Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-07-04 03:25:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update IKEv2 script

Browse Source 
- Improve backward compatibility: Protect IKEv2 client config files
  using a password if one was previously generated.
- Ref: dbc3527
This commit is contained in:
hwdsl2 2022-02-14 03:46:06 -06:00
parent ddb6a65b82
commit 7c0d08442e
1 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
extras/ikev2setup.sh
View File

@ -577,11 +577,22 @@ EOF
fi fi
} }
check_config_password() {
config_file="/etc/ipsec.d/.vpnconfig"
if grep -qs '^IKEV2_CONFIG_PASSWORD=.\+' "$config_file"; then
use_config_password=1
else
use_config_password=0
fi
}
select_config_password() { select_config_password() {
if [ "$use_config_password" = "0" ]; then
cat <<'EOF' cat <<'EOF'
IKEv2 client config files contain the client certificate, private key and CA certificate. IKEv2 client config files contain the client certificate, private key and CA certificate.
This script can optionally generate a random password to protect these files. This script can optionally generate a random password to protect these files.
Future client config files will also be protected using the same password.
EOF EOF
printf "Protect client config files using a password? [y/N] " printf "Protect client config files using a password? [y/N] "
@ -594,6 +605,7 @@ EOF
use_config_password=0 use_config_password=0
;; ;;
esac esac
fi
} }
select_menu_option() { select_menu_option() {
@ -1273,7 +1285,6 @@ ikev2setup() {
check_utils_exist check_utils_exist
use_defaults=0 use_defaults=0
use_config_password=0
add_client=0 add_client=0
export_client=0 export_client=0
list_clients=0 list_clients=0
@ -1321,6 +1332,7 @@ ikev2setup() {
done done
check_arguments check_arguments
check_config_password
get_export_dir get_export_dir
if [ "$add_client" = "1" ]; then if [ "$add_client" = "1" ]; then