diff --git a/extras/quickstart.sh b/extras/quickstart.sh index 40f2e50..4805ae6 100755 --- a/extras/quickstart.sh +++ b/extras/quickstart.sh @@ -266,23 +266,14 @@ run_setup() { if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url" \ || curl -fsL "$setup_url" -o "$tmpdir/vpn.sh" 2>/dev/null ); then - if VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" VPN_PASSWORD="$VPN_PASSWORD" \ - VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \ - VPN_L2TP_LOCAL="$VPN_L2TP_LOCAL" VPN_L2TP_POOL="$VPN_L2TP_POOL" \ - VPN_XAUTH_NET="$VPN_XAUTH_NET" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ - VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ - /bin/bash "$tmpdir/vpn.sh"; then - if [ -s /opt/src/ikev2.sh ] && [ ! -f /etc/ipsec.d/ikev2.conf ]; then - sleep 1 - VPN_DNS_NAME="$VPN_DNS_NAME" VPN_PUBLIC_IP="$VPN_PUBLIC_IP" \ - VPN_CLIENT_NAME="$VPN_CLIENT_NAME" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ - VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ - VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \ - /bin/bash /opt/src/ikev2.sh --auto || status=1 - fi - else - status=1 - fi + VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" VPN_PASSWORD="$VPN_PASSWORD" \ + VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \ + VPN_L2TP_LOCAL="$VPN_L2TP_LOCAL" VPN_L2TP_POOL="$VPN_L2TP_POOL" \ + VPN_XAUTH_NET="$VPN_XAUTH_NET" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ + VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ + VPN_DNS_NAME="$VPN_DNS_NAME" VPN_CLIENT_NAME="$VPN_CLIENT_NAME" \ + VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \ + /bin/bash "$tmpdir/vpn.sh" || status=1 else status=1 echo "Error: Could not download VPN setup script." >&2 diff --git a/vpnsetup.sh b/vpnsetup.sh index 2635058..7a296aa 100755 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -266,23 +266,14 @@ run_setup() { if tmpdir=$(mktemp --tmpdir -d vpn.XXXXX 2>/dev/null); then if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url" \ || curl -fsL "$setup_url" -o "$tmpdir/vpn.sh" 2>/dev/null ); then - if VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" VPN_PASSWORD="$VPN_PASSWORD" \ - VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \ - VPN_L2TP_LOCAL="$VPN_L2TP_LOCAL" VPN_L2TP_POOL="$VPN_L2TP_POOL" \ - VPN_XAUTH_NET="$VPN_XAUTH_NET" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ - VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ - /bin/bash "$tmpdir/vpn.sh"; then - if [ -s /opt/src/ikev2.sh ] && [ ! -f /etc/ipsec.d/ikev2.conf ]; then - sleep 1 - VPN_DNS_NAME="$VPN_DNS_NAME" VPN_PUBLIC_IP="$VPN_PUBLIC_IP" \ - VPN_CLIENT_NAME="$VPN_CLIENT_NAME" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ - VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ - VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \ - /bin/bash /opt/src/ikev2.sh --auto || status=1 - fi - else - status=1 - fi + VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" VPN_PASSWORD="$VPN_PASSWORD" \ + VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \ + VPN_L2TP_LOCAL="$VPN_L2TP_LOCAL" VPN_L2TP_POOL="$VPN_L2TP_POOL" \ + VPN_XAUTH_NET="$VPN_XAUTH_NET" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ + VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ + VPN_DNS_NAME="$VPN_DNS_NAME" VPN_CLIENT_NAME="$VPN_CLIENT_NAME" \ + VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \ + /bin/bash "$tmpdir/vpn.sh" || status=1 else status=1 echo "Error: Could not download VPN setup script." >&2 diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh index 895ade1..88b49df 100755 --- a/vpnsetup_alpine.sh +++ b/vpnsetup_alpine.sh @@ -46,6 +46,11 @@ check_ip() { printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX" } +check_dns_name() { + FQDN_REGEX='^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$' + printf '%s' "$1" | tr -d '\n' | grep -Eq "$FQDN_REGEX" +} + check_root() { if [ "$(id -u)" != 0 ]; then exiterr "Script must be run as root. Try 'sudo bash $0'" @@ -130,6 +135,22 @@ check_dns() { fi } +check_server_dns() { + if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then + exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)." + fi +} + +check_client_name() { + if [ -n "$VPN_CLIENT_NAME" ]; then + name_len="$(printf '%s' "$VPN_CLIENT_NAME" | wc -m)" + if [ "$name_len" -gt "64" ] || printf '%s' "$VPN_CLIENT_NAME" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+' \ + || case $VPN_CLIENT_NAME in -*) true;; *) false;; esac; then + exiterr "Invalid client name. Use one word only, no special characters except '-' and '_'." + fi + fi +} + start_setup() { bigecho "VPN setup in progress... Please be patient." mkdir -p /opt/src @@ -504,6 +525,18 @@ IKEv2 guide: https://git.io/ikev2 EOF } +set_up_ikev2() { + status=0 + if [ -s /opt/src/ikev2.sh ] && [ ! -f /etc/ipsec.d/ikev2.conf ]; then + sleep 1 + VPN_DNS_NAME="$VPN_DNS_NAME" VPN_PUBLIC_IP="$public_ip" \ + VPN_CLIENT_NAME="$VPN_CLIENT_NAME" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ + VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ + VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \ + /bin/bash /opt/src/ikev2.sh --auto || status=1 + fi +} + vpnsetup() { check_root check_vz @@ -511,6 +544,8 @@ vpnsetup() { check_iface check_creds check_dns + check_server_dns + check_client_name start_setup install_setup_pkgs detect_ip @@ -526,9 +561,10 @@ vpnsetup() { enable_on_boot start_services show_vpn_info + set_up_ikev2 } ## Defer setup until we have the complete script vpnsetup "$@" -exit 0 +exit "$status" diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh index db6474b..8a3afa3 100755 --- a/vpnsetup_amzn.sh +++ b/vpnsetup_amzn.sh @@ -46,6 +46,11 @@ check_ip() { printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX" } +check_dns_name() { + FQDN_REGEX='^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$' + printf '%s' "$1" | tr -d '\n' | grep -Eq "$FQDN_REGEX" +} + check_root() { if [ "$(id -u)" != 0 ]; then exiterr "Script must be run as root. Try 'sudo bash $0'" @@ -112,6 +117,22 @@ check_dns() { fi } +check_server_dns() { + if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then + exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)." + fi +} + +check_client_name() { + if [ -n "$VPN_CLIENT_NAME" ]; then + name_len="$(printf '%s' "$VPN_CLIENT_NAME" | wc -m)" + if [ "$name_len" -gt "64" ] || printf '%s' "$VPN_CLIENT_NAME" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+' \ + || case $VPN_CLIENT_NAME in -*) true;; *) false;; esac; then + exiterr "Invalid client name. Use one word only, no special characters except '-' and '_'." + fi + fi +} + start_setup() { bigecho "VPN setup in progress... Please be patient." mkdir -p /opt/src @@ -517,12 +538,26 @@ IKEv2 guide: https://git.io/ikev2 EOF } +set_up_ikev2() { + status=0 + if [ -s /opt/src/ikev2.sh ] && [ ! -f /etc/ipsec.d/ikev2.conf ]; then + sleep 1 + VPN_DNS_NAME="$VPN_DNS_NAME" VPN_PUBLIC_IP="$public_ip" \ + VPN_CLIENT_NAME="$VPN_CLIENT_NAME" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ + VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ + VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \ + /bin/bash /opt/src/ikev2.sh --auto || status=1 + fi +} + vpnsetup() { check_root check_os check_iface check_creds check_dns + check_server_dns + check_client_name start_setup install_setup_pkgs detect_ip @@ -541,9 +576,10 @@ vpnsetup() { enable_on_boot start_services show_vpn_info + set_up_ikev2 } ## Defer setup until we have the complete script vpnsetup "$@" -exit 0 +exit "$status" diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 9591aab..8ccec90 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -48,6 +48,11 @@ check_ip() { printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX" } +check_dns_name() { + FQDN_REGEX='^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$' + printf '%s' "$1" | tr -d '\n' | grep -Eq "$FQDN_REGEX" +} + check_root() { if [ "$(id -u)" != 0 ]; then exiterr "Script must be run as root. Try 'sudo bash $0'" @@ -132,6 +137,22 @@ check_dns() { fi } +check_server_dns() { + if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then + exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)." + fi +} + +check_client_name() { + if [ -n "$VPN_CLIENT_NAME" ]; then + name_len="$(printf '%s' "$VPN_CLIENT_NAME" | wc -m)" + if [ "$name_len" -gt "64" ] || printf '%s' "$VPN_CLIENT_NAME" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+' \ + || case $VPN_CLIENT_NAME in -*) true;; *) false;; esac; then + exiterr "Invalid client name. Use one word only, no special characters except '-' and '_'." + fi + fi +} + start_setup() { bigecho "VPN setup in progress... Please be patient." mkdir -p /opt/src @@ -630,6 +651,18 @@ IKEv2 guide: https://git.io/ikev2 EOF } +set_up_ikev2() { + status=0 + if [ -s /opt/src/ikev2.sh ] && [ ! -f /etc/ipsec.d/ikev2.conf ]; then + sleep 1 + VPN_DNS_NAME="$VPN_DNS_NAME" VPN_PUBLIC_IP="$public_ip" \ + VPN_CLIENT_NAME="$VPN_CLIENT_NAME" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ + VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ + VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \ + /bin/bash /opt/src/ikev2.sh --auto || status=1 + fi +} + vpnsetup() { check_root check_vz @@ -637,6 +670,8 @@ vpnsetup() { check_iface check_creds check_dns + check_server_dns + check_client_name start_setup install_setup_pkgs detect_ip @@ -657,9 +692,10 @@ vpnsetup() { enable_on_boot start_services show_vpn_info + set_up_ikev2 } ## Defer setup until we have the complete script vpnsetup "$@" -exit 0 +exit "$status" diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh index 49a7411..674581b 100755 --- a/vpnsetup_ubuntu.sh +++ b/vpnsetup_ubuntu.sh @@ -47,6 +47,11 @@ check_ip() { printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX" } +check_dns_name() { + FQDN_REGEX='^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$' + printf '%s' "$1" | tr -d '\n' | grep -Eq "$FQDN_REGEX" +} + check_root() { if [ "$(id -u)" != 0 ]; then exiterr "Script must be run as root. Try 'sudo bash $0'" @@ -138,6 +143,22 @@ check_dns() { fi } +check_server_dns() { + if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then + exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)." + fi +} + +check_client_name() { + if [ -n "$VPN_CLIENT_NAME" ]; then + name_len="$(printf '%s' "$VPN_CLIENT_NAME" | wc -m)" + if [ "$name_len" -gt "64" ] || printf '%s' "$VPN_CLIENT_NAME" | LC_ALL=C grep -q '[^A-Za-z0-9_-]\+' \ + || case $VPN_CLIENT_NAME in -*) true;; *) false;; esac; then + exiterr "Invalid client name. Use one word only, no special characters except '-' and '_'." + fi + fi +} + check_iptables() { if [ -x /sbin/iptables ] && ! iptables -nL INPUT >/dev/null 2>&1; then exiterr "IPTables check failed. Reboot and re-run this script." @@ -618,6 +639,18 @@ EOF fi } +set_up_ikev2() { + status=0 + if [ -s /opt/src/ikev2.sh ] && [ ! -f /etc/ipsec.d/ikev2.conf ]; then + sleep 1 + VPN_DNS_NAME="$VPN_DNS_NAME" VPN_PUBLIC_IP="$public_ip" \ + VPN_CLIENT_NAME="$VPN_CLIENT_NAME" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \ + VPN_DNS_SRV1="$VPN_DNS_SRV1" VPN_DNS_SRV2="$VPN_DNS_SRV2" \ + VPN_PROTECT_CONFIG="$VPN_PROTECT_CONFIG" \ + /bin/bash /opt/src/ikev2.sh --auto || status=1 + fi +} + vpnsetup() { check_root check_vz @@ -625,6 +658,8 @@ vpnsetup() { check_iface check_creds check_dns + check_server_dns + check_client_name check_iptables start_setup wait_for_apt @@ -644,9 +679,10 @@ vpnsetup() { enable_on_boot start_services show_vpn_info + set_up_ikev2 } ## Defer setup until we have the complete script vpnsetup "$@" -exit 0 +exit "$status"