Improve VPN setup

- Retrieve latest supported Libreswan version before install - Cleanup
2024-06-27 08:06:24 +02:00 · 2022-01-22 21:31:55 -06:00 · 2022-01-22 21:31:55 -06:00 · 9022caf9f4
commit 9022caf9f4
parent a4e4f45ff6
4 changed files with 80 additions and 140 deletions
--- a/vpnsetup_alpine.sh
+++ b/vpnsetup_alpine.sh
@ -60,7 +60,6 @@ check_vz() {
 check_os() {
  os_type=$(lsb_release -si 2>/dev/null)
  os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
  [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
  case $os_type in
    [Aa]lpine)
@ -133,9 +132,6 @@ check_dns() {
 start_setup() {
  bigecho "VPN setup in progress... Please be patient."
  # shellcheck disable=SC2154
  trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
  trap 'finish $? $((dlo+1))' EXIT
  mkdir -p /opt/src
  cd /opt/src || exit 1
 }
@ -174,18 +170,17 @@ install_fail2ban() {
  ) || exiterr2
 }
-get_ikev2_script() {
+get_swan_ver() {
-  bigecho "Downloading IKEv2 script..."
+  base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
-  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+  swan_ver_url="$base_url/$os_type/$os_ver/swanver"
-  (
+  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
-    set -x
+  SWAN_VER=4.6
-    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
-  ) || /bin/rm -f ikev2.sh
+    SWAN_VER="$swan_ver_latest"
-  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+  fi
 }
 check_libreswan() {
  SWAN_VER=4.6
  ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
  swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
  [ "$swan_ver_old" = "$SWAN_VER" ]
@ -235,6 +230,16 @@ EOF
  fi
 }
 get_ikev2_script() {
  bigecho "Downloading IKEv2 script..."
  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
  (
    set -x
    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
  ) || /bin/rm -f ikev2.sh
  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
 }
 create_vpn_config() {
  bigecho "Creating VPN configuration..."
@ -497,27 +502,6 @@ IKEv2 guide:       https://git.io/ikev2
 EOF
 }
 check_swan_ver() {
  swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
  [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
    && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
    && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
 cat <<EOF
 Note: A newer version of Libreswan ($swan_ver_latest) is available.
      To update, run:
      wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
 EOF
  fi
 }
 finish() {
  check_swan_ver "$1" "$2"
  exit "$1"
 }
 vpnsetup() {
  check_root
  check_vz
@ -530,9 +514,10 @@ vpnsetup() {
  detect_ip
  install_vpn_pkgs
  install_fail2ban
-  get_ikev2_script
+  get_swan_ver
  get_libreswan
  install_libreswan
  get_ikev2_script
  create_vpn_config
  update_sysctl
  update_iptables
--- a/vpnsetup_amzn.sh
+++ b/vpnsetup_amzn.sh
@ -53,7 +53,6 @@ check_root() {
 }
 check_os() {
  os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
  if ! grep -qs "Amazon Linux release 2" /etc/system-release; then
    exiterr "This script only supports Amazon Linux 2."
  fi
@ -115,9 +114,6 @@ check_dns() {
 start_setup() {
  bigecho "VPN setup in progress... Please be patient."
  # shellcheck disable=SC2154
  trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
  trap 'finish $? $((dlo+1))' EXIT
  mkdir -p /opt/src
  cd /opt/src || exit 1
 }
@ -174,18 +170,17 @@ install_fail2ban() {
  ) || exiterr2
 }
-get_ikev2_script() {
+get_swan_ver() {
-  bigecho "Downloading IKEv2 script..."
+  base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
-  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+  swan_ver_url="$base_url/amzn/2/swanver"
-  (
+  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
-    set -x
+  SWAN_VER=4.6
-    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
-  ) || /bin/rm -f ikev2.sh
+    SWAN_VER="$swan_ver_latest"
-  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+  fi
 }
 check_libreswan() {
  SWAN_VER=4.6
  ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
  swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
  [ "$swan_ver_old" = "$SWAN_VER" ]
@ -237,6 +232,16 @@ EOF
  fi
 }
 get_ikev2_script() {
  bigecho "Downloading IKEv2 script..."
  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
  (
    set -x
    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
  ) || /bin/rm -f ikev2.sh
  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
 }
 create_vpn_config() {
  bigecho "Creating VPN configuration..."
@ -510,27 +515,6 @@ IKEv2 guide:       https://git.io/ikev2
 EOF
 }
 check_swan_ver() {
  swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
  [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
    && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
    && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
 cat <<EOF
 Note: A newer version of Libreswan ($swan_ver_latest) is available.
      To update, run:
      wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
 EOF
  fi
 }
 finish() {
  check_swan_ver "$1" "$2"
  exit "$1"
 }
 vpnsetup() {
  check_root
  check_os
@ -544,9 +528,10 @@ vpnsetup() {
  install_vpn_pkgs_1
  install_vpn_pkgs_2
  install_fail2ban
-  get_ikev2_script
+  get_swan_ver
  get_libreswan
  install_libreswan
  get_ikev2_script
  create_vpn_config
  create_f2b_config
  update_sysctl
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -62,7 +62,6 @@ check_vz() {
 check_os() {
  os_type=centos
  os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
  rh_file="/etc/redhat-release"
  if grep -qs "Red Hat" "$rh_file"; then
    os_type=rhel
@ -135,9 +134,6 @@ check_dns() {
 start_setup() {
  bigecho "VPN setup in progress... Please be patient."
  # shellcheck disable=SC2154
  trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
  trap 'finish $? $((dlo+1))' EXIT
  mkdir -p /opt/src
  cd /opt/src || exit 1
 }
@ -229,18 +225,17 @@ install_fail2ban() {
  ) || exiterr2
 }
-get_ikev2_script() {
+get_swan_ver() {
-  bigecho "Downloading IKEv2 script..."
+  base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
-  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+  swan_ver_url="$base_url/$os_type/$os_ver/swanver"
-  (
+  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
-    set -x
+  SWAN_VER=4.6
-    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
-  ) || /bin/rm -f ikev2.sh
+    SWAN_VER="$swan_ver_latest"
-  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+  fi
 }
 check_libreswan() {
  SWAN_VER=4.6
  ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
  swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
  [ "$swan_ver_old" = "$SWAN_VER" ]
@ -292,6 +287,16 @@ EOF
  fi
 }
 get_ikev2_script() {
  bigecho "Downloading IKEv2 script..."
  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
  (
    set -x
    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
  ) || /bin/rm -f ikev2.sh
  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
 }
 create_vpn_config() {
  bigecho "Creating VPN configuration..."
@ -606,27 +611,6 @@ IKEv2 guide:       https://git.io/ikev2
 EOF
 }
 check_swan_ver() {
  swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
  [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
    && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
    && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
 cat <<EOF
 Note: A newer version of Libreswan ($swan_ver_latest) is available.
      To update, run:
      wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
 EOF
  fi
 }
 finish() {
  check_swan_ver "$1" "$2"
  exit "$1"
 }
 vpnsetup() {
  check_root
  check_vz
@ -642,9 +626,10 @@ vpnsetup() {
  install_vpn_pkgs_2
  install_vpn_pkgs_3
  install_fail2ban
-  get_ikev2_script
+  get_swan_ver
  get_libreswan
  install_libreswan
  get_ikev2_script
  create_vpn_config
  create_f2b_config
  update_sysctl
--- a/vpnsetup_ubuntu.sh
+++ b/vpnsetup_ubuntu.sh
@ -61,7 +61,6 @@ check_vz() {
 check_os() {
  os_type=$(lsb_release -si 2>/dev/null)
  os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
  [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
  case $os_type in
    [Uu]buntu)
@ -147,9 +146,6 @@ check_iptables() {
 start_setup() {
  bigecho "VPN setup in progress... Please be patient."
  # shellcheck disable=SC2154
  trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
  trap 'finish $? $((dlo+1))' EXIT
  mkdir -p /opt/src
  cd /opt/src || exit 1
 }
@ -212,18 +208,17 @@ install_fail2ban() {
  ) || exiterr2
 }
-get_ikev2_script() {
+get_swan_ver() {
-  bigecho "Downloading IKEv2 script..."
+  base_url="https://github.com/hwdsl2/vpn-extras/raw/main/ver/v1"
-  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+  swan_ver_url="$base_url/$os_type/$os_ver/swanver"
-  (
+  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
-    set -x
+  SWAN_VER=4.6
-    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
-  ) || /bin/rm -f ikev2.sh
+    SWAN_VER="$swan_ver_latest"
-  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+  fi
 }
 check_libreswan() {
  SWAN_VER=4.6
  ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
  swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
  [ "$swan_ver_old" = "$SWAN_VER" ]
@ -283,6 +278,16 @@ EOF
  fi
 }
 get_ikev2_script() {
  bigecho "Downloading IKEv2 script..."
  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
  (
    set -x
    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
  ) || /bin/rm -f ikev2.sh
  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
 }
 create_vpn_config() {
  bigecho "Creating VPN configuration..."
@ -594,27 +599,6 @@ EOF
  fi
 }
 check_swan_ver() {
  swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
  [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
    && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
    && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
 cat <<EOF
 Note: A newer version of Libreswan ($swan_ver_latest) is available.
      To update, run:
      wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
 EOF
  fi
 }
 finish() {
  check_swan_ver "$1" "$2"
  exit "$1"
 }
 vpnsetup() {
  check_root
  check_vz
@ -630,9 +614,10 @@ vpnsetup() {
  detect_ip
  install_vpn_pkgs
  install_fail2ban
-  get_ikev2_script
+  get_swan_ver
  get_libreswan
  install_libreswan
  get_ikev2_script
  create_vpn_config
  update_sysctl
  update_iptables