From 4174ffa3ef085dca8a39b232358d8f153635cc32 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sat, 22 Oct 2022 23:55:06 -0500
Subject: [PATCH] Improve VPN setup

- Improve download of VPN helper scripts during setup.
  Note: https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/...
  redirects to
  https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/...
  Use the latter directly so that Wget can reuse the same connection
  for all 3 helper scripts.
- For Ubuntu 18.04, improve download of NSS packages and add fallback URLs.
---
 extras/ikev2setup.sh        | 36 ++++++++++---------
 extras/vpnupgrade_ubuntu.sh | 30 ++++++++--------
 vpnsetup_alpine.sh          | 42 ++++++++++++++--------
 vpnsetup_amzn.sh            | 42 ++++++++++++++--------
 vpnsetup_centos.sh          | 42 ++++++++++++++--------
 vpnsetup_ubuntu.sh          | 72 ++++++++++++++++++++++---------------
 6 files changed, 160 insertions(+), 104 deletions(-)

diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh
index 0424d27..f087b5a 100755
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@@ -157,7 +157,7 @@ confirm_or_abort() {
 show_header() {
 cat <<'EOF'
 
-IKEv2 Script   Copyright (c) 2020-2022 Lin Song   21 Oct 2022
+IKEv2 Script   Copyright (c) 2020-2022 Lin Song   22 Oct 2022
 
 EOF
 }
@@ -1196,28 +1196,32 @@ apply_ubuntu1804_nss_fix() {
   if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ] \
     && ! dpkg -l libnss3-dev 2>/dev/null | grep -qF '3.49.1'; then
     base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
-    nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
+    nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
+    nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
+    deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
+    deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
+    deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
     bigecho2 "Applying fix for NSS bug on Ubuntu 18.04..."
-    if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
-      export DEBIAN_FRONTEND=noninteractive
-      nss_dl=0
-      if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$base_url/$nss_deb1" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$base_url/$nss_deb2" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$base_url/$nss_deb3"; then
+    mkdir -p /opt/src
+    cd /opt/src || exit 1
+    nss_dl=0
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    export DEBIAN_FRONTEND=noninteractive
+    if wget -t 3 -T 30 -q "$base_url/$deb1" "$base_url/$deb2" "$base_url/$deb3"; then
+      apt-get -yqq update || apt-get -yqq update
+      apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
+    else
+      /bin/rm -f "$deb1" "$deb2" "$deb3"
+      if wget -t 3 -T 30 -q "$nss_url1/$deb1" "$nss_url1/$deb2" "$nss_url2/$deb3"; then
         apt-get -yqq update || apt-get -yqq update
-        apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
+        apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
       else
         nss_dl=1
         echo "Error: Could not download NSS packages." >&2
       fi
-      /bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
-      /bin/rmdir "$tmpdir"
-      [ "$nss_dl" = 1 ] && exit 1
-    else
-      exiterr "Could not create temporary directory."
     fi
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    [ "$nss_dl" = 1 ] && exit 1
   fi
 }
 
diff --git a/extras/vpnupgrade_ubuntu.sh b/extras/vpnupgrade_ubuntu.sh
index 753beaf..ea9e976 100755
--- a/extras/vpnupgrade_ubuntu.sh
+++ b/extras/vpnupgrade_ubuntu.sh
@@ -176,26 +176,28 @@ install_nss_pkgs() {
   if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ] \
     && ! dpkg -l libnss3-dev 2>/dev/null | grep -qF '3.49.1'; then
     base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
-    nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
+    nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
+    nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
+    deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
+    deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
+    deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
     bigecho "Installing NSS packages on Ubuntu 18.04..."
-    if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
-      nss_dl=0
-      if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$base_url/$nss_deb1" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$base_url/$nss_deb2" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$base_url/$nss_deb3"; then
-        apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
+    cd /opt/src || exit 1
+    nss_dl=0
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    if wget -t 3 -T 30 -q "$base_url/$deb1" "$base_url/$deb2" "$base_url/$deb3"; then
+      apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
+    else
+      /bin/rm -f "$deb1" "$deb2" "$deb3"
+      if wget -t 3 -T 30 -q "$nss_url1/$deb1" "$nss_url1/$deb2" "$nss_url2/$deb3"; then
+        apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
       else
         nss_dl=1
         echo "Error: Could not download NSS packages." >&2
       fi
-      /bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
-      /bin/rmdir "$tmpdir"
-      [ "$nss_dl" = 1 ] && exit 1
-    else
-      exiterr "Could not create temporary directory."
     fi
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    [ "$nss_dl" = 1 ] && exit 1
   fi
 }
 
diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh
index bd461f3..993e1b9 100755
--- a/vpnsetup_alpine.sh
+++ b/vpnsetup_alpine.sh
@@ -208,25 +208,37 @@ install_fail2ban() {
   )
 }
 
-get_helper_scripts() {
-  bigecho "Downloading helper scripts..."
-  base1="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras"
-  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+link_scripts() {
   cd /opt/src || exit 1
-  printf '%s' "+ "
+  /bin/mv -f ikev2setup.sh ikev2.sh
+  /bin/mv -f add_vpn_user.sh addvpnuser.sh
+  /bin/mv -f del_vpn_user.sh delvpnuser.sh
+  echo "+ ikev2.sh addvpnuser.sh delvpnuser.sh"
   for sc in ikev2.sh addvpnuser.sh delvpnuser.sh; do
-    [ "$sc" = "ikev2.sh" ] && dl1="$base1/ikev2setup.sh" \
-      && dl2="$base2/ikev2setup.sh"
-    [ "$sc" = "addvpnuser.sh" ] && dl1="$base1/add_vpn_user.sh" \
-      && dl2="$base2/add_vpn_user.sh"
-    [ "$sc" = "delvpnuser.sh" ] && dl1="$base1/del_vpn_user.sh" \
-      && dl2="$base2/del_vpn_user.sh"
-    printf '%s' "$sc "
-    wget -t 3 -T 30 -q -O "$sc" "$dl1" || wget -t 3 -T 30 -q -O "$sc" "$dl2" \
-      || /bin/rm -f "$sc"
     [ -s "$sc" ] && chmod +x "$sc" && ln -s "/opt/src/$sc" /usr/bin 2>/dev/null
   done
-  echo
+}
+
+get_helper_scripts() {
+  bigecho "Downloading helper scripts..."
+  base1="https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras"
+  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+  sc1=ikev2setup.sh
+  sc2=add_vpn_user.sh
+  sc3=del_vpn_user.sh
+  cd /opt/src || exit 1
+  /bin/rm -f "$sc1" "$sc2" "$sc3"
+  if wget -t 3 -T 30 -q "$base1/$sc1" "$base1/$sc2" "$base1/$sc3"; then
+    link_scripts
+  else
+    /bin/rm -f "$sc1" "$sc2" "$sc3"
+    if wget -t 3 -T 30 -q "$base2/$sc1" "$base2/$sc2" "$base2/$sc3"; then
+      link_scripts
+    else
+      echo "Warning: Could not download helper scripts." >&2
+      /bin/rm -f "$sc1" "$sc2" "$sc3"
+    fi
+  fi
 }
 
 get_swan_ver() {
diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh
index 6eafb22..9d8edac 100755
--- a/vpnsetup_amzn.sh
+++ b/vpnsetup_amzn.sh
@@ -222,25 +222,37 @@ install_fail2ban() {
   ) && create_f2b_config
 }
 
-get_helper_scripts() {
-  bigecho "Downloading helper scripts..."
-  base1="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras"
-  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+link_scripts() {
   cd /opt/src || exit 1
-  printf '%s' "+ "
+  /bin/mv -f ikev2setup.sh ikev2.sh
+  /bin/mv -f add_vpn_user.sh addvpnuser.sh
+  /bin/mv -f del_vpn_user.sh delvpnuser.sh
+  echo "+ ikev2.sh addvpnuser.sh delvpnuser.sh"
   for sc in ikev2.sh addvpnuser.sh delvpnuser.sh; do
-    [ "$sc" = "ikev2.sh" ] && dl1="$base1/ikev2setup.sh" \
-      && dl2="$base2/ikev2setup.sh"
-    [ "$sc" = "addvpnuser.sh" ] && dl1="$base1/add_vpn_user.sh" \
-      && dl2="$base2/add_vpn_user.sh"
-    [ "$sc" = "delvpnuser.sh" ] && dl1="$base1/del_vpn_user.sh" \
-      && dl2="$base2/del_vpn_user.sh"
-    printf '%s' "$sc "
-    wget -t 3 -T 30 -q -O "$sc" "$dl1" || wget -t 3 -T 30 -q -O "$sc" "$dl2" \
-      || /bin/rm -f "$sc"
     [ -s "$sc" ] && chmod +x "$sc" && ln -s "/opt/src/$sc" /usr/bin 2>/dev/null
   done
-  echo
+}
+
+get_helper_scripts() {
+  bigecho "Downloading helper scripts..."
+  base1="https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras"
+  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+  sc1=ikev2setup.sh
+  sc2=add_vpn_user.sh
+  sc3=del_vpn_user.sh
+  cd /opt/src || exit 1
+  /bin/rm -f "$sc1" "$sc2" "$sc3"
+  if wget -t 3 -T 30 -q "$base1/$sc1" "$base1/$sc2" "$base1/$sc3"; then
+    link_scripts
+  else
+    /bin/rm -f "$sc1" "$sc2" "$sc3"
+    if wget -t 3 -T 30 -q "$base2/$sc1" "$base2/$sc2" "$base2/$sc3"; then
+      link_scripts
+    else
+      echo "Warning: Could not download helper scripts." >&2
+      /bin/rm -f "$sc1" "$sc2" "$sc3"
+    fi
+  fi
 }
 
 get_swan_ver() {
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 5e233bf..26b6a0f 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -328,25 +328,37 @@ install_fail2ban() {
   ) && create_f2b_config
 }
 
-get_helper_scripts() {
-  bigecho "Downloading helper scripts..."
-  base1="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras"
-  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+link_scripts() {
   cd /opt/src || exit 1
-  printf '%s' "+ "
+  /bin/mv -f ikev2setup.sh ikev2.sh
+  /bin/mv -f add_vpn_user.sh addvpnuser.sh
+  /bin/mv -f del_vpn_user.sh delvpnuser.sh
+  echo "+ ikev2.sh addvpnuser.sh delvpnuser.sh"
   for sc in ikev2.sh addvpnuser.sh delvpnuser.sh; do
-    [ "$sc" = "ikev2.sh" ] && dl1="$base1/ikev2setup.sh" \
-      && dl2="$base2/ikev2setup.sh"
-    [ "$sc" = "addvpnuser.sh" ] && dl1="$base1/add_vpn_user.sh" \
-      && dl2="$base2/add_vpn_user.sh"
-    [ "$sc" = "delvpnuser.sh" ] && dl1="$base1/del_vpn_user.sh" \
-      && dl2="$base2/del_vpn_user.sh"
-    printf '%s' "$sc "
-    wget -t 3 -T 30 -q -O "$sc" "$dl1" || wget -t 3 -T 30 -q -O "$sc" "$dl2" \
-      || /bin/rm -f "$sc"
     [ -s "$sc" ] && chmod +x "$sc" && ln -s "/opt/src/$sc" /usr/bin 2>/dev/null
   done
-  echo
+}
+
+get_helper_scripts() {
+  bigecho "Downloading helper scripts..."
+  base1="https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras"
+  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+  sc1=ikev2setup.sh
+  sc2=add_vpn_user.sh
+  sc3=del_vpn_user.sh
+  cd /opt/src || exit 1
+  /bin/rm -f "$sc1" "$sc2" "$sc3"
+  if wget -t 3 -T 30 -q "$base1/$sc1" "$base1/$sc2" "$base1/$sc3"; then
+    link_scripts
+  else
+    /bin/rm -f "$sc1" "$sc2" "$sc3"
+    if wget -t 3 -T 30 -q "$base2/$sc1" "$base2/$sc2" "$base2/$sc3"; then
+      link_scripts
+    else
+      echo "Warning: Could not download helper scripts." >&2
+      /bin/rm -f "$sc1" "$sc2" "$sc3"
+    fi
+  fi
 }
 
 get_swan_ver() {
diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh
index 12ade41..98863c7 100755
--- a/vpnsetup_ubuntu.sh
+++ b/vpnsetup_ubuntu.sh
@@ -265,26 +265,28 @@ install_nss_pkgs() {
   if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ] \
     && ! dpkg -l libnss3-dev 2>/dev/null | grep -qF '3.49.1'; then
     base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
-    nss_deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
-    nss_deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
+    nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
+    nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
+    deb1="libnss3_3.49.1-1ubuntu1.8_amd64.deb"
+    deb2="libnss3-dev_3.49.1-1ubuntu1.8_amd64.deb"
+    deb3="libnss3-tools_3.49.1-1ubuntu1.8_amd64.deb"
     bigecho "Installing NSS packages on Ubuntu 18.04..."
-    if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then
-      nss_dl=0
-      if wget -t 3 -T 30 -q -O "$tmpdir/1.deb" "$base_url/$nss_deb1" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/2.deb" "$base_url/$nss_deb2" \
-        && wget -t 3 -T 30 -q -O "$tmpdir/3.deb" "$base_url/$nss_deb3"; then
-        apt-get -yqq install "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb" >/dev/null
+    cd /opt/src || exit 1
+    nss_dl=0
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    if wget -t 3 -T 30 -q "$base_url/$deb1" "$base_url/$deb2" "$base_url/$deb3"; then
+      apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
+    else
+      /bin/rm -f "$deb1" "$deb2" "$deb3"
+      if wget -t 3 -T 30 -q "$nss_url1/$deb1" "$nss_url1/$deb2" "$nss_url2/$deb3"; then
+        apt-get -yqq install "./$deb1" "./$deb2" "./$deb3" >/dev/null
       else
         nss_dl=1
         echo "Error: Could not download NSS packages." >&2
       fi
-      /bin/rm -f "$tmpdir/1.deb" "$tmpdir/2.deb" "$tmpdir/3.deb"
-      /bin/rmdir "$tmpdir"
-      [ "$nss_dl" = 1 ] && exit 1
-    else
-      exiterr "Could not create temporary directory."
     fi
+    /bin/rm -f "$deb1" "$deb2" "$deb3"
+    [ "$nss_dl" = 1 ] && exit 1
   fi
 }
 
@@ -296,25 +298,37 @@ install_fail2ban() {
   )
 }
 
-get_helper_scripts() {
-  bigecho "Downloading helper scripts..."
-  base1="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras"
-  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+link_scripts() {
   cd /opt/src || exit 1
-  printf '%s' "+ "
+  /bin/mv -f ikev2setup.sh ikev2.sh
+  /bin/mv -f add_vpn_user.sh addvpnuser.sh
+  /bin/mv -f del_vpn_user.sh delvpnuser.sh
+  echo "+ ikev2.sh addvpnuser.sh delvpnuser.sh"
   for sc in ikev2.sh addvpnuser.sh delvpnuser.sh; do
-    [ "$sc" = "ikev2.sh" ] && dl1="$base1/ikev2setup.sh" \
-      && dl2="$base2/ikev2setup.sh"
-    [ "$sc" = "addvpnuser.sh" ] && dl1="$base1/add_vpn_user.sh" \
-      && dl2="$base2/add_vpn_user.sh"
-    [ "$sc" = "delvpnuser.sh" ] && dl1="$base1/del_vpn_user.sh" \
-      && dl2="$base2/del_vpn_user.sh"
-    printf '%s' "$sc "
-    wget -t 3 -T 30 -q -O "$sc" "$dl1" || wget -t 3 -T 30 -q -O "$sc" "$dl2" \
-      || /bin/rm -f "$sc"
     [ -s "$sc" ] && chmod +x "$sc" && ln -s "/opt/src/$sc" /usr/bin 2>/dev/null
   done
-  echo
+}
+
+get_helper_scripts() {
+  bigecho "Downloading helper scripts..."
+  base1="https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras"
+  base2="https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras"
+  sc1=ikev2setup.sh
+  sc2=add_vpn_user.sh
+  sc3=del_vpn_user.sh
+  cd /opt/src || exit 1
+  /bin/rm -f "$sc1" "$sc2" "$sc3"
+  if wget -t 3 -T 30 -q "$base1/$sc1" "$base1/$sc2" "$base1/$sc3"; then
+    link_scripts
+  else
+    /bin/rm -f "$sc1" "$sc2" "$sc3"
+    if wget -t 3 -T 30 -q "$base2/$sc1" "$base2/$sc2" "$base2/$sc3"; then
+      link_scripts
+    else
+      echo "Warning: Could not download helper scripts." >&2
+      /bin/rm -f "$sc1" "$sc2" "$sc3"
+    fi
+  fi
 }
 
 get_swan_ver() {