mirror of
https://github.com/namibia/openvpn-install.git
synced 2025-01-05 12:32:09 +00:00
Combine latest and legacy version
This commit is contained in:
parent
f5ebe9d01d
commit
157c27512a
@ -169,8 +169,15 @@ else
|
|||||||
echo "I need to ask you a few questions before starting the setup"
|
echo "I need to ask you a few questions before starting the setup"
|
||||||
echo "You can leave the default options and just press enter if you are ok with them"
|
echo "You can leave the default options and just press enter if you are ok with them"
|
||||||
echo ""
|
echo ""
|
||||||
echo "First I need to know the IPv4 address of the network interface you want OpenVPN"
|
echo "First, choose which variant of the script you want to use."
|
||||||
echo "listening to."
|
echo "Read carefully the README on GitHub before choosing. Use legacy of you're not sure."
|
||||||
|
echo " 1) Latest (High encryption, not compatible with all servers and clients)"
|
||||||
|
echo " 2) Legacy (Work with most devices)"
|
||||||
|
read -p "Variant [1-2]: " -e -i 2 VER
|
||||||
|
echo ""
|
||||||
|
echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to."
|
||||||
|
echo "If you server is running behind a NAT, (e.g. LowEndSpirit, Scaleway) leave the IP adress as it is. (10.x.x.x)"
|
||||||
|
echo "Otherwise, it sould be your public IPv4 address."
|
||||||
read -p "IP address: " -e -i $IP IP
|
read -p "IP address: " -e -i $IP IP
|
||||||
echo ""
|
echo ""
|
||||||
echo "What port do you want for OpenVPN?"
|
echo "What port do you want for OpenVPN?"
|
||||||
@ -232,11 +239,18 @@ ca ca.crt
|
|||||||
cert server.crt
|
cert server.crt
|
||||||
key server.key
|
key server.key
|
||||||
dh dh.pem
|
dh dh.pem
|
||||||
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
|
||||||
tls-version-min 1.2
|
|
||||||
topology subnet
|
topology subnet
|
||||||
server 10.8.0.0 255.255.255.0
|
server 10.8.0.0 255.255.255.0
|
||||||
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
|
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
|
||||||
|
if [[ "$VER" = '1' ]]; then
|
||||||
|
#If we're using the latest variant
|
||||||
|
echo "tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
||||||
|
tls-version-min 1.2" >> /etc/openvpn/server.conf
|
||||||
|
else
|
||||||
|
# If the user slected legacy
|
||||||
|
# Or if the user selected a non-existant variant, we fallback to legacy
|
||||||
|
echo "cipher AES-256-CBC" >> /etc/openvpn/server.conf
|
||||||
|
fi
|
||||||
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
|
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
|
||||||
# DNS
|
# DNS
|
||||||
case $DNS in
|
case $DNS in
|
||||||
@ -361,9 +375,16 @@ nobind
|
|||||||
persist-key
|
persist-key
|
||||||
persist-tun
|
persist-tun
|
||||||
remote-cert-tls server
|
remote-cert-tls server
|
||||||
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
|
||||||
tls-version-min 1.2
|
|
||||||
comp-lzo" > /etc/openvpn/client-common.txt
|
comp-lzo" > /etc/openvpn/client-common.txt
|
||||||
|
if [[ "$VER" = '1' ]]; then
|
||||||
|
#If we're using the latest variant
|
||||||
|
echo "tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
||||||
|
tls-version-min 1.2" >> /etc/openvpn/client-common.txt
|
||||||
|
else
|
||||||
|
# If the user slected legacy
|
||||||
|
# Or if the user selected a non-existant variant, we fallback to legacy
|
||||||
|
echo "cipher AES-256-CBC" >> /etc/openvpn/client-common.txt
|
||||||
|
fi
|
||||||
# Generates the custom client.ovpn
|
# Generates the custom client.ovpn
|
||||||
newclient "$CLIENT"
|
newclient "$CLIENT"
|
||||||
echo ""
|
echo ""
|
||||||
|
Loading…
Reference in New Issue
Block a user