From 9022caf9f454a82d89bd650d224b4a456303953d Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sat, 22 Jan 2022 21:31:55 -0600
Subject: [PATCH] Improve VPN setup
- Retrieve latest supported Libreswan version before install
- Cleanup
---
vpnsetup_alpine.sh | 55 +++++++++++++++++-----------------------------
vpnsetup_amzn.sh | 55 +++++++++++++++++-----------------------------
vpnsetup_centos.sh | 55 +++++++++++++++++-----------------------------
vpnsetup_ubuntu.sh | 55 +++++++++++++++++-----------------------------
4 files changed, 80 insertions(+), 140 deletions(-)
diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh
index ae7e8c7..0099e78 100755
--- a/vpnsetup_alpine.sh
+++ b/vpnsetup_alpine.sh
@@ -60,7 +60,6 @@ check_vz() {
check_os() {
os_type=$(lsb_release -si 2>/dev/null)
- os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in
[Aa]lpine)
@@ -133,9 +132,6 @@ check_dns() {
start_setup() {
bigecho "VPN setup in progress... Please be patient."
- # shellcheck disable=SC2154
- trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
- trap 'finish $? $((dlo+1))' EXIT
mkdir -p /opt/src
cd /opt/src || exit 1
}
@@ -174,18 +170,17 @@ install_fail2ban() {
) || exiterr2
}
-get_ikev2_script() {
- bigecho "Downloading IKEv2 script..."
- ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
- (
- set -x
- wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
- ) || /bin/rm -f ikev2.sh
- [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+get_swan_ver() {
+ base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
+ swan_ver_url="$base_url/$os_type/$os_ver/swanver"
+ swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
+ SWAN_VER=4.6
+ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
+ SWAN_VER="$swan_ver_latest"
+ fi
}
check_libreswan() {
- SWAN_VER=4.6
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
[ "$swan_ver_old" = "$SWAN_VER" ]
@@ -235,6 +230,16 @@ EOF
fi
}
+get_ikev2_script() {
+ bigecho "Downloading IKEv2 script..."
+ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+ (
+ set -x
+ wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+ ) || /bin/rm -f ikev2.sh
+ [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+}
+
create_vpn_config() {
bigecho "Creating VPN configuration..."
@@ -497,27 +502,6 @@ IKEv2 guide: https://git.io/ikev2
EOF
}
-check_swan_ver() {
- swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
- [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
- swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
- if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
- && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
- && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
-cat <<EOF
-Note: A newer version of Libreswan ($swan_ver_latest) is available.
- To update, run:
- wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
-
-EOF
- fi
-}
-
-finish() {
- check_swan_ver "$1" "$2"
- exit "$1"
-}
-
vpnsetup() {
check_root
check_vz
@@ -530,9 +514,10 @@ vpnsetup() {
detect_ip
install_vpn_pkgs
install_fail2ban
- get_ikev2_script
+ get_swan_ver
get_libreswan
install_libreswan
+ get_ikev2_script
create_vpn_config
update_sysctl
update_iptables
diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh
index dc18d53..3e7f422 100755
--- a/vpnsetup_amzn.sh
+++ b/vpnsetup_amzn.sh
@@ -53,7 +53,6 @@ check_root() {
}
check_os() {
- os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
if ! grep -qs "Amazon Linux release 2" /etc/system-release; then
exiterr "This script only supports Amazon Linux 2."
fi
@@ -115,9 +114,6 @@ check_dns() {
start_setup() {
bigecho "VPN setup in progress... Please be patient."
- # shellcheck disable=SC2154
- trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
- trap 'finish $? $((dlo+1))' EXIT
mkdir -p /opt/src
cd /opt/src || exit 1
}
@@ -174,18 +170,17 @@ install_fail2ban() {
) || exiterr2
}
-get_ikev2_script() {
- bigecho "Downloading IKEv2 script..."
- ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
- (
- set -x
- wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
- ) || /bin/rm -f ikev2.sh
- [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+get_swan_ver() {
+ base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
+ swan_ver_url="$base_url/amzn/2/swanver"
+ swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
+ SWAN_VER=4.6
+ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
+ SWAN_VER="$swan_ver_latest"
+ fi
}
check_libreswan() {
- SWAN_VER=4.6
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
[ "$swan_ver_old" = "$SWAN_VER" ]
@@ -237,6 +232,16 @@ EOF
fi
}
+get_ikev2_script() {
+ bigecho "Downloading IKEv2 script..."
+ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+ (
+ set -x
+ wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+ ) || /bin/rm -f ikev2.sh
+ [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+}
+
create_vpn_config() {
bigecho "Creating VPN configuration..."
@@ -510,27 +515,6 @@ IKEv2 guide: https://git.io/ikev2
EOF
}
-check_swan_ver() {
- swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
- [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
- swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
- if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
- && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
- && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
-cat <<EOF
-Note: A newer version of Libreswan ($swan_ver_latest) is available.
- To update, run:
- wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
-
-EOF
- fi
-}
-
-finish() {
- check_swan_ver "$1" "$2"
- exit "$1"
-}
-
vpnsetup() {
check_root
check_os
@@ -544,9 +528,10 @@ vpnsetup() {
install_vpn_pkgs_1
install_vpn_pkgs_2
install_fail2ban
- get_ikev2_script
+ get_swan_ver
get_libreswan
install_libreswan
+ get_ikev2_script
create_vpn_config
create_f2b_config
update_sysctl
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 0a2113c..7c24c27 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -62,7 +62,6 @@ check_vz() {
check_os() {
os_type=centos
- os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
rh_file="/etc/redhat-release"
if grep -qs "Red Hat" "$rh_file"; then
os_type=rhel
@@ -135,9 +134,6 @@ check_dns() {
start_setup() {
bigecho "VPN setup in progress... Please be patient."
- # shellcheck disable=SC2154
- trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
- trap 'finish $? $((dlo+1))' EXIT
mkdir -p /opt/src
cd /opt/src || exit 1
}
@@ -229,18 +225,17 @@ install_fail2ban() {
) || exiterr2
}
-get_ikev2_script() {
- bigecho "Downloading IKEv2 script..."
- ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
- (
- set -x
- wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
- ) || /bin/rm -f ikev2.sh
- [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+get_swan_ver() {
+ base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
+ swan_ver_url="$base_url/$os_type/$os_ver/swanver"
+ swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
+ SWAN_VER=4.6
+ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
+ SWAN_VER="$swan_ver_latest"
+ fi
}
check_libreswan() {
- SWAN_VER=4.6
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
[ "$swan_ver_old" = "$SWAN_VER" ]
@@ -292,6 +287,16 @@ EOF
fi
}
+get_ikev2_script() {
+ bigecho "Downloading IKEv2 script..."
+ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+ (
+ set -x
+ wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+ ) || /bin/rm -f ikev2.sh
+ [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+}
+
create_vpn_config() {
bigecho "Creating VPN configuration..."
@@ -606,27 +611,6 @@ IKEv2 guide: https://git.io/ikev2
EOF
}
-check_swan_ver() {
- swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
- [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
- swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
- if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
- && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
- && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
-cat <<EOF
-Note: A newer version of Libreswan ($swan_ver_latest) is available.
- To update, run:
- wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
-
-EOF
- fi
-}
-
-finish() {
- check_swan_ver "$1" "$2"
- exit "$1"
-}
-
vpnsetup() {
check_root
check_vz
@@ -642,9 +626,10 @@ vpnsetup() {
install_vpn_pkgs_2
install_vpn_pkgs_3
install_fail2ban
- get_ikev2_script
+ get_swan_ver
get_libreswan
install_libreswan
+ get_ikev2_script
create_vpn_config
create_f2b_config
update_sysctl
diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh
index 41b0ac7..682fa95 100755
--- a/vpnsetup_ubuntu.sh
+++ b/vpnsetup_ubuntu.sh
@@ -61,7 +61,6 @@ check_vz() {
check_os() {
os_type=$(lsb_release -si 2>/dev/null)
- os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
[ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
case $os_type in
[Uu]buntu)
@@ -147,9 +146,6 @@ check_iptables() {
start_setup() {
bigecho "VPN setup in progress... Please be patient."
- # shellcheck disable=SC2154
- trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
- trap 'finish $? $((dlo+1))' EXIT
mkdir -p /opt/src
cd /opt/src || exit 1
}
@@ -212,18 +208,17 @@ install_fail2ban() {
) || exiterr2
}
-get_ikev2_script() {
- bigecho "Downloading IKEv2 script..."
- ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
- (
- set -x
- wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
- ) || /bin/rm -f ikev2.sh
- [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+get_swan_ver() {
+ base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
+ swan_ver_url="$base_url/$os_type/$os_ver/swanver"
+ swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
+ SWAN_VER=4.6
+ if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
+ SWAN_VER="$swan_ver_latest"
+ fi
}
check_libreswan() {
- SWAN_VER=4.6
ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
[ "$swan_ver_old" = "$SWAN_VER" ]
@@ -283,6 +278,16 @@ EOF
fi
}
+get_ikev2_script() {
+ bigecho "Downloading IKEv2 script..."
+ ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+ (
+ set -x
+ wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+ ) || /bin/rm -f ikev2.sh
+ [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+}
+
create_vpn_config() {
bigecho "Creating VPN configuration..."
@@ -594,27 +599,6 @@ EOF
fi
}
-check_swan_ver() {
- swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
- [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
- swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
- if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
- && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
- && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
-cat <<EOF
-Note: A newer version of Libreswan ($swan_ver_latest) is available.
- To update, run:
- wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
-
-EOF
- fi
-}
-
-finish() {
- check_swan_ver "$1" "$2"
- exit "$1"
-}
-
vpnsetup() {
check_root
check_vz
@@ -630,9 +614,10 @@ vpnsetup() {
detect_ip
install_vpn_pkgs
install_fail2ban
- get_ikev2_script
+ get_swan_ver
get_libreswan
install_libreswan
+ get_ikev2_script
create_vpn_config
update_sysctl
update_iptables