19820e886e
Remove OpenVPN log during uninstallation ( #339 )
2018-10-19 12:10:56 +02:00
0d19b57e7f
Fix iptables-openvpn service on Debian 8
2018-10-08 21:11:52 +02:00
bca57c483d
Fix "ping6" and "ping -6" usage
2018-10-01 21:00:26 +02:00
c9c6089cd6
Use ping -6 instead of ping6 ( #317 )
2018-09-30 21:17:30 +02:00
043843850e
Improve Debian detection
...
e.g. for Raspbian
2018-09-29 20:15:20 +02:00
d2bd051d97
Spelling fixes ( #314 )
2018-09-28 16:36:00 +02:00
ef6c2c2a78
Improve -y usage with package managers
2018-09-27 22:23:40 +02:00
e231c8924a
CentOS: Make sure epel-release is installed before openvpn
2018-09-27 22:09:12 +02:00
9716e868a0
Fix service handling on Ubuntu 16.04
2018-09-27 19:57:01 +02:00
0648e6a0b7
Fix IPv6 connectivity test
2018-09-27 19:52:52 +02:00
e4a9851b4f
Remove revoked client from ifconfig-pool-persist
2018-09-24 15:24:31 +02:00
0f117352c7
Remove hardcoded ciphers from Fedora systemd service
2018-09-24 14:33:08 +02:00
bbea708175
Do not modify package-provided systemd service
2018-09-24 14:26:41 +02:00
071baf477f
Update link, DNS name
2018-09-24 11:45:12 +02:00
73c52daf84
Add Quad9 uncensored
2018-09-24 11:42:29 +02:00
1dad1579ad
Better code
2018-09-24 11:37:13 +02:00
8d5d080cc0
Remove plaintext metadata from client certificate
2018-09-24 11:32:43 +02:00
b0fdb24984
Improve Debian/Ubuntu detection
2018-09-23 22:23:13 +02:00
c14355a34c
Update easy-rsa to 3.0.5 ( #301 )
2018-09-23 17:09:33 +02:00
70ebe5620d
secp256r1 -> prime256v1
2018-09-23 17:06:15 +02:00
8e1cf382c3
Fix unset usage
2018-09-23 16:33:59 +02:00
5a67d3b3e7
Fix regex
2018-09-23 16:30:48 +02:00
ecf5f0d623
Add Arch Linux support ( #303 )
2018-09-23 16:27:36 +02:00
8de3957afb
Disable and stop OpenVPN upon removal
2018-09-23 14:32:24 +02:00
7f35106687
Fix condition
2018-09-23 14:30:08 +02:00
09b29ddc9c
Fix OS condition
2018-09-23 14:26:28 +02:00
ef30d3c9df
Fix service on Ubuntu 16.04
2018-09-23 14:25:18 +02:00
e2906fd5e4
Use APT repo for Ubuntu 16.04
...
Ubuntu 16.04 has OpenVPN 2.3.10
2018-09-23 12:47:52 +02:00
21f15d9aef
Little fixes according to OpenVPN 2.4
...
Yeah, seconds, really :)
2018-09-23 00:47:18 +02:00
c2a502be92
Add support for tls-crypt
...
Choice between tls-auth/tls-crypt
2018-09-22 22:34:10 +02:00
f716380080
Fixes
2018-09-22 22:33:25 +02:00
62c89af954
Support ncp-ciphers
...
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP)
It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
2018-09-22 18:18:36 +02:00
a85c13e4ec
Move setup questions to installQuestions ()
2018-09-22 17:59:21 +02:00
bbdabedbec
Add --auth choice (HMAC digest algorithm)
2018-09-22 17:54:30 +02:00
e0b4a5aae7
Use `read -rp`
2018-09-22 16:42:48 +02:00
3a5e23c5c1
Add ECDH support
2018-09-22 16:41:28 +02:00
cfa5eed6bd
Re-add possibility to use a hostname as the endpoint
2018-09-22 16:17:51 +02:00
db6a253676
Improve tests using regex
2018-09-22 15:23:01 +02:00
4d1baca0c7
Add ECDSA support and make tls-cipher configurable
2018-09-22 15:17:13 +02:00
06e7597942
Use AES-128-GCM by default
2018-09-22 14:25:30 +02:00
c1b069b501
Fix 10a1d04
2018-09-22 14:23:58 +02:00
7449bfc550
Remove trailing tabs
2018-09-22 14:21:20 +02:00
11e023b6dc
Use 2048 bits RSA key by default
2018-09-22 14:20:57 +02:00
10a1d04f3b
Add AES GCM support
2018-09-22 14:20:20 +02:00
36af5ec100
Update DH/RSA defaults
2018-09-22 14:19:51 +02:00
b898a99485
Add compression support
...
It is disabled by default.
2018-09-22 14:08:42 +02:00
7ed823cdf2
Remove OpenVPN APT repo during removal
2018-09-22 11:41:31 +02:00
c96a71c7d6
Fix OpenVPN repo for Debian 8
2018-09-22 11:40:54 +02:00
80c0b971d6
Improved and safer code
...
Thanks to shellcheck!
2018-09-21 23:48:11 +02:00
76607e781c
Sorry...
2018-09-21 22:22:09 +02:00
a0ff4d7cf9
Improve questions for NATed servers
2018-09-21 21:53:39 +02:00
4144fa9dff
Make encryption customization optional
...
A lot of people don't know much about cryptography.
Since the script already overwrite OpenVPN's default settings, there is no need for most people to modify them.
2018-09-21 17:17:41 +02:00
0f67214490
Improve Debian/Ubuntu version checking ( #187 )
2018-09-20 22:00:16 +02:00
0a5c3c1401
Rewrite README
2018-09-20 17:16:04 +02:00
e920f7fbc2
Refactoring, cleanup and fixes ( #293 )
2018-09-20 00:05:02 +02:00
136a46874e
Rework and cleanup systemd service handling ( #294 )
...
* Don't hardcode server.conf in systemd service
* Rework and cleanup service handling
2018-09-18 14:55:00 +02:00
d3974220ef
Fix public interface in iptables rules
2018-09-18 12:37:07 +02:00
974b80dbc1
Remove unused variables
2018-09-17 18:05:51 +02:00
594486c177
Rework iptables handling ( #291 )
2018-09-17 01:11:30 +02:00
18b025e831
Improve sysctl config
2018-09-16 22:45:04 +02:00
bfed14544e
Add IPv6 NAT support ( #238 )
2018-09-16 17:55:50 +02:00
f6c9a63e38
Drop support for Arch Linux
...
Arch Linux isn't very used and is not available on cloud providers. I cannot test it easily so it is a burden to maintain for me
2018-09-16 01:34:01 +02:00
8a5de575b7
Drop Debian 7 support
...
Debian 7 is EOL and I can't test it on cloud providers anymore
2018-09-16 01:29:04 +02:00
3209441775
Better bash
2018-09-16 01:26:37 +02:00
62380c512b
Drop CentOS 6 support
2018-09-16 01:26:30 +02:00
f057e0aa5f
Add self-hosted DNS resolver (Unbound)
2018-09-16 00:53:33 +02:00
4bf4257cf3
Merge two mv commands
2018-09-05 20:26:33 +02:00
2997a7e8b6
Remove "|| return"
2018-09-05 20:20:46 +02:00
ea40b45b52
Fix /dev/urandom usage on unprivileged LXC containers
...
Fixes https://github.com/angristan/openvpn-install/issues/280
2018-09-02 22:32:58 +02:00
64f62cf874
Remove log-append for now and create log dir
...
See https://github.com/Angristan/OpenVPN-install/issues/275
2018-08-23 00:40:36 +02:00
d8d0bbb5da
Add access logs (log-append)
...
And move log files to /var/log/openvpn. Makes more sense and access logs can be very useful.
2018-08-22 22:11:36 +02:00
1b18e7f2a7
Re-add a default suggestion for the client name
...
But only during the setup, not for additional clients
2018-08-18 21:47:10 +02:00
47c86874dc
Update check on the client's name input
2018-08-18 19:55:36 +02:00
9ef0bbc47d
Add password option for clients ( #160 )
2018-08-18 19:40:07 +02:00
df172b962d
Add option to generate random port in private port range ( #229 )
2018-08-18 15:57:24 +02:00
5501de73c8
Improved code ( #243 )
2018-07-15 11:25:59 +02:00
63ac18075d
Add quad9 secondary DNS ( #248 )
...
See https://www.quad9.net/faq/#Is_there_a_service_that_Quad9_offers_that_does_not_have_the_blocklist_or_other_security .
2018-07-06 22:11:22 +02:00
b8f0b44c55
[FIX] Unable to select AdGuard DNS choice ( #228 )
2018-05-29 10:18:24 +02:00
6cecc16f0d
Fixes #217 "Package 'gpg' has no installation candidate"
2018-05-10 00:29:05 +02:00
d2a3b3bec6
Backport improvements of external IP handling ( #213 )
...
* [backport] Remove IP address detection fallback
It was never used, the one-liner is enough.
* [backport] Improve NAT detection
Cleaner and better:
- Not relying in an external service
- Avoids a false positive when the server has multiple public IPv4
addresses and the user selects one which is not the default gateway
2018-05-08 21:23:36 +02:00
b3fba4fddc
[backport] Fix system resolvers option for environments running systemd-resolved ( #214 )
2018-05-08 21:01:32 +02:00
2f6821d778
Add support for Ubuntu 18.04
2018-05-08 20:53:57 +02:00
71bb6e8371
Remove unneeded -r argument from some rm commands
...
Backport the relevant part of:
d717353769
2018-05-07 18:50:01 +02:00
61d89e3ba2
Remove .ovpn on cert revoke or OpenVPN uninstall ( #178 )
2018-04-10 11:06:19 +02:00
d7e706ac24
Add Cloudflare resolvers
...
Fixes #193
2018-04-01 23:12:05 +02:00
42f6553dcc
Add GPG dependency
2018-02-25 17:37:03 +01:00
687eb9019d
Fix Fedora detection
...
Fixes #168
2018-02-22 21:47:35 +01:00
f252614a36
Remove unsupported version of ubuntu ( #163 )
...
* Remove unsupported version of ubuntu
Remove 12.04 as the support finished on April 28, 2017
Remove 16.10 as the support finished 2017-07-20
Remove 17.04 as the support finished 2018-01-13
2018-02-14 14:48:36 +01:00
febdc04340
Support Ubuntu 17.10
...
Fixes #161
2018-02-13 22:38:48 +01:00
501f8a9b36
Use a different client name for new users
...
Just in case the user keeps the default "client" username when installing, reusing "client" will fail. A tiny commit for lazy users.
2018-02-12 16:07:37 +01:00
cffe4bee4a
Inverse FDN's DNS servers for DNSSEC
...
The .12 does not validate DNSSEC while the .40 does, so I'm putting the .40 first.
2018-01-27 20:21:28 +01:00
edbf48646e
Merge pull request #151 from cezar97/master
...
Randomize CN and Server Name and verify Server Name
2018-01-25 12:24:50 +01:00
d19283c46f
Optmize vars
...
I'm not removing the PiVPN mention because I don't want to credit them, but to not bloat the script.
Their contribution will be available via git blame + https://github.com/Angristan/OpenVPN-install/pull/151 :)
2018-01-25 12:23:25 +01:00
7c7084238f
Update EasyRSA to 3.0.4
...
Fixes "./easyrsa: 644: ./easyrsa: [[: not found"
2018-01-23 12:19:01 +01:00
931190dd59
Verify server name to strengthen security
2018-01-18 17:36:31 +01:00
4f5f43e503
Randomize CN and server name, fixed #48
...
Solution taken from pivpn install script here: https://github.com/pivpn/pivpn/blob/master/auto_install/install.sh .
Repo in https://github.com/pivpn/pivpn .
2018-01-18 17:19:51 +01:00
f681c0bd34
Add Amazon Linux support
...
Fixes https://github.com/Angristan/OpenVPN-install/issues/128
2018-01-11 11:08:35 +01:00
bb23ed1227
Merge pull request #139 from Angristan/systemd-openvz-fix
...
Fix systemd service on OpenVZ
2017-12-16 15:29:02 +01:00
6931364a23
Fedora Support
2017-11-30 22:54:53 +03:00
3b8c5d776a
Update DNS list with Quad9
2017-11-29 11:21:33 +01:00
6ac1b185fa
Update DNS list with Quad9
2017-11-29 11:17:06 +01:00
449361007a
Add Quad9 DNS
2017-11-29 10:46:58 +01:00
1241072bb2
Fix systemd service on OpenVZ
...
fix the service on all systemd/ubuntu versions
2017-11-28 22:14:27 +01:00
f47fc795d5
Merge PR #83 : Remove rc.local and use an iptables systemd service
...
- Install iptables systemd service for Debian, Ubuntu and CentOS
- Fix iptables install for ArcLinux
- Remove the use rc.local file
- Remove all iptables rules when removing openvpn (cf. #60 )
2017-11-12 22:56:02 +01:00
80fd8678a6
Revert "Merge PR #83 : Remove rc.local and use an iptables systemd service"
...
This reverts commit e874013112998d1e8b13
2017-11-12 22:51:54 +01:00
e874013112
Merge PR #83 : Remove rc.local and use an iptables systemd service
2017-11-12 22:43:55 +01:00
aca3b4a019
Fix the network interface variable
...
Fix for https://github.com/Angristan/OpenVPN-install/pull/83#issuecomment-343758329
2017-11-12 19:54:44 +01:00
dcec3f12a4
Disable firewalld to allow iptables to start upon reboot
2017-11-12 18:30:05 +01:00
ed17fc074d
Resolve conflicts
...
Merge changes from master to resolve conflicts
2017-11-12 18:07:07 +01:00
998d1e8b13
Merge pull request #92 from NathanZepol/master
...
Adding auth-nocache option to .ovpn configuration
2017-11-12 16:04:11 +01:00
a7a277e2dc
Remove "local" parameter
...
Revert ad3c223385
2017-11-12 15:48:39 +01:00
a0821ee5b4
Fix typo
2017-10-17 22:05:11 +02:00
dccbe2f71d
Add AdGuard DNS
2017-10-09 17:12:46 +02:00
603d6747b9
Extended the expiration date of the certificate revocation list to 10 years.
2017-09-29 16:13:02 -05:00
641510984b
Adding auth-nocache Option to .ovpn Configuration
2017-08-27 13:59:08 -05:00
37d42e25fe
Update Easy-RSA to v3.0.3
2017-08-23 10:39:33 +02:00
c0ed60e8cf
Update openvpn-install.sh
2017-08-22 11:12:42 +02:00
ad3c223385
Will now set "local" in server.conf to the chosen IP adderess
...
If you want to run OpenVPN in UDP mode on an secondary IP, UDP routing will fail unless you explicitly bind OpenVPN to the chosen IP address. This change includes the "local" parameter in the config and sets it to the IP address entered at the beginning.
2017-08-22 00:39:43 +01:00
edbe4fed90
Rename OpenVPN's APT list
2017-08-20 22:38:55 +02:00
a3c005c556
Update Debian and Ubuntu repository
...
swupdate.openvpn.net hasn't been updated since OpenVPN 2.3.14 whereas build.openvpn.net supports OpenVPN 2.4.x as of today
Fixes https://github.com/Angristan/OpenVPN-install/issues/86
2017-08-07 16:44:16 +02:00
58a5282e17
Update openvpn-install.sh
2017-07-22 21:08:06 +02:00
3c5c87b031
Update openvpn-install.sh
2017-07-22 20:18:46 +02:00
5787c45a03
Update openvpn-install.sh
2017-07-22 19:40:29 +02:00
031afd587e
fix #8 Client files not beeing created in the right folder when using sudo
2017-07-22 19:30:36 +02:00
b5c624eb76
Adjust indents + change iptables.service
2017-07-20 17:12:40 +02:00
8f28593112
Fix iptables.service
2017-07-16 16:01:05 +02:00
23222fd59f
Fix syntax error...
2017-07-16 15:39:14 +02:00
d3d7d18ab1
Removing the use of rc.local file
2017-07-16 14:11:29 +02:00
1be7733c0b
Install iptables systemd service for Debian, Ubuntu and Centos. Fix iptables install for ArchLinux.
2017-07-16 12:55:09 +02:00
c703d41795
Fix for Debian 9 on OpenVZ
2017-07-14 17:15:07 +02:00
276284458f
Fix DNS choice
2017-07-08 13:30:58 +02:00
d1f665c458
fixes last case statement for SEED-CBC
2017-07-03 14:14:39 -04:00
cd01329585
Add support for Debian 9 Stretch
2017-06-26 02:41:40 +02:00
e185698445
Use current system resolvers as default
...
That makes more sense that putting French servers.
What is in /etc/resolv.conf is not always good, but most of the time it's the hoster's or something nearby. Thus it makes more sense for the user to use them by default.
2017-06-26 02:37:41 +02:00
6800ef35f7
Typo
...
It's late.
2017-06-26 02:20:38 +02:00
19fe6626f1
Implements OpenVPN 2.4 changes for Arch Linux (kind of)
...
Since OpenVPN 2.4 is out on Arch, the script wasn't working completely because of this : https://www.archlinux.org/news/openvpn-240-update-requires-administrative-interaction/
There is a new path for OpenVPN server config. This is just needed on Arch for now, and you're probably not going to run an OpenVPN client on an OpenVPN server.
Thus I modified the systemd script to use `/etc/openvpn/` and `server.conf` instead of the new `/etc/openvpn/server/` and `openvpn.conf`.
By using the same paths as the other distros, I avoid to rewrite the entire script to change the paths...
It's not 100% clean, but it works pretty well. If you have any objection please leave a comment.
Also, I updated the new service name.
As far as I tested, it's working fine on Arch Linux for now.
Fixes #63 and #61
2017-06-26 02:17:14 +02:00
ac203dd5ee
Fix iptables rules on reboot for some OS
...
Thanks a lot to Nyr for the fix : a31aaf82f3https://github.com/Angristan/OpenVPN-install/issues/6 .
On Ubuntu 17.04, 16.10 and Debian 9, the iptables rules were not applied because of rc.local
2017-06-25 22:01:05 +02:00
10351305e3
Google Compute Engine support
...
Merge pull request #57 and close issue #46
2017-06-25 20:21:36 +02:00
8c66c8e684
Fix client revocation
...
A client revocation would make crl.pem unreadable and thus blocking any other client to connect.
Fixes https://github.com/Angristan/OpenVPN-install/pull/47 , https://github.com/Angristan/OpenVPN-install/issues/25 and https://github.com/Angristan/OpenVPN-install/issues/49 .
2017-06-25 19:58:41 +02:00
d74318562d
adding support for debian 9 stretch
2017-06-25 09:38:52 -07:00
a2a3bfc605
Added Yandex Basic DNS resolvers
...
https://dns.yandex.com/
Nice for Russia.
2017-06-23 14:30:57 +02:00
d712e15795
Support OpenSSL 1.1.0 DH generation
...
Fixes dh.pem gen on Debian 9 and Arch Linux
https://github.com/Angristan/OpenVPN-install/issues/64
https://github.com/Angristan/OpenVPN-install/issues/74
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#openssl-issues
2017-06-18 21:12:25 +02:00
5d40c041dd
More proper remove
...
openvpn-blacklist isn't installed with Debian 9.
2017-06-18 21:07:15 +02:00
823ff21fcc
Add support for Ubuntu 17.04
2017-05-07 23:56:19 +02:00
fa9e5235f9
Close Angristan/OpenVPN-install#46
...
This patch is for Angristan/OpenVPN-install#46
2017-04-23 12:43:33 +02:00
89925cbbe8
Update openvpn-install.sh
...
change sould to should and correct adress to address in line 195
2016-12-11 16:03:40 +03:00
e548a61dcc
Update openvpn-install.sh
...
change sould to should
2016-12-11 15:58:06 +03:00
316ecfe7f4
Use SHA-256 instead of SHA-384
...
Following 693bd13fa7
2016-12-11 12:11:11 +01:00
7a5bb93cbe
AES-256 is not necessarily the most secure cipher
...
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack
Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
2016-12-04 17:21:41 +01:00
56477bba34
The crypto update 🔐
...
- Removed "fast" and "slow" mode (not a good idea, I prefer to give the choice for the parameters directly)
- Corrected some confusion between the cipher for the data channel and the control channel, my bad.
- using TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 by default for the control channel
- using SHA384 by default for HMAC auth and RSA certificate
- giving the choice for the cipher of the data channel, the size of the DH key and the RSA Key
I will explain all my choices here : https://github.com/Angristan/OpenVPN-install#encryption (likely tomorrow)
2016-11-28 22:13:32 +01:00
xiagw
angristan
GoliathLabs
Sidd
Jun Hui
randomshell
Angristan
Jebtrix
Sayem Chowdhury
cezar97
Angristan
Timofey Vasenin
Stanislas
Kcchouette
cezar97
Arda
Nicolas Duchon
Angristan
Angristan
Jelle Dekker
Nathan
Ola Tuvesson
patlol
DrXala
jackdwyer
Kenneth Zhao
Seeder101