From b5d19d7f65e9b10fe32dd35de08b56322e82d71a Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Thu, 2 May 2024 20:47:33 -0500 Subject: [PATCH] New Libreswan version - Support upgrading to Libreswan 5.0. --- extras/vpnupgrade_alpine.sh | 8 ++++++-- extras/vpnupgrade_amzn.sh | 8 ++++++-- extras/vpnupgrade_centos.sh | 8 ++++++-- extras/vpnupgrade_ubuntu.sh | 8 ++++++-- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/extras/vpnupgrade_alpine.sh b/extras/vpnupgrade_alpine.sh index 08ac278..2588a69 100755 --- a/extras/vpnupgrade_alpine.sh +++ b/extras/vpnupgrade_alpine.sh @@ -69,7 +69,7 @@ EOF } get_swan_ver() { - swan_ver_cur=4.15 + swan_ver_cur=5.0 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) @@ -177,6 +177,7 @@ WERROR_CFLAGS=-w -s USE_DNSSEC=false USE_DH2=true FINALNSSDIR=/etc/ipsec.d +NSSDIR=/etc/ipsec.d EOF if [ "$SWAN_VER" = "4.5" ] || [ "$SWAN_VER" = "4.6" ] \ || [ "$SWAN_VER" = "4.7" ]; then @@ -186,7 +187,7 @@ EOF [ -z "$NPROCS" ] && NPROCS=1 ( set -x - make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null + make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1 ) cd /opt/src || exit 1 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" @@ -243,6 +244,9 @@ update_config() { fi sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf + if ! grep -qs "ikev1-policy" /etc/ipsec.conf; then + sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf + fi if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf fi diff --git a/extras/vpnupgrade_amzn.sh b/extras/vpnupgrade_amzn.sh index 5e7ca7e..eec8969 100755 --- a/extras/vpnupgrade_amzn.sh +++ b/extras/vpnupgrade_amzn.sh @@ -52,7 +52,7 @@ EOF } get_swan_ver() { - swan_ver_cur=4.15 + swan_ver_cur=5.0 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-v1-amzn-2-swanver" swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) @@ -167,6 +167,7 @@ USE_NSS_KDF=false USE_LINUX_AUDIT=false USE_SECCOMP=false FINALNSSDIR=/etc/ipsec.d +NSSDIR=/etc/ipsec.d EOF fi if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then @@ -176,7 +177,7 @@ EOF [ -z "$NPROCS" ] && NPROCS=1 ( set -x - make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null + make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1 ) cd /opt/src || exit 1 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" @@ -234,6 +235,9 @@ update_config() { fi sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf + if ! grep -qs "ikev1-policy" /etc/ipsec.conf; then + sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf + fi if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf fi diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh index 6c8feb4..2377f40 100755 --- a/extras/vpnupgrade_centos.sh +++ b/extras/vpnupgrade_centos.sh @@ -85,7 +85,7 @@ EOF } get_swan_ver() { - swan_ver_cur=4.15 + swan_ver_cur=5.0 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) @@ -219,6 +219,7 @@ USE_NSS_KDF=false USE_LINUX_AUDIT=false USE_SECCOMP=false FINALNSSDIR=/etc/ipsec.d +NSSDIR=/etc/ipsec.d EOF fi if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then @@ -228,7 +229,7 @@ EOF [ -z "$NPROCS" ] && NPROCS=1 ( set -x - make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null + make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1 ) cd /opt/src || exit 1 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" @@ -286,6 +287,9 @@ update_config() { fi sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf + if ! grep -qs "ikev1-policy" /etc/ipsec.conf; then + sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf + fi if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf fi diff --git a/extras/vpnupgrade_ubuntu.sh b/extras/vpnupgrade_ubuntu.sh index 1a57453..a053a90 100755 --- a/extras/vpnupgrade_ubuntu.sh +++ b/extras/vpnupgrade_ubuntu.sh @@ -80,7 +80,7 @@ EOF } get_swan_ver() { - swan_ver_cur=4.15 + swan_ver_cur=5.0 base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0" swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver" swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1) @@ -213,6 +213,7 @@ EOF cat >> Makefile.inc.local <<'EOF' USE_NSS_KDF=false FINALNSSDIR=/etc/ipsec.d +NSSDIR=/etc/ipsec.d EOF fi if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then @@ -222,7 +223,7 @@ EOF [ -z "$NPROCS" ] && NPROCS=1 ( set -x - make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null + make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1 ) cd /opt/src || exit 1 /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" @@ -279,6 +280,9 @@ update_config() { fi sed -i "/ikev2=never/d" /etc/ipsec.conf sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf + if ! grep -qs "ikev1-policy" /etc/ipsec.conf; then + sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf + fi if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf fi