diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh index bf538db..bd461f3 100755 --- a/vpnsetup_alpine.sh +++ b/vpnsetup_alpine.sh @@ -230,7 +230,7 @@ get_helper_scripts() { } get_swan_ver() { - SWAN_VER=4.7 + SWAN_VER=4.9 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) @@ -284,7 +284,6 @@ WERROR_CFLAGS=-w -s USE_DNSSEC=false USE_DH2=true FINALNSSDIR=/etc/ipsec.d -USE_GLIBC_KERN_FLIP_HEADERS=true EOF NPROCS=$(grep -c ^processor /proc/cpuinfo) [ -z "$NPROCS" ] && NPROCS=1 diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh index 7566f22..6eafb22 100755 --- a/vpnsetup_amzn.sh +++ b/vpnsetup_amzn.sh @@ -244,7 +244,7 @@ get_helper_scripts() { } get_swan_ver() { - SWAN_VER=4.7 + SWAN_VER=4.9 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/v1-amzn-2-swanver" swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) @@ -298,6 +298,8 @@ WERROR_CFLAGS=-w -s USE_DNSSEC=false USE_DH2=true USE_NSS_KDF=false +USE_LINUX_AUDIT=false +USE_SECCOMP=false FINALNSSDIR=/etc/ipsec.d EOF if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index d3562f6..5e233bf 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -350,7 +350,7 @@ get_helper_scripts() { } get_swan_ver() { - SWAN_VER=4.7 + SWAN_VER=4.9 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) @@ -404,6 +404,8 @@ WERROR_CFLAGS=-w -s USE_DNSSEC=false USE_DH2=true USE_NSS_KDF=false +USE_LINUX_AUDIT=false +USE_SECCOMP=false FINALNSSDIR=/etc/ipsec.d EOF if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh index 5be3bf6..6090e9b 100755 --- a/vpnsetup_ubuntu.sh +++ b/vpnsetup_ubuntu.sh @@ -260,6 +260,34 @@ install_vpn_pkgs() { ) || exiterr2 } +install_nss_pkgs() { + os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') + if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then + nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss" + nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss" + nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb" + nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb" + nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb" + bigecho "Installing NSS packages on Ubuntu 18.04..." + if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then + nss_dl=0 + if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$nss_url1/$nss_deb1" \ + && wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$nss_url1/$nss_deb2" \ + && wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$nss_url2/$nss_deb3"; then + apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null + else + nss_dl=1 + echo "Error: Could not download NSS packages." >&2 + fi + /bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" + /bin/rmdir "$tmpdir" + [ "$nss_dl" = 1 ] && exit 1 + else + exiterr "Could not create temporary directory." + fi + fi +} + install_fail2ban() { bigecho "Installing Fail2Ban to protect SSH..." ( @@ -290,7 +318,7 @@ get_helper_scripts() { } get_swan_ver() { - SWAN_VER=4.7 + SWAN_VER=4.9 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver" swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) @@ -731,6 +759,7 @@ vpnsetup() { install_setup_pkgs detect_ip install_vpn_pkgs + install_nss_pkgs install_fail2ban get_helper_scripts get_libreswan