Skip to content

Commit

Permalink
Cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
hwdsl2 committed Sep 8, 2022
1 parent 021e6bb commit 22d977e
Showing 1 changed file with 1 addition and 36 deletions.
37 changes: 1 addition & 36 deletions run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,6 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
VPN_IPSEC_PSK=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 20)
VPN_USER=vpnuser
VPN_PASSWORD=$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' </dev/urandom 2>/dev/null | head -c 16)

printf '%s\n' "VPN_IPSEC_PSK='$VPN_IPSEC_PSK'" > "$vpn_gen_env"
printf '%s\n' "VPN_USER='$VPN_USER'" >> "$vpn_gen_env"
printf '%s\n' "VPN_PASSWORD='$VPN_PASSWORD'" >> "$vpn_gen_env"
Expand All @@ -110,7 +109,6 @@ VPN_USER=$(nospaces "$VPN_USER")
VPN_USER=$(noquotes "$VPN_USER")
VPN_PASSWORD=$(nospaces "$VPN_PASSWORD")
VPN_PASSWORD=$(noquotes "$VPN_PASSWORD")

if [ -n "$VPN_ADDL_USERS" ] && [ -n "$VPN_ADDL_PASSWORDS" ]; then
VPN_ADDL_USERS=$(nospaces "$VPN_ADDL_USERS")
VPN_ADDL_USERS=$(noquotes "$VPN_ADDL_USERS")
Expand All @@ -131,82 +129,66 @@ else
VPN_ADDL_PASSWORDS=""
VPN_ADDL_IP_ADDRS=""
fi

if [ -n "$VPN_DNS_SRV1" ]; then
VPN_DNS_SRV1=$(nospaces "$VPN_DNS_SRV1")
VPN_DNS_SRV1=$(noquotes "$VPN_DNS_SRV1")
fi

if [ -n "$VPN_DNS_SRV2" ]; then
VPN_DNS_SRV2=$(nospaces "$VPN_DNS_SRV2")
VPN_DNS_SRV2=$(noquotes "$VPN_DNS_SRV2")
fi

if [ -n "$VPN_CLIENT_NAME" ]; then
VPN_CLIENT_NAME=$(nospaces "$VPN_CLIENT_NAME")
VPN_CLIENT_NAME=$(noquotes "$VPN_CLIENT_NAME")
fi

if [ -n "$VPN_DNS_NAME" ]; then
VPN_DNS_NAME=$(nospaces "$VPN_DNS_NAME")
VPN_DNS_NAME=$(noquotes "$VPN_DNS_NAME")
fi

if [ -n "$VPN_PUBLIC_IP" ]; then
VPN_PUBLIC_IP=$(nospaces "$VPN_PUBLIC_IP")
VPN_PUBLIC_IP=$(noquotes "$VPN_PUBLIC_IP")
fi

if [ -n "$VPN_ANDROID_MTU_FIX" ]; then
VPN_ANDROID_MTU_FIX=$(nospaces "$VPN_ANDROID_MTU_FIX")
VPN_ANDROID_MTU_FIX=$(noquotes "$VPN_ANDROID_MTU_FIX")
fi

if [ -n "$VPN_SHA2_TRUNCBUG" ]; then
VPN_SHA2_TRUNCBUG=$(nospaces "$VPN_SHA2_TRUNCBUG")
VPN_SHA2_TRUNCBUG=$(noquotes "$VPN_SHA2_TRUNCBUG")
fi

if [ -n "$VPN_PROTECT_CONFIG" ]; then
VPN_PROTECT_CONFIG=$(nospaces "$VPN_PROTECT_CONFIG")
VPN_PROTECT_CONFIG=$(noquotes "$VPN_PROTECT_CONFIG")
fi

if [ -n "$VPN_DISABLE_IPSEC_L2TP" ]; then
VPN_DISABLE_IPSEC_L2TP=$(nospaces "$VPN_DISABLE_IPSEC_L2TP")
VPN_DISABLE_IPSEC_L2TP=$(noquotes "$VPN_DISABLE_IPSEC_L2TP")
fi

if [ -n "$VPN_DISABLE_IPSEC_XAUTH" ]; then
VPN_DISABLE_IPSEC_XAUTH=$(nospaces "$VPN_DISABLE_IPSEC_XAUTH")
VPN_DISABLE_IPSEC_XAUTH=$(noquotes "$VPN_DISABLE_IPSEC_XAUTH")
fi

if [ -n "$VPN_IKEV2_ONLY" ]; then
VPN_IKEV2_ONLY=$(nospaces "$VPN_IKEV2_ONLY")
VPN_IKEV2_ONLY=$(noquotes "$VPN_IKEV2_ONLY")
fi

if [ -n "$VPN_L2TP_NET" ]; then
VPN_L2TP_NET=$(nospaces "$VPN_L2TP_NET")
VPN_L2TP_NET=$(noquotes "$VPN_L2TP_NET")
fi

if [ -n "$VPN_L2TP_LOCAL" ]; then
VPN_L2TP_LOCAL=$(nospaces "$VPN_L2TP_LOCAL")
VPN_L2TP_LOCAL=$(noquotes "$VPN_L2TP_LOCAL")
fi

if [ -n "$VPN_L2TP_POOL" ]; then
VPN_L2TP_POOL=$(nospaces "$VPN_L2TP_POOL")
VPN_L2TP_POOL=$(noquotes "$VPN_L2TP_POOL")
fi

if [ -n "$VPN_XAUTH_NET" ]; then
VPN_XAUTH_NET=$(nospaces "$VPN_XAUTH_NET")
VPN_XAUTH_NET=$(noquotes "$VPN_XAUTH_NET")
fi

if [ -n "$VPN_XAUTH_POOL" ]; then
VPN_XAUTH_POOL=$(nospaces "$VPN_XAUTH_POOL")
VPN_XAUTH_POOL=$(noquotes "$VPN_XAUTH_POOL")
Expand All @@ -215,17 +197,14 @@ fi
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
exiterr "All VPN credentials must be specified. Edit your 'env' file and re-enter them."
fi

if printf '%s' "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD $VPN_ADDL_USERS $VPN_ADDL_PASSWORDS" | LC_ALL=C grep -q '[^ -~]\+'; then
exiterr "VPN credentials must not contain non-ASCII characters."
fi

case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD $VPN_ADDL_USERS $VPN_ADDL_PASSWORDS" in
*[\\\"\']*)
exiterr "VPN credentials must not contain these special characters: \\ \" '"
;;
esac

if printf '%s' "$VPN_USER $VPN_ADDL_USERS" | tr ' ' '\n' | sort | uniq -c | grep -qv '^ *1 '; then
exiterr "VPN usernames must not contain duplicates."
fi
Expand All @@ -241,7 +220,6 @@ EOF
VPN_DNS_SRV1=""
fi
fi

if [ -n "$VPN_DNS_SRV2" ]; then
check_ip "$VPN_DNS_SRV2" || VPN_DNS_SRV2=$(dig -t A -4 +short "$VPN_DNS_SRV2")
if ! check_ip "$VPN_DNS_SRV2"; then
Expand All @@ -252,7 +230,6 @@ EOF
VPN_DNS_SRV2=""
fi
fi

if [ -n "$VPN_CLIENT_NAME" ]; then
if ! check_client_name "$VPN_CLIENT_NAME"; then
cat <<'EOF'
Expand All @@ -263,7 +240,6 @@ EOF
VPN_CLIENT_NAME=""
fi
fi

if [ -n "$VPN_DNS_NAME" ]; then
if ! check_dns_name "$VPN_DNS_NAME"; then
cat <<'EOF'
Expand All @@ -280,7 +256,6 @@ if [ -n "$VPN_DNS_NAME" ]; then
else
echo
echo 'Trying to auto discover IP of this server...'

# In case auto IP discovery fails, manually define the public IP
# of this server in your 'env' file, as variable 'VPN_PUBLIC_IP'.
public_ip=${VPN_PUBLIC_IP:-''}
Expand Down Expand Up @@ -316,21 +291,18 @@ case $VPN_SHA2_TRUNCBUG in
sha2_truncbug=yes
;;
esac

disable_ipsec_l2tp=no
case $VPN_DISABLE_IPSEC_L2TP in
[yY][eE][sS])
disable_ipsec_l2tp=yes
;;
esac

disable_ipsec_xauth=no
case $VPN_DISABLE_IPSEC_XAUTH in
[yY][eE][sS])
disable_ipsec_xauth=yes
;;
esac

case $VPN_IKEV2_ONLY in
[yY][eE][sS])
disable_ipsec_l2tp=yes
Expand Down Expand Up @@ -403,7 +375,6 @@ conn l2tp-psk
EOF
fi

if [ "$disable_ipsec_xauth" != "yes" ]; then
cat >> /etc/ipsec.conf <<EOF
conn xauth-psk
Expand All @@ -429,7 +400,6 @@ EOF
if uname -r | grep -qi 'coreos'; then
sed -i '/phase2alg/s/,aes256-sha2_512//' /etc/ipsec.conf
fi

if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
sed -i 's/^[[:space:]]\+ike-frag=/ fragmentation=/' /etc/ipsec.d/ikev2.conf
fi
Expand Down Expand Up @@ -539,7 +509,7 @@ $syt "net.ipv4.conf.$NET_IFACE.send_redirects=0" 2>/dev/null
$syt "net.ipv4.conf.$NET_IFACE.rp_filter=0" 2>/dev/null
$syt net.ipv4.tcp_rmem="4096 87380 16777216" 2>/dev/null
$syt net.ipv4.tcp_wmem="4096 87380 16777216" 2>/dev/null
if modprobe -q tcp_bbr \
if modprobe -q tcp_bbr 2>/dev/null \
&& printf '%s\n%s' "4.20" "$(uname -r)" | sort -C -V; then
$syt net.ipv4.tcp_congestion_control=bbr 2>/dev/null
fi
Expand Down Expand Up @@ -635,7 +605,6 @@ IPsec PSK: $VPN_IPSEC_PSK
Username: $VPN_USER
Password: $VPN_PASSWORD
EOF

if [ -n "$VPN_ADDL_USERS" ] && [ -n "$VPN_ADDL_PASSWORDS" ]; then
count=1
addl_user=$(printf '%s' "$VPN_ADDL_USERS" | cut -d ' ' -f 1)
Expand All @@ -653,15 +622,11 @@ EOF
addl_password=$(printf '%s' "$VPN_ADDL_PASSWORDS" | cut -s -d ' ' -f "$count")
done
fi

cat <<'EOF'
Write these down. You'll need them to connect!
VPN client setup: https://vpnsetup.net/clients2
EOF

cat <<'EOF'
================================================
EOF
Expand Down

0 comments on commit 22d977e

Please sign in to comment.