From fec1b7c7a22e037a69a1da9c68527f5d832dc3b5 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Thu, 1 Dec 2022 21:45:57 -0600 Subject: [PATCH] Update IKEv2 script - Improve MOBIKE detection by checking whether the IKEv2 connection is successfully loaded. If not, the server's Linux kernel may not support MOBIKE, and we disable it in ikev2.conf. - This will help prevent the issue where the IKEv2 connection fails to load on some systems due to lack of MOBIKE support. Note that the script already has checks for MOBIKE support that cover common cases. - Related issues: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/330 https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/298 https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/247 --- extras/ikev2setup.sh | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh index 0cd6c54..e79c969 100755 --- a/extras/ikev2setup.sh +++ b/extras/ikev2setup.sh @@ -157,7 +157,7 @@ confirm_or_abort() { show_header() { cat <<'EOF' -IKEv2 Script Copyright (c) 2020-2022 Lin Song 30 Oct 2022 +IKEv2 Script Copyright (c) 2020-2022 Lin Song 1 Dec 2022 EOF } @@ -1247,6 +1247,20 @@ restart_ipsec_service() { fi } +check_ikev2_connection() { + if grep -qs 'mobike=yes' "$IKEV2_CONF"; then + (sleep 3 + if ! ipsec status | grep -q ikev2-cp; then + sed -i '/mobike=yes/s/yes/no/' "$IKEV2_CONF" + if [ "$os_type" = "alpine" ]; then + ipsec auto --add ikev2-cp >/dev/null + else + restart_ipsec_service >/dev/null + fi + fi) >/dev/null 2>&1 & + fi +} + create_crl() { bigecho "Revoking client certificate..." if ! crlutil -L -d "$CERT_DB" -n "$CA_NAME" >/dev/null 2>&1; then @@ -1717,6 +1731,7 @@ ikev2setup() { else restart_ipsec_service fi + check_ikev2_connection print_setup_complete print_client_info if [ "$in_container" = 0 ]; then