#!/bin/bash # # Script to enable or disable IKEv2-only mode # # Copyright (C) 2022-2024 Lin Song # # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/ # # Attribution required: please include my name in any derivative and let me # know how you have improved it! export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" SYS_DT=$(date +%F-%T | tr ':' '_') exiterr() { echo "Error: $1" >&2; exit 1; } bigecho() { echo "## $1"; } check_root() { if [ "$(id -u)" != 0 ]; then exiterr "Script must be run as root. Try 'sudo bash $0'" fi } abort_and_exit() { echo "Abort. No changes were made." >&2 exit 1 } continue_or_abort() { printf '%s' "$1" read -r response case $response in [yY][eE][sS]|[yY]|'') echo ;; *) abort_and_exit ;; esac } check_ikev2_exists() { grep -qs "conn ikev2-cp" /etc/ipsec.conf || [ -f /etc/ipsec.d/ikev2.conf ] } check_libreswan() { ipsec_ver=$(ipsec --version 2>/dev/null) swan_ver=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//') if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \ || ! grep -qs "config setup" /etc/ipsec.conf \ || ! printf '%s' "$ipsec_ver" | grep -qi 'libreswan'; then cat 1>&2 <<'EOF' Error: Your must first set up the IPsec VPN server before selecting IKEv2-only mode. See: https://github.com/hwdsl2/setup-ipsec-vpn EOF exit 1 fi if ! check_ikev2_exists; then cat 1>&2 <<'EOF' Error: Your must first set up IKEv2 before selecting IKEv2-only mode. See: https://vpnsetup.net/ikev2 EOF exit 1 fi } check_swan_ver() { if ! printf '%s\n%s' "4.2" "$swan_ver" | sort -C -V; then cat 1>&2 </dev/null } print_complete() { cat <<'EOF' Done! EOF } select_menu_option() { cat <