Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-30 17:45:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve error output

Browse Source
This commit is contained in:
hwdsl2 2016-06-29 02:40:52 -05:00
parent 8336260799
commit ac91fa9b79
5 changed files with 58 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
extras/vpnsetup-debian-7-workaround.sh
View File

@ -22,26 +22,23 @@
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
echoerr() { echo "$@" 1>&2; } exiterr() { echo "Error: ${1}" >&2; exit 1; }
if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" != "7" ]; then if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" != "7" ]; then
echoerr "This script only supports Debian 7 (Wheezy)." exiterr "This script only supports Debian 7 (Wheezy)."
exit 1
fi fi
if [ "$(uname -m)" != "x86_64" ]; then if [ "$(uname -m)" != "x86_64" ]; then
echoerr "This script only supports 64-bit Debian 7." exiterr "This script only supports 64-bit Debian 7."
exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echoerr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
exit 1
fi fi
# Create and change to working dir # Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
# Update package index and install wget # Update package index and install wget
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
@ -71,8 +68,6 @@ if [ -s "$deb1" ] && [ -s "$deb2" ] && [ -s "$deb3" ] && [ -s "$deb4" ] && [ -s
echo 'Completed! If no error, you may now proceed to run the VPN setup script.' echo 'Completed! If no error, you may now proceed to run the VPN setup script.'
exit 0 exit 0
else else
echoerr
echoerr 'Could not download libnss/libnspr package(s). Aborting.'
/bin/rm -f "$deb1" "$deb2" "$deb3" "$deb4" "$deb5" /bin/rm -f "$deb1" "$deb2" "$deb3" "$deb4" "$deb5"
exit 1 exiterr 'Could not download libnss/libnspr package(s).'
fi fi

27
extras/vpnupgrade_Libreswan.sh
View File

@ -17,33 +17,28 @@ swan_ver=3.17
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
echoerr() { echo "$@" 1>&2; } exiterr() { echo "Error: ${1}" >&2; exit 1; }
os_type="$(lsb_release -si 2>/dev/null)" os_type="$(lsb_release -si 2>/dev/null)"
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
echoerr "This script only supports Ubuntu/Debian." exiterr "This script only supports Ubuntu/Debian."
exit 1
fi fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
echoerr "This script does not support OpenVZ VPS." exiterr "This script does not support OpenVZ VPS."
exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echoerr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
exit 1
fi fi
if [ -z "$swan_ver" ]; then if [ -z "$swan_ver" ]; then
echoerr "Libreswan version 'swan_ver' not specified. Aborting." exiterr "Libreswan version 'swan_ver' not specified."
exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
echoerr "This script requires Libreswan already installed. Aborting." exiterr "This script requires Libreswan already installed."
exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
@ -100,7 +95,7 @@ esac
# Create and change to working dir # Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
# Update package index and install Wget # Update package index and install Wget
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
@ -119,10 +114,10 @@ swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Cannot download Libreswan source."
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
echo "WERROR_CFLAGS =" > Makefile.inc.local echo "WERROR_CFLAGS =" > Makefile.inc.local
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
apt-get -yq install libsystemd-dev apt-get -yq install libsystemd-dev
@ -130,10 +125,10 @@ fi
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $swan_ver failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Libreswan $swan_ver failed to build."
# Restart IPsec service # Restart IPsec service
service ipsec restart service ipsec restart

32
extras/vpnupgrade_Libreswan_centos.sh
View File

@ -17,37 +17,31 @@ swan_ver=3.17
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
echoerr() { echo "$@" 1>&2; } exiterr() { echo "Error: ${1}" >&2; exit 1; }
if [ ! -f /etc/redhat-release ]; then if [ ! -f /etc/redhat-release ]; then
echoerr "This script only supports CentOS/RHEL." exiterr "This script only supports CentOS/RHEL."
exit 1
fi fi
if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
echoerr "This script only supports CentOS/RHEL 6 and 7." exiterr "This script only supports CentOS/RHEL 6 and 7."
exit 1
fi fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
echoerr "This script does not support OpenVZ VPS." exiterr "This script does not support OpenVZ VPS."
exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echoerr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
exit 1
fi fi
if [ -z "$swan_ver" ]; then if [ -z "$swan_ver" ]; then
echoerr "Libreswan version 'swan_ver' not specified. Aborting." exiterr "Libreswan version 'swan_ver' not specified."
exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
echoerr "This script requires Libreswan already installed. Aborting." exiterr "This script requires Libreswan already installed."
exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver"
@ -95,7 +89,7 @@ esac
# Create and change to working dir # Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
# Install Wget # Install Wget
yum -y install wget yum -y install wget
@ -103,7 +97,7 @@ yum -y install wget
# Add the EPEL repository # Add the EPEL repository
yum -y install epel-release yum -y install epel-release
yum list installed epel-release >/dev/null 2>&1 yum list installed epel-release >/dev/null 2>&1
[ "$?" != "0" ] && { echoerr "Cannot add EPEL repository. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Cannot add EPEL repository."
# Install necessary packages # Install necessary packages
yum -y install nss-devel nspr-devel pkgconfig pam-devel \ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
@ -124,18 +118,18 @@ swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Cannot download Libreswan source."
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
echo "WERROR_CFLAGS =" > Makefile.inc.local echo "WERROR_CFLAGS =" > Makefile.inc.local
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $swan_ver failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Libreswan $swan_ver failed to build."
# Restore SELinux contexts # Restore SELinux contexts
restorecon /etc/ipsec.d/*db 2>/dev/null restorecon /etc/ipsec.d/*db 2>/dev/null

32
vpnsetup.sh
View File

@ -33,28 +33,25 @@ YOUR_PASSWORD=''
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
echoerr() { echo "$@" 1>&2; } exiterr() { echo "Error: ${1}" >&2; exit 1; }
os_type="$(lsb_release -si 2>/dev/null)" os_type="$(lsb_release -si 2>/dev/null)"
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
echoerr "This script only supports Ubuntu/Debian." exiterr "This script only supports Ubuntu/Debian."
exit 1
fi fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
echoerr "This script does not support OpenVZ VPS." exiterr "This script does not support OpenVZ VPS."
exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echoerr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
exit 1
fi fi
eth0_state=$(cat /sys/class/net/eth0/operstate 2>/dev/null) eth0_state=$(cat /sys/class/net/eth0/operstate 2>/dev/null)
if [ -z "$eth0_state" ] || [ "$eth0_state" = "down" ]; then if [ -z "$eth0_state" ] || [ "$eth0_state" = "down" ]; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Network interface 'eth0' is not available. Aborting. Error: Network interface 'eth0' is not available.
Run 'cat /proc/net/dev' to find the active network interface, Run 'cat /proc/net/dev' to find the active network interface,
then use it to replace ALL 'eth0' and 'eth+' in this script. then use it to replace ALL 'eth0' and 'eth+' in this script.
@ -75,8 +72,7 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
fi fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
echoerr "All VPN credentials must be specified. Edit the script and re-enter them." exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
exit 1
fi fi
if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" = "7" ]; then if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" = "7" ]; then
@ -98,7 +94,7 @@ EOF
# Create and change to working dir # Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
# Update package index # Update package index
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
@ -136,12 +132,10 @@ PRIVATE_IP=${VPN_PRIVATE_IP:-''}
# Check IPs for correct format # Check IPs for correct format
IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
echoerr "Cannot find valid public IP. Edit the script and manually enter IPs." exiterr "Cannot find valid public IP. Edit the script and manually enter IPs."
exit 1
fi fi
if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
echoerr "Cannot find valid private IP. Edit the script and manually enter IPs." exiterr "Cannot find valid private IP. Edit the script and manually enter IPs."
exit 1
fi fi
# Install necessary packages # Install necessary packages
@ -161,10 +155,10 @@ swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Cannot download Libreswan source."
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
echo "WERROR_CFLAGS =" > Makefile.inc.local echo "WERROR_CFLAGS =" > Makefile.inc.local
if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
apt-get -yq install libsystemd-dev apt-get -yq install libsystemd-dev
@ -172,10 +166,10 @@ fi
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $swan_ver failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Libreswan $swan_ver failed to build."
# Create IPsec (Libreswan) config # Create IPsec (Libreswan) config
sys_dt="$(date +%Y-%m-%d-%H:%M:%S)" sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"

37
vpnsetup_centos.sh
View File

@ -33,32 +33,28 @@ YOUR_PASSWORD=''
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
echoerr() { echo "$@" 1>&2; } exiterr() { echo "Error: ${1}" >&2; exit 1; }
if [ ! -f /etc/redhat-release ]; then if [ ! -f /etc/redhat-release ]; then
echoerr "This script only supports CentOS/RHEL." exiterr "This script only supports CentOS/RHEL."
exit 1
fi fi
if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
echoerr "This script only supports CentOS/RHEL 6 and 7." exiterr "This script only supports CentOS/RHEL 6 and 7."
exit 1
fi fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
echoerr "This script does not support OpenVZ VPS." exiterr "This script does not support OpenVZ VPS."
exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echoerr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
exit 1
fi fi
eth0_state=$(cat /sys/class/net/eth0/operstate 2>/dev/null) eth0_state=$(cat /sys/class/net/eth0/operstate 2>/dev/null)
if [ -z "$eth0_state" ] || [ "$eth0_state" = "down" ]; then if [ -z "$eth0_state" ] || [ "$eth0_state" = "down" ]; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Network interface 'eth0' is not available. Aborting. Error: Network interface 'eth0' is not available.
Run 'cat /proc/net/dev' to find the active network interface, Run 'cat /proc/net/dev' to find the active network interface,
then use it to replace ALL 'eth0' and 'eth+' in this script. then use it to replace ALL 'eth0' and 'eth+' in this script.
@ -79,8 +75,7 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
fi fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
echoerr "All VPN credentials must be specified. Edit the script and re-enter them." exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
exit 1
fi fi
cat <<'EOF' cat <<'EOF'
@ -90,7 +85,7 @@ EOF
# Create and change to working dir # Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
# Make sure basic commands exist # Make sure basic commands exist
yum -y install wget bind-utils openssl yum -y install wget bind-utils openssl
@ -124,18 +119,16 @@ PRIVATE_IP=${VPN_PRIVATE_IP:-''}
# Check IPs for correct format # Check IPs for correct format
IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
echoerr "Cannot find valid public IP. Edit the script and manually enter IPs." exiterr "Cannot find valid public IP. Edit the script and manually enter IPs."
exit 1
fi fi
if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
echoerr "Cannot find valid private IP. Edit the script and manually enter IPs." exiterr "Cannot find valid private IP. Edit the script and manually enter IPs."
exit 1
fi fi
# Add the EPEL repository # Add the EPEL repository
yum -y install epel-release yum -y install epel-release
yum list installed epel-release >/dev/null 2>&1 yum list installed epel-release >/dev/null 2>&1
[ "$?" != "0" ] && { echoerr "Cannot add EPEL repository. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Cannot add EPEL repository."
# Install necessary packages # Install necessary packages
yum -y install nss-devel nspr-devel pkgconfig pam-devel \ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
@ -161,18 +154,18 @@ swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Cannot download Libreswan source."
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$swan_ver" || exiterr "Cannot enter Libreswan source dir."
echo "WERROR_CFLAGS =" > Makefile.inc.local echo "WERROR_CFLAGS =" > Makefile.inc.local
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exiterr "Cannot enter /opt/src."
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$swan_ver"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver"
[ "$?" != "0" ] && { echoerr; echoerr "Libreswan $swan_ver failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && exiterr "Libreswan $swan_ver failed to build."
# Create IPsec (Libreswan) config # Create IPsec (Libreswan) config
sys_dt="$(date +%Y-%m-%d-%H:%M:%S)" sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"