部署脚本

  1. #! /bin/bash
  2. PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
  3. export PATH
  4. #===============================================================================================
  5. #   System Required:  CentOS6.x/7 (32bit/64bit) or Ubuntu
  6. #   Description:  Install IKEV2 VPN for CentOS and Ubuntu
  7. #   Author: quericy
  8. #   Intro:  https://quericy.me/blog/699
  9. #===============================================================================================
  11. clear
  12. VER=1.2.0
  13. echo "#############################################################"
  14. echo "# Install IKEV2 VPN for CentOS6.x/7 (32bit/64bit) or Ubuntu or Debian7/8.*"
  15. echo "# Intro: https://quericy.me/blog/699"
  16. echo "#"
  17. echo "# Author:quericy"
  18. echo "#"
  19. echo "# Version:$VER"
  20. echo "#############################################################"
  21. echo ""
  23. __INTERACTIVE=""
  24. if [ -t 1 ] ; then
  25.     __INTERACTIVE="1"
  26. fi
  28. __green(){
  29.     if [ "$__INTERACTIVE" ] ; then
  30.         printf '\033[1;31;32m'
  31.     fi
  32.     printf -- "$1"
  33.     if [ "$__INTERACTIVE" ] ; then
  34.         printf '\033[0m'
  35.     fi
  36. }
  38. __red(){
  39.     if [ "$__INTERACTIVE" ] ; then
  40.         printf '\033[1;31;40m'
  41.     fi
  42.     printf -- "$1"
  43.     if [ "$__INTERACTIVE" ] ; then
  44.         printf '\033[0m'
  45.     fi
  46. }
  48. __yellow(){
  49.     if [ "$__INTERACTIVE" ] ; then
  50.         printf '\033[1;31;33m'
  51.     fi
  52.     printf -- "$1"
  53.     if [ "$__INTERACTIVE" ] ; then
  54.         printf '\033[0m'
  55.     fi
  56. }
  58. # Install IKEV2
  59. function install_ikev2(){
  60.     rootness
  61.     disable_selinux
  62.     get_system
  63.     yum_install
  64.     get_my_ip
  65.     pre_install
  66.     download_files
  67.     setup_strongswan
  68.     get_key
  69.     configure_ipsec
  70.     configure_strongswan
  71.     configure_secrets
  72.     SNAT_set
  73.     iptables_check
  74.     ipsec restart
  75.     success_info
  76. }
  78. # Make sure only root can run our script
  79. function rootness(){
  80. if [[ $EUID -ne 0 ]]; then
  81.    echo "Error:This script must be run as root!" 1>&2
  82.    exit 1
  83. fi
  84. }
  86. # Disable selinux
  87. function disable_selinux(){
  88. if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
  89.     sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
  90.     setenforce 0
  91. fi
  92. }
  94. # Ubuntu or CentOS
  95. function get_system(){
  96.     if grep -Eqi "CentOS" /etc/issue || grep -Eq "CentOS" /etc/*-release; then
  97.         system_str="0"
  98.     elif  grep -Eqi "Ubuntu" /etc/issue || grep -Eq "Ubuntu" /etc/*-release; then
  99.         system_str="1"
  100.     elif  grep -Eqi "Debian" /etc/issue || grep -Eq "Debian" /etc/*-release; then
  101.         system_str="1"
  102.     elif  grep -Eqi "Raspbian" /etc/issue || grep -Eq "Raspbian" /etc/*-release; then
  103.         system_str="1"
  104.     else
  105.         echo "This Script must be running at the CentOS or Ubuntu or Debian!"
  106.         exit 1
  107.     fi
  108. }
  110. #install necessary lib
  111. function yum_install(){
  112.     if [ "$system_str" = "0" ]; then
  113.     yum -y update
  114.     yum -y install pam-devel openssl-devel make gcc curl
  115.     else
  116.     apt-get -y update
  117.     apt-get -y install libpam0g-dev libssl-dev make gcc curl
  118.     fi
  119. }
  121. # Get IP address of the server
  122. function get_my_ip(){
  123.     echo "Preparing, Please wait a moment..."
  124.     IP=`curl -s checkip.dyndns.com | cut -d' ' -f 6  | cut -d'<' -f 1`
  125.     if [ -z $IP ]; then
  126.         IP=`curl -s ifconfig.me/ip`
  127.     fi
  128. }
  130. # Pre-installation settings
  131. function pre_install(){
  132.     echo "#############################################################"
  133.     echo "# Install IKEV2 VPN for CentOS6.x/7 (32bit/64bit) or Ubuntu or Debian7/8.*"
  134.     echo "# Intro: https://quericy.me/blog/699"
  135.     echo "#"
  136.     echo "# Author:quericy"
  137.     echo "#"
  138.     echo "# Version:$VER"
  139.     echo "#############################################################"
  140.     echo "please choose the type of your VPS(Xen、KVM: 1  ,  OpenVZ: 2):"
  141.     read -p "your choice(1 or 2):" os_choice
  142.     if [ "$os_choice" = "1" ]; then
  143.         os="1"
  144.         os_str="Xen、KVM"
  145.         else
  146.             if [ "$os_choice" = "2" ]; then
  147.                 os="2"
  148.                 os_str="OpenVZ"
  149.                 else
  150.                 echo "wrong choice!"
  151.                 exit 1
  152.             fi
  153.     fi
  154.     echo "please input the ip (or domain) of your VPS:"
  155.     read -p "ip or domain(default_value:${IP}):" vps_ip
  156.     if [ "$vps_ip" = "" ]; then
  157.         vps_ip=$IP
  158.     fi
  160.     echo "Would you want to import existing cert? You NEED copy your cert file to the same directory of this script"
  161.     read -p "yes or no?(default_value:no):" have_cert
  162.     if [ "$have_cert" = "yes" ]; then
  163.         have_cert="1"
  164.     else
  165.         have_cert="0"
  166.         echo "please input the cert country(C):"
  167.         read -p "C(default value:com):" my_cert_c
  168.         if [ "$my_cert_c" = "" ]; then
  169.             my_cert_c="com"
  170.         fi
  171.         echo "please input the cert organization(O):"
  172.         read -p "O(default value:myvpn):" my_cert_o
  173.         if [ "$my_cert_o" = "" ]; then
  174.             my_cert_o="myvpn"
  175.         fi
  176.         echo "please input the cert common name(CN):"
  177.         read -p "CN(default value:VPN CA):" my_cert_cn
  178.         if [ "$my_cert_cn" = "" ]; then
  179.             my_cert_cn="VPN CA"
  180.         fi
  181.     fi
  183.     echo "####################################"
  184.     get_char(){
  185.         SAVEDSTTY=`stty -g`
  186.         stty -echo
  187.         stty cbreak
  188.         dd if=/dev/tty bs=1 count=1 2> /dev/null
  189.         stty -raw
  190.         stty echo
  191.         stty $SAVEDSTTY
  192.     }
  193.     echo "Please confirm the information:"
  194.     echo ""
  195.     echo -e "the type of your server: [$(__green $os_str)]"
  196.     echo -e "the ip(or domain) of your server: [$(__green $vps_ip)]"
  197.     if [ "$have_cert" = "1" ]; then
  198.         echo -e "$(__yellow "These are the certificate you MUST be prepared:")"
  199.         echo -e "[$(__green "ca.cert.pem")]:The CA cert or the chain cert."
  200.         echo -e "[$(__green "server.cert.pem")]:Your server cert."
  201.         echo -e "[$(__green "server.pem")]:Your  key of the server cert."
  202.         echo -e "[$(__yellow "Please copy these file to the same directory of this script before start!")]"
  203.     else
  204.         echo -e "the cert_info:[$(__green "C=${my_cert_c}, O=${my_cert_o}")]"
  205.     fi
  206.     echo ""
  207.     echo "Press any key to start...or Press Ctrl+C to cancel"
  208.     char=`get_char`
  209.     #Current folder
  210.     cur_dir=`pwd`
  211.     cd $cur_dir
  212. }
  215. # Download strongswan
  216. function download_files(){
  217.     strongswan_version='strongswan-5.9.0'
  218.     strongswan_file="$strongswan_version.tar.gz"
  219.     if [ -f $strongswan_file ];then
  220.         echo -e "$strongswan_file [$(__green "found")]"
  221.     else
  222.         if ! wget --no-check-certificate https://download.strongswan.org/$strongswan_file;then
  223.             echo "Failed to download $strongswan_file"
  224.             exit 1
  225.         fi
  226.     fi
  227.     tar xzf $strongswan_file
  228.     if [ $? -eq 0 ];then
  229.         cd $cur_dir/$strongswan_version/
  230.     else
  231.         echo ""
  232.         echo "Unzip $strongswan_file failed! Please visit https://quericy.me/blog/699 and contact."
  233.         exit 1
  234.     fi
  235. }
  237. # configure and install strongswan
  238. function setup_strongswan(){
  239.     if [ "$os" = "1" ]; then
  240.         ./configure  --enable-eap-identity --enable-eap-md5 \
  241. --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls --enable-eap-peap  \
  242. --enable-eap-tnc --enable-eap-dynamic --enable-eap-radius --enable-xauth-eap  \
  243. --enable-xauth-pam  --enable-dhcp  --enable-openssl  --enable-addrblock --enable-unity  \
  244. --enable-certexpire --enable-radattr --enable-swanctl --enable-openssl --disable-gmp
  246.     else
  247.         ./configure  --enable-eap-identity --enable-eap-md5 \
  248. --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls --enable-eap-peap  \
  249. --enable-eap-tnc --enable-eap-dynamic --enable-eap-radius --enable-xauth-eap  \
  250. --enable-xauth-pam  --enable-dhcp  --enable-openssl  --enable-addrblock --enable-unity  \
  251. --enable-certexpire --enable-radattr --enable-swanctl --enable-openssl --disable-gmp --enable-kernel-libipsec
  253.     fi
  254.     make; make install
  255. }
  257. # configure cert and key
  258. function get_key(){
  259.     cd $cur_dir
  260.     if [ ! -d my_key ];then
  261.         mkdir my_key
  262.     fi
  263.     if [ "$have_cert" = "1" ]; then
  264.         import_cert
  265.     else
  266.         create_cert
  267.     fi
  269.     echo "####################################"
  270.     get_char(){
  271.         SAVEDSTTY=`stty -g`
  272.         stty -echo
  273.         stty cbreak
  274.         dd if=/dev/tty bs=1 count=1 2> /dev/null
  275.         stty -raw
  276.         stty echo
  277.         stty $SAVEDSTTY
  278.     }
  279.     cp -f ca.cert.pem /usr/local/etc/ipsec.d/cacerts/
  280.     cp -f server.cert.pem /usr/local/etc/ipsec.d/certs/
  281.     cp -f server.pem /usr/local/etc/ipsec.d/private/
  282.     cp -f client.cert.pem /usr/local/etc/ipsec.d/certs/
  283.     cp -f client.pem  /usr/local/etc/ipsec.d/private/
  284.     echo "Cert copy completed"
  285. }
  287. # import cert if user has ssl certificate
  288. function import_cert(){
  289.    cd $cur_dir
  290.    if [ -f ca.cert.pem ];then
  291.         cp -f ca.cert.pem my_key/ca.cert.pem
  292.         echo -e "ca.cert.pem [$(__green "found")]"
  293.     else
  294.         echo -e "ca.cert.pem [$(__red "Not found!")]"
  295.         exit
  296.     fi
  297.     if [ -f server.cert.pem ];then
  298.         cp -f server.cert.pem my_key/server.cert.pem
  299.         cp -f server.cert.pem my_key/client.cert.pem
  300.         echo -e "server.cert.pem [$(__green "found")]"
  301.         echo -e "client.cert.pem [$(__green "auto create")]"
  302.     else
  303.         echo -e "server.cert.pem [$(__red "Not found!,auto creating...")]"
  304.         ipsec pki --gen --outform pem > server.pem
  305.         ipsec pki --pub --in server.pem | ipsec pki --issue --cacert ca.cert.pem \
  306.         --cakey ca.pem --dn "C=${my_cert_c}, O=${my_cert_o}, CN=${vps_ip}" \
  307.         --san="${vps_ip}" --flag serverAuth --flag ikeIntermediate \
  308.         --outform pem > server.cert.pem
  309.         cp -f server.cert.pem my_key/server.cert.pem
  310.         cp -f server.cert.pem my_key/client.cert.pem
  311.         echo -e "server.cert.pem [$(__green "created")]"
  312.         echo -e "client.cert.pem [$(__green "auto create")]"
  313.     fi
  314.     if [ -f server.pem ];then
  315.         cp -f server.pem my_key/server.pem
  316.         cp -f server.pem my_key/client.pem
  317.         echo -e "server.pem [$(__green "found")]"
  318.         echo -e "client.pem [$(__green "auto create")]"
  319.     else
  320.         echo -e "server.pem [$(__red "Not found!")]"
  321.         exit
  322.     fi
  323.     cd my_key
  324. }
  326. # auto create certificate
  327. function create_cert(){
  328.     cd $cur_dir
  329.     cd my_key
  330.     ipsec pki --gen --outform pem > ca.pem
  331.     ipsec pki --self --in ca.pem --dn "C=${my_cert_c}, O=${my_cert_o}, CN=${my_cert_cn}" --ca --outform pem >ca.cert.pem
  332.     ipsec pki --gen --outform pem > server.pem
  333.     ipsec pki --pub --in server.pem | ipsec pki --issue --cacert ca.cert.pem \
  334.     --cakey ca.pem --dn "C=${my_cert_c}, O=${my_cert_o}, CN=${vps_ip}" \
  335.     --san="${vps_ip}" --flag serverAuth --flag ikeIntermediate \
  336.     --outform pem > server.cert.pem
  337.     ipsec pki --gen --outform pem > client.pem
  338.     ipsec pki --pub --in client.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem --dn "C=${my_cert_c}, O=${my_cert_o}, CN=VPN Client" --outform pem > client.cert.pem
  339.     echo "configure the pkcs12 cert password(Can be empty):"
  340.     openssl pkcs12 -export -inkey client.pem -in client.cert.pem -name "client" -certfile ca.cert.pem -caname "${my_cert_cn}"  -out client.cert.p12
  341. }
  343. # configure the ipsec.conf
  344. function configure_ipsec(){
  345.  cat > /usr/local/etc/ipsec.conf<<-EOF
  346. config setup
  347.     uniqueids=never 
  349. conn iOS_cert
  350.     keyexchange=ikev1
  351.     fragmentation=yes
  352.     left=%defaultroute
  353.     leftauth=pubkey
  354.     leftsubnet=0.0.0.0/0
  355.     leftcert=server.cert.pem
  356.     right=%any
  357.     rightauth=pubkey
  358.     rightauth2=xauth
  359.     rightsourceip=10.31.2.0/24
  360.     rightcert=client.cert.pem
  361.     auto=add
  363. conn android_xauth_psk
  364.     keyexchange=ikev1
  365.     left=%defaultroute
  366.     leftauth=psk
  367.     leftsubnet=0.0.0.0/0
  368.     right=%any
  369.     rightauth=psk
  370.     rightauth2=xauth
  371.     rightsourceip=10.31.2.0/24
  372.     auto=add
  374. conn networkmanager-strongswan
  375.     keyexchange=ikev2
  376.     left=%defaultroute
  377.     leftauth=pubkey
  378.     leftsubnet=0.0.0.0/0
  379.     leftcert=server.cert.pem
  380.     right=%any
  381.     rightauth=pubkey
  382.     rightsourceip=10.31.2.0/24
  383.     rightcert=client.cert.pem
  384.     auto=add
  386. conn ios_ikev2
  387.     keyexchange=ikev2
  388.     ike=aes256-sha256-modp2048,3des-sha1-modp2048,aes256-sha1-modp2048!
  389.     esp=aes256-sha256,3des-sha1,aes256-sha1!
  390.     rekey=no
  391.     left=%defaultroute
  392.     leftid=${vps_ip}
  393.     leftsendcert=always
  394.     leftsubnet=0.0.0.0/0
  395.     leftcert=server.cert.pem
  396.     right=%any
  397.     rightauth=eap-mschapv2
  398.     rightsourceip=10.31.2.0/24
  399.     rightsendcert=never
  400.     eap_identity=%any
  401.     dpdaction=clear
  402.     fragmentation=yes
  403.     auto=add
  405. conn windows7
  406.     keyexchange=ikev2
  407.     ike=aes256-sha1-modp1024!
  408.     rekey=no
  409.     left=%defaultroute
  410.     leftauth=pubkey
  411.     leftsubnet=0.0.0.0/0
  412.     leftcert=server.cert.pem
  413.     right=%any
  414.     rightauth=eap-mschapv2
  415.     rightsourceip=10.31.2.0/24
  416.     rightsendcert=never
  417.     eap_identity=%any
  418.     auto=add
  420. EOF
  421. }
  423. # configure the strongswan.conf
  424. function configure_strongswan(){
  425.  cat > /usr/local/etc/strongswan.conf<<-EOF
  426.  charon {
  427.         load_modular = yes
  428.         duplicheck {
  429.                 enable = no
  430.         }
  431.         compress = yes
  432.         plugins {
  433.                 include strongswan.d/charon/*.conf
  434.         }
  435.         dns1 = 8.8.8.8
  436.         dns2 = 8.8.4.4
  437.         nbns1 = 8.8.8.8
  438.         nbns2 = 8.8.4.4
  439. }
  440. include strongswan.d/*.conf
  441. EOF
  442. }
  444. # configure the ipsec.secrets
  445. function configure_secrets(){
  446.     cat > /usr/local/etc/ipsec.secrets<<-EOF
  447. : RSA server.pem
  448. : PSK "myPSKkey"
  449. : XAUTH "myXAUTHPass"
  450. myUserName %any : EAP "myUserPass"
  451. EOF
  452. }
  454. function SNAT_set(){
  455.     echo "Use SNAT could implove the speed,but your server MUST have static ip address."
  456.     read -p "yes or no?(default_value:no):" use_SNAT
  457.     if [ "$use_SNAT" = "yes" ]; then
  458.         use_SNAT_str="1"
  459.         echo -e "$(__yellow "ip address info:")"
  460.         ip address | grep inet
  461.         echo "Some servers has elastic IP (AWS) or mapping IP.In this case,you should input the IP address which is binding in network interface."
  462.         read -p "static ip or network interface ip (default_value:${IP}):" static_ip
  463.     if [ "$static_ip" = "" ]; then
  464.         static_ip=$IP
  465.     fi
  466.     else
  467.         use_SNAT_str="0"
  468.     fi
  469. }
  471. # iptables check
  472. function iptables_check(){
  473.     cat > /etc/sysctl.d/10-ipsec.conf<<-EOF
  474. net.ipv4.ip_forward=1
  475. EOF
  476.     sysctl --system
  477.     echo "Do you use firewall in CentOS7 instead of iptables?"
  478.     read -p "yes or no?(default_value:no):" use_firewall
  479.     if [ "$use_firewall" = "yes" ]; then
  480.         firewall_set
  481.     else
  482.         iptables_set
  483.     fi
  484. }
  486. # firewall set in CentOS7
  487. function firewall_set(){
  488.     if ! systemctl is-active firewalld > /dev/null; then
  489.         systemctl start firewalld
  490.     fi
  491.     firewall-cmd --permanent --add-service="ipsec"
  492.     firewall-cmd --permanent --add-port=500/udp
  493.     firewall-cmd --permanent --add-port=4500/udp
  494.     firewall-cmd --permanent --add-masquerade
  495.     firewall-cmd --reload
  496. }
  498. # iptables set
  499. function iptables_set(){
  500.     echo -e "$(__yellow "ip address info:")"
  501.     ip address | grep inet
  502.     echo "The above content is the network card information of your VPS."
  503.     echo "[$(__yellow "Important")]Please enter the name of the interface which can be connected to the public network."
  504.     if [ "$os" = "1" ]; then
  505.             read -p "Network card interface(default_value:eth0):" interface
  506.         if [ "$interface" = "" ]; then
  507.             interface="eth0"
  508.         fi
  509.         iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  510.         iptables -A FORWARD -s 10.31.0.0/24  -j ACCEPT
  511.         iptables -A FORWARD -s 10.31.1.0/24  -j ACCEPT
  512.         iptables -A FORWARD -s 10.31.2.0/24  -j ACCEPT
  513.         iptables -A INPUT -i $interface -p esp -j ACCEPT
  514.         iptables -A INPUT -i $interface -p udp --dport 500 -j ACCEPT
  515.         iptables -A INPUT -i $interface -p tcp --dport 500 -j ACCEPT
  516.         iptables -A INPUT -i $interface -p udp --dport 4500 -j ACCEPT
  517.         iptables -A INPUT -i $interface -p udp --dport 1701 -j ACCEPT
  518.         iptables -A INPUT -i $interface -p tcp --dport 1723 -j ACCEPT
  519.         #iptables -A FORWARD -j REJECT
  520.         if [ "$use_SNAT_str" = "1" ]; then
  521.             iptables -t nat -A POSTROUTING -s 10.31.0.0/24 -o $interface -j SNAT --to-source $static_ip
  522.             iptables -t nat -A POSTROUTING -s 10.31.1.0/24 -o $interface -j SNAT --to-source $static_ip
  523.             iptables -t nat -A POSTROUTING -s 10.31.2.0/24 -o $interface -j SNAT --to-source $static_ip
  524.         else
  525.             iptables -t nat -A POSTROUTING -s 10.31.0.0/24 -o $interface -j MASQUERADE
  526.             iptables -t nat -A POSTROUTING -s 10.31.1.0/24 -o $interface -j MASQUERADE
  527.             iptables -t nat -A POSTROUTING -s 10.31.2.0/24 -o $interface -j MASQUERADE
  528.         fi
  529.     else
  530.         read -p "Network card interface(default_value:venet0):" interface
  531.         if [ "$interface" = "" ]; then
  532.             interface="venet0"
  533.         fi
  534.         iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  535.         iptables -A FORWARD -s 10.31.0.0/24  -j ACCEPT
  536.         iptables -A FORWARD -s 10.31.1.0/24  -j ACCEPT
  537.         iptables -A FORWARD -s 10.31.2.0/24  -j ACCEPT
  538.         iptables -A INPUT -i $interface -p esp -j ACCEPT
  539.         iptables -A INPUT -i $interface -p udp --dport 500 -j ACCEPT
  540.         iptables -A INPUT -i $interface -p tcp --dport 500 -j ACCEPT
  541.         iptables -A INPUT -i $interface -p udp --dport 4500 -j ACCEPT
  542.         iptables -A INPUT -i $interface -p udp --dport 1701 -j ACCEPT
  543.         iptables -A INPUT -i $interface -p tcp --dport 1723 -j ACCEPT
  544.         #iptables -A FORWARD -j REJECT
  545.         if [ "$use_SNAT_str" = "1" ]; then
  546.             iptables -t nat -A POSTROUTING -s 10.31.0.0/24 -o $interface -j SNAT --to-source $static_ip
  547.             iptables -t nat -A POSTROUTING -s 10.31.1.0/24 -o $interface -j SNAT --to-source $static_ip
  548.             iptables -t nat -A POSTROUTING -s 10.31.2.0/24 -o $interface -j SNAT --to-source $static_ip
  549.         else
  550.             iptables -t nat -A POSTROUTING -s 10.31.0.0/24 -o $interface -j MASQUERADE
  551.             iptables -t nat -A POSTROUTING -s 10.31.1.0/24 -o $interface -j MASQUERADE
  552.             iptables -t nat -A POSTROUTING -s 10.31.2.0/24 -o $interface -j MASQUERADE
  553.         fi
  554.     fi
  555.     if [ "$system_str" = "0" ]; then
  556.         service iptables save
  557.     else
  558.         iptables-save > /etc/iptables.rules
  559.         cat > /etc/network/if-up.d/iptables<<-EOF
  560. #!/bin/sh
  561. iptables-restore < /etc/iptables.rules
  562. EOF
  563.         chmod +x /etc/network/if-up.d/iptables
  564.     fi
  565. }
  567. # echo the success info
  568. function success_info(){
  569.     echo "#############################################################"
  570.     echo -e "#"
  571.     echo -e "# [$(__green "Install Complete")]"
  572.     echo -e "# Version:$VER"
  573.     echo -e "# There is the default login info of your IPSec/IkeV2 VPN Service"
  574.     echo -e "# UserName:$(__green " myUserName")"
  575.     echo -e "# PassWord:$(__green " myUserPass")"
  576.     echo -e "# PSK:$(__green " myPSKkey")"
  577.     echo -e "# you should change default username and password in$(__green " /usr/local/etc/ipsec.secrets")"
  578.     echo -e "# you cert:$(__green " ${cur_dir}/my_key/ca.cert.pem ")"
  579.     if [ "$have_cert" = "1" ]; then
  580.     echo -e "# you don't need to install cert if it's be trusted."
  581.     else
  582.     echo -e "# you must copy the cert to the client and install it."
  583.     fi
  584.     echo -e "#"
  585.     echo -e "#############################################################"
  586.     echo -e ""
  587. }
  589. # Initialization step
  590. install_ikev2