Improve VPN setup

- Improve download of VPN helper scripts during setup. Note: https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/... redirects to https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/... Use the latter directly so that Wget can reuse the same connection for all 3 helper scripts. - For Ubuntu 18.04, improve download of NSS packages and add fallback URLs.
2024-06-15 18:34:28 +02:00 · 2022-10-22 23:55:06 -05:00 · 2022-10-22 23:55:06 -05:00 · 4174ffa3ef
commit 4174ffa3ef
parent 780f815540
6 changed files with 160 additions and 104 deletions
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@ -157,7 +157,7 @@ confirm_or_abort() {
 show_header() {
 cat <<'EOF'

-IKEv2 Script   Copyright (c) 2020-2022 Lin Song   21 Oct 2022
+IKEv2 Script   Copyright (c) 2020-2022 Lin Song   22 Oct 2022

 EOF
 }
@ -1196,28 +1196,32 @@ apply_ubuntu1804_nss_fix() {
  if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ] \
    && ! dpkg -l libnss3-dev 2>/dev/null | grep -qF '3.49.1'; then
    base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
-    nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
+    nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
+    nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
+    deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
+    deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
+    deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
    bigecho2 "Applying fix for NSS bug on Ubuntu 18.04..."
-    if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
-      export DEBIAN_FRONTEND=noninteractive
-      nss_dl=0
-      if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$base_url/$nss_deb1" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$base_url/$nss_deb2" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$base_url/$nss_deb3"; then
+    mkdir -p /opt/src
+    cd /opt/src || exit 1
+    nss_dl=0
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    export DEBIAN_FRONTEND=noninteractive
+    if wget -t 3 -T 30 -q "$base_url/$deb1" "$base_url/$deb2" "$base_url/$deb3"; then
+      apt-get -yqq update || apt-get -yqq update
+      apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
+    else
+      /bin/rm -f "$deb1" "$deb2" "$deb3"
+      if wget -t 3 -T 30 -q "$nss_url1/$deb1" "$nss_url1/$deb2" "$nss_url2/$deb3"; then
        apt-get -yqq update || apt-get -yqq update
-        apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
+        apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
      else
        nss_dl=1
        echo "Error: Could not download NSS packages." >&2
      fi
-      /bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
-      /bin/rmdir "$tmpdir"
-      [ "$nss_dl" = 1 ] && exit 1
-    else
-      exiterr "Could not create temporary directory."
    fi
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    [ "$nss_dl" = 1 ] && exit 1
  fi
 }

--- a/extras/vpnupgrade_ubuntu.sh
+++ b/extras/vpnupgrade_ubuntu.sh
@ -176,26 +176,28 @@ install_nss_pkgs() {
  if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ] \
    && ! dpkg -l libnss3-dev 2>/dev/null | grep -qF '3.49.1'; then
    base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
-    nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
+    nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
+    nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
+    deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
+    deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
+    deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
    bigecho "Installing NSS packages on Ubuntu 18.04..."
-    if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
-      nss_dl=0
-      if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$base_url/$nss_deb1" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$base_url/$nss_deb2" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$base_url/$nss_deb3"; then
-        apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
+    cd /opt/src || exit 1
+    nss_dl=0
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    if wget -t 3 -T 30 -q "$base_url/$deb1" "$base_url/$deb2" "$base_url/$deb3"; then
+      apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
+    else
+      /bin/rm -f "$deb1" "$deb2" "$deb3"
+      if wget -t 3 -T 30 -q "$nss_url1/$deb1" "$nss_url1/$deb2" "$nss_url2/$deb3"; then
+        apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
      else
        nss_dl=1
        echo "Error: Could not download NSS packages." >&2
      fi
-      /bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
-      /bin/rmdir "$tmpdir"
-      [ "$nss_dl" = 1 ] && exit 1
-    else
-      exiterr "Could not create temporary directory."
    fi
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    [ "$nss_dl" = 1 ] && exit 1
  fi
 }

--- a/vpnsetup_alpine.sh
+++ b/vpnsetup_alpine.sh
@ -208,25 +208,37 @@ install_fail2ban() {
  )
 }

-get_helper_scripts() {
-  bigecho "Downloading helper scripts..."
-  base1="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras"
-  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+link_scripts() {
  cd /opt/src || exit 1
-  printf '%s' "+ "
+  /bin/mv -f ikev2setup.sh ikev2.sh
+  /bin/mv -f add_vpn_user.sh addvpnuser.sh
+  /bin/mv -f del_vpn_user.sh delvpnuser.sh
+  echo "+ ikev2.sh addvpnuser.sh delvpnuser.sh"
  for sc in ikev2.sh addvpnuser.sh delvpnuser.sh; do
-    [ "$sc" = "ikev2.sh" ] && dl1="$base1/ikev2setup.sh" \
-      && dl2="$base2/ikev2setup.sh"
-    [ "$sc" = "addvpnuser.sh" ] && dl1="$base1/add_vpn_user.sh" \
-      && dl2="$base2/add_vpn_user.sh"
-    [ "$sc" = "delvpnuser.sh" ] && dl1="$base1/del_vpn_user.sh" \
-      && dl2="$base2/del_vpn_user.sh"
-    printf '%s' "$sc "
-    wget -t 3 -T 30 -q -O "$sc" "$dl1" || wget -t 3 -T 30 -q -O "$sc" "$dl2" \
-      || /bin/rm -f "$sc"
    [ -s "$sc" ] && chmod +x "$sc" && ln -s "/opt/src/$sc" /usr/bin 2>/dev/null
  done
-  echo
+}
+
+get_helper_scripts() {
+  bigecho "Downloading helper scripts..."
+  base1="https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras"
+  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+  sc1=ikev2setup.sh
+  sc2=add_vpn_user.sh
+  sc3=del_vpn_user.sh
+  cd /opt/src || exit 1
+  /bin/rm -f "$sc1" "$sc2" "$sc3"
+  if wget -t 3 -T 30 -q "$base1/$sc1" "$base1/$sc2" "$base1/$sc3"; then
+    link_scripts
+  else
+    /bin/rm -f "$sc1" "$sc2" "$sc3"
+    if wget -t 3 -T 30 -q "$base2/$sc1" "$base2/$sc2" "$base2/$sc3"; then
+      link_scripts
+    else
+      echo "Warning: Could not download helper scripts." >&2
+      /bin/rm -f "$sc1" "$sc2" "$sc3"
+    fi
+  fi
 }

 get_swan_ver() {
--- a/vpnsetup_amzn.sh
+++ b/vpnsetup_amzn.sh
@ -222,25 +222,37 @@ install_fail2ban() {
  ) && create_f2b_config
 }

-get_helper_scripts() {
-  bigecho "Downloading helper scripts..."
-  base1="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras"
-  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+link_scripts() {
  cd /opt/src || exit 1
-  printf '%s' "+ "
+  /bin/mv -f ikev2setup.sh ikev2.sh
+  /bin/mv -f add_vpn_user.sh addvpnuser.sh
+  /bin/mv -f del_vpn_user.sh delvpnuser.sh
+  echo "+ ikev2.sh addvpnuser.sh delvpnuser.sh"
  for sc in ikev2.sh addvpnuser.sh delvpnuser.sh; do
-    [ "$sc" = "ikev2.sh" ] && dl1="$base1/ikev2setup.sh" \
-      && dl2="$base2/ikev2setup.sh"
-    [ "$sc" = "addvpnuser.sh" ] && dl1="$base1/add_vpn_user.sh" \
-      && dl2="$base2/add_vpn_user.sh"
-    [ "$sc" = "delvpnuser.sh" ] && dl1="$base1/del_vpn_user.sh" \
-      && dl2="$base2/del_vpn_user.sh"
-    printf '%s' "$sc "
-    wget -t 3 -T 30 -q -O "$sc" "$dl1" || wget -t 3 -T 30 -q -O "$sc" "$dl2" \
-      || /bin/rm -f "$sc"
    [ -s "$sc" ] && chmod +x "$sc" && ln -s "/opt/src/$sc" /usr/bin 2>/dev/null
  done
-  echo
+}
+
+get_helper_scripts() {
+  bigecho "Downloading helper scripts..."
+  base1="https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras"
+  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+  sc1=ikev2setup.sh
+  sc2=add_vpn_user.sh
+  sc3=del_vpn_user.sh
+  cd /opt/src || exit 1
+  /bin/rm -f "$sc1" "$sc2" "$sc3"
+  if wget -t 3 -T 30 -q "$base1/$sc1" "$base1/$sc2" "$base1/$sc3"; then
+    link_scripts
+  else
+    /bin/rm -f "$sc1" "$sc2" "$sc3"
+    if wget -t 3 -T 30 -q "$base2/$sc1" "$base2/$sc2" "$base2/$sc3"; then
+      link_scripts
+    else
+      echo "Warning: Could not download helper scripts." >&2
+      /bin/rm -f "$sc1" "$sc2" "$sc3"
+    fi
+  fi
 }

 get_swan_ver() {
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -328,25 +328,37 @@ install_fail2ban() {
  ) && create_f2b_config
 }

-get_helper_scripts() {
-  bigecho "Downloading helper scripts..."
-  base1="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras"
-  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+link_scripts() {
  cd /opt/src || exit 1
-  printf '%s' "+ "
+  /bin/mv -f ikev2setup.sh ikev2.sh
+  /bin/mv -f add_vpn_user.sh addvpnuser.sh
+  /bin/mv -f del_vpn_user.sh delvpnuser.sh
+  echo "+ ikev2.sh addvpnuser.sh delvpnuser.sh"
  for sc in ikev2.sh addvpnuser.sh delvpnuser.sh; do
-    [ "$sc" = "ikev2.sh" ] && dl1="$base1/ikev2setup.sh" \
-      && dl2="$base2/ikev2setup.sh"
-    [ "$sc" = "addvpnuser.sh" ] && dl1="$base1/add_vpn_user.sh" \
-      && dl2="$base2/add_vpn_user.sh"
-    [ "$sc" = "delvpnuser.sh" ] && dl1="$base1/del_vpn_user.sh" \
-      && dl2="$base2/del_vpn_user.sh"
-    printf '%s' "$sc "
-    wget -t 3 -T 30 -q -O "$sc" "$dl1" || wget -t 3 -T 30 -q -O "$sc" "$dl2" \
-      || /bin/rm -f "$sc"
    [ -s "$sc" ] && chmod +x "$sc" && ln -s "/opt/src/$sc" /usr/bin 2>/dev/null
  done
-  echo
+}
+
+get_helper_scripts() {
+  bigecho "Downloading helper scripts..."
+  base1="https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras"
+  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+  sc1=ikev2setup.sh
+  sc2=add_vpn_user.sh
+  sc3=del_vpn_user.sh
+  cd /opt/src || exit 1
+  /bin/rm -f "$sc1" "$sc2" "$sc3"
+  if wget -t 3 -T 30 -q "$base1/$sc1" "$base1/$sc2" "$base1/$sc3"; then
+    link_scripts
+  else
+    /bin/rm -f "$sc1" "$sc2" "$sc3"
+    if wget -t 3 -T 30 -q "$base2/$sc1" "$base2/$sc2" "$base2/$sc3"; then
+      link_scripts
+    else
+      echo "Warning: Could not download helper scripts." >&2
+      /bin/rm -f "$sc1" "$sc2" "$sc3"
+    fi
+  fi
 }

 get_swan_ver() {
--- a/vpnsetup_ubuntu.sh
+++ b/vpnsetup_ubuntu.sh
@ -265,26 +265,28 @@ install_nss_pkgs() {
  if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ] \
    && ! dpkg -l libnss3-dev 2>/dev/null | grep -qF '3.49.1'; then
    base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
-    nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
+    nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
+    nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
+    deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
+    deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
+    deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
    bigecho "Installing NSS packages on Ubuntu 18.04..."
-    if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
-      nss_dl=0
-      if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$base_url/$nss_deb1" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$base_url/$nss_deb2" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$base_url/$nss_deb3"; then
-        apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
+    cd /opt/src || exit 1
+    nss_dl=0
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    if wget -t 3 -T 30 -q "$base_url/$deb1" "$base_url/$deb2" "$base_url/$deb3"; then
+      apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
+    else
+      /bin/rm -f "$deb1" "$deb2" "$deb3"
+      if wget -t 3 -T 30 -q "$nss_url1/$deb1" "$nss_url1/$deb2" "$nss_url2/$deb3"; then
+        apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
      else
        nss_dl=1
        echo "Error: Could not download NSS packages." >&2
      fi
-      /bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
-      /bin/rmdir "$tmpdir"
-      [ "$nss_dl" = 1 ] && exit 1
-    else
-      exiterr "Could not create temporary directory."
    fi
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    [ "$nss_dl" = 1 ] && exit 1
  fi
 }

@ -296,25 +298,37 @@ install_fail2ban() {
  )
 }

-get_helper_scripts() {
-  bigecho "Downloading helper scripts..."
-  base1="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras"
-  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+link_scripts() {
  cd /opt/src || exit 1
-  printf '%s' "+ "
+  /bin/mv -f ikev2setup.sh ikev2.sh
+  /bin/mv -f add_vpn_user.sh addvpnuser.sh
+  /bin/mv -f del_vpn_user.sh delvpnuser.sh
+  echo "+ ikev2.sh addvpnuser.sh delvpnuser.sh"
  for sc in ikev2.sh addvpnuser.sh delvpnuser.sh; do
-    [ "$sc" = "ikev2.sh" ] && dl1="$base1/ikev2setup.sh" \
-      && dl2="$base2/ikev2setup.sh"
-    [ "$sc" = "addvpnuser.sh" ] && dl1="$base1/add_vpn_user.sh" \
-      && dl2="$base2/add_vpn_user.sh"
-    [ "$sc" = "delvpnuser.sh" ] && dl1="$base1/del_vpn_user.sh" \
-      && dl2="$base2/del_vpn_user.sh"
-    printf '%s' "$sc "
-    wget -t 3 -T 30 -q -O "$sc" "$dl1" || wget -t 3 -T 30 -q -O "$sc" "$dl2" \
-      || /bin/rm -f "$sc"
    [ -s "$sc" ] && chmod +x "$sc" && ln -s "/opt/src/$sc" /usr/bin 2>/dev/null
  done
-  echo
+}
+
+get_helper_scripts() {
+  bigecho "Downloading helper scripts..."
+  base1="https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras"
+  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+  sc1=ikev2setup.sh
+  sc2=add_vpn_user.sh
+  sc3=del_vpn_user.sh
+  cd /opt/src || exit 1
+  /bin/rm -f "$sc1" "$sc2" "$sc3"
+  if wget -t 3 -T 30 -q "$base1/$sc1" "$base1/$sc2" "$base1/$sc3"; then
+    link_scripts
+  else
+    /bin/rm -f "$sc1" "$sc2" "$sc3"
+    if wget -t 3 -T 30 -q "$base2/$sc1" "$base2/$sc2" "$base2/$sc3"; then
+      link_scripts
+    else
+      echo "Warning: Could not download helper scripts." >&2
+      /bin/rm -f "$sc1" "$sc2" "$sc3"
+    fi
+  fi
 }

 get_swan_ver() {