Update IKEv2 script

- Improve backward compatibility: Protect IKEv2 client config files using a password if one was previously generated. - Ref: dbc3527
2024-06-30 01:25:53 +02:00 · 2022-02-14 03:46:06 -06:00 · 2022-02-14 03:46:06 -06:00 · 7c0d08442e
commit 7c0d08442e
parent ddb6a65b82
1 changed files with 23 additions and 11 deletions
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@ -577,23 +577,35 @@ EOF
  fi
 }

+check_config_password() {
+  config_file="/etc/ipsec.d/.vpnconfig"
+  if grep -qs '^IKEV2_CONFIG_PASSWORD=.\+' "$config_file"; then
+    use_config_password=1
+  else
+    use_config_password=0
+  fi
+}
+
 select_config_password() {
+  if [ "$use_config_password" = "0" ]; then
 cat <<'EOF'

 IKEv2 client config files contain the client certificate, private key and CA certificate.
 This script can optionally generate a random password to protect these files.
+Future client config files will also be protected using the same password.

 EOF
-  printf "Protect client config files using a password? [y/N] "
-  read -r response
-  case $response in
-    [yY][eE][sS]|[yY])
-      use_config_password=1
-      ;;
-    *)
-      use_config_password=0
-      ;;
-  esac
+    printf "Protect client config files using a password? [y/N] "
+    read -r response
+    case $response in
+      [yY][eE][sS]|[yY])
+        use_config_password=1
+        ;;
+      *)
+        use_config_password=0
+        ;;
+    esac
+  fi
 }

 select_menu_option() {
@ -1273,7 +1285,6 @@ ikev2setup() {
  check_utils_exist

  use_defaults=0
-  use_config_password=0
  add_client=0
  export_client=0
  list_clients=0
@ -1321,6 +1332,7 @@ ikev2setup() {
  done

  check_arguments
+  check_config_password
  get_export_dir

  if [ "$add_client" = "1" ]; then