Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-28 08:36:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve error output and clean up

Browse Source 
- Output all error messages to STDERR
- Minor improvements and clean up
This commit is contained in:
hwdsl2 2016-06-07 19:00:33 -05:00
parent feaeadb41a
commit e3bdaeba52
5 changed files with 124 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
extras/vpnsetup-debian-7-workaround.sh
View File

@ -1,14 +1,13 @@
#!/bin/sh #!/bin/sh
# #
# Debian 7 (Wheezy) does NOT have the required libnss version (>= 3.16) for Libreswan. # Debian 7 (Wheezy) does NOT have the required libnss version (>= 3.16) for Libreswan.
# This script provides a workaround by installing newer packages from download.libreswan.org. # This script provides a workaround by installing unofficial packages from download.libreswan.org.
# Debian 7 users: Run this script first, before using my VPN setup script (vpnsetup.sh). # Debian 7 users: Run this script first, before using the VPN setup script.
# #
# IMPORTANT NOTE: # IMPORTANT: These unofficial packages do not receive the latest security updates compared to
# These newer packages may not have the latest security updates compared to official Debian packages. # official Debian packages. They could contain unpatched vulnerabilities. Use at your own risk!
# They could contain unpatched security vulnerabilities. Use them at your own risk!
# #
# Copyright (C) 2015 Lin Song # Copyright (C) 2015-2016 Lin Song <linsongui@gmail.com>
# #
# This program is free software: you can redistribute it and/or modify it under # This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software # the terms of the GNU General Public License as published by the Free Software
@ -21,57 +20,59 @@
# You should have received a copy of the GNU General Public License along with # You should have received a copy of the GNU General Public License along with
# this program. If not, see http://www.gnu.org/licenses/. # this program. If not, see http://www.gnu.org/licenses/.
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
echoerr() { echo "$@" 1>&2; }
if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" != "7" ]; then if [ "$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" != "7" ]; then
echo "This script only supports Debian 7 (Wheezy)." echoerr "This script only supports Debian 7 (Wheezy)."
exit 1 exit 1
fi fi
if [ "$(uname -m)" != "x86_64" ]; then if [ "$(uname -m)" != "x86_64" ]; then
echo "This script only supports 64-bit Debian 7." echoerr "This script only supports 64-bit Debian 7."
exit 1 exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echo "Script must be run as root. Try 'sudo sh $0'" echoerr "Script must be run as root. Try 'sudo sh $0'"
exit 1 exit 1
fi fi
# Create and change to working dir # Create and change to working dir
mkdir -p /opt/src mkdir -p /opt/src
cd /opt/src || { echo "Failed to change directory to /opt/src. Aborting."; exit 1; } cd /opt/src || exit 1
# Update package index and install wget # Update package index and install wget
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get -y update apt-get -yq update
apt-get -y install wget apt-get -yq install wget
# Install newer libnss/libnspr packages from download.libreswan.org. # Install libnss/libnspr packages from download.libreswan.org.
# Ref: https://libreswan.org/wiki/3.14_on_Debian_Wheezy # Ref: https://libreswan.org/wiki/3.14_on_Debian_Wheezy
base_url=https://download.libreswan.org/binaries/debian/wheezy base_url=https://download.libreswan.org/binaries/debian/wheezy
FILE1=libnspr4_4.10.7-1_amd64.deb deb1=libnspr4_4.10.7-1_amd64.deb
FILE2=libnspr4-dev_4.10.7-1_amd64.deb deb2=libnspr4-dev_4.10.7-1_amd64.deb
FILE3=libnss3_3.17.2-1.1_amd64.deb deb3=libnss3_3.17.2-1.1_amd64.deb
FILE4=libnss3-dev_3.17.2-1.1_amd64.deb deb4=libnss3-dev_3.17.2-1.1_amd64.deb
FILE5=libnss3-tools_3.17.2-1.1_amd64.deb deb5=libnss3-tools_3.17.2-1.1_amd64.deb
wget -t 3 -T 30 -nv -O $FILE1 $base_url/$FILE1 wget -t 3 -T 30 -nv -O "$deb1" "$base_url/$deb1"
wget -t 3 -T 30 -nv -O $FILE2 $base_url/$FILE2 wget -t 3 -T 30 -nv -O "$deb2" "$base_url/$deb2"
wget -t 3 -T 30 -nv -O $FILE3 $base_url/$FILE3 wget -t 3 -T 30 -nv -O "$deb3" "$base_url/$deb3"
wget -t 3 -T 30 -nv -O $FILE4 $base_url/$FILE4 wget -t 3 -T 30 -nv -O "$deb4" "$base_url/$deb4"
wget -t 3 -T 30 -nv -O $FILE5 $base_url/$FILE5 wget -t 3 -T 30 -nv -O "$deb5" "$base_url/$deb5"
if [ -s $FILE1 ] && [ -s $FILE2 ] && [ -s $FILE3 ] && [ -s $FILE4 ] && [ -s $FILE5 ]; then if [ -s "$deb1" ] && [ -s "$deb2" ] && [ -s "$deb3" ] && [ -s "$deb4" ] && [ -s "$deb5" ]; then
dpkg -i $FILE1 $FILE2 $FILE3 $FILE4 $FILE5 && /bin/rm -f $FILE1 $FILE2 $FILE3 $FILE4 $FILE5 dpkg -i "$deb1" "$deb2" "$deb3" "$deb4" "$deb5" && /bin/rm -f "$deb1" "$deb2" "$deb3" "$deb4" "$deb5"
apt-get install -f apt-get install -f
echo echo
echo 'Completed! If no error occurred in the output above, you may now proceed to run vpnsetup.sh.' echo 'Completed! If no error, you may now proceed to run the VPN setup script.'
echo
exit 0 exit 0
else else
echo echoerr
echo 'Could not retrieve libnss/libnspr package(s) from download.libreswan.org. Aborting.' echoerr 'Could not download libnss/libnspr package(s). Aborting.'
echo /bin/rm -f "$deb1" "$deb2" "$deb3" "$deb4" "$deb5"
/bin/rm -f $FILE1 $FILE2 $FILE3 $FILE4 $FILE5
exit 1 exit 1
fi fi

46
extras/vpnupgrade_Libreswan.sh
View File

@ -2,7 +2,7 @@
# #
# Script to upgrade Libreswan on Ubuntu and Debian # Script to upgrade Libreswan on Ubuntu and Debian
# #
# Copyright (C) 2016 Lin Song # Copyright (C) 2016 Lin Song <linsongui@gmail.com>
# #
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
# Unported License: http://creativecommons.org/licenses/by-sa/3.0/ # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
@ -10,38 +10,41 @@
# Attribution required: please include my name in any derivative and let me # Attribution required: please include my name in any derivative and let me
# know how you have improved it! # know how you have improved it!
# Check https://libreswan.org and update version number if necessary # Check https://libreswan.org for the latest version
swan_ver=3.17 SWAN_VER=3.17
### Do not edit below this line ### Do not edit below this line
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
echoerr() { echo "$@" 1>&2; }
os_type="$(lsb_release -si 2>/dev/null)" os_type="$(lsb_release -si 2>/dev/null)"
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
echo "This script only supports Ubuntu/Debian." echoerr "This script only supports Ubuntu/Debian."
exit 1 exit 1
fi fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
echo "This script does NOT support OpenVZ VPS." echoerr "This script does not support OpenVZ VPS."
exit 1 exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echo "Script must be run as root. Try 'sudo sh $0'" echoerr "Script must be run as root. Try 'sudo sh $0'"
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
echo "This upgrade script requires Libreswan already installed." echoerr "This upgrade script requires Libreswan already installed."
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER"
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
echo "You already have Libreswan version $swan_ver installed! " echo "You already have Libreswan version $SWAN_VER installed! "
echo "If you continue, the same version will be re-installed."
echo echo
printf "Do you wish to continue anyway? [y/N] " printf "Do you wish to continue anyway? [y/N] "
read -r response read -r response
@ -59,7 +62,7 @@ fi
clear clear
cat <<EOF cat <<EOF
Welcome! This script will build and install Libreswan $swan_ver on your server. Welcome! This script will build and install Libreswan $SWAN_VER on your server.
Additional packages required for Libreswan compilation will also be installed. Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan. This is intended for use on servers running an older version of Libreswan.
@ -107,31 +110,28 @@ apt-get -yq install libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
apt-get -yq --no-install-recommends install xmlto apt-get -yq --no-install-recommends install xmlto
# Compile and install Libreswan # Compile and install Libreswan
swan_file="libreswan-${swan_ver}.tar.gz" swan_file="libreswan-${SWAN_VER}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues echo "WERROR_CFLAGS =" > Makefile.inc.local
cat > Makefile.inc.local <<EOF
WERROR_CFLAGS =
EOF
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
# Restart IPsec service # Restart IPsec service
service ipsec restart service ipsec restart
echo echo
echo "Libreswan $swan_ver was installed successfully! " echo "Libreswan $SWAN_VER was installed successfully! "
echo echo
exit 0 exit 0

50
extras/vpnupgrade_Libreswan_centos.sh
View File

@ -2,7 +2,7 @@
# #
# Script to upgrade Libreswan on CentOS and RHEL # Script to upgrade Libreswan on CentOS and RHEL
# #
# Copyright (C) 2016 Lin Song # Copyright (C) 2016 Lin Song <linsongui@gmail.com>
# #
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
# Unported License: http://creativecommons.org/licenses/by-sa/3.0/ # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
@ -10,42 +10,45 @@
# Attribution required: please include my name in any derivative and let me # Attribution required: please include my name in any derivative and let me
# know how you have improved it! # know how you have improved it!
# Check https://libreswan.org and update version number if necessary # Check https://libreswan.org for the latest version
swan_ver=3.17 SWAN_VER=3.17
### Do not edit below this line ### Do not edit below this line
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
echoerr() { echo "$@" 1>&2; }
if [ ! -f /etc/redhat-release ]; then if [ ! -f /etc/redhat-release ]; then
echo "This script only supports CentOS/RHEL." echoerr "This script only supports CentOS/RHEL."
exit 1 exit 1
fi fi
if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
echo "This script only supports CentOS/RHEL 6 and 7." echoerr "This script only supports CentOS/RHEL 6 and 7."
exit 1 exit 1
fi fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
echo "This script does NOT support OpenVZ VPS." echoerr "This script does not support OpenVZ VPS."
exit 1 exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echo "Script must be run as root. Try 'sudo sh $0'" echoerr "Script must be run as root. Try 'sudo sh $0'"
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan"
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
echo "This upgrade script requires Libreswan already installed." echoerr "This upgrade script requires Libreswan already installed."
exit 1 exit 1
fi fi
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "Libreswan $SWAN_VER"
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
echo "You already have Libreswan version $swan_ver installed! " echo "You already have Libreswan version $SWAN_VER installed! "
echo "If you continue, the same version will be re-installed."
echo echo
printf "Do you wish to continue anyway? [y/N] " printf "Do you wish to continue anyway? [y/N] "
read -r response read -r response
@ -63,7 +66,7 @@ fi
clear clear
cat <<EOF cat <<EOF
Welcome! This script will build and install Libreswan $swan_ver on your server. Welcome! This script will build and install Libreswan $SWAN_VER on your server.
Additional packages required for Libreswan compilation will also be installed. Additional packages required for Libreswan compilation will also be installed.
This is intended for use on servers running an older version of Libreswan. This is intended for use on servers running an older version of Libreswan.
@ -95,7 +98,7 @@ yum -y install wget
# Add the EPEL repository # Add the EPEL repository
yum -y install epel-release yum -y install epel-release
yum list installed epel-release >/dev/null 2>&1 yum list installed epel-release >/dev/null 2>&1
[ "$?" != "0" ] && { echo "Cannot add EPEL repository. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot add EPEL repository. Aborting."; exit 1; }
# Install necessary packages # Install necessary packages
yum -y install nss-devel nspr-devel pkgconfig pam-devel \ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
@ -112,25 +115,22 @@ elif grep -qs "release 7" /etc/redhat-release; then
fi fi
# Compile and install Libreswan # Compile and install Libreswan
swan_file="libreswan-${swan_ver}.tar.gz" swan_file="libreswan-${SWAN_VER}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues echo "WERROR_CFLAGS =" > Makefile.inc.local
cat > Makefile.inc.local <<EOF
WERROR_CFLAGS =
EOF
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
# Restore SELinux contexts # Restore SELinux contexts
restorecon /etc/ipsec.d/*db 2>/dev/null restorecon /etc/ipsec.d/*db 2>/dev/null
@ -141,7 +141,7 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
service ipsec restart service ipsec restart
echo echo
echo "Libreswan $swan_ver was installed successfully! " echo "Libreswan $SWAN_VER was installed successfully! "
echo echo
exit 0 exit 0

47
vpnsetup.sh
View File

@ -6,7 +6,7 @@
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN
# ON YOUR DEDICATED SERVER OR VPS! # ON YOUR DEDICATED SERVER OR VPS!
# #
# Copyright (C) 2014-2016 Lin Song # Copyright (C) 2014-2016 Lin Song <linsongui@gmail.com>
# Based on the work of Thomas Sarlandie (Copyright 2012) # Based on the work of Thomas Sarlandie (Copyright 2012)
# #
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
@ -30,32 +30,31 @@ VPN_PASSWORD=${VPN_PASSWORD:-'your_vpn_password'}
# =========================================================== # ===========================================================
# Check https://libreswan.org for the latest version
SWAN_VER=3.17
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
if [ "$(uname)" = "Darwin" ]; then echoerr() { echo "$@" 1>&2; }
echo 'DO NOT run this script on your Mac! It should only be used on a server.'
exit 1
fi
os_type="$(lsb_release -si 2>/dev/null)" os_type="$(lsb_release -si 2>/dev/null)"
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
echo "This script only supports Ubuntu/Debian." echoerr "This script only supports Ubuntu/Debian."
exit 1 exit 1
fi fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
echo "This script does NOT support OpenVZ VPS." echoerr "This script does not support OpenVZ VPS."
echo "Try alternative: https://github.com/Nyr/openvpn-install"
exit 1 exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echo "Script must be run as root. Try 'sudo sh $0'" echoerr "Script must be run as root. Try 'sudo sh $0'"
exit 1 exit 1
fi fi
if [ ! -f /sys/class/net/eth0/operstate ]; then if [ ! -f /sys/class/net/eth0/operstate ]; then
cat <<'EOF' cat 1>&2 <<'EOF'
Network interface 'eth0' is not available. Aborting. Network interface 'eth0' is not available. Aborting.
Run 'cat /proc/net/dev' to find the name of the active network interface, Run 'cat /proc/net/dev' to find the name of the active network interface,
@ -75,7 +74,7 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
fi fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
echo "VPN credentials must be specified. Edit the script and re-enter them." echoerr "VPN credentials must be specified. Edit the script and re-enter them."
exit 1 exit 1
fi fi
@ -133,11 +132,11 @@ PRIVATE_IP=${VPN_PRIVATE_IP:-''}
# Check IPs for correct format # Check IPs for correct format
IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
echo "Cannot find valid public IP. Edit the script and manually enter IPs." echoerr "Cannot find valid public IP. Edit the script and manually enter IPs."
exit 1 exit 1
fi fi
if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
echo "Cannot find valid private IP. Edit the script and manually enter IPs." echoerr "Cannot find valid private IP. Edit the script and manually enter IPs."
exit 1 exit 1
fi fi
@ -153,26 +152,22 @@ apt-get -yq install xl2tpd
apt-get -yq install fail2ban apt-get -yq install fail2ban
# Compile and install Libreswan # Compile and install Libreswan
swan_ver=3.17 swan_file="libreswan-${SWAN_VER}.tar.gz"
swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues echo "WERROR_CFLAGS =" > Makefile.inc.local
cat > Makefile.inc.local <<EOF
WERROR_CFLAGS =
EOF
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
# Create IPsec (Libreswan) config # Create IPsec (Libreswan) config
sys_dt="$(date +%Y-%m-%d-%H:%M:%S)" sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"

51
vpnsetup_centos.sh
View File

@ -6,7 +6,7 @@
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN # DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC! THIS IS MEANT TO BE RUN
# ON YOUR DEDICATED SERVER OR VPS! # ON YOUR DEDICATED SERVER OR VPS!
# #
# Copyright (C) 2015-2016 Lin Song # Copyright (C) 2015-2016 Lin Song <linsongui@gmail.com>
# Based on the work of Thomas Sarlandie (Copyright 2012) # Based on the work of Thomas Sarlandie (Copyright 2012)
# #
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
@ -30,36 +30,35 @@ VPN_PASSWORD=${VPN_PASSWORD:-'your_vpn_password'}
# =========================================================== # ===========================================================
# Check https://libreswan.org for the latest version
SWAN_VER=3.17
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
if [ "$(uname)" = "Darwin" ]; then echoerr() { echo "$@" 1>&2; }
echo 'DO NOT run this script on your Mac! It should only be used on a server.'
exit 1
fi
if [ ! -f /etc/redhat-release ]; then if [ ! -f /etc/redhat-release ]; then
echo "This script only supports CentOS/RHEL." echoerr "This script only supports CentOS/RHEL."
exit 1 exit 1
fi fi
if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then if ! grep -qs -e "release 6" -e "release 7" /etc/redhat-release; then
echo "This script only supports CentOS/RHEL 6 and 7." echoerr "This script only supports CentOS/RHEL 6 and 7."
exit 1 exit 1
fi fi
if [ -f /proc/user_beancounters ]; then if [ -f /proc/user_beancounters ]; then
echo "This script does NOT support OpenVZ VPS." echoerr "This script does not support OpenVZ VPS."
echo "Try alternative: https://github.com/Nyr/openvpn-install"
exit 1 exit 1
fi fi
if [ "$(id -u)" != 0 ]; then if [ "$(id -u)" != 0 ]; then
echo "Script must be run as root. Try 'sudo sh $0'" echoerr "Script must be run as root. Try 'sudo sh $0'"
exit 1 exit 1
fi fi
if [ ! -f /sys/class/net/eth0/operstate ]; then if [ ! -f /sys/class/net/eth0/operstate ]; then
cat <<'EOF' cat 1>&2 <<'EOF'
Network interface 'eth0' is not available. Aborting. Network interface 'eth0' is not available. Aborting.
Run 'cat /proc/net/dev' to find the name of the active network interface, Run 'cat /proc/net/dev' to find the name of the active network interface,
@ -79,7 +78,7 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
fi fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
echo "VPN credentials must be specified. Edit the script and re-enter them." echoerr "VPN credentials must be specified. Edit the script and re-enter them."
exit 1 exit 1
fi fi
@ -121,18 +120,18 @@ PRIVATE_IP=${VPN_PRIVATE_IP:-''}
# Check IPs for correct format # Check IPs for correct format
IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
echo "Cannot find valid public IP. Edit the script and manually enter IPs." echoerr "Cannot find valid public IP. Edit the script and manually enter IPs."
exit 1 exit 1
fi fi
if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
echo "Cannot find valid private IP. Edit the script and manually enter IPs." echoerr "Cannot find valid private IP. Edit the script and manually enter IPs."
exit 1 exit 1
fi fi
# Add the EPEL repository # Add the EPEL repository
yum -y install epel-release yum -y install epel-release
yum list installed epel-release >/dev/null 2>&1 yum list installed epel-release >/dev/null 2>&1
[ "$?" != "0" ] && { echo "Cannot add EPEL repository. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot add EPEL repository. Aborting."; exit 1; }
# Install necessary packages # Install necessary packages
yum -y install nss-devel nspr-devel pkgconfig pam-devel \ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
@ -158,26 +157,22 @@ elif grep -qs "release 7" /etc/redhat-release; then
fi fi
# Compile and install Libreswan # Compile and install Libreswan
swan_ver=3.17 swan_file="libreswan-${SWAN_VER}.tar.gz"
swan_file="libreswan-${swan_ver}.tar.gz"
swan_url1="https://download.libreswan.org/$swan_file" swan_url1="https://download.libreswan.org/$swan_file"
swan_url2="https://github.com/libreswan/libreswan/archive/v${swan_ver}.tar.gz" swan_url2="https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz"
wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2" wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"
[ "$?" != "0" ] && { echo "Cannot download Libreswan source. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr "Cannot download Libreswan source. Aborting."; exit 1; }
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
tar xzf "$swan_file" && /bin/rm -f "$swan_file" tar xzf "$swan_file" && /bin/rm -f "$swan_file"
cd "libreswan-$swan_ver" || { echo "Cannot enter Libreswan source dir. Aborting."; exit 1; } cd "libreswan-$SWAN_VER" || { echoerr "Cannot enter Libreswan source dir. Aborting."; exit 1; }
# Workaround for Libreswan compile issues echo "WERROR_CFLAGS =" > Makefile.inc.local
cat > Makefile.inc.local <<EOF
WERROR_CFLAGS =
EOF
make -s programs && make -s install make -s programs && make -s install
# Verify the install and clean up # Verify the install and clean up
cd /opt/src || exit 1 cd /opt/src || exit 1
/bin/rm -rf "/opt/src/libreswan-$swan_ver" /bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
/usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$swan_ver" /usr/local/sbin/ipsec --version 2>/dev/null | grep -qs "$SWAN_VER"
[ "$?" != "0" ] && { echo; echo "Libreswan $swan_ver failed to build. Aborting."; exit 1; } [ "$?" != "0" ] && { echoerr; echoerr "Libreswan $SWAN_VER failed to build. Aborting."; exit 1; }
# Create IPsec (Libreswan) config # Create IPsec (Libreswan) config
sys_dt="$(date +%Y-%m-%d-%H:%M:%S)" sys_dt="$(date +%Y-%m-%d-%H:%M:%S)"