Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-28 00:26:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Minor improvements and clean up

Browse Source
This commit is contained in:
hwdsl2 2016-05-19 04:02:53 -05:00
parent 6b9a3cae4d
commit b25e88c1b1
3 changed files with 10 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
extras/vpnupgrade_Libreswan.sh
View File

@ -93,14 +93,14 @@ cd /opt/src || exit 1
# Update package index and install Wget # Update package index and install Wget
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get -yqq update apt-get -yqq update
apt-get -yqq install wget apt-get -yq install wget
# Install necessary packages # Install necessary packages
apt-get -yqq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
libcap-ng-dev libcap-ng-utils libselinux1-dev \ libcap-ng-dev libcap-ng-utils libselinux1-dev \
libcurl4-nss-dev flex bison gcc make \ libcurl4-nss-dev flex bison gcc make \
libunbound-dev libnss3-tools libevent-dev libunbound-dev libnss3-tools libevent-dev
apt-get -yqq --no-install-recommends install xmlto apt-get -yq --no-install-recommends install xmlto
# Compile and install Libreswan # Compile and install Libreswan
SWAN_FILE="libreswan-${SWAN_VER}.tar.gz" SWAN_FILE="libreswan-${SWAN_VER}.tar.gz"

20
vpnsetup.sh
View File

@ -85,8 +85,8 @@ export DEBIAN_FRONTEND=noninteractive
apt-get -yqq update apt-get -yqq update
# Make sure basic commands exist # Make sure basic commands exist
apt-get -yqq install wget dnsutils openssl apt-get -yq install wget dnsutils openssl
apt-get -yqq install iproute gawk grep sed net-tools apt-get -yq install iproute gawk grep sed net-tools
if [ "$(sed 's/\..*//' /etc/debian_version)" = "7" ]; then if [ "$(sed 's/\..*//' /etc/debian_version)" = "7" ]; then
echo echo
@ -132,15 +132,15 @@ if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
fi fi
# Install necessary packages # Install necessary packages
apt-get -yqq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
libcap-ng-dev libcap-ng-utils libselinux1-dev \ libcap-ng-dev libcap-ng-utils libselinux1-dev \
libcurl4-nss-dev flex bison gcc make \ libcurl4-nss-dev flex bison gcc make \
libunbound-dev libnss3-tools libevent-dev libunbound-dev libnss3-tools libevent-dev
apt-get -yqq --no-install-recommends install xmlto apt-get -yq --no-install-recommends install xmlto
apt-get -yqq install xl2tpd apt-get -yq install xl2tpd
# Install Fail2Ban to protect SSH # Install Fail2Ban to protect SSH
apt-get -yqq install fail2ban apt-get -yq install fail2ban
# Compile and install Libreswan # Compile and install Libreswan
SWAN_VER=3.17 SWAN_VER=3.17
@ -401,6 +401,7 @@ fi
fi fi
# Load IPTables rules at system boot # Load IPTables rules at system boot
mkdir -p /etc/network/if-pre-up.d
cat > /etc/network/if-pre-up.d/iptablesload <<EOF cat > /etc/network/if-pre-up.d/iptablesload <<EOF
#!/bin/sh #!/bin/sh
iptables-restore < /etc/iptables.rules iptables-restore < /etc/iptables.rules
@ -428,13 +429,6 @@ exit 0
EOF EOF
fi fi
# Initialize Libreswan DB
if [ ! -f /etc/ipsec.d/cert8.db ] ; then
echo > /var/tmp/libreswan-nss-pwd
certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
/bin/rm -f /var/tmp/libreswan-nss-pwd
fi
# Reload sysctl.conf # Reload sysctl.conf
sysctl -q -p sysctl -q -p

7
vpnsetup_centos.sh
View File

@ -441,13 +441,6 @@ echo 1 > /proc/sys/net/ipv4/ip_forward
EOF EOF
fi fi
# Initialize Libreswan DB
if [ ! -f /etc/ipsec.d/cert8.db ] ; then
echo > /var/tmp/libreswan-nss-pwd
certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
/bin/rm -f /var/tmp/libreswan-nss-pwd
fi
# Restore SELinux contexts # Restore SELinux contexts
restorecon /etc/ipsec.d/*db 2>/dev/null restorecon /etc/ipsec.d/*db 2>/dev/null
restorecon /usr/local/sbin -Rv 2>/dev/null restorecon /usr/local/sbin -Rv 2>/dev/null