octoleo/openvpn-install
1
1
Fork 0
mirror of https://github.com/namibia/openvpn-install.git synced 2024-11-19 18:55:10 +00:00
Code Issues Releases Activity
509 Commits 5 Branches 0 Tags 840 KiB
7e7a494f59
Commit Graph

313 Commits

Author SHA1 Message Date
angristan
8d5d080cc0 Remove plaintext metadata from client certificate 2018-09-24 11:32:43 +02:00
angristan
b0fdb24984 Improve Debian/Ubuntu detection 2018-09-23 22:23:13 +02:00
Jun Hui
c14355a34c Update easy-rsa to 3.0.5 (#301) 2018-09-23 17:09:33 +02:00
angristan
70ebe5620d secp256r1 -> prime256v1 2018-09-23 17:06:15 +02:00
angristan
8e1cf382c3 Fix unset usage 2018-09-23 16:33:59 +02:00
angristan
5a67d3b3e7 Fix regex 2018-09-23 16:30:48 +02:00
GoliathLabs
ecf5f0d623 Add Arch Linux support (#303) 2018-09-23 16:27:36 +02:00
angristan
8de3957afb Disable and stop OpenVPN upon removal 2018-09-23 14:32:24 +02:00
angristan
7f35106687 Fix condition 2018-09-23 14:30:08 +02:00
angristan
09b29ddc9c Fix OS condition 2018-09-23 14:26:28 +02:00
angristan
ef30d3c9df Fix service on Ubuntu 16.04 2018-09-23 14:25:18 +02:00
angristan
e2906fd5e4 Use APT repo for Ubuntu 16.04 
Ubuntu 16.04 has OpenVPN 2.3.10
 2018-09-23 12:47:52 +02:00
angristan
21f15d9aef Little fixes according to OpenVPN 2.4 
Yeah, seconds, really :)
 2018-09-23 00:47:18 +02:00
angristan
c2a502be92 Add support for tls-crypt 
Choice between tls-auth/tls-crypt
 2018-09-22 22:34:10 +02:00
angristan
f716380080 Fixes 2018-09-22 22:33:25 +02:00
angristan
62c89af954 Support ncp-ciphers 
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP)
It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
 2018-09-22 18:18:36 +02:00
angristan
a85c13e4ec Move setup questions to installQuestions () 2018-09-22 17:59:21 +02:00
angristan
bbdabedbec Add --auth choice (HMAC digest algorithm) 2018-09-22 17:54:30 +02:00
angristan
e0b4a5aae7 Use read -rp 2018-09-22 16:42:48 +02:00
angristan
3a5e23c5c1 Add ECDH support 2018-09-22 16:41:28 +02:00
angristan
cfa5eed6bd Re-add possibility to use a hostname as the endpoint 2018-09-22 16:17:51 +02:00
angristan
db6a253676 Improve tests using regex 2018-09-22 15:23:01 +02:00
angristan
4d1baca0c7 Add ECDSA support and make tls-cipher configurable 2018-09-22 15:17:13 +02:00
angristan
06e7597942 Use AES-128-GCM by default 2018-09-22 14:25:30 +02:00
angristan
c1b069b501 Fix 10a1d04 2018-09-22 14:23:58 +02:00
angristan
7449bfc550 Remove trailing tabs 2018-09-22 14:21:20 +02:00
angristan
11e023b6dc Use 2048 bits RSA key by default 2018-09-22 14:20:57 +02:00
angristan
10a1d04f3b Add AES GCM support 2018-09-22 14:20:20 +02:00
angristan
36af5ec100 Update DH/RSA defaults 2018-09-22 14:19:51 +02:00
angristan
b898a99485 Add compression support 
It is disabled by default.
 2018-09-22 14:08:42 +02:00
angristan
7ed823cdf2 Remove OpenVPN APT repo during removal 2018-09-22 11:41:31 +02:00
angristan
c96a71c7d6 Fix OpenVPN repo for Debian 8 2018-09-22 11:40:54 +02:00
angristan
80c0b971d6 Improved and safer code 
Thanks to shellcheck!
 2018-09-21 23:48:11 +02:00
angristan
76607e781c Sorry... 2018-09-21 22:22:09 +02:00
angristan
a0ff4d7cf9 Improve questions for NATed servers 2018-09-21 21:53:39 +02:00
angristan
4144fa9dff Make encryption customization optional 
A lot of people don't know much about cryptography.
Since the script already overwrite OpenVPN's default settings, there is no need for most people to modify them.
 2018-09-21 17:17:41 +02:00
xiagw
0f67214490 Improve Debian/Ubuntu version checking (#187) 2018-09-20 22:00:16 +02:00
angristan
0a5c3c1401 Rewrite README 2018-09-20 17:16:04 +02:00
Stanislas
e920f7fbc2
Refactoring, cleanup and fixes (#293) 2018-09-20 00:05:02 +02:00
Stanislas
136a46874e
Rework and cleanup systemd service handling (#294) 
* Don't hardcode server.conf in systemd service

* Rework and cleanup service handling
 2018-09-18 14:55:00 +02:00
angristan
d3974220ef Fix public interface in iptables rules 2018-09-18 12:37:07 +02:00
angristan
974b80dbc1 Remove unused variables 2018-09-17 18:05:51 +02:00
Stanislas
594486c177
Rework iptables handling (#291) 2018-09-17 01:11:30 +02:00
angristan
18b025e831 Improve sysctl config 2018-09-16 22:45:04 +02:00
Stanislas
bfed14544e
Add IPv6 NAT support (#238) 2018-09-16 17:55:50 +02:00
angristan
f6c9a63e38 Drop support for Arch Linux 
Arch Linux isn't very used and is not available on cloud providers. I cannot test it easily so it is a burden to maintain for me
 2018-09-16 01:34:01 +02:00
angristan
8a5de575b7 Drop Debian 7 support 
Debian 7 is EOL and I can't test it on cloud providers anymore
 2018-09-16 01:29:04 +02:00
angristan
3209441775 Better bash 2018-09-16 01:26:37 +02:00
angristan
62380c512b Drop CentOS 6 support 2018-09-16 01:26:30 +02:00
randomshell
f057e0aa5f Add self-hosted DNS resolver (Unbound) 2018-09-16 00:53:33 +02:00
angristan
4bf4257cf3 Merge two mv commands 2018-09-05 20:26:33 +02:00
angristan
2997a7e8b6 Remove "|| return" 2018-09-05 20:20:46 +02:00
angristan
ea40b45b52 Fix /dev/urandom usage on unprivileged LXC containers 
Fixes https://github.com/angristan/openvpn-install/issues/280
 2018-09-02 22:32:58 +02:00
Angristan
64f62cf874 Remove log-append for now and create log dir 
See https://github.com/Angristan/OpenVPN-install/issues/275
 2018-08-23 00:40:36 +02:00
Angristan
d8d0bbb5da Add access logs (log-append) 
And move log files to /var/log/openvpn. Makes more sense and access logs can be very useful.
 2018-08-22 22:11:36 +02:00
Angristan
1b18e7f2a7 Re-add a default suggestion for the client name 
But only during the setup, not for additional clients
 2018-08-18 21:47:10 +02:00
Angristan
47c86874dc Update check on the client's name input 2018-08-18 19:55:36 +02:00
Angristan
9ef0bbc47d
Add password option for clients (#160) 2018-08-18 19:40:07 +02:00
Jebtrix
df172b962d Add option to generate random port in private port range (#229) 2018-08-18 15:57:24 +02:00
Sayem Chowdhury
5501de73c8 Improved code (#243) 2018-07-15 11:25:59 +02:00
cezar97
63ac18075d Add quad9 secondary DNS (#248) 
See https://www.quad9.net/faq/#Is_there_a_service_that_Quad9_offers_that_does_not_have_the_blocklist_or_other_security.
 2018-07-06 22:11:22 +02:00
Jebtrix
b8f0b44c55 [FIX] Unable to select AdGuard DNS choice (#228) 2018-05-29 10:18:24 +02:00
Angristan
6cecc16f0d
Fixes #217 "Package 'gpg' has no installation candidate" 2018-05-10 00:29:05 +02:00
Timofey Vasenin
d2a3b3bec6 Backport improvements of external IP handling (#213) 
* [backport] Remove IP address detection fallback

It was never used, the one-liner is enough.

* [backport] Improve NAT detection

Cleaner and better:
- Not relying in an external service
- Avoids a false positive when the server has multiple public IPv4
addresses and the user selects one which is not the default gateway
 2018-05-08 21:23:36 +02:00
Timofey Vasenin
b3fba4fddc [backport] Fix system resolvers option for environments running systemd-resolved (#214) 2018-05-08 21:01:32 +02:00
Stanislas
2f6821d778 Add support for Ubuntu 18.04 2018-05-08 20:53:57 +02:00
Timofey Vasenin
71bb6e8371 Remove unneeded -r argument from some rm commands 
Backport the relevant part of:
d717353769
 2018-05-07 18:50:01 +02:00
cezar97
61d89e3ba2 Remove .ovpn on cert revoke or OpenVPN uninstall (#178) 2018-04-10 11:06:19 +02:00
Angristan
d7e706ac24 Add Cloudflare resolvers 
Fixes #193
 2018-04-01 23:12:05 +02:00
Angristan
42f6553dcc
Add GPG dependency 2018-02-25 17:37:03 +01:00
Angristan
687eb9019d Fix Fedora detection 
Fixes #168
 2018-02-22 21:47:35 +01:00
Kcchouette
f252614a36 Remove unsupported version of ubuntu (#163) 
* Remove unsupported version of ubuntu

Remove 12.04 as the support finished on April 28, 2017
Remove 16.10 as the support finished 2017-07-20
Remove 17.04 as the support finished 2018-01-13
 2018-02-14 14:48:36 +01:00
Angristan
febdc04340 Support Ubuntu 17.10 
Fixes #161
 2018-02-13 22:38:48 +01:00
Angristan
501f8a9b36
Use a different client name for new users 
Just in case the user keeps the default "client" username when installing, reusing "client" will fail. A tiny commit for lazy users.
 2018-02-12 16:07:37 +01:00
Angristan
cffe4bee4a Inverse FDN's DNS servers for DNSSEC 
The .12 does not validate DNSSEC while the .40 does, so I'm putting the .40 first.
 2018-01-27 20:21:28 +01:00
Angristan
edbf48646e
Merge pull request #151 from cezar97/master 
Randomize CN and Server Name and verify Server Name
 2018-01-25 12:24:50 +01:00
Angristan
d19283c46f
Optmize vars 
I'm not removing the PiVPN mention because I don't want to credit them, but to not bloat the script.

Their contribution will be available via git blame + https://github.com/Angristan/OpenVPN-install/pull/151 :)
 2018-01-25 12:23:25 +01:00
Angristan
7c7084238f Update EasyRSA to 3.0.4 
Fixes "./easyrsa: 644: ./easyrsa: [[: not found"
 2018-01-23 12:19:01 +01:00
cezar97
931190dd59
Verify server name to strengthen security 2018-01-18 17:36:31 +01:00
cezar97
4f5f43e503
Randomize CN and server name, fixed #48 
Solution taken from pivpn install script here: https://github.com/pivpn/pivpn/blob/master/auto_install/install.sh.
Repo in https://github.com/pivpn/pivpn.
 2018-01-18 17:19:51 +01:00
Angristan
f681c0bd34
Add Amazon Linux support 
Fixes https://github.com/Angristan/OpenVPN-install/issues/128
 2018-01-11 11:08:35 +01:00
Angristan
bb23ed1227
Merge pull request #139 from Angristan/systemd-openvz-fix 
Fix systemd service on OpenVZ
 2017-12-16 15:29:02 +01:00
Arda
6931364a23 Fedora Support 2017-11-30 22:54:53 +03:00
Angristan
3b8c5d776a
Update DNS list with Quad9 2017-11-29 11:21:33 +01:00
Angristan
6ac1b185fa
Update DNS list with Quad9 2017-11-29 11:17:06 +01:00
Nicolas Duchon
449361007a Add Quad9 DNS 2017-11-29 10:46:58 +01:00
Angristan
1241072bb2
Fix systemd service on OpenVZ 
fix the service on all systemd/ubuntu versions
 2017-11-28 22:14:27 +01:00
Angristan
f47fc795d5 Merge PR #83 : Remove rc.local and use an iptables systemd service 
- Install iptables systemd service for Debian, Ubuntu and CentOS
- Fix iptables install for ArcLinux
- Remove the use rc.local file
- Remove all iptables rules when removing openvpn (cf. #60 )
 2017-11-12 22:56:02 +01:00
Angristan
80fd8678a6 Revert "Merge PR #83 : Remove rc.local and use an iptables systemd service" 
This reverts commit e874013112, reversing
changes made to 998d1e8b13.
 2017-11-12 22:51:54 +01:00
Angristan
e874013112 Merge PR #83 : Remove rc.local and use an iptables systemd service 2017-11-12 22:43:55 +01:00
Angristan
aca3b4a019
Fix the network interface variable 
Fix for https://github.com/Angristan/OpenVPN-install/pull/83#issuecomment-343758329
 2017-11-12 19:54:44 +01:00
Angristan
dcec3f12a4
Disable firewalld to allow iptables to start upon reboot 2017-11-12 18:30:05 +01:00
Angristan
ed17fc074d
Resolve conflicts 
Merge changes from master to resolve conflicts
 2017-11-12 18:07:07 +01:00
Angristan
998d1e8b13
Merge pull request #92 from NathanZepol/master 
Adding auth-nocache option to .ovpn configuration
 2017-11-12 16:04:11 +01:00
Angristan
a7a277e2dc
Remove "local" parameter 
Revert ad3c223385

On some servers, this prevented OpenVPN to start on boot. (Socket bind failed on local address [AF_INET] IP:1194 Cannot assign requested address)
 2017-11-12 15:48:39 +01:00
Angristan
a0821ee5b4 Fix typo 2017-10-17 22:05:11 +02:00
Angristan
dccbe2f71d Add AdGuard DNS 2017-10-09 17:12:46 +02:00
Jelle Dekker
603d6747b9 Extended the expiration date of the certificate revocation list to 10 years. 2017-09-29 16:13:02 -05:00
Nathan
641510984b Adding auth-nocache Option to .ovpn Configuration 2017-08-27 13:59:08 -05:00
Angristan
37d42e25fe Update Easy-RSA to v3.0.3 2017-08-23 10:39:33 +02:00