1
1
mirror of https://github.com/namibia/openvpn-install.git synced 2024-11-20 03:05:10 +00:00
Commit Graph

304 Commits

Author SHA1 Message Date
angristan
09b29ddc9c Fix OS condition 2018-09-23 14:26:28 +02:00
angristan
ef30d3c9df Fix service on Ubuntu 16.04 2018-09-23 14:25:18 +02:00
angristan
e2906fd5e4 Use APT repo for Ubuntu 16.04
Ubuntu 16.04 has OpenVPN 2.3.10
2018-09-23 12:47:52 +02:00
angristan
21f15d9aef Little fixes according to OpenVPN 2.4
Yeah, seconds, really :)
2018-09-23 00:47:18 +02:00
angristan
c2a502be92 Add support for tls-crypt
Choice between tls-auth/tls-crypt
2018-09-22 22:34:10 +02:00
angristan
f716380080 Fixes 2018-09-22 22:33:25 +02:00
angristan
62c89af954 Support ncp-ciphers
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP)
It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
2018-09-22 18:18:36 +02:00
angristan
a85c13e4ec Move setup questions to installQuestions () 2018-09-22 17:59:21 +02:00
angristan
bbdabedbec Add --auth choice (HMAC digest algorithm) 2018-09-22 17:54:30 +02:00
angristan
e0b4a5aae7 Use read -rp 2018-09-22 16:42:48 +02:00
angristan
3a5e23c5c1 Add ECDH support 2018-09-22 16:41:28 +02:00
angristan
cfa5eed6bd Re-add possibility to use a hostname as the endpoint 2018-09-22 16:17:51 +02:00
angristan
db6a253676 Improve tests using regex 2018-09-22 15:23:01 +02:00
angristan
4d1baca0c7 Add ECDSA support and make tls-cipher configurable 2018-09-22 15:17:13 +02:00
angristan
06e7597942 Use AES-128-GCM by default 2018-09-22 14:25:30 +02:00
angristan
c1b069b501 Fix 10a1d04 2018-09-22 14:23:58 +02:00
angristan
7449bfc550 Remove trailing tabs 2018-09-22 14:21:20 +02:00
angristan
11e023b6dc Use 2048 bits RSA key by default 2018-09-22 14:20:57 +02:00
angristan
10a1d04f3b Add AES GCM support 2018-09-22 14:20:20 +02:00
angristan
36af5ec100 Update DH/RSA defaults 2018-09-22 14:19:51 +02:00
angristan
b898a99485 Add compression support
It is disabled by default.
2018-09-22 14:08:42 +02:00
angristan
7ed823cdf2 Remove OpenVPN APT repo during removal 2018-09-22 11:41:31 +02:00
angristan
c96a71c7d6 Fix OpenVPN repo for Debian 8 2018-09-22 11:40:54 +02:00
angristan
80c0b971d6 Improved and safer code
Thanks to shellcheck!
2018-09-21 23:48:11 +02:00
angristan
76607e781c Sorry... 2018-09-21 22:22:09 +02:00
angristan
a0ff4d7cf9 Improve questions for NATed servers 2018-09-21 21:53:39 +02:00
angristan
4144fa9dff Make encryption customization optional
A lot of people don't know much about cryptography.
Since the script already overwrite OpenVPN's default settings, there is no need for most people to modify them.
2018-09-21 17:17:41 +02:00
xiagw
0f67214490 Improve Debian/Ubuntu version checking (#187) 2018-09-20 22:00:16 +02:00
angristan
0a5c3c1401 Rewrite README 2018-09-20 17:16:04 +02:00
Stanislas
e920f7fbc2
Refactoring, cleanup and fixes (#293) 2018-09-20 00:05:02 +02:00
Stanislas
136a46874e
Rework and cleanup systemd service handling (#294)
* Don't hardcode server.conf in systemd service

* Rework and cleanup service handling
2018-09-18 14:55:00 +02:00
angristan
d3974220ef Fix public interface in iptables rules 2018-09-18 12:37:07 +02:00
angristan
974b80dbc1 Remove unused variables 2018-09-17 18:05:51 +02:00
Stanislas
594486c177
Rework iptables handling (#291) 2018-09-17 01:11:30 +02:00
angristan
18b025e831 Improve sysctl config 2018-09-16 22:45:04 +02:00
Stanislas
bfed14544e
Add IPv6 NAT support (#238) 2018-09-16 17:55:50 +02:00
angristan
f6c9a63e38 Drop support for Arch Linux
Arch Linux isn't very used and is not available on cloud providers. I cannot test it easily so it is a burden to maintain for me
2018-09-16 01:34:01 +02:00
angristan
8a5de575b7 Drop Debian 7 support
Debian 7 is EOL and I can't test it on cloud providers anymore
2018-09-16 01:29:04 +02:00
angristan
3209441775 Better bash 2018-09-16 01:26:37 +02:00
angristan
62380c512b Drop CentOS 6 support 2018-09-16 01:26:30 +02:00
randomshell
f057e0aa5f Add self-hosted DNS resolver (Unbound) 2018-09-16 00:53:33 +02:00
angristan
4bf4257cf3 Merge two mv commands 2018-09-05 20:26:33 +02:00
angristan
2997a7e8b6 Remove "|| return" 2018-09-05 20:20:46 +02:00
angristan
ea40b45b52 Fix /dev/urandom usage on unprivileged LXC containers
Fixes https://github.com/angristan/openvpn-install/issues/280
2018-09-02 22:32:58 +02:00
Angristan
64f62cf874 Remove log-append for now and create log dir
See https://github.com/Angristan/OpenVPN-install/issues/275
2018-08-23 00:40:36 +02:00
Angristan
d8d0bbb5da Add access logs (log-append)
And move log files to /var/log/openvpn. Makes more sense and access logs can be very useful.
2018-08-22 22:11:36 +02:00
Angristan
1b18e7f2a7 Re-add a default suggestion for the client name
But only during the setup, not for additional clients
2018-08-18 21:47:10 +02:00
Angristan
47c86874dc Update check on the client's name input 2018-08-18 19:55:36 +02:00
Angristan
9ef0bbc47d
Add password option for clients (#160) 2018-08-18 19:40:07 +02:00
Jebtrix
df172b962d Add option to generate random port in private port range (#229) 2018-08-18 15:57:24 +02:00
Sayem Chowdhury
5501de73c8 Improved code (#243) 2018-07-15 11:25:59 +02:00
cezar97
63ac18075d Add quad9 secondary DNS (#248)
See https://www.quad9.net/faq/#Is_there_a_service_that_Quad9_offers_that_does_not_have_the_blocklist_or_other_security.
2018-07-06 22:11:22 +02:00
Jebtrix
b8f0b44c55 [FIX] Unable to select AdGuard DNS choice (#228) 2018-05-29 10:18:24 +02:00
Angristan
6cecc16f0d
Fixes #217 "Package 'gpg' has no installation candidate" 2018-05-10 00:29:05 +02:00
Timofey Vasenin
d2a3b3bec6 Backport improvements of external IP handling (#213)
* [backport] Remove IP address detection fallback

It was never used, the one-liner is enough.

* [backport] Improve NAT detection

Cleaner and better:
- Not relying in an external service
- Avoids a false positive when the server has multiple public IPv4
addresses and the user selects one which is not the default gateway
2018-05-08 21:23:36 +02:00
Timofey Vasenin
b3fba4fddc [backport] Fix system resolvers option for environments running systemd-resolved (#214) 2018-05-08 21:01:32 +02:00
Stanislas
2f6821d778 Add support for Ubuntu 18.04 2018-05-08 20:53:57 +02:00
Timofey Vasenin
71bb6e8371 Remove unneeded -r argument from some rm commands
Backport the relevant part of:
d717353769
2018-05-07 18:50:01 +02:00
cezar97
61d89e3ba2 Remove .ovpn on cert revoke or OpenVPN uninstall (#178) 2018-04-10 11:06:19 +02:00
Angristan
d7e706ac24 Add Cloudflare resolvers
Fixes #193
2018-04-01 23:12:05 +02:00
Angristan
42f6553dcc
Add GPG dependency 2018-02-25 17:37:03 +01:00
Angristan
687eb9019d Fix Fedora detection
Fixes #168
2018-02-22 21:47:35 +01:00
Kcchouette
f252614a36 Remove unsupported version of ubuntu (#163)
* Remove unsupported version of ubuntu

Remove 12.04 as the support finished on April 28, 2017
Remove 16.10 as the support finished 2017-07-20
Remove 17.04 as the support finished 2018-01-13
2018-02-14 14:48:36 +01:00
Angristan
febdc04340 Support Ubuntu 17.10
Fixes #161
2018-02-13 22:38:48 +01:00
Angristan
501f8a9b36
Use a different client name for new users
Just in case the user keeps the default "client" username when installing, reusing "client" will fail. A tiny commit for lazy users.
2018-02-12 16:07:37 +01:00
Angristan
cffe4bee4a Inverse FDN's DNS servers for DNSSEC
The .12 does not validate DNSSEC while the .40 does, so I'm putting the .40 first.
2018-01-27 20:21:28 +01:00
Angristan
edbf48646e
Merge pull request #151 from cezar97/master
Randomize CN and Server Name and verify Server Name
2018-01-25 12:24:50 +01:00
Angristan
d19283c46f
Optmize vars
I'm not removing the PiVPN mention because I don't want to credit them, but to not bloat the script.

Their contribution will be available via git blame + https://github.com/Angristan/OpenVPN-install/pull/151 :)
2018-01-25 12:23:25 +01:00
Angristan
7c7084238f Update EasyRSA to 3.0.4
Fixes "./easyrsa: 644: ./easyrsa: [[: not found"
2018-01-23 12:19:01 +01:00
cezar97
931190dd59
Verify server name to strengthen security 2018-01-18 17:36:31 +01:00
cezar97
4f5f43e503
Randomize CN and server name, fixed #48
Solution taken from pivpn install script here: https://github.com/pivpn/pivpn/blob/master/auto_install/install.sh.
Repo in https://github.com/pivpn/pivpn.
2018-01-18 17:19:51 +01:00
Angristan
f681c0bd34
Add Amazon Linux support
Fixes https://github.com/Angristan/OpenVPN-install/issues/128
2018-01-11 11:08:35 +01:00
Angristan
bb23ed1227
Merge pull request #139 from Angristan/systemd-openvz-fix
Fix systemd service on OpenVZ
2017-12-16 15:29:02 +01:00
Arda
6931364a23 Fedora Support 2017-11-30 22:54:53 +03:00
Angristan
3b8c5d776a
Update DNS list with Quad9 2017-11-29 11:21:33 +01:00
Angristan
6ac1b185fa
Update DNS list with Quad9 2017-11-29 11:17:06 +01:00
Nicolas Duchon
449361007a Add Quad9 DNS 2017-11-29 10:46:58 +01:00
Angristan
1241072bb2
Fix systemd service on OpenVZ
fix the service on all systemd/ubuntu versions
2017-11-28 22:14:27 +01:00
Angristan
f47fc795d5 Merge PR #83 : Remove rc.local and use an iptables systemd service
- Install iptables systemd service for Debian, Ubuntu and CentOS
- Fix iptables install for ArcLinux
- Remove the use rc.local file
- Remove all iptables rules when removing openvpn (cf. #60 )
2017-11-12 22:56:02 +01:00
Angristan
80fd8678a6 Revert "Merge PR #83 : Remove rc.local and use an iptables systemd service"
This reverts commit e874013112, reversing
changes made to 998d1e8b13.
2017-11-12 22:51:54 +01:00
Angristan
e874013112 Merge PR #83 : Remove rc.local and use an iptables systemd service 2017-11-12 22:43:55 +01:00
Angristan
aca3b4a019
Fix the network interface variable
Fix for https://github.com/Angristan/OpenVPN-install/pull/83#issuecomment-343758329
2017-11-12 19:54:44 +01:00
Angristan
dcec3f12a4
Disable firewalld to allow iptables to start upon reboot 2017-11-12 18:30:05 +01:00
Angristan
ed17fc074d
Resolve conflicts
Merge changes from master to resolve conflicts
2017-11-12 18:07:07 +01:00
Angristan
998d1e8b13
Merge pull request #92 from NathanZepol/master
Adding auth-nocache option to .ovpn configuration
2017-11-12 16:04:11 +01:00
Angristan
a7a277e2dc
Remove "local" parameter
Revert ad3c223385

On some servers, this prevented OpenVPN to start on boot. (Socket bind failed on local address [AF_INET] IP:1194 Cannot assign requested address)
2017-11-12 15:48:39 +01:00
Angristan
a0821ee5b4 Fix typo 2017-10-17 22:05:11 +02:00
Angristan
dccbe2f71d Add AdGuard DNS 2017-10-09 17:12:46 +02:00
Jelle Dekker
603d6747b9 Extended the expiration date of the certificate revocation list to 10 years. 2017-09-29 16:13:02 -05:00
Nathan
641510984b Adding auth-nocache Option to .ovpn Configuration 2017-08-27 13:59:08 -05:00
Angristan
37d42e25fe Update Easy-RSA to v3.0.3 2017-08-23 10:39:33 +02:00
Angristan
c0ed60e8cf Update openvpn-install.sh 2017-08-22 11:12:42 +02:00
Ola Tuvesson
ad3c223385 Will now set "local" in server.conf to the chosen IP adderess
If you want to run OpenVPN in UDP mode on an secondary IP, UDP routing will fail unless you explicitly bind OpenVPN to the chosen IP address. This change includes the "local" parameter in the config and sets it to the IP address entered at the beginning.
2017-08-22 00:39:43 +01:00
Angristan
edbe4fed90 Rename OpenVPN's APT list 2017-08-20 22:38:55 +02:00
Angristan
a3c005c556 Update Debian and Ubuntu repository
swupdate.openvpn.net hasn't been updated since OpenVPN 2.3.14 whereas build.openvpn.net supports OpenVPN 2.4.x as of today
Fixes https://github.com/Angristan/OpenVPN-install/issues/86
2017-08-07 16:44:16 +02:00
patlol
58a5282e17 Update openvpn-install.sh 2017-07-22 21:08:06 +02:00
patlol
3c5c87b031 Update openvpn-install.sh 2017-07-22 20:18:46 +02:00
patlol
5787c45a03 Update openvpn-install.sh 2017-07-22 19:40:29 +02:00
patlol
031afd587e fix #8 Client files not beeing created in the right folder when using sudo 2017-07-22 19:30:36 +02:00
DrXala
b5c624eb76 Adjust indents + change iptables.service 2017-07-20 17:12:40 +02:00