From 5e1b3e1ae924271955e33e9e7433c52f1d29e482 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Thu, 21 Jan 2021 00:24:07 -0600 Subject: [PATCH] Update IKEv2 script - Apply fix for NSS bug on Ubuntu 18.04. Ubuntu 18.04 has NSS (libnss3) version 3.35, which has a bug with iteration counts that results in "incorrect password" errors when trying to import a generated ".p12" file to Windows. To fix this, we install newer versions of libnss3 related packages from the official Ubuntu repo. Ref: #414 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes https://packages.ubuntu.com/focal/amd64/libnss3 - Other minor improvements --- extras/ikev2setup.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh index e6d21e4..2a550a4 100644 --- a/extras/ikev2setup.sh +++ b/extras/ikev2setup.sh @@ -833,6 +833,26 @@ EOF esac } +apply_ubuntu1804_nss_fix() { + if [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "bustersid" ] && [ "$os_arch" = "x86_64" ]; then + bigecho "Applying fix for NSS bug on Ubuntu 18.04..." + + nss_url1="http://security.ubuntu.com/ubuntu/pool/main/n/nss" + nss_url2="http://security.ubuntu.com/ubuntu/pool/universe/n/nss" + nss_deb1="libnss3_3.49.1-1ubuntu1.5_amd64.deb" + nss_deb2="libnss3-dev_3.49.1-1ubuntu1.5_amd64.deb" + nss_deb3="libnss3-tools_3.49.1-1ubuntu1.5_amd64.deb" + if wget -t 3 -T 30 -nv -O "/tmp/$nss_deb1" "$nss_url1/$nss_deb1" \ + && wget -t 3 -T 30 -nv -O "/tmp/$nss_deb2" "$nss_url1/$nss_deb2" \ + && wget -t 3 -T 30 -nv -O "/tmp/$nss_deb3" "$nss_url2/$nss_deb3"; then + export DEBIAN_FRONTEND=noninteractive + apt-get -yqq update + apt-get -yqq install "/tmp/$nss_deb1" "/tmp/$nss_deb2" "/tmp/$nss_deb3" + fi + /bin/rm -f "/tmp/$nss_deb1" "/tmp/$nss_deb2" "/tmp/$nss_deb3" + fi +} + restart_ipsec_service() { bigecho "Restarting IPsec service..." @@ -847,6 +867,9 @@ cat <