7b7567e7cb
Remove key-direction from tls-crypt option ( #748 )
...
In contrast to --tls-auth, --tls-crypt does *not* require the user to set --key-direction. Thus syntax is `--tls-crypt keyfile`
2020-10-21 13:57:45 +02:00
2e193e33cb
increase priority of sysctl conf file ( #750 )
...
Prevents GCP cloud platform's default security policy for instances, which uses prefix 60-, from overriding ip_forward. Also future-proofs against any other such default policy.
2020-10-20 23:44:52 +02:00
73c5304fda
style: format with shfmt
2020-10-20 16:42:35 +02:00
cef199916d
Added automatic NAT public IP discovery ( #735 )
2020-10-20 16:31:12 +02:00
1e3006c9ec
Shellcheck: move excludes to action env
2020-08-03 17:50:40 +02:00
e52a54b92f
Merge pull request #699 from Serpentiel/patch-1
...
Updated client name input restrictions and hint
2020-08-03 17:14:22 +02:00
99ebd3d9bc
Merge pull request #691 from cn3lfs/patch-1
...
change mkdir to mkdir -p for directory not exist
2020-07-30 12:45:38 +02:00
5c2a86f27e
Update distro compatibility list and remove Debian 8 support ( #654 )
2020-07-28 12:24:57 +02:00
b4773385a4
Updated client name input restrictions and hint
2020-07-17 22:10:31 +03:00
a35cd2eca4
change mkdir to mkdir -p for directory not exist
...
change mkdir to mkdir -p for directory /etc/openvpn/easy-rsa not exist
2020-06-30 15:14:19 +08:00
9e1fe367bf
Default DNS to AdGuard
2020-06-29 09:09:38 +02:00
ed26d6a649
Update error message on CentOS install
2020-06-27 12:30:20 +02:00
317c4dbdbf
Remove easy-rsa <3.0.7 workaround
...
We have easy-rsa 3.0.7 and it's not needed anymore
2020-05-07 20:07:25 +00:00
5e2e67f78d
style: format with shfmt
2020-05-01 00:10:11 +02:00
9096af1677
feat: push IPv6 endpoint with DHCP when self-hosted DNS resolver is in use ( #600 )
...
Co-authored-by: randomshell <43271778+randomshell@users.noreply.github.com>
Co-authored-by: Stanislas <angristan@pm.me>
2020-05-01 00:04:38 +02:00
80e89836f1
fix: add IPv6 INPUT iptables rule on incoming port ( #601 )
...
Co-authored-by: Stanislas <angristan@pm.me>
2020-04-30 23:42:09 +02:00
ec36253e75
Revert "refactor(install): update policycoreutils-python package name on CentOS"
...
This reverts commit 2370f802b7
2020-04-28 11:51:23 +02:00
2370f802b7
refactor(install): update policycoreutils-python package name on CentOS
2020-04-28 11:44:53 +02:00
0e961a2e6b
refactor(install): simplify easy-rsa install process
2020-04-27 19:20:40 +02:00
529d365693
build(easy-rsa): 3.0.6 -> 3.0.7 ( #641 )
2020-04-27 19:10:49 +02:00
369c8dadaa
refactor(menu): remove clear console
2020-04-27 18:06:59 +02:00
182c43316f
feat(install): get system IPv6 resolvers if enabled ( #599 )
2020-04-27 18:04:18 +02:00
96e6ea71e9
fix(newClient): exit if client name already taken
...
fix #613
2020-04-27 17:45:58 +02:00
f411d9dec7
fix(revokeClient): fix prompt input check
...
fix #477 #590
2020-04-27 17:36:04 +02:00
c758418c6d
style(script) format with shfmt
2020-04-27 16:25:20 +02:00
2a35a3db16
refactor(install): simplify detection of public IP4, add fallback to IPv6 ( #589 )
2020-04-27 16:24:30 +02:00
fdb35b86c6
fix(fedora): install policycoreutils-python-utils for selinux
2020-04-27 16:19:09 +02:00
29980e6bef
style(script) format with shfmt
2020-04-27 16:05:51 +02:00
3b2c84b94d
fix(selinux): fix deletion of selinux policy ( #555 )
2020-04-27 16:03:55 +02:00
6cc0022dff
style(script): format with shfmt ( #638 )
...
shfmt -w -s
2020-04-27 14:59:19 +02:00
e3139cd877
Revert "feat(curves): add secp256k1 option ( #315 )"
...
This reverts commit 8d5bb43aed
2020-04-27 14:36:44 +02:00
8d5bb43aed
feat(curves): add secp256k1 option ( #315 )
2020-04-27 14:22:35 +02:00
62a4ff3b41
fix(client conf): ignore block-outside-dns if not supported ( #628 )
2020-04-27 14:19:25 +02:00
159ab9af6e
refactor(revoke client): remove uneeded cleanup ( #607 )
...
The deletion of issued files is handled by easy-rsa.
See function move_revoked() f0129cfe62/easyrsa3/easyrsa (L1050)
2020-04-27 14:12:23 +02:00
fe0b995bdf
feat(headless): make script idempotent
...
This set of changes adjusts the script so that you can run it multiple times with the same input and not have any unexpected changes. This makes it appropriate for "enforcing state", as required by automated provisioners like Puppet, Salt, Chef, or Ansible.
- Unbound, OpenVPN, easy-rsa, and other dependencies are only installed from upstream if they are not already present. This prevents multiple runs of the script from causing unexpected version upgrades.
- The easy-rsa system is put in a folder called "easy-rsa-auto" so it can't conflict with the "easy-rsa" folder from some older OpenVPN packages
- The easy-rsa CA is only initialized once
- SERVER_CN and SERVER_NAME are randomly generated once and saved for future reference
- File append ('>>') is only done strictly after a file is created with '>' (e.g. /etc/sysctl.d/20-openvpn.conf)
- Clients are only added to easy-rsa once
- If AUTO_INSTALL == y, then the script operates in install mode and doesn't enter manageMenu
2020-04-27 13:56:34 +02:00
3b0c2ace90
fix(checkOS): update Ubuntu/Debian compatibility check
2020-04-27 13:37:52 +02:00
6989b0d326
Add support for client-configuration-dir ( #609 )
2020-04-10 17:49:07 +02:00
2c9c0ed0c3
Improve sed line deletion ( #608 )
2020-04-10 11:42:57 +02:00
ef5d5faf30
Change = conditional to == ( #591 )
2020-04-06 14:51:58 +02:00
6e8aeb3505
Uninstallation: restart unbound only if not removed ( #612 )
2020-04-06 14:41:10 +02:00
e123635e7c
Add comments to some DNS options in code ( #598 )
2020-04-02 16:30:50 +02:00
7ed9cac8d7
Change Adguard DNS to Anycast ( #596 )
...
See map at https://adguard.com/en/adguard-dns/overview.html
2020-03-31 23:05:44 +02:00
44105eb060
Fix systemd unit issue on Debian 9 ( #585 )
...
On Debian 9 the copy of unit file `/etc/systemd/system/openvpn@.service` has no effect, see #583 .
Same problem as #129 and #378 , unit can not start on OpenVZ.
It must execute `systemctl enable` before `systemctl restart`.
So the new link to `/etc/systemd/system/openvpn@.service` was created before `systemctl restart`.
Fix https://github.com/angristan/openvpn-install/issues/583
2020-03-28 15:41:37 +01:00
3d075c8708
Print warning about empty public interface ( #581 )
...
Warning, if cannot detect public interface, and give user a choice to continue or abord.
2020-03-26 21:27:16 +01:00
23e533431a
Fix error messag mkdir /etc/iptables ( #580 )
...
Fix this error message:
mkdir: cannot create directory ‘/etc/iptables’: File exists
2020-03-26 21:24:50 +01:00
130659b003
Add explicit-exit-notify for UDP ( #579 )
...
For faster reconnects with UDP is better to send the the explicit-exit-notify to server. With this the server can directly see, that the client will exit.
2020-03-26 21:24:20 +01:00
aab5e7b2ff
Fix getting pulic interface in IPv6 only ( #578 )
...
In a IPv6 only environment, the variable $NIC would be empty and iptables in add-openvpn-rules.sh will fail by missing argument.
2020-03-26 21:22:22 +01:00
6bb87ae716
Install `semanage` command on CentoOS ( #554 )
...
CentOS has selinux enabled by default but it hasn't the `semanage` command required to run OpenVPN on another port.
'policycoreutils-python*' match `policycoreutils-python' in CentOS 7 and `policycoreutils-python-utils` in Centos 8.
2020-03-14 20:25:22 +01:00
3f2ad88cbf
Custom DNS option wrong value fix ( #559 )
...
Custom DNS option wrong value fix
2020-03-10 10:43:13 +01:00
7a4f9278e7
Add new DNS option: NextDNS
2020-03-03 23:04:18 +01:00
randomshell
Dave Eargle
Stanislas Lange
Phonic Mouse
Aleksander
cn3lfs
robiiinos
Stanislas Lange
Henry N
randomshell
Sidd
John E
xPakrikx