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)
@ -157,7 +154,7 @@ confirm_or_abort() {
show_header() {
cat <<'EOF'
IKEv2 Script Copyright (c) 2020-2022 Lin Song 10 Aug 2022
IKEv2 Script Copyright (c) 2020-2022 Lin Song 9 Aug 2022
EOF
}
@ -214,7 +211,6 @@ check_arguments() {
if [ "$use_defaults" = "1" ] && check_ikev2_exists; then
echo "Error: Invalid parameter '--auto'. IKEv2 is already set up on this server." >&2
echo " To manage VPN clients, re-run this script without '--auto'." >&2
echo " To change IKEv2 server address, see https://vpnsetup.net/ikev2" >&2
exit 1
fi
if [ "$((add_client + export_client + list_clients + revoke_client + delete_client))" -gt 1 ]; then
@ -764,7 +760,17 @@ export_p12_file() {
p12_file="$export_dir$client_name.p12"
p12_file_enc="$export_dir$client_name.enc.p12"
pk12util -W "$p12_password" -d "$CERT_DB" -n "$client_name" -o "$p12_file_enc" >/dev/null || exit 1
if [ "$os_ver" = "bookwormsid" ] || openssl version 2>/dev/null | grep -q "^OpenSSL 3"; then
if [ "$os_type" = "alpine" ] || { [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "11" ]; }; then
pem_file="$export_dir$client_name.temp.pem"
openssl pkcs12 -in "$p12_file_enc" -out "$pem_file" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file_enc" \
-name "$client_name" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
if [ "$use_config_password" = "0" ]; then
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file" \
-name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi
/bin/rm -f "$pem_file"
elif [ "$os_ver" = "bookwormsid" ] || openssl version 2>/dev/null | grep -q "^OpenSSL 3"; then
ca_crt="$export_dir$client_name.ca.crt"
client_crt="$export_dir$client_name.client.crt"
client_key="$export_dir$client_name.client.key"
@ -782,16 +788,6 @@ export_p12_file() {
-legacy -name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi
/bin/rm -f "$pem_file"
elif [ "$os_type" = "alpine" ] || [ "$os_ver" = "kalirolling" ] || [ "$os_type$os_ver" = "ubuntu11" ]; then
pem_file="$export_dir$client_name.temp.pem"
openssl pkcs12 -in "$p12_file_enc" -out "$pem_file" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file_enc" \
-name "$client_name" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
if [ "$use_config_password" = "0" ]; then
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file" \
-name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi
/bin/rm -f "$pem_file"
elif [ "$use_config_password" = "0" ]; then
pk12util -W "" -d "$CERT_DB" -n "$client_name" -o "$p12_file" >/dev/null || exit 1
fi
@ -1155,7 +1151,6 @@ EOF
}
apply_ubuntu1804_nss_fix() {
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"

22
extras/quickstart.sh
View File

@ -69,29 +69,25 @@ EOF
}
check_os() {
rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
os_ver=7
elif grep -q "release 8" "$rh_file"; then
elif grep -qs "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type$os_ver" = "centos8" ]; then
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
os_ver=2
@ -102,7 +98,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian|[Kk]ali)
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)

16
extras/vpnuninstall.sh
View File

@ -34,18 +34,16 @@ check_root() {
}
check_os() {
rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if ! grep -q -E "release (7|8|9)" "$rh_file"; then
exiterr "This script only supports CentOS/RHEL 7-9."
fi
if grep -qs "release 7" "$rh_file" || grep -qs "release 8" "$rh_file" \
|| grep -qs "release 9" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
else
@ -55,7 +53,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian|[Kk]ali)
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)

22
extras/vpnupgrade.sh
View File

@ -37,29 +37,25 @@ check_vz() {
}
check_os() {
rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
os_ver=7
elif grep -q "release 8" "$rh_file"; then
elif grep -qs "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type$os_ver" = "centos8" ]; then
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
os_ver=2
@ -70,7 +66,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian|[Kk]ali)
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)

22
extras/vpnupgrade_centos.sh
View File

@ -40,30 +40,26 @@ check_vz() {
}
check_os() {
rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
os_ver=7
elif grep -q "release 8" "$rh_file"; then
elif grep -qs "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type$os_ver" = "centos8" ]; then
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
else
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
CentOS/RHEL, Rocky Linux, AlmaLinux or Oracle Linux
@ -170,7 +166,7 @@ install_pkgs_2() {
erp="--enablerepo"
rp1="$erp=*server-*optional*"
rp2="$erp=*releases-optional*"
if [ "$os_type$os_ver" = "ol7" ]; then
if [ "$os_type" = "ol" ] && [ "$os_ver" = "7" ]; then
rp2="$erp=ol7_optional_latest"
fi
if [ "$os_ver" = "7" ]; then

2
extras/vpnupgrade_ubuntu.sh
View File

@ -46,7 +46,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian|[Kk]ali)
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)

22
vpnsetup.sh
View File

@ -69,29 +69,25 @@ EOF
}
check_os() {
rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
os_ver=7
elif grep -q "release 8" "$rh_file"; then
elif grep -qs "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type$os_ver" = "centos8" ]; then
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
os_ver=2
@ -102,7 +98,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian|[Kk]ali)
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)

20
vpnsetup_centos.sh
View File

@ -74,30 +74,26 @@ EOF
}
check_os() {
rh_file="/etc/redhat-release"
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
os_ver=7
elif grep -q "release 8" "$rh_file"; then
elif grep -qs "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type$os_ver" = "centos8" ]; then
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -q "release 9" "$rh_file"; then
elif grep -qs "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
else
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
CentOS/RHEL, Rocky Linux, AlmaLinux or Oracle Linux

2
vpnsetup_ubuntu.sh
View File

@ -79,7 +79,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian|[Kk]ali)
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)