Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-07-02 10:35:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
hwdsl2 2021-02-14 01:10:38 -06:00
parent 4deb437562
commit 52151ffdfe
1 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
extras/ikev2setup.sh
View File

@ -136,8 +136,7 @@ EOF
check_arguments() { check_arguments() {
if [ "$use_defaults" = "1" ]; then if [ "$use_defaults" = "1" ]; then
if grep -qs "conn ikev2-cp" /etc/ipsec.conf || [ -f /etc/ipsec.d/ikev2.conf ]; then if grep -qs "conn ikev2-cp" /etc/ipsec.conf || [ -f /etc/ipsec.d/ikev2.conf ]; then
echo "Warning: Ignoring parameter '--auto', which is valid for initial IKEv2 setup only." >&2 echo "Warning: Ignoring parameter '--auto'. Use '-h' for usage information." >&2
echo " Use '-h' for usage information." >&2
echo >&2 echo >&2
fi fi
fi fi
@ -554,7 +553,7 @@ EOF
} }
select_menu_option() { select_menu_option() {
echo "It looks like IKEv2 has already been set up on this server." echo "IKEv2 is already set up on this server."
echo echo
echo "Select an option:" echo "Select an option:"
echo " 1) Add a new client" echo " 1) Add a new client"
@ -902,8 +901,8 @@ EOF
chmod 600 "$sswan_file" chmod 600 "$sswan_file"
} }
create_ca_cert() { create_ca_server_certs() {
bigecho "Generating CA certificate..." bigecho "Generating CA and server certificates..."
certutil -z <(head -c 1024 /dev/urandom) \ certutil -z <(head -c 1024 /dev/urandom) \
-S -x -n "IKEv2 VPN CA" \ -S -x -n "IKEv2 VPN CA" \
@ -914,10 +913,6 @@ y
N N
ANSWERS ANSWERS
}
create_server_cert() {
bigecho "Generating server certificate..."
sleep $((RANDOM % 3 + 1)) sleep $((RANDOM % 3 + 1))
@ -1023,22 +1018,26 @@ EOF
apply_ubuntu1804_nss_fix() { apply_ubuntu1804_nss_fix() {
if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then
bigecho "Applying fix for NSS bug on Ubuntu 18.04..."
nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss" nss_url1="https://mirrors.kernel.org/ubuntu/pool/main/n/nss"
nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss" nss_url2="https://mirrors.kernel.org/ubuntu/pool/universe/n/nss"
nss_deb1="libnss3_3.49.1-1ubuntu1.5_amd64.deb" nss_deb1="libnss3_3.49.1-1ubuntu1.5_amd64.deb"
nss_deb2="libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb" nss_deb2="libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb"
nss_deb3="libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb" nss_deb3="libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb"
export DEBIAN_FRONTEND=noninteractive TMPDIR=$(mktemp -d /tmp/nss.XXX 2>/dev/null)
set -x if [ -d "$TMPDIR" ]; then
if wget -t 3 -T 30 -q -O "/tmp/libnss3.deb" "$nss_url1/$nss_deb1" \ bigecho "Applying fix for NSS bug on Ubuntu 18.04..."
&& wget -t 3 -T 30 -q -O "/tmp/libnss3-dev.deb" "$nss_url1/$nss_deb2" \ export DEBIAN_FRONTEND=noninteractive
&& wget -t 3 -T 30 -q -O "/tmp/libnss3-tools.deb" "$nss_url2/$nss_deb3"; then set -x
apt-get -yqq update if wget -t 3 -T 30 -q -O "$TMPDIR/1.deb" "$nss_url1/$nss_deb1" \
apt-get -yqq install "/tmp/libnss3.deb" "/tmp/libnss3-dev.deb" "/tmp/libnss3-tools.deb" >/dev/null && wget -t 3 -T 30 -q -O "$TMPDIR/2.deb" "$nss_url1/$nss_deb2" \
/bin/rm -f "/tmp/libnss3.deb" "/tmp/libnss3-dev.deb" "/tmp/libnss3-tools.deb" && wget -t 3 -T 30 -q -O "$TMPDIR/3.deb" "$nss_url2/$nss_deb3"; then
apt-get -yqq update
apt-get -yqq install "$TMPDIR/1.deb" "$TMPDIR/2.deb" "$TMPDIR/3.deb" >/dev/null
fi
{ set +x; } 2>&-
/bin/rm -f "$TMPDIR/1.deb" "$TMPDIR/2.deb" "$TMPDIR/3.deb"
/bin/rmdir "$TMPDIR"
fi fi
{ set +x; } 2>&-
fi fi
} }
@ -1378,8 +1377,7 @@ ikev2setup() {
fi fi
apply_ubuntu1804_nss_fix apply_ubuntu1804_nss_fix
create_ca_cert create_ca_server_certs
create_server_cert
create_client_cert create_client_cert
export_p12_file export_p12_file
install_base64_uuidgen install_base64_uuidgen