From 7bece1681d856d8231b32be75ae56412978a0a08 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sun, 3 Jul 2016 17:54:15 -0500
Subject: [PATCH] Minor improvements and clean up

---
 extras/vpnsetup-debian-7-workaround.sh |  4 +--
 extras/vpnupgrade.sh                   | 13 ++++----
 extras/vpnupgrade_centos.sh            | 15 +++++-----
 vpnsetup.sh                            | 41 ++++++++++++++------------
 vpnsetup_centos.sh                     | 39 ++++++++++++------------
 5 files changed, 58 insertions(+), 54 deletions(-)

diff --git a/extras/vpnsetup-debian-7-workaround.sh b/extras/vpnsetup-debian-7-workaround.sh
index ab6ffa8..0b95208 100644
--- a/extras/vpnsetup-debian-7-workaround.sh
+++ b/extras/vpnsetup-debian-7-workaround.sh
@@ -42,8 +42,8 @@ cd /opt/src || exiterr "Cannot enter /opt/src."
 
 # Update package index and install wget
 export DEBIAN_FRONTEND=noninteractive
-apt-get -yq update
-apt-get -yq install wget
+apt-get -yq update || exiterr "'apt-get update' failed."
+apt-get -yq install wget || exiterr "Failed to install 'wget'."
 
 # Install libnss/libnspr packages from download.libreswan.org.
 # Ref: https://libreswan.org/wiki/3.14_on_Debian_Wheezy
diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index 82094ec..f477468 100644
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -17,7 +17,8 @@ swan_ver=3.17
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-exiterr() { echo "Error: ${1}" >&2; exit 1; }
+exiterr()  { echo "Error: ${1}" >&2; exit 1; }
+exiterr2() { echo "Error: 'apt-get install' failed." >&2; exit 1; }
 
 os_type="$(lsb_release -si 2>/dev/null)"
 if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
@@ -99,15 +100,15 @@ cd /opt/src || exiterr "Cannot enter /opt/src."
 
 # Update package index and install Wget
 export DEBIAN_FRONTEND=noninteractive
-apt-get -yq update
-apt-get -yq install wget
+apt-get -yq update || exiterr "'apt-get update' failed."
+apt-get -yq install wget || exiterr2
 
 # Install necessary packages
 apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
         libcap-ng-dev libcap-ng-utils libselinux1-dev \
         libcurl4-nss-dev flex bison gcc make \
-        libunbound-dev libnss3-tools libevent-dev
-apt-get -yq --no-install-recommends install xmlto
+        libunbound-dev libnss3-tools libevent-dev || exiterr2
+apt-get -yq --no-install-recommends install xmlto || exiterr2
 
 # Compile and install Libreswan
 swan_file="libreswan-${swan_ver}.tar.gz"
@@ -120,7 +121,7 @@ tar xzf "$swan_file" && /bin/rm -f "$swan_file"
 cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
 echo "WERROR_CFLAGS =" > Makefile.inc.local
 if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
-  apt-get -yq install libsystemd-dev
+  apt-get -yq install libsystemd-dev || exiterr2
 fi
 make -s programs && make -s install
 
diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh
index 3d38ad1..8ff34b1 100644
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@@ -17,7 +17,8 @@ swan_ver=3.17
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-exiterr() { echo "Error: ${1}" >&2; exit 1; }
+exiterr()  { echo "Error: ${1}" >&2; exit 1; }
+exiterr2() { echo "Error: 'yum install' failed." >&2; exit 1; }
 
 if [ ! -f /etc/redhat-release ]; then
   exiterr "This script only supports CentOS/RHEL."
@@ -92,25 +93,23 @@ mkdir -p /opt/src
 cd /opt/src || exiterr "Cannot enter /opt/src."
 
 # Install Wget
-yum -y install wget
+yum -y install wget || exiterr2
 
 # Add the EPEL repository
-yum -y install epel-release
-yum list installed epel-release >/dev/null 2>&1
-[ "$?" != "0" ] && exiterr "Cannot add EPEL repository."
+yum -y install epel-release || exiterr2
 
 # Install necessary packages
 yum -y install nss-devel nspr-devel pkgconfig pam-devel \
     libcap-ng-devel libselinux-devel \
     curl-devel flex bison gcc make \
-    fipscheck-devel unbound-devel xmlto
+    fipscheck-devel unbound-devel xmlto || exiterr2
 
 # Install libevent2 and systemd-devel (CentOS 7)
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
-  yum -y install libevent2-devel
+  yum -y install libevent2-devel || exiterr2
 elif grep -qs "release 7" /etc/redhat-release; then
-  yum -y install libevent-devel systemd-devel
+  yum -y install libevent-devel systemd-devel || exiterr2
 fi
 
 # Compile and install Libreswan
diff --git a/vpnsetup.sh b/vpnsetup.sh
index da74ec4..a8f6f1b 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -33,7 +33,8 @@ YOUR_PASSWORD=''
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-exiterr() { echo "Error: ${1}" >&2; exit 1; }
+exiterr()  { echo "Error: ${1}" >&2; exit 1; }
+exiterr2() { echo "Error: 'apt-get install' failed." >&2; exit 1; }
 
 os_type="$(lsb_release -si 2>/dev/null)"
 if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
@@ -81,10 +82,10 @@ IMPORTANT: Workaround required for Debian 7 (Wheezy).
 You must first run the script at: https://git.io/vpndeb7
 If not already done so, press Ctrl-C to interrupt now.
 
-Pausing for 60 seconds...
+Pausing for 30 seconds...
 
 EOF
-sleep 60
+sleep 30
 fi
 
 cat <<'EOF'
@@ -98,11 +99,11 @@ cd /opt/src || exiterr "Cannot enter /opt/src."
 
 # Update package index
 export DEBIAN_FRONTEND=noninteractive
-apt-get -yq update
+apt-get -yq update || exiterr "'apt-get update' failed."
 
 # Make sure basic commands exist
-apt-get -yq install wget dnsutils openssl
-apt-get -yq install iproute gawk grep sed net-tools
+apt-get -yq install wget dnsutils openssl || exiterr2
+apt-get -yq install iproute gawk grep sed net-tools || exiterr2
 
 cat <<'EOF'
 
@@ -142,12 +143,12 @@ fi
 apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
         libcap-ng-dev libcap-ng-utils libselinux1-dev \
         libcurl4-nss-dev flex bison gcc make \
-        libunbound-dev libnss3-tools libevent-dev
-apt-get -yq --no-install-recommends install xmlto
-apt-get -yq install xl2tpd
+        libunbound-dev libnss3-tools libevent-dev || exiterr2
+apt-get -yq --no-install-recommends install xmlto || exiterr2
+apt-get -yq install ppp xl2tpd || exiterr2
 
 # Install Fail2Ban to protect SSH
-apt-get -yq install fail2ban
+apt-get -yq install fail2ban || exiterr2
 
 # Compile and install Libreswan
 swan_ver=3.17
@@ -161,7 +162,7 @@ tar xzf "$swan_file" && /bin/rm -f "$swan_file"
 cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
 echo "WERROR_CFLAGS =" > Makefile.inc.local
 if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
-  apt-get -yq install libsystemd-dev
+  apt-get -yq install libsystemd-dev || exiterr2
 fi
 make -s programs && make -s install
 
@@ -235,7 +236,7 @@ EOF
 
 # Create xl2tpd config
 /bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
-cat > /etc/xl2tpd/xl2tpd.conf <<EOF
+cat > /etc/xl2tpd/xl2tpd.conf <<'EOF'
 [global]
 port = 1701
 
@@ -252,7 +253,7 @@ EOF
 
 # Set xl2tpd options
 /bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
-cat > /etc/ppp/options.xl2tpd <<EOF
+cat > /etc/ppp/options.xl2tpd <<'EOF'
 ipcp-accept-local
 ipcp-accept-remote
 ms-dns 8.8.8.8
@@ -279,12 +280,14 @@ EOF
 
 /bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
 VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
-echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
+cat > /etc/ipsec.d/passwd <<EOF
+$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
+EOF
 
 # Update sysctl settings
 if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
 /bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
-cat >> /etc/sysctl.conf <<EOF
+cat >> /etc/sysctl.conf <<'EOF'
 
 # Added by hwdsl2 VPN script
 kernel.msgmnb = 65536
@@ -355,8 +358,8 @@ COMMIT
 :INPUT ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
--A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"
--A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
+-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source $PRIVATE_IP
+-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source $PRIVATE_IP
 COMMIT
 EOF
 
@@ -392,7 +395,7 @@ fi
 
 # Load IPTables rules at system boot
 mkdir -p /etc/network/if-pre-up.d
-cat > /etc/network/if-pre-up.d/iptablesload <<EOF
+cat > /etc/network/if-pre-up.d/iptablesload <<'EOF'
 #!/bin/sh
 iptables-restore < /etc/iptables.rules
 exit 0
@@ -402,7 +405,7 @@ EOF
 if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
 /bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
 sed --follow-symlinks -i -e '/^exit 0/d' /etc/rc.local
-cat >> /etc/rc.local <<EOF
+cat >> /etc/rc.local <<'EOF'
 
 # Added by hwdsl2 VPN script
 service fail2ban restart || /bin/true
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 99feb62..f866832 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -33,7 +33,8 @@ YOUR_PASSWORD=''
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-exiterr() { echo "Error: ${1}" >&2; exit 1; }
+exiterr()  { echo "Error: ${1}" >&2; exit 1; }
+exiterr2() { echo "Error: 'yum install' failed." >&2; exit 1; }
 
 if [ ! -f /etc/redhat-release ]; then
   exiterr "This script only supports CentOS/RHEL."
@@ -88,8 +89,8 @@ mkdir -p /opt/src
 cd /opt/src || exiterr "Cannot enter /opt/src."
 
 # Make sure basic commands exist
-yum -y install wget bind-utils openssl
-yum -y install iproute gawk grep sed net-tools
+yum -y install wget bind-utils openssl || exiterr2
+yum -y install iproute gawk grep sed net-tools || exiterr2
 
 cat <<'EOF'
 
@@ -126,26 +127,24 @@ if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
 fi
 
 # Add the EPEL repository
-yum -y install epel-release
-yum list installed epel-release >/dev/null 2>&1
-[ "$?" != "0" ] && exiterr "Cannot add EPEL repository."
+yum -y install epel-release || exiterr2
 
 # Install necessary packages
 yum -y install nss-devel nspr-devel pkgconfig pam-devel \
     libcap-ng-devel libselinux-devel \
     curl-devel flex bison gcc make \
-    fipscheck-devel unbound-devel xmlto
-yum -y install ppp xl2tpd
+    fipscheck-devel unbound-devel xmlto || exiterr2
+yum -y install ppp xl2tpd || exiterr2
 
 # Install Fail2Ban to protect SSH
-yum -y install fail2ban
+yum -y install fail2ban || exiterr2
 
 # Install libevent2 and systemd-devel (CentOS 7)
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
-  yum -y install libevent2-devel
+  yum -y install libevent2-devel || exiterr2
 elif grep -qs "release 7" /etc/redhat-release; then
-  yum -y install libevent-devel systemd-devel
+  yum -y install libevent-devel systemd-devel || exiterr2
 fi
 
 # Compile and install Libreswan
@@ -231,7 +230,7 @@ EOF
 
 # Create xl2tpd config
 /bin/cp -f /etc/xl2tpd/xl2tpd.conf "/etc/xl2tpd/xl2tpd.conf.old-$sys_dt" 2>/dev/null
-cat > /etc/xl2tpd/xl2tpd.conf <<EOF
+cat > /etc/xl2tpd/xl2tpd.conf <<'EOF'
 [global]
 port = 1701
 
@@ -248,7 +247,7 @@ EOF
 
 # Set xl2tpd options
 /bin/cp -f /etc/ppp/options.xl2tpd "/etc/ppp/options.xl2tpd.old-$sys_dt" 2>/dev/null
-cat > /etc/ppp/options.xl2tpd <<EOF
+cat > /etc/ppp/options.xl2tpd <<'EOF'
 ipcp-accept-local
 ipcp-accept-remote
 ms-dns 8.8.8.8
@@ -275,12 +274,14 @@ EOF
 
 /bin/cp -f /etc/ipsec.d/passwd "/etc/ipsec.d/passwd.old-$sys_dt" 2>/dev/null
 VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
-echo "${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk" > /etc/ipsec.d/passwd
+cat > /etc/ipsec.d/passwd <<EOF
+$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
+EOF
 
 # Update sysctl settings
 if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
 /bin/cp -f /etc/sysctl.conf "/etc/sysctl.conf.old-$sys_dt" 2>/dev/null
-cat >> /etc/sysctl.conf <<EOF
+cat >> /etc/sysctl.conf <<'EOF'
 
 # Added by hwdsl2 VPN script
 kernel.msgmnb = 65536
@@ -350,8 +351,8 @@ COMMIT
 :PREROUTING ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
--A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"
--A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
+-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source $PRIVATE_IP
+-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source $PRIVATE_IP
 COMMIT
 EOF
 
@@ -382,7 +383,7 @@ fi
 
 # Create basic Fail2Ban rules
 if [ ! -f /etc/fail2ban/jail.local ] ; then
-cat > /etc/fail2ban/jail.local <<EOF
+cat > /etc/fail2ban/jail.local <<'EOF'
 [DEFAULT]
 ignoreip = 127.0.0.1/8
 bantime  = 600
@@ -401,7 +402,7 @@ fi
 # Start services at boot
 if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
 /bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
-cat >> /etc/rc.local <<EOF
+cat >> /etc/rc.local <<'EOF'
 
 # Added by hwdsl2 VPN script
 iptables-restore < /etc/sysconfig/iptables