Stanislas Lange
f411d9dec7
fix(revokeClient): fix prompt input check
...
fix #477 #590
2020-04-27 17:36:04 +02:00
Stanislas Lange
c758418c6d
style(script) format with shfmt
2020-04-27 16:25:20 +02:00
Henry N
2a35a3db16
refactor(install): simplify detection of public IP4, add fallback to IPv6 ( #589 )
2020-04-27 16:24:30 +02:00
Stanislas Lange
fdb35b86c6
fix(fedora): install policycoreutils-python-utils for selinux
2020-04-27 16:19:09 +02:00
Stanislas Lange
29980e6bef
style(script) format with shfmt
2020-04-27 16:05:51 +02:00
randomshell
3b2c84b94d
fix(selinux): fix deletion of selinux policy ( #555 )
2020-04-27 16:03:55 +02:00
Stanislas
6cc0022dff
style(script): format with shfmt ( #638 )
...
shfmt -w -s
2020-04-27 14:59:19 +02:00
Stanislas Lange
e3139cd877
Revert "feat(curves): add secp256k1 option ( #315 )"
...
This reverts commit 8d5bb43aed
.
Tested with Viscosity, doesn't work
2020-04-27 14:36:44 +02:00
Sidd
8d5bb43aed
feat(curves): add secp256k1 option ( #315 )
2020-04-27 14:22:35 +02:00
randomshell
62a4ff3b41
fix(client conf): ignore block-outside-dns if not supported ( #628 )
2020-04-27 14:19:25 +02:00
randomshell
159ab9af6e
refactor(revoke client): remove uneeded cleanup ( #607 )
...
The deletion of issued files is handled by easy-rsa.
See function move_revoked() f0129cfe62/easyrsa3/easyrsa (L1050)
2020-04-27 14:12:23 +02:00
John E
fe0b995bdf
feat(headless): make script idempotent
...
This set of changes adjusts the script so that you can run it multiple times with the same input and not have any unexpected changes. This makes it appropriate for "enforcing state", as required by automated provisioners like Puppet, Salt, Chef, or Ansible.
- Unbound, OpenVPN, easy-rsa, and other dependencies are only installed from upstream if they are not already present. This prevents multiple runs of the script from causing unexpected version upgrades.
- The easy-rsa system is put in a folder called "easy-rsa-auto" so it can't conflict with the "easy-rsa" folder from some older OpenVPN packages
- The easy-rsa CA is only initialized once
- SERVER_CN and SERVER_NAME are randomly generated once and saved for future reference
- File append ('>>') is only done strictly after a file is created with '>' (e.g. /etc/sysctl.d/20-openvpn.conf)
- Clients are only added to easy-rsa once
- If AUTO_INSTALL == y, then the script operates in install mode and doesn't enter manageMenu
2020-04-27 13:56:34 +02:00
Stanislas Lange
3b0c2ace90
fix(checkOS): update Ubuntu/Debian compatibility check
2020-04-27 13:37:52 +02:00
randomshell
6989b0d326
Add support for client-configuration-dir ( #609 )
2020-04-10 17:49:07 +02:00
randomshell
2c9c0ed0c3
Improve sed line deletion ( #608 )
2020-04-10 11:42:57 +02:00
randomshell
ef5d5faf30
Change = conditional to == ( #591 )
2020-04-06 14:51:58 +02:00
Henry N
6e8aeb3505
Uninstallation: restart unbound only if not removed ( #612 )
2020-04-06 14:41:10 +02:00
Henry N
e123635e7c
Add comments to some DNS options in code ( #598 )
2020-04-02 16:30:50 +02:00
randomshell
7ed9cac8d7
Change Adguard DNS to Anycast ( #596 )
...
See map at https://adguard.com/en/adguard-dns/overview.html
2020-03-31 23:05:44 +02:00
Henry N
44105eb060
Fix systemd unit issue on Debian 9 ( #585 )
...
On Debian 9 the copy of unit file `/etc/systemd/system/openvpn@.service` has no effect, see #583 .
Same problem as #129 and #378 , unit can not start on OpenVZ.
It must execute `systemctl enable` before `systemctl restart`.
So the new link to `/etc/systemd/system/openvpn@.service` was created before `systemctl restart`.
Fix https://github.com/angristan/openvpn-install/issues/583
2020-03-28 15:41:37 +01:00
Henry N
3d075c8708
Print warning about empty public interface ( #581 )
...
Warning, if cannot detect public interface, and give user a choice to continue or abord.
2020-03-26 21:27:16 +01:00
Henry N
23e533431a
Fix error messag mkdir /etc/iptables ( #580 )
...
Fix this error message:
mkdir: cannot create directory ‘/etc/iptables’: File exists
2020-03-26 21:24:50 +01:00
Henry N
130659b003
Add explicit-exit-notify for UDP ( #579 )
...
For faster reconnects with UDP is better to send the the explicit-exit-notify to server. With this the server can directly see, that the client will exit.
2020-03-26 21:24:20 +01:00
Henry N
aab5e7b2ff
Fix getting pulic interface in IPv6 only ( #578 )
...
In a IPv6 only environment, the variable $NIC would be empty and iptables in add-openvpn-rules.sh will fail by missing argument.
2020-03-26 21:22:22 +01:00
randomshell
6bb87ae716
Install semanage
command on CentoOS ( #554 )
...
CentOS has selinux enabled by default but it hasn't the `semanage` command required to run OpenVPN on another port.
'policycoreutils-python*' match `policycoreutils-python' in CentOS 7 and `policycoreutils-python-utils` in Centos 8.
2020-03-14 20:25:22 +01:00
xPakrikx
3f2ad88cbf
Custom DNS option wrong value fix ( #559 )
...
Custom DNS option wrong value fix
2020-03-10 10:43:13 +01:00
Stanislas Lange
7a4f9278e7
Add new DNS option: NextDNS
2020-03-03 23:04:18 +01:00
angristan
4b0f47b534
Fix Fedora detection
2020-01-27 18:08:06 +01:00
Stanislas
caa571f768
Fix GitHub action ( #515 )
2019-11-11 15:37:09 +09:00
Safa Bayar
12ba1a9d9a
Add Centos 8 Support ( #506 )
2019-11-11 15:18:34 +09:00
Stanislas
bc109db04f
Add support for custom DNS input ( #470 )
...
Close #258 #260
Co-authored-by: Sayem Chowdhury <sayem314@gmail.com>
2019-08-20 21:02:47 +02:00
Stanislas
4080585ab5
Workaround to remove unharmful easy-rsa error ( #469 )
...
Until easy-rsa 3.0.7.
https://github.com/OpenVPN/easy-rsa/issues/261
Fix #454
2019-08-20 21:02:05 +02:00
Stanislas
04141c6c91
Support Raspbian ( #462 )
...
Fix #382
2019-08-20 21:01:35 +02:00
angristan
0e3e7f2705
Update sysctl comment
2019-08-20 17:58:51 +02:00
Stanislas
cee02eb803
Fix CentOS detection during install ( #468 )
...
Fix #463
2019-08-20 13:36:16 +02:00
Stanislas
1acab15a26
Insert iptables rules at the top ( #466 )
...
Fix #346 #465
2019-08-20 11:55:43 +02:00
Stanislas Lange
f207302334
Revert "Insert iptables rules at the top ( #461 )"
...
This reverts commit de021b67d5
.
2019-08-20 11:20:24 +02:00
Stanislas
de021b67d5
Insert iptables rules at the top ( #461 )
...
Fix #346
2019-08-20 00:24:01 +02:00
Stanislas
30735c91d8
Add Amazon Linux 2 support ( #459 )
2019-08-19 23:25:48 +02:00
Stanislas
dea1d6db2b
Add support for lz4-v2 ( #444 )
...
Close #366
2019-07-05 17:49:31 +02:00
angristan
5844a8440f
Add support for Debian 10
...
Fix #439
2019-06-30 23:06:42 +02:00
Kcchouette
73095990eb
Fix APT repo for Ubuntu 16.04 ( #421 )
2019-05-13 18:38:10 +02:00
Stanislas
a0685af1a3
Update mv easy-rsa command
...
Maybe fix #420
2019-05-12 20:59:15 +02:00
Stanislas
066b48bd84
Add support for Ubuntu 19.04 ( #416 )
2019-04-22 21:59:04 +02:00
Nathan Lopez
3bf72c7df7
Fix Variable Substitution for ENDPOINT ( #397 )
2019-02-26 22:39:00 +01:00
Stanislas
6e402289bd
Add Vagrantfile for easier testing ( #396 )
2019-02-25 23:31:18 +01:00
angristan
52d67286de
Fix auto-install
2019-02-25 21:54:36 +01:00
Stanislas
7ba776ce7a
Improve automated install ( #395 )
...
#390 follow up, fixes #261
2019-02-25 21:30:46 +01:00
Cliff Cotino
f023de298d
Headless installation ( #390 )
...
Fixes #261
2019-02-25 20:02:50 +01:00
randomshell
a0027f1b42
Update easy-rsa to 3.0.6 ( #393 )
2019-02-21 15:59:57 +01:00
Samuel FORESTIER
676e68fe4f
Removes trailing space within server configuration ( #369 )
2018-12-16 19:14:34 +01:00
xiagw
19820e886e
Remove OpenVPN log during uninstallation ( #339 )
2018-10-19 12:10:56 +02:00
angristan
0d19b57e7f
Fix iptables-openvpn service on Debian 8
2018-10-08 21:11:52 +02:00
angristan
bca57c483d
Fix "ping6" and "ping -6" usage
2018-10-01 21:00:26 +02:00
GoliathLabs
c9c6089cd6
Use ping -6 instead of ping6 ( #317 )
2018-09-30 21:17:30 +02:00
angristan
043843850e
Improve Debian detection
...
e.g. for Raspbian
2018-09-29 20:15:20 +02:00
Sidd
d2bd051d97
Spelling fixes ( #314 )
2018-09-28 16:36:00 +02:00
angristan
ef6c2c2a78
Improve -y usage with package managers
2018-09-27 22:23:40 +02:00
angristan
e231c8924a
CentOS: Make sure epel-release is installed before openvpn
2018-09-27 22:09:12 +02:00
angristan
9716e868a0
Fix service handling on Ubuntu 16.04
2018-09-27 19:57:01 +02:00
angristan
0648e6a0b7
Fix IPv6 connectivity test
2018-09-27 19:52:52 +02:00
angristan
e4a9851b4f
Remove revoked client from ifconfig-pool-persist
2018-09-24 15:24:31 +02:00
angristan
0f117352c7
Remove hardcoded ciphers from Fedora systemd service
2018-09-24 14:33:08 +02:00
angristan
bbea708175
Do not modify package-provided systemd service
2018-09-24 14:26:41 +02:00
angristan
071baf477f
Update link, DNS name
2018-09-24 11:45:12 +02:00
angristan
73c52daf84
Add Quad9 uncensored
2018-09-24 11:42:29 +02:00
angristan
1dad1579ad
Better code
2018-09-24 11:37:13 +02:00
angristan
8d5d080cc0
Remove plaintext metadata from client certificate
2018-09-24 11:32:43 +02:00
angristan
b0fdb24984
Improve Debian/Ubuntu detection
2018-09-23 22:23:13 +02:00
Jun Hui
c14355a34c
Update easy-rsa to 3.0.5 ( #301 )
2018-09-23 17:09:33 +02:00
angristan
70ebe5620d
secp256r1 -> prime256v1
2018-09-23 17:06:15 +02:00
angristan
8e1cf382c3
Fix unset usage
2018-09-23 16:33:59 +02:00
angristan
5a67d3b3e7
Fix regex
2018-09-23 16:30:48 +02:00
GoliathLabs
ecf5f0d623
Add Arch Linux support ( #303 )
2018-09-23 16:27:36 +02:00
angristan
8de3957afb
Disable and stop OpenVPN upon removal
2018-09-23 14:32:24 +02:00
angristan
7f35106687
Fix condition
2018-09-23 14:30:08 +02:00
angristan
09b29ddc9c
Fix OS condition
2018-09-23 14:26:28 +02:00
angristan
ef30d3c9df
Fix service on Ubuntu 16.04
2018-09-23 14:25:18 +02:00
angristan
e2906fd5e4
Use APT repo for Ubuntu 16.04
...
Ubuntu 16.04 has OpenVPN 2.3.10
2018-09-23 12:47:52 +02:00
angristan
21f15d9aef
Little fixes according to OpenVPN 2.4
...
Yeah, seconds, really :)
2018-09-23 00:47:18 +02:00
angristan
c2a502be92
Add support for tls-crypt
...
Choice between tls-auth/tls-crypt
2018-09-22 22:34:10 +02:00
angristan
f716380080
Fixes
2018-09-22 22:33:25 +02:00
angristan
62c89af954
Support ncp-ciphers
...
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP)
It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
2018-09-22 18:18:36 +02:00
angristan
a85c13e4ec
Move setup questions to installQuestions ()
2018-09-22 17:59:21 +02:00
angristan
bbdabedbec
Add --auth choice (HMAC digest algorithm)
2018-09-22 17:54:30 +02:00
angristan
e0b4a5aae7
Use read -rp
2018-09-22 16:42:48 +02:00
angristan
3a5e23c5c1
Add ECDH support
2018-09-22 16:41:28 +02:00
angristan
cfa5eed6bd
Re-add possibility to use a hostname as the endpoint
2018-09-22 16:17:51 +02:00
angristan
db6a253676
Improve tests using regex
2018-09-22 15:23:01 +02:00
angristan
4d1baca0c7
Add ECDSA support and make tls-cipher configurable
2018-09-22 15:17:13 +02:00
angristan
06e7597942
Use AES-128-GCM by default
2018-09-22 14:25:30 +02:00
angristan
c1b069b501
Fix 10a1d04
2018-09-22 14:23:58 +02:00
angristan
7449bfc550
Remove trailing tabs
2018-09-22 14:21:20 +02:00
angristan
11e023b6dc
Use 2048 bits RSA key by default
2018-09-22 14:20:57 +02:00
angristan
10a1d04f3b
Add AES GCM support
2018-09-22 14:20:20 +02:00
angristan
36af5ec100
Update DH/RSA defaults
2018-09-22 14:19:51 +02:00
angristan
b898a99485
Add compression support
...
It is disabled by default.
2018-09-22 14:08:42 +02:00
angristan
7ed823cdf2
Remove OpenVPN APT repo during removal
2018-09-22 11:41:31 +02:00
angristan
c96a71c7d6
Fix OpenVPN repo for Debian 8
2018-09-22 11:40:54 +02:00
angristan
80c0b971d6
Improved and safer code
...
Thanks to shellcheck!
2018-09-21 23:48:11 +02:00