1
1
mirror of https://github.com/namibia/openvpn-install.git synced 2024-12-23 07:18:54 +00:00
Commit Graph

349 Commits

Author SHA1 Message Date
Stanislas
4080585ab5
Workaround to remove unharmful easy-rsa error (#469)
Until easy-rsa 3.0.7.

https://github.com/OpenVPN/easy-rsa/issues/261

Fix #454
2019-08-20 21:02:05 +02:00
Stanislas
04141c6c91
Support Raspbian (#462)
Fix #382
2019-08-20 21:01:35 +02:00
angristan
0e3e7f2705 Update sysctl comment 2019-08-20 17:58:51 +02:00
Stanislas
cee02eb803
Fix CentOS detection during install (#468)
Fix #463
2019-08-20 13:36:16 +02:00
Stanislas
1acab15a26
Insert iptables rules at the top (#466)
Fix #346 #465
2019-08-20 11:55:43 +02:00
Stanislas Lange
f207302334 Revert "Insert iptables rules at the top (#461)"
This reverts commit de021b67d5.
2019-08-20 11:20:24 +02:00
Stanislas
de021b67d5
Insert iptables rules at the top (#461)
Fix #346
2019-08-20 00:24:01 +02:00
Stanislas
30735c91d8
Add Amazon Linux 2 support (#459) 2019-08-19 23:25:48 +02:00
Stanislas
dea1d6db2b
Add support for lz4-v2 (#444)
Close #366
2019-07-05 17:49:31 +02:00
angristan
5844a8440f Add support for Debian 10
Fix #439
2019-06-30 23:06:42 +02:00
Kcchouette
73095990eb Fix APT repo for Ubuntu 16.04 (#421) 2019-05-13 18:38:10 +02:00
Stanislas
a0685af1a3
Update mv easy-rsa command
Maybe fix #420
2019-05-12 20:59:15 +02:00
Stanislas
066b48bd84
Add support for Ubuntu 19.04 (#416) 2019-04-22 21:59:04 +02:00
Nathan Lopez
3bf72c7df7 Fix Variable Substitution for ENDPOINT (#397) 2019-02-26 22:39:00 +01:00
Stanislas
6e402289bd
Add Vagrantfile for easier testing (#396) 2019-02-25 23:31:18 +01:00
angristan
52d67286de Fix auto-install 2019-02-25 21:54:36 +01:00
Stanislas
7ba776ce7a
Improve automated install (#395)
#390 follow up, fixes #261
2019-02-25 21:30:46 +01:00
Cliff Cotino
f023de298d Headless installation (#390)
Fixes #261
2019-02-25 20:02:50 +01:00
randomshell
a0027f1b42 Update easy-rsa to 3.0.6 (#393) 2019-02-21 15:59:57 +01:00
Samuel FORESTIER
676e68fe4f Removes trailing space within server configuration (#369) 2018-12-16 19:14:34 +01:00
xiagw
19820e886e Remove OpenVPN log during uninstallation (#339) 2018-10-19 12:10:56 +02:00
angristan
0d19b57e7f Fix iptables-openvpn service on Debian 8 2018-10-08 21:11:52 +02:00
angristan
bca57c483d Fix "ping6" and "ping -6" usage 2018-10-01 21:00:26 +02:00
GoliathLabs
c9c6089cd6 Use ping -6 instead of ping6 (#317) 2018-09-30 21:17:30 +02:00
angristan
043843850e Improve Debian detection
e.g. for Raspbian
2018-09-29 20:15:20 +02:00
Sidd
d2bd051d97 Spelling fixes (#314) 2018-09-28 16:36:00 +02:00
angristan
ef6c2c2a78 Improve -y usage with package managers 2018-09-27 22:23:40 +02:00
angristan
e231c8924a CentOS: Make sure epel-release is installed before openvpn 2018-09-27 22:09:12 +02:00
angristan
9716e868a0 Fix service handling on Ubuntu 16.04 2018-09-27 19:57:01 +02:00
angristan
0648e6a0b7 Fix IPv6 connectivity test 2018-09-27 19:52:52 +02:00
angristan
e4a9851b4f Remove revoked client from ifconfig-pool-persist 2018-09-24 15:24:31 +02:00
angristan
0f117352c7 Remove hardcoded ciphers from Fedora systemd service 2018-09-24 14:33:08 +02:00
angristan
bbea708175 Do not modify package-provided systemd service 2018-09-24 14:26:41 +02:00
angristan
071baf477f Update link, DNS name 2018-09-24 11:45:12 +02:00
angristan
73c52daf84 Add Quad9 uncensored 2018-09-24 11:42:29 +02:00
angristan
1dad1579ad Better code 2018-09-24 11:37:13 +02:00
angristan
8d5d080cc0 Remove plaintext metadata from client certificate 2018-09-24 11:32:43 +02:00
angristan
b0fdb24984 Improve Debian/Ubuntu detection 2018-09-23 22:23:13 +02:00
Jun Hui
c14355a34c Update easy-rsa to 3.0.5 (#301) 2018-09-23 17:09:33 +02:00
angristan
70ebe5620d secp256r1 -> prime256v1 2018-09-23 17:06:15 +02:00
angristan
8e1cf382c3 Fix unset usage 2018-09-23 16:33:59 +02:00
angristan
5a67d3b3e7 Fix regex 2018-09-23 16:30:48 +02:00
GoliathLabs
ecf5f0d623 Add Arch Linux support (#303) 2018-09-23 16:27:36 +02:00
angristan
8de3957afb Disable and stop OpenVPN upon removal 2018-09-23 14:32:24 +02:00
angristan
7f35106687 Fix condition 2018-09-23 14:30:08 +02:00
angristan
09b29ddc9c Fix OS condition 2018-09-23 14:26:28 +02:00
angristan
ef30d3c9df Fix service on Ubuntu 16.04 2018-09-23 14:25:18 +02:00
angristan
e2906fd5e4 Use APT repo for Ubuntu 16.04
Ubuntu 16.04 has OpenVPN 2.3.10
2018-09-23 12:47:52 +02:00
angristan
21f15d9aef Little fixes according to OpenVPN 2.4
Yeah, seconds, really :)
2018-09-23 00:47:18 +02:00
angristan
c2a502be92 Add support for tls-crypt
Choice between tls-auth/tls-crypt
2018-09-22 22:34:10 +02:00
angristan
f716380080 Fixes 2018-09-22 22:33:25 +02:00
angristan
62c89af954 Support ncp-ciphers
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP)
It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
2018-09-22 18:18:36 +02:00
angristan
a85c13e4ec Move setup questions to installQuestions () 2018-09-22 17:59:21 +02:00
angristan
bbdabedbec Add --auth choice (HMAC digest algorithm) 2018-09-22 17:54:30 +02:00
angristan
e0b4a5aae7 Use read -rp 2018-09-22 16:42:48 +02:00
angristan
3a5e23c5c1 Add ECDH support 2018-09-22 16:41:28 +02:00
angristan
cfa5eed6bd Re-add possibility to use a hostname as the endpoint 2018-09-22 16:17:51 +02:00
angristan
db6a253676 Improve tests using regex 2018-09-22 15:23:01 +02:00
angristan
4d1baca0c7 Add ECDSA support and make tls-cipher configurable 2018-09-22 15:17:13 +02:00
angristan
06e7597942 Use AES-128-GCM by default 2018-09-22 14:25:30 +02:00
angristan
c1b069b501 Fix 10a1d04 2018-09-22 14:23:58 +02:00
angristan
7449bfc550 Remove trailing tabs 2018-09-22 14:21:20 +02:00
angristan
11e023b6dc Use 2048 bits RSA key by default 2018-09-22 14:20:57 +02:00
angristan
10a1d04f3b Add AES GCM support 2018-09-22 14:20:20 +02:00
angristan
36af5ec100 Update DH/RSA defaults 2018-09-22 14:19:51 +02:00
angristan
b898a99485 Add compression support
It is disabled by default.
2018-09-22 14:08:42 +02:00
angristan
7ed823cdf2 Remove OpenVPN APT repo during removal 2018-09-22 11:41:31 +02:00
angristan
c96a71c7d6 Fix OpenVPN repo for Debian 8 2018-09-22 11:40:54 +02:00
angristan
80c0b971d6 Improved and safer code
Thanks to shellcheck!
2018-09-21 23:48:11 +02:00
angristan
76607e781c Sorry... 2018-09-21 22:22:09 +02:00
angristan
a0ff4d7cf9 Improve questions for NATed servers 2018-09-21 21:53:39 +02:00
angristan
4144fa9dff Make encryption customization optional
A lot of people don't know much about cryptography.
Since the script already overwrite OpenVPN's default settings, there is no need for most people to modify them.
2018-09-21 17:17:41 +02:00
xiagw
0f67214490 Improve Debian/Ubuntu version checking (#187) 2018-09-20 22:00:16 +02:00
angristan
0a5c3c1401 Rewrite README 2018-09-20 17:16:04 +02:00
Stanislas
e920f7fbc2
Refactoring, cleanup and fixes (#293) 2018-09-20 00:05:02 +02:00
Stanislas
136a46874e
Rework and cleanup systemd service handling (#294)
* Don't hardcode server.conf in systemd service

* Rework and cleanup service handling
2018-09-18 14:55:00 +02:00
angristan
d3974220ef Fix public interface in iptables rules 2018-09-18 12:37:07 +02:00
angristan
974b80dbc1 Remove unused variables 2018-09-17 18:05:51 +02:00
Stanislas
594486c177
Rework iptables handling (#291) 2018-09-17 01:11:30 +02:00
angristan
18b025e831 Improve sysctl config 2018-09-16 22:45:04 +02:00
Stanislas
bfed14544e
Add IPv6 NAT support (#238) 2018-09-16 17:55:50 +02:00
angristan
f6c9a63e38 Drop support for Arch Linux
Arch Linux isn't very used and is not available on cloud providers. I cannot test it easily so it is a burden to maintain for me
2018-09-16 01:34:01 +02:00
angristan
8a5de575b7 Drop Debian 7 support
Debian 7 is EOL and I can't test it on cloud providers anymore
2018-09-16 01:29:04 +02:00
angristan
3209441775 Better bash 2018-09-16 01:26:37 +02:00
angristan
62380c512b Drop CentOS 6 support 2018-09-16 01:26:30 +02:00
randomshell
f057e0aa5f Add self-hosted DNS resolver (Unbound) 2018-09-16 00:53:33 +02:00
angristan
4bf4257cf3 Merge two mv commands 2018-09-05 20:26:33 +02:00
angristan
2997a7e8b6 Remove "|| return" 2018-09-05 20:20:46 +02:00
angristan
ea40b45b52 Fix /dev/urandom usage on unprivileged LXC containers
Fixes https://github.com/angristan/openvpn-install/issues/280
2018-09-02 22:32:58 +02:00
Angristan
64f62cf874 Remove log-append for now and create log dir
See https://github.com/Angristan/OpenVPN-install/issues/275
2018-08-23 00:40:36 +02:00
Angristan
d8d0bbb5da Add access logs (log-append)
And move log files to /var/log/openvpn. Makes more sense and access logs can be very useful.
2018-08-22 22:11:36 +02:00
Angristan
1b18e7f2a7 Re-add a default suggestion for the client name
But only during the setup, not for additional clients
2018-08-18 21:47:10 +02:00
Angristan
47c86874dc Update check on the client's name input 2018-08-18 19:55:36 +02:00
Angristan
9ef0bbc47d
Add password option for clients (#160) 2018-08-18 19:40:07 +02:00
Jebtrix
df172b962d Add option to generate random port in private port range (#229) 2018-08-18 15:57:24 +02:00
Sayem Chowdhury
5501de73c8 Improved code (#243) 2018-07-15 11:25:59 +02:00
cezar97
63ac18075d Add quad9 secondary DNS (#248)
See https://www.quad9.net/faq/#Is_there_a_service_that_Quad9_offers_that_does_not_have_the_blocklist_or_other_security.
2018-07-06 22:11:22 +02:00
Jebtrix
b8f0b44c55 [FIX] Unable to select AdGuard DNS choice (#228) 2018-05-29 10:18:24 +02:00
Angristan
6cecc16f0d
Fixes #217 "Package 'gpg' has no installation candidate" 2018-05-10 00:29:05 +02:00
Timofey Vasenin
d2a3b3bec6 Backport improvements of external IP handling (#213)
* [backport] Remove IP address detection fallback

It was never used, the one-liner is enough.

* [backport] Improve NAT detection

Cleaner and better:
- Not relying in an external service
- Avoids a false positive when the server has multiple public IPv4
addresses and the user selects one which is not the default gateway
2018-05-08 21:23:36 +02:00