1
0
mirror of synced 2024-11-27 23:36:02 +03:00

Compare commits

..

3 Commits

Author SHA1 Message Date
hwdsl2
6a872207f4 Update IKEv2 script
- Add a note about changing IKEv2 server address.
2022-08-11 00:02:42 -05:00
hwdsl2
4995ec03f5 Improve OS support
- Make the VPN setup scripts work on Kali Linux (based on Debian).
- Update IKEv2 helper script to check for OpenSSL 3 first when
  exporting the .p12 file.
2022-08-10 23:25:58 -05:00
hwdsl2
e2f211c678 Improve OS detection
- Improve OS detection and clean up
2022-08-10 22:41:55 -05:00
10 changed files with 167 additions and 168 deletions

View File

@ -36,44 +36,16 @@ check_root() {
}
check_os() {
os_type=centos
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
if grep -qs "release 7" "$rh_file" || grep -qs "release 8" "$rh_file" \
|| grep -qs "release 9" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
else
os_type=$(lsb_release -si 2>/dev/null)
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
os_type=debian
;;
[Rr]aspbian)
os_type=raspbian
;;
[Aa]lpine)
os_type=alpine
;;
*)
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
Ubuntu, Debian, CentOS/RHEL, Rocky Linux, AlmaLinux,
Oracle Linux, Amazon Linux 2 or Alpine Linux
EOF
exit 1
os_type=other
;;
esac
fi
}
check_libreswan() {

View File

@ -46,23 +46,26 @@ check_container() {
}
check_os() {
os_type=centos
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
os_ver=7
elif grep -qs "release 8" "$rh_file"; then
elif grep -q "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
elif grep -qs "release 9" "$rh_file"; then
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
os_ver=2
@ -73,7 +76,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
[Dd]ebian|[Kk]ali)
os_type=debian
;;
[Rr]aspbian)
@ -154,7 +157,7 @@ confirm_or_abort() {
show_header() {
cat <<'EOF'
IKEv2 Script Copyright (c) 2020-2022 Lin Song 9 Aug 2022
IKEv2 Script Copyright (c) 2020-2022 Lin Song 10 Aug 2022
EOF
}
@ -211,6 +214,7 @@ check_arguments() {
if [ "$use_defaults" = "1" ] && check_ikev2_exists; then
echo "Error: Invalid parameter '--auto'. IKEv2 is already set up on this server." >&2
echo " To manage VPN clients, re-run this script without '--auto'." >&2
echo " To change IKEv2 server address, see https://vpnsetup.net/ikev2" >&2
exit 1
fi
if [ "$((add_client + export_client + list_clients + revoke_client + delete_client))" -gt 1 ]; then
@ -760,17 +764,7 @@ export_p12_file() {
p12_file="$export_dir$client_name.p12"
p12_file_enc="$export_dir$client_name.enc.p12"
pk12util -W "$p12_password" -d "$CERT_DB" -n "$client_name" -o "$p12_file_enc" >/dev/null || exit 1
if [ "$os_type" = "alpine" ] || { [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "11" ]; }; then
pem_file="$export_dir$client_name.temp.pem"
openssl pkcs12 -in "$p12_file_enc" -out "$pem_file" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file_enc" \
-name "$client_name" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
if [ "$use_config_password" = "0" ]; then
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file" \
-name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi
/bin/rm -f "$pem_file"
elif [ "$os_ver" = "bookwormsid" ] || openssl version 2>/dev/null | grep -q "^OpenSSL 3"; then
if [ "$os_ver" = "bookwormsid" ] || openssl version 2>/dev/null | grep -q "^OpenSSL 3"; then
ca_crt="$export_dir$client_name.ca.crt"
client_crt="$export_dir$client_name.client.crt"
client_key="$export_dir$client_name.client.key"
@ -788,6 +782,16 @@ export_p12_file() {
-legacy -name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi
/bin/rm -f "$pem_file"
elif [ "$os_type" = "alpine" ] || [ "$os_ver" = "kalirolling" ] || [ "$os_type$os_ver" = "ubuntu11" ]; then
pem_file="$export_dir$client_name.temp.pem"
openssl pkcs12 -in "$p12_file_enc" -out "$pem_file" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file_enc" \
-name "$client_name" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
if [ "$use_config_password" = "0" ]; then
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file" \
-name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
fi
/bin/rm -f "$pem_file"
elif [ "$use_config_password" = "0" ]; then
pk12util -W "" -d "$CERT_DB" -n "$client_name" -o "$p12_file" >/dev/null || exit 1
fi
@ -1151,6 +1155,7 @@ EOF
}
apply_ubuntu1804_nss_fix() {
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"

View File

@ -69,25 +69,29 @@ EOF
}
check_os() {
os_type=centos
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
os_ver=7
elif grep -qs "release 8" "$rh_file"; then
elif grep -q "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -qs "release 9" "$rh_file"; then
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
os_ver=2
@ -98,7 +102,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
[Dd]ebian|[Kk]ali)
os_type=debian
;;
[Rr]aspbian)

View File

@ -34,16 +34,18 @@ check_root() {
}
check_os() {
os_type=centos
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
if grep -qs "release 7" "$rh_file" || grep -qs "release 8" "$rh_file" \
|| grep -qs "release 9" "$rh_file"; then
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if ! grep -q -E "release (7|8|9)" "$rh_file"; then
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
else
@ -53,7 +55,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
[Dd]ebian|[Kk]ali)
os_type=debian
;;
[Rr]aspbian)

View File

@ -37,25 +37,29 @@ check_vz() {
}
check_os() {
os_type=centos
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
os_ver=7
elif grep -qs "release 8" "$rh_file"; then
elif grep -q "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -qs "release 9" "$rh_file"; then
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
os_ver=2
@ -66,7 +70,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
[Dd]ebian|[Kk]ali)
os_type=debian
;;
[Rr]aspbian)

View File

@ -40,26 +40,30 @@ check_vz() {
}
check_os() {
os_type=centos
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
os_ver=7
elif grep -qs "release 8" "$rh_file"; then
elif grep -q "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -qs "release 9" "$rh_file"; then
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
else
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
CentOS/RHEL, Rocky Linux, AlmaLinux or Oracle Linux
@ -166,7 +170,7 @@ install_pkgs_2() {
erp="--enablerepo"
rp1="$erp=*server-*optional*"
rp2="$erp=*releases-optional*"
if [ "$os_type" = "ol" ] && [ "$os_ver" = "7" ]; then
if [ "$os_type$os_ver" = "ol7" ]; then
rp2="$erp=ol7_optional_latest"
fi
if [ "$os_ver" = "7" ]; then

View File

@ -46,7 +46,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
[Dd]ebian|[Kk]ali)
os_type=debian
;;
[Rr]aspbian)

View File

@ -69,25 +69,29 @@ EOF
}
check_os() {
os_type=centos
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
os_ver=7
elif grep -qs "release 8" "$rh_file"; then
elif grep -q "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -qs "release 9" "$rh_file"; then
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
elif grep -qs "Amazon Linux release 2" /etc/system-release; then
os_type=amzn
os_ver=2
@ -98,7 +102,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
[Dd]ebian|[Kk]ali)
os_type=debian
;;
[Rr]aspbian)

View File

@ -74,26 +74,30 @@ EOF
}
check_os() {
os_type=centos
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
if [ -f "$rh_file" ]; then
os_type=centos
if grep -q "Red Hat" "$rh_file"; then
os_type=rhel
fi
[ -f /etc/oracle-release ] && os_type=ol
grep -qs -i rocky "$rh_file" && os_type=rocky
grep -qs -i alma "$rh_file" && os_type=alma
if grep -qs "release 7" "$rh_file"; then
grep -qi rocky "$rh_file" && os_type=rocky
grep -qi alma "$rh_file" && os_type=alma
if grep -q "release 7" "$rh_file"; then
os_ver=7
elif grep -qs "release 8" "$rh_file"; then
elif grep -q "release 8" "$rh_file"; then
os_ver=8
grep -qi stream "$rh_file" && os_ver=8s
if [ "$os_type" = "centos" ] && [ "$os_ver" = "8" ]; then
if [ "$os_type$os_ver" = "centos8" ]; then
exiterr "CentOS Linux 8 is EOL and not supported."
fi
elif grep -qs "release 9" "$rh_file"; then
elif grep -q "release 9" "$rh_file"; then
os_ver=9
grep -qi stream "$rh_file" && os_ver=9s
else
exiterr "This script only supports CentOS/RHEL 7-9."
fi
else
cat 1>&2 <<'EOF'
Error: This script only supports one of the following OS:
CentOS/RHEL, Rocky Linux, AlmaLinux or Oracle Linux

View File

@ -79,7 +79,7 @@ check_os() {
[Uu]buntu)
os_type=ubuntu
;;
[Dd]ebian)
[Dd]ebian|[Kk]ali)
os_type=debian
;;
[Rr]aspbian)