mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-24 13:56:08 +03:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: mirror:8817e6f92422322ea52def862b76c8a40bab3161
Branches Tags
mirror:master
...
compare: mirror:fec1b7c7a22e037a69a1da9c68527f5d832dc3b5
Branches Tags
mirror:master

2 Commits
8817e6f924 ... fec1b7c7a2

Author SHA1 Message Date
hwdsl2
fec1b7c7a2 Update IKEv2 script 
- Improve MOBIKE detection by checking whether the IKEv2 connection
  is successfully loaded. If not, the server's Linux kernel may not
  support MOBIKE, and we disable it in ikev2.conf.
- This will help prevent the issue where the IKEv2 connection fails
  to load on some systems due to lack of MOBIKE support. Note that
  the script already has checks for MOBIKE support that cover common
  cases.
- Related issues:
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/330
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/298
  https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/247
 2022-12-01 21:45:57 -06:00
hwdsl2
fad9e0d34d Update IKEv2 setup log 
- When using the IKEv2 change server address script on Docker,
  update the IKEv2 setup log with the new server address, so that
  it can be displayed in the container logs after a restart.
 2022-12-01 21:25:41 -06:00
2 changed files with 24 additions and 1 deletions
Show Stats Expand all files Collapse all files

8
extras/ikev2changeaddr.sh
View File

@ -248,6 +248,13 @@ update_ikev2_conf() {
sed -i "/conn ikev2-cp/a \ leftcert=$server_addr" /etc/ipsec.d/ikev2.conf sed -i "/conn ikev2-cp/a \ leftcert=$server_addr" /etc/ipsec.d/ikev2.conf
} }
update_ikev2_log() {
ikev2_log="/etc/ipsec.d/ikev2setup.log"
if [ -s "$ikev2_log" ]; then
sed -i "/VPN server address:/s/$server_addr_old/$server_addr/" "$ikev2_log"
fi
}
restart_ipsec_service() { restart_ipsec_service() {
bigecho "Restarting IPsec service..." bigecho "Restarting IPsec service..."
mkdir -p /run/pluto mkdir -p /run/pluto
@ -278,6 +285,7 @@ ikev2changeaddr() {
create_server_cert create_server_cert
update_ikev2_conf update_ikev2_conf
update_ikev2_log
if [ "$os_type" = "alpine" ]; then if [ "$os_type" = "alpine" ]; then
ipsec auto --replace ikev2-cp >/dev/null ipsec auto --replace ikev2-cp >/dev/null
else else

17
extras/ikev2setup.sh
View File

@ -157,7 +157,7 @@ confirm_or_abort() {
show_header() { show_header() {
cat <<'EOF' cat <<'EOF'
IKEv2 Script Copyright (c) 2020-2022 Lin Song 30 Oct 2022 IKEv2 Script Copyright (c) 2020-2022 Lin Song 1 Dec 2022
EOF EOF
} }
@ -1247,6 +1247,20 @@ restart_ipsec_service() {
fi fi
} }
check_ikev2_connection() {
if grep -qs 'mobike=yes' "$IKEV2_CONF"; then
(sleep 3
if ! ipsec status | grep -q ikev2-cp; then
sed -i '/mobike=yes/s/yes/no/' "$IKEV2_CONF"
if [ "$os_type" = "alpine" ]; then
ipsec auto --add ikev2-cp >/dev/null
else
restart_ipsec_service >/dev/null
fi
fi) >/dev/null 2>&1 &
fi
}
create_crl() { create_crl() {
bigecho "Revoking client certificate..." bigecho "Revoking client certificate..."
if ! crlutil -L -d "$CERT_DB" -n "$CA_NAME" >/dev/null 2>&1; then if ! crlutil -L -d "$CERT_DB" -n "$CA_NAME" >/dev/null 2>&1; then
@ -1717,6 +1731,7 @@ ikev2setup() {
else else
restart_ipsec_service restart_ipsec_service
fi fi
check_ikev2_connection
print_setup_complete print_setup_complete
print_client_info print_client_info
if [ "$in_container" = 0 ]; then if [ "$in_container" = 0 ]; then