From 3b90d2d3942c2aa0991ce9cea3530ccd756f30f8 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Thu, 7 Jan 2021 10:32:20 -0600 Subject: [PATCH] Cleanup --- extras/vpnupgrade.sh | 26 +++++++++++--------------- extras/vpnupgrade_amzn.sh | 20 ++++++++------------ extras/vpnupgrade_centos.sh | 20 ++++++++------------ vpnsetup.sh | 7 ++++--- vpnsetup_amzn.sh | 1 + vpnsetup_centos.sh | 1 + 6 files changed, 33 insertions(+), 42 deletions(-) diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh index 36a65f5..8262545 100644 --- a/extras/vpnupgrade.sh +++ b/extras/vpnupgrade.sh @@ -29,13 +29,13 @@ os_type=$(lsb_release -si 2>/dev/null) os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID") case $os_type in - *[Uu]buntu*) + [Uu]buntu) os_type=ubuntu ;; - *[Dd]ebian*) + [Dd]ebian) os_type=debian ;; - *[Rr]aspbian*) + [Rr]aspbian) os_type=raspbian ;; *) @@ -73,7 +73,7 @@ EOF esac ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) -ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//') +ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//') swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //') if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then cat 1>&2 <<'EOF' @@ -84,12 +84,10 @@ EOF fi swan_ver_cur=4.1 -swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" +swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") -if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then - swan_ver_latest=$swan_ver_cur -fi -if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then +if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ + && [ "$swan_ver_cur" != "$swan_ver_latest" ]; then echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "To update to the new version, exit the script and run:" echo " wget https://git.io/vpnupgrade -O vpnupgrade.sh" @@ -139,24 +137,22 @@ Version to install: Libreswan $SWAN_VER EOF cat <<'EOF' -NOTE: This script will make the following changes to your IPsec config: +NOTE: This script will make the following changes to your VPN configuration: - Fix obsolete ipsec.conf and/or ikev2.conf options - Optimize VPN ciphers - Your other VPN configuration files will not be modified. + Your other VPN config files will not be modified. EOF -case $SWAN_VER in - 3.2[679]|3.3[12]) +if [ "$SWAN_VER" != "4.1" ]; then cat <<'EOF' WARNING: Older versions of Libreswan could contain known security vulnerabilities. See https://libreswan.org/security/ for more information. Are you sure you want to install an older version? EOF - ;; -esac +fi printf "Do you want to continue? [y/N] " read -r response diff --git a/extras/vpnupgrade_amzn.sh b/extras/vpnupgrade_amzn.sh index d0c2ea6..61000f7 100644 --- a/extras/vpnupgrade_amzn.sh +++ b/extras/vpnupgrade_amzn.sh @@ -52,7 +52,7 @@ EOF esac ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) -ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//') +ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//') swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //') if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then cat 1>&2 <<'EOF' @@ -63,12 +63,10 @@ EOF fi swan_ver_cur=4.1 -swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" +swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") -if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then - swan_ver_latest=$swan_ver_cur -fi -if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then +if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ + && [ "$swan_ver_cur" != "$swan_ver_latest" ]; then echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "To update to the new version, exit the script and run:" echo " wget https://git.io/vpnupgrade-amzn -O vpnupgrade.sh" @@ -118,24 +116,22 @@ Version to install: Libreswan $SWAN_VER EOF cat <<'EOF' -NOTE: This script will make the following changes to your IPsec config: +NOTE: This script will make the following changes to your VPN configuration: - Fix obsolete ipsec.conf and/or ikev2.conf options - Optimize VPN ciphers - Your other VPN configuration files will not be modified. + Your other VPN config files will not be modified. EOF -case $SWAN_VER in - 3.2[679]|3.3[12]) +if [ "$SWAN_VER" != "4.1" ]; then cat <<'EOF' WARNING: Older versions of Libreswan could contain known security vulnerabilities. See https://libreswan.org/security/ for more information. Are you sure you want to install an older version? EOF - ;; -esac +fi printf "Do you want to continue? [y/N] " read -r response diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh index 71e394c..49d4139 100644 --- a/extras/vpnupgrade_centos.sh +++ b/extras/vpnupgrade_centos.sh @@ -64,7 +64,7 @@ EOF esac ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) -ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey) on .*//') +ipsec_ver_short=$(printf '%s' "$ipsec_ver" | sed -e 's/Linux Libreswan/Libreswan/' -e 's/ (netkey).*//') swan_ver_old=$(printf '%s' "$ipsec_ver_short" | sed -e 's/Libreswan //') if ! printf '%s' "$ipsec_ver" | grep -q "Libreswan"; then cat 1>&2 <<'EOF' @@ -75,12 +75,10 @@ EOF fi swan_ver_cur=4.1 -swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" +swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver1=$swan_ver_old&ver2=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") -if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then - swan_ver_latest=$swan_ver_cur -fi -if [ "$swan_ver_cur" != "$swan_ver_latest" ]; then +if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$' \ + && [ "$swan_ver_cur" != "$swan_ver_latest" ]; then echo "Note: A newer version of Libreswan ($swan_ver_latest) is available." echo "To update to the new version, exit the script and run:" echo " wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh" @@ -130,24 +128,22 @@ Version to install: Libreswan $SWAN_VER EOF cat <<'EOF' -NOTE: This script will make the following changes to your IPsec config: +NOTE: This script will make the following changes to your VPN configuration: - Fix obsolete ipsec.conf and/or ikev2.conf options - Optimize VPN ciphers - Your other VPN configuration files will not be modified. + Your other VPN config files will not be modified. EOF -case $SWAN_VER in - 3.2[679]|3.3[12]) +if [ "$SWAN_VER" != "4.1" ]; then cat <<'EOF' WARNING: Older versions of Libreswan could contain known security vulnerabilities. See https://libreswan.org/security/ for more information. Are you sure you want to install an older version? EOF - ;; -esac +fi printf "Do you want to continue? [y/N] " read -r response diff --git a/vpnsetup.sh b/vpnsetup.sh index e4cf447..761736d 100755 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -1,6 +1,7 @@ #!/bin/sh # # Script for automatic setup of an IPsec VPN server on Ubuntu and Debian +# Works on any dedicated server or virtual private server (VPS) # # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # @@ -52,13 +53,13 @@ os_type=$(lsb_release -si 2>/dev/null) os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID") case $os_type in - *[Uu]buntu*) + [Uu]buntu) os_type=ubuntu ;; - *[Dd]ebian*) + [Dd]ebian) os_type=debian ;; - *[Rr]aspbian*) + [Rr]aspbian) os_type=raspbian ;; *) diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh index 56eebad..9c5419a 100644 --- a/vpnsetup_amzn.sh +++ b/vpnsetup_amzn.sh @@ -1,6 +1,7 @@ #!/bin/sh # # Script for automatic setup of an IPsec VPN server on Amazon Linux 2 +# Works on any dedicated server or virtual private server (VPS) # # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! # diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 31b8fc8..290f64a 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -1,6 +1,7 @@ #!/bin/sh # # Script for automatic setup of an IPsec VPN server on CentOS/RHEL 7 and 8 +# Works on any dedicated server or virtual private server (VPS) # # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! #