octoleo
/
openvpn-install
mirror of https://github.com/namibia/openvpn-install.git
1
1
Fork 0
Code Issues Releases Activity
708 Commits 5 Branches 0 Tags 823 KiB
Commit Graph

379 Commits

Author SHA1 Message Date
Stanislas Lange c758418c6d style(script) format with shfmt 2020-04-27 16:25:20 +02:00
Henry N 2a35a3db16
refactor(install): simplify detection of public IP4, add fallback to IPv6 (#589) 2020-04-27 16:24:30 +02:00
Stanislas Lange fdb35b86c6 fix(fedora): install policycoreutils-python-utils for selinux 2020-04-27 16:19:09 +02:00
Stanislas Lange 29980e6bef style(script) format with shfmt 2020-04-27 16:05:51 +02:00
randomshell 3b2c84b94d
fix(selinux): fix deletion of selinux policy (#555) 2020-04-27 16:03:55 +02:00
Stanislas 6cc0022dff
style(script): format with shfmt (#638) 
shfmt -w -s
 2020-04-27 14:59:19 +02:00
Stanislas Lange e3139cd877 Revert "feat(curves): add secp256k1 option (#315)" 
This reverts commit 8d5bb43aed.

Tested with Viscosity, doesn't work
 2020-04-27 14:36:44 +02:00
Sidd 8d5bb43aed
feat(curves): add secp256k1 option (#315) 2020-04-27 14:22:35 +02:00
randomshell 62a4ff3b41
fix(client conf): ignore block-outside-dns if not supported (#628) 2020-04-27 14:19:25 +02:00
randomshell 159ab9af6e
refactor(revoke client): remove uneeded cleanup (#607) 
The deletion of issued files is handled by easy-rsa.
See function move_revoked() f0129cfe62/easyrsa3/easyrsa (L1050)
 2020-04-27 14:12:23 +02:00
John E fe0b995bdf
feat(headless): make script idempotent 
This set of changes adjusts the script so that you can run it multiple times with the same input and not have any unexpected changes. This makes it appropriate for "enforcing state", as required by automated provisioners like Puppet, Salt, Chef, or Ansible.

 - Unbound, OpenVPN, easy-rsa, and other dependencies are only installed from upstream if they are not already present. This prevents multiple runs of the script from causing unexpected version upgrades.
 - The easy-rsa system is put in a folder called "easy-rsa-auto" so it can't conflict with the "easy-rsa" folder from some older OpenVPN packages
 - The easy-rsa CA is only initialized once
 - SERVER_CN and SERVER_NAME are randomly generated once and saved for future reference
 - File append ('>>') is only done strictly after a file is created with '>' (e.g. /etc/sysctl.d/20-openvpn.conf)
 - Clients are only added to easy-rsa once
 - If AUTO_INSTALL == y, then the script operates in install mode and doesn't enter manageMenu
 2020-04-27 13:56:34 +02:00
Stanislas Lange 3b0c2ace90 fix(checkOS): update Ubuntu/Debian compatibility check 2020-04-27 13:37:52 +02:00
randomshell 6989b0d326
Add support for client-configuration-dir (#609) 2020-04-10 17:49:07 +02:00
randomshell 2c9c0ed0c3
Improve sed line deletion (#608) 2020-04-10 11:42:57 +02:00
randomshell ef5d5faf30
Change = conditional to == (#591) 2020-04-06 14:51:58 +02:00
Henry N 6e8aeb3505
Uninstallation: restart unbound only if not removed (#612) 2020-04-06 14:41:10 +02:00
Henry N e123635e7c
Add comments to some DNS options in code (#598) 2020-04-02 16:30:50 +02:00
randomshell 7ed9cac8d7
Change Adguard DNS to Anycast (#596) 
See map at https://adguard.com/en/adguard-dns/overview.html
 2020-03-31 23:05:44 +02:00
Henry N 44105eb060 Fix systemd unit issue on Debian 9 (#585) 
On Debian 9 the copy of unit file `/etc/systemd/system/openvpn@.service` has no effect, see #583.
Same problem as #129 and #378, unit can not start on OpenVZ.

It must execute `systemctl enable` before `systemctl restart`.
So the new link to `/etc/systemd/system/openvpn@.service` was created before `systemctl restart`.

Fix https://github.com/angristan/openvpn-install/issues/583
 2020-03-28 15:41:37 +01:00
Henry N 3d075c8708
Print warning about empty public interface (#581) 
Warning, if cannot detect public interface, and give user a choice to continue or abord.
 2020-03-26 21:27:16 +01:00
Henry N 23e533431a
Fix error messag mkdir /etc/iptables (#580) 
Fix this error message:
mkdir: cannot create directory ‘/etc/iptables’: File exists
 2020-03-26 21:24:50 +01:00
Henry N 130659b003
Add explicit-exit-notify for UDP (#579) 
For faster reconnects with UDP is better to send the the explicit-exit-notify to server. With this the server can directly see, that the client will exit.
 2020-03-26 21:24:20 +01:00
Henry N aab5e7b2ff
Fix getting pulic interface in IPv6 only (#578) 
In a IPv6 only environment, the variable $NIC would be empty and iptables in add-openvpn-rules.sh will fail by missing argument.
 2020-03-26 21:22:22 +01:00
randomshell 6bb87ae716
Install `semanage` command on CentoOS (#554) 
CentOS has selinux enabled by default but it hasn't the `semanage` command required to run OpenVPN on another port.
'policycoreutils-python*' match `policycoreutils-python' in CentOS 7 and `policycoreutils-python-utils` in Centos 8.
 2020-03-14 20:25:22 +01:00
xPakrikx 3f2ad88cbf
Custom DNS option wrong value fix (#559) 
Custom DNS option wrong value fix
 2020-03-10 10:43:13 +01:00
Stanislas Lange 7a4f9278e7 Add new DNS option: NextDNS 2020-03-03 23:04:18 +01:00
angristan 4b0f47b534 Fix Fedora detection 2020-01-27 18:08:06 +01:00
Stanislas caa571f768
Fix GitHub action (#515) 2019-11-11 15:37:09 +09:00
Safa Bayar 12ba1a9d9a Add Centos 8 Support (#506) 2019-11-11 15:18:34 +09:00
Stanislas bc109db04f
Add support for custom DNS input (#470) 
Close #258 #260

Co-authored-by: Sayem Chowdhury <sayem314@gmail.com>
 2019-08-20 21:02:47 +02:00
Stanislas 4080585ab5
Workaround to remove unharmful easy-rsa error (#469) 
Until easy-rsa 3.0.7.

https://github.com/OpenVPN/easy-rsa/issues/261

Fix #454
 2019-08-20 21:02:05 +02:00
Stanislas 04141c6c91
Support Raspbian (#462) 
Fix #382
 2019-08-20 21:01:35 +02:00
angristan 0e3e7f2705 Update sysctl comment 2019-08-20 17:58:51 +02:00
Stanislas cee02eb803
Fix CentOS detection during install (#468) 
Fix #463
 2019-08-20 13:36:16 +02:00
Stanislas 1acab15a26
Insert iptables rules at the top (#466) 
Fix #346 #465
 2019-08-20 11:55:43 +02:00
Stanislas Lange f207302334 Revert "Insert iptables rules at the top (#461)" 
This reverts commit de021b67d5.
 2019-08-20 11:20:24 +02:00
Stanislas de021b67d5
Insert iptables rules at the top (#461) 
Fix #346
 2019-08-20 00:24:01 +02:00
Stanislas 30735c91d8
Add Amazon Linux 2 support (#459) 2019-08-19 23:25:48 +02:00
Stanislas dea1d6db2b
Add support for lz4-v2 (#444) 
Close #366
 2019-07-05 17:49:31 +02:00
angristan 5844a8440f Add support for Debian 10 
Fix #439
 2019-06-30 23:06:42 +02:00
Kcchouette 73095990eb Fix APT repo for Ubuntu 16.04 (#421) 2019-05-13 18:38:10 +02:00
Stanislas a0685af1a3
Update mv easy-rsa command 
Maybe fix #420
 2019-05-12 20:59:15 +02:00
Stanislas 066b48bd84
Add support for Ubuntu 19.04 (#416) 2019-04-22 21:59:04 +02:00
Nathan Lopez 3bf72c7df7 Fix Variable Substitution for ENDPOINT (#397) 2019-02-26 22:39:00 +01:00
Stanislas 6e402289bd
Add Vagrantfile for easier testing (#396) 2019-02-25 23:31:18 +01:00
angristan 52d67286de Fix auto-install 2019-02-25 21:54:36 +01:00
Stanislas 7ba776ce7a
Improve automated install (#395) 
#390 follow up, fixes #261
 2019-02-25 21:30:46 +01:00
Cliff Cotino f023de298d Headless installation (#390) 
Fixes #261
 2019-02-25 20:02:50 +01:00
randomshell a0027f1b42 Update easy-rsa to 3.0.6 (#393) 2019-02-21 15:59:57 +01:00
Samuel FORESTIER 676e68fe4f Removes trailing space within server configuration (#369) 2018-12-16 19:14:34 +01:00
xiagw 19820e886e Remove OpenVPN log during uninstallation (#339) 2018-10-19 12:10:56 +02:00
angristan 0d19b57e7f Fix iptables-openvpn service on Debian 8 2018-10-08 21:11:52 +02:00
angristan bca57c483d Fix "ping6" and "ping -6" usage 2018-10-01 21:00:26 +02:00
GoliathLabs c9c6089cd6 Use ping -6 instead of ping6 (#317) 2018-09-30 21:17:30 +02:00
angristan 043843850e Improve Debian detection 
e.g. for Raspbian
 2018-09-29 20:15:20 +02:00
Sidd d2bd051d97 Spelling fixes (#314) 2018-09-28 16:36:00 +02:00
angristan ef6c2c2a78 Improve -y usage with package managers 2018-09-27 22:23:40 +02:00
angristan e231c8924a CentOS: Make sure epel-release is installed before openvpn 2018-09-27 22:09:12 +02:00
angristan 9716e868a0 Fix service handling on Ubuntu 16.04 2018-09-27 19:57:01 +02:00
angristan 0648e6a0b7 Fix IPv6 connectivity test 2018-09-27 19:52:52 +02:00
angristan e4a9851b4f Remove revoked client from ifconfig-pool-persist 2018-09-24 15:24:31 +02:00
angristan 0f117352c7 Remove hardcoded ciphers from Fedora systemd service 2018-09-24 14:33:08 +02:00
angristan bbea708175 Do not modify package-provided systemd service 2018-09-24 14:26:41 +02:00
angristan 071baf477f Update link, DNS name 2018-09-24 11:45:12 +02:00
angristan 73c52daf84 Add Quad9 uncensored 2018-09-24 11:42:29 +02:00
angristan 1dad1579ad Better code 2018-09-24 11:37:13 +02:00
angristan 8d5d080cc0 Remove plaintext metadata from client certificate 2018-09-24 11:32:43 +02:00
angristan b0fdb24984 Improve Debian/Ubuntu detection 2018-09-23 22:23:13 +02:00
Jun Hui c14355a34c Update easy-rsa to 3.0.5 (#301) 2018-09-23 17:09:33 +02:00
angristan 70ebe5620d secp256r1 -> prime256v1 2018-09-23 17:06:15 +02:00
angristan 8e1cf382c3 Fix unset usage 2018-09-23 16:33:59 +02:00
angristan 5a67d3b3e7 Fix regex 2018-09-23 16:30:48 +02:00
GoliathLabs ecf5f0d623 Add Arch Linux support (#303) 2018-09-23 16:27:36 +02:00
angristan 8de3957afb Disable and stop OpenVPN upon removal 2018-09-23 14:32:24 +02:00
angristan 7f35106687 Fix condition 2018-09-23 14:30:08 +02:00
angristan 09b29ddc9c Fix OS condition 2018-09-23 14:26:28 +02:00
angristan ef30d3c9df Fix service on Ubuntu 16.04 2018-09-23 14:25:18 +02:00
angristan e2906fd5e4 Use APT repo for Ubuntu 16.04 
Ubuntu 16.04 has OpenVPN 2.3.10
 2018-09-23 12:47:52 +02:00
angristan 21f15d9aef Little fixes according to OpenVPN 2.4 
Yeah, seconds, really :)
 2018-09-23 00:47:18 +02:00
angristan c2a502be92 Add support for tls-crypt 
Choice between tls-auth/tls-crypt
 2018-09-22 22:34:10 +02:00
angristan f716380080 Fixes 2018-09-22 22:33:25 +02:00
angristan 62c89af954 Support ncp-ciphers 
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP)
It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
 2018-09-22 18:18:36 +02:00
angristan a85c13e4ec Move setup questions to installQuestions () 2018-09-22 17:59:21 +02:00
angristan bbdabedbec Add --auth choice (HMAC digest algorithm) 2018-09-22 17:54:30 +02:00
angristan e0b4a5aae7 Use `read -rp` 2018-09-22 16:42:48 +02:00
angristan 3a5e23c5c1 Add ECDH support 2018-09-22 16:41:28 +02:00
angristan cfa5eed6bd Re-add possibility to use a hostname as the endpoint 2018-09-22 16:17:51 +02:00
angristan db6a253676 Improve tests using regex 2018-09-22 15:23:01 +02:00
angristan 4d1baca0c7 Add ECDSA support and make tls-cipher configurable 2018-09-22 15:17:13 +02:00
angristan 06e7597942 Use AES-128-GCM by default 2018-09-22 14:25:30 +02:00
angristan c1b069b501 Fix 10a1d04 2018-09-22 14:23:58 +02:00
angristan 7449bfc550 Remove trailing tabs 2018-09-22 14:21:20 +02:00
angristan 11e023b6dc Use 2048 bits RSA key by default 2018-09-22 14:20:57 +02:00
angristan 10a1d04f3b Add AES GCM support 2018-09-22 14:20:20 +02:00
angristan 36af5ec100 Update DH/RSA defaults 2018-09-22 14:19:51 +02:00
angristan b898a99485 Add compression support 
It is disabled by default.
 2018-09-22 14:08:42 +02:00
angristan 7ed823cdf2 Remove OpenVPN APT repo during removal 2018-09-22 11:41:31 +02:00
angristan c96a71c7d6 Fix OpenVPN repo for Debian 8 2018-09-22 11:40:54 +02:00
angristan 80c0b971d6 Improved and safer code 
Thanks to shellcheck!
 2018-09-21 23:48:11 +02:00
angristan 76607e781c Sorry... 2018-09-21 22:22:09 +02:00