mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-24 05:46:09 +03:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: mirror:f82e65d871bfef1aa617d478d2996e2d38070a18
Branches Tags
mirror:master
...
compare: mirror:1b5030b8dacd4ef184dc1514c72479da6a7d2d4b
Branches Tags
mirror:master

4 Commits
f82e65d871 ... 1b5030b8da

Author SHA1 Message Date
hwdsl2
1b5030b8da Update tests 2022-10-21 00:11:47 -05:00
hwdsl2
ed9eb5183c Update docs 2022-10-21 00:11:30 -05:00
hwdsl2
d1da04b1d4 New Libreswan version 
- Support upgrading to Libreswan 4.9.
- Compilation of Libreswan 4.9 on Ubuntu 18.04 requires newer
  versions of NSS packages. They are installed in a similar way
  as apply_ubuntu1804_nss_fix in ikev2setup.sh.
  Ref: https://github.com/libreswan/libreswan/issues/892
 2022-10-21 00:11:15 -05:00
hwdsl2
28d1f494f0 New Libreswan version 
- Use new Libreswan version 4.9.
- Compilation of Libreswan 4.9 on Ubuntu 18.04 requires newer
  versions of NSS packages. They are installed in a similar way
  as apply_ubuntu1804_nss_fix in ikev2setup.sh.
  Ref: https://github.com/libreswan/libreswan/issues/892
 2022-10-21 00:10:58 -05:00
12 changed files with 120 additions and 35 deletions
Show Stats Expand all files Collapse all files

8
.github/workflows/test_set_1.yml vendored
View File

@ -501,13 +501,13 @@ jobs:
cp -f /opt/src/scripts/extras/vpnupgrade.sh ./vpnup.sh cp -f /opt/src/scripts/extras/vpnupgrade.sh ./vpnup.sh
sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
for ver in 4.5 ""; do for ver in 4.6 ""; do
sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
bash vpnup.sh <<ANSWERS bash vpnup.sh <<ANSWERS
ANSWERS ANSWERS
restart_ipsec restart_ipsec
[ -z "$ver" ] && ver=4.7 [ -z "$ver" ] && ver=4.9
ipsec --version | grep "$ver" ipsec --version | grep "$ver"
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk
@ -521,13 +521,13 @@ jobs:
fi fi
sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
for ver in 4.6 ""; do for ver in 4.7 ""; do
sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
bash vpnup.sh <<ANSWERS bash vpnup.sh <<ANSWERS
ANSWERS ANSWERS
restart_ipsec restart_ipsec
[ -z "$ver" ] && ver=4.7 [ -z "$ver" ] && ver=4.9
ipsec --version | grep "$ver" ipsec --version | grep "$ver"
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk

8
.github/workflows/test_set_2.yml vendored
View File

@ -490,7 +490,7 @@ jobs:
cp -f "$GITHUB_WORKSPACE"/extras/vpnupgrade.sh ./vpnup.sh cp -f "$GITHUB_WORKSPACE"/extras/vpnupgrade.sh ./vpnup.sh
sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
for ver in 4.5 ""; do for ver in 4.6 ""; do
if [ "$os_type" = "alpine" ]; then if [ "$os_type" = "alpine" ]; then
ipsec whack --shutdown || true ipsec whack --shutdown || true
fi fi
@ -499,7 +499,7 @@ jobs:
ANSWERS ANSWERS
restart_ipsec restart_ipsec
[ -z "$ver" ] && ver=4.7 [ -z "$ver" ] && ver=4.9
ipsec --version | grep "$ver" ipsec --version | grep "$ver"
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk
@ -513,7 +513,7 @@ jobs:
fi fi
sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
for ver in 4.6 ""; do for ver in 4.7 ""; do
if [ "$os_type" = "alpine" ]; then if [ "$os_type" = "alpine" ]; then
ipsec whack --shutdown || true ipsec whack --shutdown || true
fi fi
@ -522,7 +522,7 @@ jobs:
ANSWERS ANSWERS
restart_ipsec restart_ipsec
[ -z "$ver" ] && ver=4.7 [ -z "$ver" ] && ver=4.9
ipsec --version | grep "$ver" ipsec --version | grep "$ver"
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk

2
README-zh.md
View File

@ -321,7 +321,7 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnupgrade.sh
如果无法下载,打开 [vpnupgrade.sh](extras/vpnupgrade.sh),然后点击右边的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。 如果无法下载,打开 [vpnupgrade.sh](extras/vpnupgrade.sh),然后点击右边的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。
</details> </details>
当前支持的 Libreswan 最新版本是 `4.7`。查看已安装版本:`ipsec --version`。 当前支持的 Libreswan 最新版本是 `4.9`。查看已安装版本:`ipsec --version`。
**注:** `xl2tpd` 可以使用系统的软件包管理器进行更新,例如 Ubuntu/Debian 上的 `apt-get` **注:** `xl2tpd` 可以使用系统的软件包管理器进行更新,例如 Ubuntu/Debian 上的 `apt-get`

2
README.md
View File

@ -321,7 +321,7 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnupgrade.sh
If you are unable to download, open [vpnupgrade.sh](extras/vpnupgrade.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor. If you are unable to download, open [vpnupgrade.sh](extras/vpnupgrade.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
</details> </details>
The latest supported Libreswan version is `4.7`. Check installed version: `ipsec --version`. The latest supported Libreswan version is `4.9`. Check installed version: `ipsec --version`.
**Note:** `xl2tpd` can be updated using your system's package manager, such as `apt-get` on Ubuntu/Debian. **Note:** `xl2tpd` can be updated using your system's package manager, such as `apt-get` on Ubuntu/Debian.

10
extras/vpnupgrade_alpine.sh
View File

@ -69,7 +69,7 @@ EOF
} }
get_swan_ver() { get_swan_ver() {
swan_ver_cur=4.7 swan_ver_cur=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -80,6 +80,9 @@ get_swan_ver() {
} }
check_swan_ver() { check_swan_ver() {
if [ "$SWAN_VER" = "4.8" ]; then
exiterr "Libreswan version 4.8 is not supported."
fi
if ! printf '%s\n%s' "4.5" "$SWAN_VER" | sort -C -V \ if ! printf '%s\n%s' "4.5" "$SWAN_VER" | sort -C -V \
|| ! printf '%s\n%s' "$SWAN_VER" "$swan_ver_cur" | sort -C -V; then || ! printf '%s\n%s' "$SWAN_VER" "$swan_ver_cur" | sort -C -V; then
cat 1>&2 <<EOF cat 1>&2 <<EOF
@ -174,8 +177,11 @@ WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true USE_DH2=true
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
USE_GLIBC_KERN_FLIP_HEADERS=true
EOF EOF
if [ "$SWAN_VER" = "4.5" ] || [ "$SWAN_VER" = "4.6" ] \
|| [ "$SWAN_VER" = "4.7" ]; then
echo "USE_GLIBC_KERN_FLIP_HEADERS=true" >> Makefile.inc.local
fi
NPROCS=$(grep -c ^processor /proc/cpuinfo) NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
( (

19
extras/vpnupgrade_amzn.sh
View File

@ -52,7 +52,7 @@ EOF
} }
get_swan_ver() { get_swan_ver() {
swan_ver_cur=4.7 swan_ver_cur=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/upg-v1-amzn-2-swanver" swan_ver_url="$base_url/upg-v1-amzn-2-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -63,6 +63,9 @@ get_swan_ver() {
} }
check_swan_ver() { check_swan_ver() {
if [ "$SWAN_VER" = "4.8" ]; then
exiterr "Libreswan version 4.8 is not supported."
fi
if [ "$SWAN_VER" != "3.32" ] \ if [ "$SWAN_VER" != "3.32" ] \
&& { ! printf '%s\n%s' "4.1" "$SWAN_VER" | sort -C -V \ && { ! printf '%s\n%s' "4.1" "$SWAN_VER" | sort -C -V \
|| ! printf '%s\n%s' "$SWAN_VER" "$swan_ver_cur" | sort -C -V; }; then || ! printf '%s\n%s' "$SWAN_VER" "$swan_ver_cur" | sort -C -V; }; then
@ -156,15 +159,19 @@ install_libreswan() {
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w -s WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true
EOF EOF
echo "USE_DH2=true" >> Makefile.inc.local if [ "$SWAN_VER" != "3.32" ]; then
cat >> Makefile.inc.local <<'EOF'
USE_NSS_KDF=false
USE_LINUX_AUDIT=false
USE_SECCOMP=false
FINALNSSDIR=/etc/ipsec.d
EOF
fi
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
fi fi
if [ "$SWAN_VER" != "3.32" ]; then
echo "USE_NSS_KDF=false" >> Makefile.inc.local
echo "FINALNSSDIR=/etc/ipsec.d" >> Makefile.inc.local
fi
NPROCS=$(grep -c ^processor /proc/cpuinfo) NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
( (

19
extras/vpnupgrade_centos.sh
View File

@ -85,7 +85,7 @@ EOF
} }
get_swan_ver() { get_swan_ver() {
swan_ver_cur=4.7 swan_ver_cur=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -96,6 +96,9 @@ get_swan_ver() {
} }
check_swan_ver() { check_swan_ver() {
if [ "$SWAN_VER" = "4.8" ]; then
exiterr "Libreswan version 4.8 is not supported."
fi
if [ "$SWAN_VER" != "3.32" ] \ if [ "$SWAN_VER" != "3.32" ] \
&& { ! printf '%s\n%s' "4.1" "$SWAN_VER" | sort -C -V \ && { ! printf '%s\n%s' "4.1" "$SWAN_VER" | sort -C -V \
|| ! printf '%s\n%s' "$SWAN_VER" "$swan_ver_cur" | sort -C -V; }; then || ! printf '%s\n%s' "$SWAN_VER" "$swan_ver_cur" | sort -C -V; }; then
@ -208,15 +211,19 @@ install_libreswan() {
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w -s WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true
EOF EOF
echo "USE_DH2=true" >> Makefile.inc.local if [ "$SWAN_VER" != "3.32" ]; then
cat >> Makefile.inc.local <<'EOF'
USE_NSS_KDF=false
USE_LINUX_AUDIT=false
USE_SECCOMP=false
FINALNSSDIR=/etc/ipsec.d
EOF
fi
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
fi fi
if [ "$SWAN_VER" != "3.32" ]; then
echo "USE_NSS_KDF=false" >> Makefile.inc.local
echo "FINALNSSDIR=/etc/ipsec.d" >> Makefile.inc.local
fi
NPROCS=$(grep -c ^processor /proc/cpuinfo) NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
( (

45
extras/vpnupgrade_ubuntu.sh
View File

@ -75,7 +75,7 @@ EOF
} }
get_swan_ver() { get_swan_ver() {
swan_ver_cur=4.7 swan_ver_cur=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -86,6 +86,9 @@ get_swan_ver() {
} }
check_swan_ver() { check_swan_ver() {
if [ "$SWAN_VER" = "4.8" ]; then
exiterr "Libreswan version 4.8 is not supported."
fi
if [ "$SWAN_VER" = "3.32" ] && [ "$os_ver" = "11" ]; then if [ "$SWAN_VER" = "3.32" ] && [ "$os_ver" = "11" ]; then
exiterr "Libreswan 3.32 is not supported on Debian 11." exiterr "Libreswan 3.32 is not supported on Debian 11."
fi fi
@ -168,6 +171,34 @@ install_pkgs() {
) || exiterr2 ) || exiterr2
} }
install_nss_pkgs() {
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
bigecho "Installing NSS packages on Ubuntu 18.04..."
if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
nss_dl=0
if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$nss_url1/$nss_deb1" \
&& wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$nss_url1/$nss_deb2" \
&& wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$nss_url2/$nss_deb3"; then
apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
else
nss_dl=1
echo "Error: Could not download NSS packages." >&2
fi
/bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
/bin/rmdir "$tmpdir"
[ "$nss_dl" = 1 ] && exit 1
else
exiterr "Could not create temporary directory."
fi
fi
}
get_libreswan() { get_libreswan() {
bigecho "Downloading Libreswan..." bigecho "Downloading Libreswan..."
cd /opt/src || exit 1 cd /opt/src || exit 1
@ -190,6 +221,7 @@ install_libreswan() {
cat > Makefile.inc.local <<'EOF' cat > Makefile.inc.local <<'EOF'
WERROR_CFLAGS=-w -s WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true
EOF EOF
if [ "$SWAN_VER" = "3.32" ]; then if [ "$SWAN_VER" = "3.32" ]; then
cat >> Makefile.inc.local <<'EOF' cat >> Makefile.inc.local <<'EOF'
@ -197,16 +229,16 @@ USE_DH31=false
USE_NSS_AVA_COPY=true USE_NSS_AVA_COPY=true
USE_NSS_IPSEC_PROFILE=false USE_NSS_IPSEC_PROFILE=false
USE_GLIBC_KERN_FLIP_HEADERS=true USE_GLIBC_KERN_FLIP_HEADERS=true
EOF
else
cat >> Makefile.inc.local <<'EOF'
USE_NSS_KDF=false
FINALNSSDIR=/etc/ipsec.d
EOF EOF
fi fi
echo "USE_DH2=true" >> Makefile.inc.local
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
fi fi
if [ "$SWAN_VER" != "3.32" ]; then
echo "USE_NSS_KDF=false" >> Makefile.inc.local
echo "FINALNSSDIR=/etc/ipsec.d" >> Makefile.inc.local
fi
NPROCS=$(grep -c ^processor /proc/cpuinfo) NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1
( (
@ -314,6 +346,7 @@ vpnupgrade() {
start_setup start_setup
update_apt_cache update_apt_cache
install_pkgs install_pkgs
install_nss_pkgs
get_libreswan get_libreswan
install_libreswan install_libreswan
update_ikev2_script update_ikev2_script

3
vpnsetup_alpine.sh
View File

@ -230,7 +230,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.7 SWAN_VER=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -284,7 +284,6 @@ WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true USE_DH2=true
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
USE_GLIBC_KERN_FLIP_HEADERS=true
EOF EOF
NPROCS=$(grep -c ^processor /proc/cpuinfo) NPROCS=$(grep -c ^processor /proc/cpuinfo)
[ -z "$NPROCS" ] && NPROCS=1 [ -z "$NPROCS" ] && NPROCS=1

4
vpnsetup_amzn.sh
View File

@ -244,7 +244,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.7 SWAN_VER=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-amzn-2-swanver" swan_ver_url="$base_url/v1-amzn-2-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -298,6 +298,8 @@ WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true USE_DH2=true
USE_NSS_KDF=false USE_NSS_KDF=false
USE_LINUX_AUDIT=false
USE_SECCOMP=false
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
EOF EOF
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then

4
vpnsetup_centos.sh
View File

@ -350,7 +350,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.7 SWAN_VER=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -404,6 +404,8 @@ WERROR_CFLAGS=-w -s
USE_DNSSEC=false USE_DNSSEC=false
USE_DH2=true USE_DH2=true
USE_NSS_KDF=false USE_NSS_KDF=false
USE_LINUX_AUDIT=false
USE_SECCOMP=false
FINALNSSDIR=/etc/ipsec.d FINALNSSDIR=/etc/ipsec.d
EOF EOF
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then

31
vpnsetup_ubuntu.sh
View File

@ -260,6 +260,34 @@ install_vpn_pkgs() {
) || exiterr2 ) || exiterr2
} }
install_nss_pkgs() {
os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
bigecho "Installing NSS packages on Ubuntu 18.04..."
if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
nss_dl=0
if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$nss_url1/$nss_deb1" \
&& wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$nss_url1/$nss_deb2" \
&& wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$nss_url2/$nss_deb3"; then
apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
else
nss_dl=1
echo "Error: Could not download NSS packages." >&2
fi
/bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
/bin/rmdir "$tmpdir"
[ "$nss_dl" = 1 ] && exit 1
else
exiterr "Could not create temporary directory."
fi
fi
}
install_fail2ban() { install_fail2ban() {
bigecho "Installing Fail2Ban to protect SSH..." bigecho "Installing Fail2Ban to protect SSH..."
( (
@ -290,7 +318,7 @@ get_helper_scripts() {
} }
get_swan_ver() { get_swan_ver() {
SWAN_VER=4.7 SWAN_VER=4.9
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
@ -731,6 +759,7 @@ vpnsetup() {
install_setup_pkgs install_setup_pkgs
detect_ip detect_ip
install_vpn_pkgs install_vpn_pkgs
install_nss_pkgs
install_fail2ban install_fail2ban
get_helper_scripts get_helper_scripts
get_libreswan get_libreswan