mirror of
https://github.com/hwdsl2/setup-ipsec-vpn.git
synced 2024-06-04 04:56:09 +02:00
Compare commits
4 Commits
bf965cfd18
...
0b1eaf64b8
Author | SHA1 | Date | |
---|---|---|---|
|
0b1eaf64b8 | ||
|
2ba4fe3305 | ||
|
b5d19d7f65 | ||
|
6f2efd3b59 |
8
.github/workflows/test_set_1.yml
vendored
8
.github/workflows/test_set_1.yml
vendored
|
@ -518,13 +518,13 @@ jobs:
|
|||
cp -f /opt/src/scripts/extras/vpnupgrade.sh ./vpnup.sh
|
||||
sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
|
||||
|
||||
for ver in 4.12 ""; do
|
||||
for ver in 4.14 ""; do
|
||||
sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
|
||||
bash vpnup.sh <<ANSWERS
|
||||
|
||||
ANSWERS
|
||||
restart_ipsec
|
||||
[ -z "$ver" ] && ver=4.15
|
||||
[ -z "$ver" ] && ver=5.0
|
||||
ipsec --version | grep "$ver"
|
||||
ipsec status | grep -q l2tp-psk
|
||||
ipsec status | grep -q xauth-psk
|
||||
|
@ -538,13 +538,13 @@ jobs:
|
|||
fi
|
||||
sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
|
||||
|
||||
for ver in 4.14 ""; do
|
||||
for ver in 4.15 ""; do
|
||||
sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
|
||||
bash vpnup.sh <<ANSWERS
|
||||
|
||||
ANSWERS
|
||||
restart_ipsec
|
||||
[ -z "$ver" ] && ver=4.15
|
||||
[ -z "$ver" ] && ver=5.0
|
||||
ipsec --version | grep "$ver"
|
||||
ipsec status | grep -q l2tp-psk
|
||||
ipsec status | grep -q xauth-psk
|
||||
|
|
10
.github/workflows/test_set_2.yml
vendored
10
.github/workflows/test_set_2.yml
vendored
|
@ -17,7 +17,7 @@ jobs:
|
|||
if: github.repository_owner == 'hwdsl2'
|
||||
strategy:
|
||||
matrix:
|
||||
os_version: ["ubuntu:24.04", "ubuntu:22.04", "ubuntu:20.04", "debian:12", "debian:11", "debian:10", "alpine:3.19", "alpine:3.18"]
|
||||
os_version: ["ubuntu:22.04", "ubuntu:20.04", "debian:12", "debian:11", "debian:10", "alpine:3.19", "alpine:3.18"]
|
||||
fail-fast: false
|
||||
container:
|
||||
image: ${{ matrix.os_version }}
|
||||
|
@ -494,7 +494,7 @@ jobs:
|
|||
cp -f "$GITHUB_WORKSPACE"/extras/vpnupgrade.sh ./vpnup.sh
|
||||
sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
|
||||
|
||||
for ver in 4.12 ""; do
|
||||
for ver in 4.14 ""; do
|
||||
if [ "$os_type" = "alpine" ]; then
|
||||
ipsec whack --shutdown || true
|
||||
fi
|
||||
|
@ -503,7 +503,7 @@ jobs:
|
|||
|
||||
ANSWERS
|
||||
restart_ipsec
|
||||
[ -z "$ver" ] && ver=4.15
|
||||
[ -z "$ver" ] && ver=5.0
|
||||
ipsec --version | grep "$ver"
|
||||
ipsec status | grep -q l2tp-psk
|
||||
ipsec status | grep -q xauth-psk
|
||||
|
@ -517,7 +517,7 @@ jobs:
|
|||
fi
|
||||
sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
|
||||
|
||||
for ver in 4.14 ""; do
|
||||
for ver in 4.15 ""; do
|
||||
if [ "$os_type" = "alpine" ]; then
|
||||
ipsec whack --shutdown || true
|
||||
fi
|
||||
|
@ -526,7 +526,7 @@ jobs:
|
|||
|
||||
ANSWERS
|
||||
restart_ipsec
|
||||
[ -z "$ver" ] && ver=4.15
|
||||
[ -z "$ver" ] && ver=5.0
|
||||
ipsec --version | grep "$ver"
|
||||
ipsec status | grep -q l2tp-psk
|
||||
ipsec status | grep -q xauth-psk
|
||||
|
|
|
@ -345,7 +345,7 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnupgrade.sh
|
|||
如果无法下载,打开 [vpnupgrade.sh](extras/vpnupgrade.sh),然后点击右边的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选,`Ctrl/Cmd+C` 复制,然后粘贴到你喜欢的编辑器。
|
||||
</details>
|
||||
|
||||
当前支持的 Libreswan 最新版本是 `4.15`。查看已安装版本:`ipsec --version`。
|
||||
当前支持的 Libreswan 最新版本是 `5.0`。查看已安装版本:`ipsec --version`。
|
||||
|
||||
**注:** `xl2tpd` 可以使用系统的软件包管理器进行更新,例如 Ubuntu/Debian 上的 `apt-get`。
|
||||
|
||||
|
|
|
@ -345,7 +345,7 @@ https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnupgrade.sh
|
|||
If you are unable to download, open [vpnupgrade.sh](extras/vpnupgrade.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
|
||||
</details>
|
||||
|
||||
The latest supported Libreswan version is `4.15`. Check installed version: `ipsec --version`.
|
||||
The latest supported Libreswan version is `5.0`. Check installed version: `ipsec --version`.
|
||||
|
||||
**Note:** `xl2tpd` can be updated using your system's package manager, such as `apt-get` on Ubuntu/Debian.
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@ sudo bash ikev2only.sh
|
|||
另外,你也可以手动启用仅限 IKEv2 模式。
|
||||
</summary>
|
||||
|
||||
另外,你也可以手动启用仅限 IKEv2 模式。首先使用 `ipsec --version` 命令检查 Libreswan 版本,并 [更新 Libreswan](../README-zh.md#升级libreswan)(如果需要)。然后编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `config setup` 小节的末尾添加 `ikev1-policy=drop`,开头必须空两格。保存文件并运行 `service ipsec restart`。在完成后,你可以使用 `ipsec status` 命令来验证仅启用了 `ikev2-cp` 连接。
|
||||
另外,你也可以手动启用仅限 IKEv2 模式。首先使用 `ipsec --version` 命令检查 Libreswan 版本,并 [更新 Libreswan](../README-zh.md#升级libreswan)(如果需要)。然后编辑 VPN 服务器上的 `/etc/ipsec.conf`。将 `ikev1-policy=accept` 替换为 `ikev1-policy=drop`。如果该行不存在,则在 `config setup` 小节的末尾添加 `ikev1-policy=drop`,开头必须空两格。保存文件并运行 `service ipsec restart`。在完成后,你可以使用 `ipsec status` 命令来验证仅启用了 `ikev2-cp` 连接。
|
||||
</details>
|
||||
|
||||
## VPN 内网 IP 和流量
|
||||
|
|
|
@ -65,7 +65,7 @@ To disable IKEv2-only mode, run the helper script again and select the appropria
|
|||
Alternatively, you may manually enable IKEv2-only mode.
|
||||
</summary>
|
||||
|
||||
Alternatively, you may manually enable IKEv2-only mode. First check Libreswan version using `ipsec --version`, and [update Libreswan](../README.md#upgrade-libreswan) if needed. Then edit `/etc/ipsec.conf` on the VPN server. Append `ikev1-policy=drop` to the end of the `config setup` section, indented by two spaces. Save the file and run `service ipsec restart`. When finished, you can run `ipsec status` to verify that only the `ikev2-cp` connection is enabled.
|
||||
Alternatively, you may manually enable IKEv2-only mode. First check Libreswan version using `ipsec --version`, and [update Libreswan](../README.md#upgrade-libreswan) if needed. Then edit `/etc/ipsec.conf` on the VPN server. Replace `ikev1-policy=accept` with `ikev1-policy=drop`. If the line does not exist, append `ikev1-policy=drop` to the end of the `config setup` section, indented by two spaces. Save the file and run `service ipsec restart`. When finished, you can run `ipsec status` to verify that only the `ikev2-cp` connection is enabled.
|
||||
</details>
|
||||
|
||||
## Internal VPN IPs and traffic
|
||||
|
|
|
@ -116,6 +116,7 @@ toggle_ikev2_only() {
|
|||
confirm_disable_ikev2_only
|
||||
bigecho "Disabling IKEv2-only mode..."
|
||||
sed -i".old-$SYS_DT" "/ikev1-policy=/d" /etc/ipsec.conf
|
||||
sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf
|
||||
elif [ "$ikev2_only_status" = "DISABLED" ]; then
|
||||
confirm_enable_ikev2_only
|
||||
bigecho "Enabling IKEv2-only mode..."
|
||||
|
|
|
@ -69,7 +69,7 @@ EOF
|
|||
}
|
||||
|
||||
get_swan_ver() {
|
||||
swan_ver_cur=4.15
|
||||
swan_ver_cur=5.0
|
||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||
swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver"
|
||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||
|
@ -177,6 +177,7 @@ WERROR_CFLAGS=-w -s
|
|||
USE_DNSSEC=false
|
||||
USE_DH2=true
|
||||
FINALNSSDIR=/etc/ipsec.d
|
||||
NSSDIR=/etc/ipsec.d
|
||||
EOF
|
||||
if [ "$SWAN_VER" = "4.5" ] || [ "$SWAN_VER" = "4.6" ] \
|
||||
|| [ "$SWAN_VER" = "4.7" ]; then
|
||||
|
@ -186,7 +187,7 @@ EOF
|
|||
[ -z "$NPROCS" ] && NPROCS=1
|
||||
(
|
||||
set -x
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||
)
|
||||
cd /opt/src || exit 1
|
||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||
|
@ -243,6 +244,9 @@ update_config() {
|
|||
fi
|
||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||
if ! grep -qs "ikev1-policy" /etc/ipsec.conf; then
|
||||
sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf
|
||||
fi
|
||||
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
||||
sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
||||
fi
|
||||
|
|
|
@ -52,7 +52,7 @@ EOF
|
|||
}
|
||||
|
||||
get_swan_ver() {
|
||||
swan_ver_cur=4.15
|
||||
swan_ver_cur=5.0
|
||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||
swan_ver_url="$base_url/upg-v1-amzn-2-swanver"
|
||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||
|
@ -167,6 +167,7 @@ USE_NSS_KDF=false
|
|||
USE_LINUX_AUDIT=false
|
||||
USE_SECCOMP=false
|
||||
FINALNSSDIR=/etc/ipsec.d
|
||||
NSSDIR=/etc/ipsec.d
|
||||
EOF
|
||||
fi
|
||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||
|
@ -176,7 +177,7 @@ EOF
|
|||
[ -z "$NPROCS" ] && NPROCS=1
|
||||
(
|
||||
set -x
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||
)
|
||||
cd /opt/src || exit 1
|
||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||
|
@ -234,6 +235,9 @@ update_config() {
|
|||
fi
|
||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||
if ! grep -qs "ikev1-policy" /etc/ipsec.conf; then
|
||||
sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf
|
||||
fi
|
||||
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
||||
sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
||||
fi
|
||||
|
|
|
@ -85,7 +85,7 @@ EOF
|
|||
}
|
||||
|
||||
get_swan_ver() {
|
||||
swan_ver_cur=4.15
|
||||
swan_ver_cur=5.0
|
||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||
swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver"
|
||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||
|
@ -219,6 +219,7 @@ USE_NSS_KDF=false
|
|||
USE_LINUX_AUDIT=false
|
||||
USE_SECCOMP=false
|
||||
FINALNSSDIR=/etc/ipsec.d
|
||||
NSSDIR=/etc/ipsec.d
|
||||
EOF
|
||||
fi
|
||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||
|
@ -228,7 +229,7 @@ EOF
|
|||
[ -z "$NPROCS" ] && NPROCS=1
|
||||
(
|
||||
set -x
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||
)
|
||||
cd /opt/src || exit 1
|
||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||
|
@ -286,6 +287,9 @@ update_config() {
|
|||
fi
|
||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||
if ! grep -qs "ikev1-policy" /etc/ipsec.conf; then
|
||||
sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf
|
||||
fi
|
||||
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
||||
sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
||||
fi
|
||||
|
|
|
@ -80,7 +80,7 @@ EOF
|
|||
}
|
||||
|
||||
get_swan_ver() {
|
||||
swan_ver_cur=4.15
|
||||
swan_ver_cur=5.0
|
||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||
swan_ver_url="$base_url/upg-v1-$os_type-$os_ver-swanver"
|
||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||
|
@ -213,6 +213,7 @@ EOF
|
|||
cat >> Makefile.inc.local <<'EOF'
|
||||
USE_NSS_KDF=false
|
||||
FINALNSSDIR=/etc/ipsec.d
|
||||
NSSDIR=/etc/ipsec.d
|
||||
EOF
|
||||
fi
|
||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||
|
@ -222,7 +223,7 @@ EOF
|
|||
[ -z "$NPROCS" ] && NPROCS=1
|
||||
(
|
||||
set -x
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||
)
|
||||
cd /opt/src || exit 1
|
||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||
|
@ -279,6 +280,9 @@ update_config() {
|
|||
fi
|
||||
sed -i "/ikev2=never/d" /etc/ipsec.conf
|
||||
sed -i "/conn shared/a \ ikev2=never" /etc/ipsec.conf
|
||||
if ! grep -qs "ikev1-policy" /etc/ipsec.conf; then
|
||||
sed -i "/config setup/a \ ikev1-policy=accept" /etc/ipsec.conf
|
||||
fi
|
||||
if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
|
||||
sed -i".old-$SYS_DT" 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
|
||||
fi
|
||||
|
|
|
@ -240,7 +240,7 @@ get_helper_scripts() {
|
|||
}
|
||||
|
||||
get_swan_ver() {
|
||||
SWAN_VER=4.15
|
||||
SWAN_VER=5.0
|
||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||
|
@ -294,12 +294,13 @@ WERROR_CFLAGS=-w -s
|
|||
USE_DNSSEC=false
|
||||
USE_DH2=true
|
||||
FINALNSSDIR=/etc/ipsec.d
|
||||
NSSDIR=/etc/ipsec.d
|
||||
EOF
|
||||
NPROCS=$(grep -c ^processor /proc/cpuinfo)
|
||||
[ -z "$NPROCS" ] && NPROCS=1
|
||||
(
|
||||
set -x
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||
)
|
||||
cd /opt/src || exit 1
|
||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||
|
@ -326,6 +327,7 @@ cat > /etc/ipsec.conf <<EOF
|
|||
version 2.0
|
||||
|
||||
config setup
|
||||
ikev1-policy=accept
|
||||
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
||||
uniqueids=no
|
||||
|
||||
|
|
|
@ -258,7 +258,7 @@ get_helper_scripts() {
|
|||
}
|
||||
|
||||
get_swan_ver() {
|
||||
SWAN_VER=4.15
|
||||
SWAN_VER=5.0
|
||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||
swan_ver_url="$base_url/v1-amzn-2-swanver"
|
||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||
|
@ -315,6 +315,7 @@ USE_NSS_KDF=false
|
|||
USE_LINUX_AUDIT=false
|
||||
USE_SECCOMP=false
|
||||
FINALNSSDIR=/etc/ipsec.d
|
||||
NSSDIR=/etc/ipsec.d
|
||||
EOF
|
||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
||||
|
@ -323,7 +324,7 @@ EOF
|
|||
[ -z "$NPROCS" ] && NPROCS=1
|
||||
(
|
||||
set -x
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||
)
|
||||
cd /opt/src || exit 1
|
||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||
|
@ -350,6 +351,7 @@ cat > /etc/ipsec.conf <<EOF
|
|||
version 2.0
|
||||
|
||||
config setup
|
||||
ikev1-policy=accept
|
||||
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
||||
uniqueids=no
|
||||
|
||||
|
|
|
@ -360,7 +360,7 @@ get_helper_scripts() {
|
|||
}
|
||||
|
||||
get_swan_ver() {
|
||||
SWAN_VER=4.15
|
||||
SWAN_VER=5.0
|
||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||
|
@ -417,6 +417,7 @@ USE_NSS_KDF=false
|
|||
USE_LINUX_AUDIT=false
|
||||
USE_SECCOMP=false
|
||||
FINALNSSDIR=/etc/ipsec.d
|
||||
NSSDIR=/etc/ipsec.d
|
||||
EOF
|
||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
||||
|
@ -425,7 +426,7 @@ EOF
|
|||
[ -z "$NPROCS" ] && NPROCS=1
|
||||
(
|
||||
set -x
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||
)
|
||||
cd /opt/src || exit 1
|
||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||
|
@ -452,6 +453,7 @@ cat > /etc/ipsec.conf <<EOF
|
|||
version 2.0
|
||||
|
||||
config setup
|
||||
ikev1-policy=accept
|
||||
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
||||
uniqueids=no
|
||||
|
||||
|
|
|
@ -313,7 +313,7 @@ get_helper_scripts() {
|
|||
}
|
||||
|
||||
get_swan_ver() {
|
||||
SWAN_VER=4.15
|
||||
SWAN_VER=5.0
|
||||
base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
|
||||
swan_ver_url="$base_url/v1-$os_type-$os_ver-swanver"
|
||||
swan_ver_latest=$(wget -t 2 -T 10 -qO- "$swan_ver_url" | head -n 1)
|
||||
|
@ -368,6 +368,7 @@ USE_DNSSEC=false
|
|||
USE_DH2=true
|
||||
USE_NSS_KDF=false
|
||||
FINALNSSDIR=/etc/ipsec.d
|
||||
NSSDIR=/etc/ipsec.d
|
||||
EOF
|
||||
if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
|
||||
echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local
|
||||
|
@ -376,7 +377,7 @@ EOF
|
|||
[ -z "$NPROCS" ] && NPROCS=1
|
||||
(
|
||||
set -x
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null
|
||||
make "-j$((NPROCS+1))" -s base >/dev/null 2>&1 && make -s install-base >/dev/null 2>&1
|
||||
)
|
||||
cd /opt/src || exit 1
|
||||
/bin/rm -rf "/opt/src/libreswan-$SWAN_VER"
|
||||
|
@ -403,6 +404,7 @@ cat > /etc/ipsec.conf <<EOF
|
|||
version 2.0
|
||||
|
||||
config setup
|
||||
ikev1-policy=accept
|
||||
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!$L2TP_NET,%v4:!$XAUTH_NET
|
||||
uniqueids=no
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user