Improve VPN setup

hwdsl2 · hwdsl2 · commit e3d7d388167f · 2022-01-22T20:03:30.000-06:00
- Retrieve latest supported Libreswan version before install
- Cleanup
diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh
@@ -60,7 +60,6 @@ check_vz() {
 
 check_os() {
   os_type=$(lsb_release -si 2>/dev/null)
-  os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
   [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID")
   case $os_type in
     [Aa]lpine)
@@ -133,9 +132,6 @@ check_dns() {
 
 start_setup() {
   bigecho "VPN setup in progress... Please be patient."
-  # shellcheck disable=SC2154
-  trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
-  trap 'finish $? $((dlo+1))' EXIT
   mkdir -p /opt/src
   cd /opt/src || exit 1
 }
@@ -174,18 +170,17 @@ install_fail2ban() {
   ) || exiterr2
 }
 
-get_ikev2_script() {
-  bigecho "Downloading IKEv2 script..."
-  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
-  (
-    set -x
-    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
-  ) || /bin/rm -f ikev2.sh
-  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+get_swan_ver() {
+  base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
+  swan_ver_url="$base_url/swanver-$os_type-$os_ver"
+  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
+  SWAN_VER=4.6
+  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
+    SWAN_VER="$swan_ver_latest"
+  fi
 }
 
 check_libreswan() {
-  SWAN_VER=4.6
   ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
   swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
   [ "$swan_ver_old" = "$SWAN_VER" ]
@@ -235,6 +230,16 @@ EOF
   fi
 }
 
+get_ikev2_script() {
+  bigecho "Downloading IKEv2 script..."
+  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+  (
+    set -x
+    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+  ) || /bin/rm -f ikev2.sh
+  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+}
+
 create_vpn_config() {
   bigecho "Creating VPN configuration..."
 
@@ -497,27 +502,6 @@ IKEv2 guide:       https://git.io/ikev2
 EOF
 }
 
-check_swan_ver() {
-  swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
-  [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
-  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
-  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
-    && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
-    && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
-cat <<EOF
-Note: A newer version of Libreswan ($swan_ver_latest) is available.
-      To update, run:
-      wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
-
-EOF
-  fi
-}
-
-finish() {
-  check_swan_ver "$1" "$2"
-  exit "$1"
-}
-
 vpnsetup() {
   check_root
   check_vz
@@ -530,9 +514,10 @@ vpnsetup() {
   detect_ip
   install_vpn_pkgs
   install_fail2ban
-  get_ikev2_script
+  get_swan_ver
   get_libreswan
   install_libreswan
+  get_ikev2_script
   create_vpn_config
   update_sysctl
   update_iptables
diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh
@@ -53,7 +53,6 @@ check_root() {
 }
 
 check_os() {
-  os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
   if ! grep -qs "Amazon Linux release 2" /etc/system-release; then
     exiterr "This script only supports Amazon Linux 2."
   fi
@@ -115,9 +114,6 @@ check_dns() {
 
 start_setup() {
   bigecho "VPN setup in progress... Please be patient."
-  # shellcheck disable=SC2154
-  trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
-  trap 'finish $? $((dlo+1))' EXIT
   mkdir -p /opt/src
   cd /opt/src || exit 1
 }
@@ -174,18 +170,17 @@ install_fail2ban() {
   ) || exiterr2
 }
 
-get_ikev2_script() {
-  bigecho "Downloading IKEv2 script..."
-  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
-  (
-    set -x
-    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
-  ) || /bin/rm -f ikev2.sh
-  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+get_swan_ver() {
+  base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
+  swan_ver_url="$base_url/swanver-amzn-2"
+  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
+  SWAN_VER=4.6
+  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
+    SWAN_VER="$swan_ver_latest"
+  fi
 }
 
 check_libreswan() {
-  SWAN_VER=4.6
   ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
   swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
   [ "$swan_ver_old" = "$SWAN_VER" ]
@@ -237,6 +232,16 @@ EOF
   fi
 }
 
+get_ikev2_script() {
+  bigecho "Downloading IKEv2 script..."
+  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+  (
+    set -x
+    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+  ) || /bin/rm -f ikev2.sh
+  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+}
+
 create_vpn_config() {
   bigecho "Creating VPN configuration..."
 
@@ -510,27 +515,6 @@ IKEv2 guide:       https://git.io/ikev2
 EOF
 }
 
-check_swan_ver() {
-  swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER"
-  [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
-  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
-  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
-    && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
-    && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
-cat <<EOF
-Note: A newer version of Libreswan ($swan_ver_latest) is available.
-      To update, run:
-      wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
-
-EOF
-  fi
-}
-
-finish() {
-  check_swan_ver "$1" "$2"
-  exit "$1"
-}
-
 vpnsetup() {
   check_root
   check_os
@@ -544,9 +528,10 @@ vpnsetup() {
   install_vpn_pkgs_1
   install_vpn_pkgs_2
   install_fail2ban
-  get_ikev2_script
+  get_swan_ver
   get_libreswan
   install_libreswan
+  get_ikev2_script
   create_vpn_config
   create_f2b_config
   update_sysctl
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
@@ -62,7 +62,6 @@ check_vz() {
 
 check_os() {
   os_type=centos
-  os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-')
   rh_file="/etc/redhat-release"
   if grep -qs "Red Hat" "$rh_file"; then
     os_type=rhel
@@ -135,9 +134,6 @@ check_dns() {
 
 start_setup() {
   bigecho "VPN setup in progress... Please be patient."
-  # shellcheck disable=SC2154
-  trap 'dlo=$dl;dl=$LINENO' DEBUG 2>/dev/null
-  trap 'finish $? $((dlo+1))' EXIT
   mkdir -p /opt/src
   cd /opt/src || exit 1
 }
@@ -229,18 +225,17 @@ install_fail2ban() {
   ) || exiterr2
 }
 
-get_ikev2_script() {
-  bigecho "Downloading IKEv2 script..."
-  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
-  (
-    set -x
-    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
-  ) || /bin/rm -f ikev2.sh
-  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+get_swan_ver() {
+  base_url="https://github.com/hwdsl2/vpn-extras/releases/download/v1.0.0"
+  swan_ver_url="$base_url/swanver-$os_type-$os_ver"
+  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
+  SWAN_VER=4.6
+  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$'; then
+    SWAN_VER="$swan_ver_latest"
+  fi
 }
 
 check_libreswan() {
-  SWAN_VER=4.6
   ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null)
   swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//')
   [ "$swan_ver_old" = "$SWAN_VER" ]
@@ -292,6 +287,16 @@ EOF
   fi
 }
 
+get_ikev2_script() {
+  bigecho "Downloading IKEv2 script..."
+  ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+  (
+    set -x
+    wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+  ) || /bin/rm -f ikev2.sh
+  [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null
+}
+
 create_vpn_config() {
   bigecho "Creating VPN configuration..."
 
@@ -606,27 +611,6 @@ IKEv2 guide:       https://git.io/ikev2
 EOF
 }
 
-check_swan_ver() {
-  swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER"
-  [ "$1" != "0" ] && swan_ver_url="$swan_ver_url&e=$2"
-  swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url" | head -n 1)
-  if printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9]{1,2})(\.([0-9]|[1-9][0-9]{1,2})){1,2}$' \
-    && [ "$1" = "0" ] && [ -n "$SWAN_VER" ] && [ "$SWAN_VER" != "$swan_ver_latest" ] \
-    && printf '%s\n%s' "$SWAN_VER" "$swan_ver_latest" | sort -C -V; then
-cat <<EOF
-Note: A newer version of Libreswan ($swan_ver_latest) is available.
-      To update, run:
-      wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
-
-EOF
-  fi
-}
-
-finish() {
-  check_swan_ver "$1" "$2"
-  exit "$1"
-}
-
 vpnsetup() {
   check_root
   check_vz
@@ -642,9 +626,10 @@ vpnsetup() {
   install_vpn_pkgs_2
   install_vpn_pkgs_3
   install_fail2ban
-  get_ikev2_script
+  get_swan_ver
   get_libreswan
   install_libreswan
+  get_ikev2_script
   create_vpn_config
   create_f2b_config
   update_sysctl
diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh
