Last active
August 1, 2020 05:03
-
-
Save hoangddt/2606677f34fd0cbd4e75e904b8e6e84b to your computer and use it in GitHub Desktop.
libreswan-client-install
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| apt-get -yq install wget dnsutils openssl \ | |
| iptables iproute2 gawk grep sed net-tools || exiterr2 | |
| apt-get -yq install libnss3-dev libnspr4-dev pkg-config \ | |
| libpam0g-dev libcap-ng-dev libcap-ng-utils libselinux1-dev \ | |
| libcurl4-nss-dev flex bison gcc make libnss3-tools \ | |
| libevent-dev ppp xl2tpd || exiterr2 | |
| SWAN_VER=3.32 | |
| swan_file="libreswan-$SWAN_VER.tar.gz" | |
| swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" | |
| swan_url2="https://download.libreswan.org/$swan_file" | |
| if ! { wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -nv -O "$swan_file" "$swan_url2"; }; then | |
| exit 1 | |
| fi | |
| /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" | |
| tar xzf "$swan_file" && /bin/rm -f "$swan_file" | |
| cd "libreswan-$SWAN_VER" || exit 1 | |
| cat > Makefile.inc.local <<'EOF' | |
| WERROR_CFLAGS = | |
| USE_DNSSEC = false | |
| USE_DH31 = false | |
| USE_GLIBC_KERN_FLIP_HEADERS = true | |
| EOF | |
| if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then | |
| apt-get -yq install libsystemd-dev || exiterr2 | |
| fi | |
| NPROCS="$(grep -c ^processor /proc/cpuinfo)" | |
| [ -z "$NPROCS" ] && NPROCS=1 | |
| make "-j$((NPROCS+1))" -s base && make -s install-base |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configuration file for Linux clients | |
| conn xauth-psk | |
| authby=secret | |
| left=%defaultroute | |
| leftxauthclient=yes | |
| leftmodecfgclient=yes | |
| leftxauthusername=<put-your-username-here> | |
| modecfgpull=yes | |
| right=office-121dht.fiisoft.net | |
| rightsubnet=0.0.0.0/0 | |
| rightxauthserver=yes | |
| rightmodecfgserver=yes | |
| rekey=no | |
| #dpdaction=hold | |
| #dpdtimeout=60 | |
| #dpddelay=30 | |
| auto=start | |
| ike_frag=yes | |
| #nat-keepalive=yes | |
| # Commonly needed to talk to Cisco server | |
| # Might also need _exact_ ike= and esp= lines | |
| # remote_peer_type=cisco | |
| # aggrmode=yes | |
| # one of thesse two | |
| # rightid=@[GroupName] | |
| # rightid=@GroupName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/ipsec.d/linux-client.secrets | |
| # Secrets file for Linux clients | |
| # please fill in your ldap username and password | |
| office-121dht.fiisoft.net %any : PSK "<Put in PSK>" | |
| @<your-ldap-username>: XAUTH "<your-ldap-password>" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment