From 8f79422ddcbb819c4e73dbf1cc5f7225087f14f4 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Tue, 17 May 2016 21:54:51 -0500 Subject: [PATCH 1/3] Update README.md --- README-zh.md | 6 +++--- README.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README-zh.md b/README-zh.md index 79c971f..5c3725b 100644 --- a/README-zh.md +++ b/README-zh.md @@ -2,7 +2,7 @@ *其他语言版本: [English](README.md), [简体中文](README-zh.md).* -使用这些 Linux Shell 脚本一键快速搭建 IPsec/L2TP VPN 服务器。支持 Ubuntu,Debian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证(或者可以自动生成),然后运行脚本自动完成安装。 +使用这些 Linux Shell 脚本一键快速搭建 IPsec/L2TP VPN 服务器。支持 Ubuntu,Debian 和 CentOS 系统。你只需提供自己的 VPN 登录凭证,或者选择随机生成凭证。然后运行脚本自动完成安装。 我们将使用 Libreswan 作为 IPsec 服务器,以及 xl2tpd 作为 L2TP 提供者。 @@ -24,7 +24,7 @@ ## 功能特性 -- :tada: **新特性:** 在 `IPsec/L2TP` 的基础上新增对 `IPsec/XAUTH` 的支持 +- :tada: **NEW:** 新增支持更高效的 `IPsec/XAUTH` (也称为 `Cisco IPsec`) 模式 - 全自动的 IPsec/L2TP VPN 服务器配置,无需用户输入 - 封装所有的 VPN 流量在 UDP 协议,不需要 ESP 协议支持 - 可直接作为 Amazon EC2 实例创建时的用户数据使用 @@ -94,7 +94,7 @@ sudo sh vpnsetup_centos.sh 配置你的计算机或其它设备使用 VPN 。请参见: 配置 IPsec/L2TP VPN 客户端。 -**新特性:** 在 `IPsec/L2TP` 的基础上,现在新增对 `IPsec/XAUTH` 的支持。请参见: 配置 IPsec/XAUTH VPN 客户端。 +**NEW:** 新增支持更高效的 `IPsec/XAUTH` (也称为 `Cisco IPsec`) 模式。请参考 配置 IPsec/XAUTH VPN 客户端。 开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles: diff --git a/README.md b/README.md index 18e820e..527899f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ *Read this in other languages: [English](README.md), [简体中文](README-zh.md).* -With these scripts, you can set up your own IPsec/L2TP VPN server in just a few minutes on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials (or auto-generate them). The scripts will handle the rest. +These scripts will let you set up your own IPsec/L2TP VPN server in no more than a minute on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, or auto-generate them. The scripts will handle the rest. We will use Libreswan as the IPsec server, and xl2tpd as the L2TP provider. @@ -24,7 +24,7 @@ We will use Libreswan as th ## Features -- :tada: **NEW:** `IPsec/XAUTH` is now supported in addition to `IPsec/L2TP` +- :tada: **NEW:** The faster `IPsec/XAUTH` (a.k.a. `Cisco IPsec`) mode is now supported - Fully automated IPsec/L2TP VPN server setup, no user input needed - Encapsulates all VPN traffic in UDP - does not need ESP protocol - Can be directly used as "user-data" for a new Amazon EC2 instance @@ -94,7 +94,7 @@ If unable to download via `wget`, you may alternatively open Configure IPsec/L2TP VPN Clients. -**NEW:** `IPsec/XAUTH` is now supported in addition to `IPsec/L2TP`. See: Configure IPsec/XAUTH VPN Clients. +**NEW:** The faster `IPsec/XAUTH` (a.k.a. `Cisco IPsec`) mode is now supported. See: Configure IPsec/XAUTH VPN Clients. Enjoy your very own VPN! :sparkles::tada::rocket::sparkles: From 8f5564b1c899fb4f2a15a54b6f1dc53ad1c6554b Mon Sep 17 00:00:00 2001 From: Dustin Oprea Date: Tue, 17 May 2016 23:37:56 -0400 Subject: [PATCH 2/3] Default the PSK, username, and password from the environment. --- vpnsetup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vpnsetup.sh b/vpnsetup.sh index 1597e62..3baaa64 100644 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -22,9 +22,9 @@ # - All values MUST be quoted using 'single quotes' # - DO NOT use these characters inside values: \ " ' -IPSEC_PSK='' -VPN_USER='' -VPN_PASSWORD='' +IPSEC_PSK="$VPNSETUP_IPSEC_PSK" +VPN_USER="$VPNSETUP_USERNAME" +VPN_PASSWORD="$VPNSETUP_PASSWORD" # Important Notes: https://git.io/vpnnotes # Setup VPN Clients: https://git.io/vpnclients From fce3a558b915693ab4d3a751859cf779130b7580 Mon Sep 17 00:00:00 2001 From: Dustin Oprea Date: Wed, 18 May 2016 00:08:17 -0400 Subject: [PATCH 3/3] We default the IPs from the environment, too. --- vpnsetup.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/vpnsetup.sh b/vpnsetup.sh index 3baaa64..aa2b473 100644 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -22,9 +22,11 @@ # - All values MUST be quoted using 'single quotes' # - DO NOT use these characters inside values: \ " ' -IPSEC_PSK="$VPNSETUP_IPSEC_PSK" -VPN_USER="$VPNSETUP_USERNAME" -VPN_PASSWORD="$VPNSETUP_PASSWORD" +IPSEC_PSK="$VPN_IPSEC_PSK" +VPN_USER="$VPN_USERNAME" +VPN_PASSWORD="$VPN_PASSWORD" +PUBLIC_IP="$VPN_PUBLIC_IP" +PRIVATE_IP="$VPN_PRIVATE_IP" # Important Notes: https://git.io/vpnnotes # Setup VPN Clients: https://git.io/vpnclients @@ -108,8 +110,8 @@ echo # In Amazon EC2, these two variables will be retrieved from metadata. # For all other servers, replace them with actual IPs or comment out. # If your server only has a public IP, put that IP on both lines. -PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4') -PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4') +[ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/public-ipv4') +[ -z "$PRIVATE_IP" ] && PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/latest/meta-data/local-ipv4') # Try to find IPs for non-EC2 servers [ -z "$PUBLIC_IP" ] && PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com)