1
1
mirror of https://github.com/namibia/openvpn-install.git synced 2024-10-31 18:52:33 +00:00
Commit Graph

372 Commits

Author SHA1 Message Date
Sidd
8d5bb43aed
feat(curves): add secp256k1 option (#315) 2020-04-27 14:22:35 +02:00
randomshell
62a4ff3b41
fix(client conf): ignore block-outside-dns if not supported (#628) 2020-04-27 14:19:25 +02:00
randomshell
159ab9af6e
refactor(revoke client): remove uneeded cleanup (#607)
The deletion of issued files is handled by easy-rsa.
See function move_revoked() f0129cfe62/easyrsa3/easyrsa (L1050)
2020-04-27 14:12:23 +02:00
John E
fe0b995bdf
feat(headless): make script idempotent
This set of changes adjusts the script so that you can run it multiple times with the same input and not have any unexpected changes. This makes it appropriate for "enforcing state", as required by automated provisioners like Puppet, Salt, Chef, or Ansible.

 - Unbound, OpenVPN, easy-rsa, and other dependencies are only installed from upstream if they are not already present. This prevents multiple runs of the script from causing unexpected version upgrades.
 - The easy-rsa system is put in a folder called "easy-rsa-auto" so it can't conflict with the "easy-rsa" folder from some older OpenVPN packages
 - The easy-rsa CA is only initialized once
 - SERVER_CN and SERVER_NAME are randomly generated once and saved for future reference
 - File append ('>>') is only done strictly after a file is created with '>' (e.g. /etc/sysctl.d/20-openvpn.conf)
 - Clients are only added to easy-rsa once
 - If AUTO_INSTALL == y, then the script operates in install mode and doesn't enter manageMenu
2020-04-27 13:56:34 +02:00
Stanislas Lange
3b0c2ace90 fix(checkOS): update Ubuntu/Debian compatibility check 2020-04-27 13:37:52 +02:00
randomshell
6989b0d326
Add support for client-configuration-dir (#609) 2020-04-10 17:49:07 +02:00
randomshell
2c9c0ed0c3
Improve sed line deletion (#608) 2020-04-10 11:42:57 +02:00
randomshell
ef5d5faf30
Change = conditional to == (#591) 2020-04-06 14:51:58 +02:00
Henry N
6e8aeb3505
Uninstallation: restart unbound only if not removed (#612) 2020-04-06 14:41:10 +02:00
Henry N
e123635e7c
Add comments to some DNS options in code (#598) 2020-04-02 16:30:50 +02:00
randomshell
7ed9cac8d7
Change Adguard DNS to Anycast (#596)
See map at https://adguard.com/en/adguard-dns/overview.html
2020-03-31 23:05:44 +02:00
Henry N
44105eb060 Fix systemd unit issue on Debian 9 (#585)
On Debian 9 the copy of unit file `/etc/systemd/system/openvpn@.service` has no effect, see #583.
Same problem as #129 and #378, unit can not start on OpenVZ.

It must execute `systemctl enable` before `systemctl restart`.
So the new link to `/etc/systemd/system/openvpn@.service` was created before `systemctl restart`.

Fix https://github.com/angristan/openvpn-install/issues/583
2020-03-28 15:41:37 +01:00
Henry N
3d075c8708
Print warning about empty public interface (#581)
Warning, if cannot detect public interface, and give user a choice to continue or abord.
2020-03-26 21:27:16 +01:00
Henry N
23e533431a
Fix error messag mkdir /etc/iptables (#580)
Fix this error message:
mkdir: cannot create directory ‘/etc/iptables’: File exists
2020-03-26 21:24:50 +01:00
Henry N
130659b003
Add explicit-exit-notify for UDP (#579)
For faster reconnects with UDP is better to send the the explicit-exit-notify to server. With this the server can directly see, that the client will exit.
2020-03-26 21:24:20 +01:00
Henry N
aab5e7b2ff
Fix getting pulic interface in IPv6 only (#578)
In a IPv6 only environment, the variable $NIC would be empty and iptables in add-openvpn-rules.sh will fail by missing argument.
2020-03-26 21:22:22 +01:00
randomshell
6bb87ae716
Install semanage command on CentoOS (#554)
CentOS has selinux enabled by default but it hasn't the `semanage` command required to run OpenVPN on another port.
'policycoreutils-python*' match `policycoreutils-python' in CentOS 7 and `policycoreutils-python-utils` in Centos 8.
2020-03-14 20:25:22 +01:00
xPakrikx
3f2ad88cbf
Custom DNS option wrong value fix (#559)
Custom DNS option wrong value fix
2020-03-10 10:43:13 +01:00
Stanislas Lange
7a4f9278e7 Add new DNS option: NextDNS 2020-03-03 23:04:18 +01:00
angristan
4b0f47b534 Fix Fedora detection 2020-01-27 18:08:06 +01:00
Stanislas
caa571f768
Fix GitHub action (#515) 2019-11-11 15:37:09 +09:00
Safa Bayar
12ba1a9d9a Add Centos 8 Support (#506) 2019-11-11 15:18:34 +09:00
Stanislas
bc109db04f
Add support for custom DNS input (#470)
Close #258 #260

Co-authored-by: Sayem Chowdhury <sayem314@gmail.com>
2019-08-20 21:02:47 +02:00
Stanislas
4080585ab5
Workaround to remove unharmful easy-rsa error (#469)
Until easy-rsa 3.0.7.

https://github.com/OpenVPN/easy-rsa/issues/261

Fix #454
2019-08-20 21:02:05 +02:00
Stanislas
04141c6c91
Support Raspbian (#462)
Fix #382
2019-08-20 21:01:35 +02:00
angristan
0e3e7f2705 Update sysctl comment 2019-08-20 17:58:51 +02:00
Stanislas
cee02eb803
Fix CentOS detection during install (#468)
Fix #463
2019-08-20 13:36:16 +02:00
Stanislas
1acab15a26
Insert iptables rules at the top (#466)
Fix #346 #465
2019-08-20 11:55:43 +02:00
Stanislas Lange
f207302334 Revert "Insert iptables rules at the top (#461)"
This reverts commit de021b67d5.
2019-08-20 11:20:24 +02:00
Stanislas
de021b67d5
Insert iptables rules at the top (#461)
Fix #346
2019-08-20 00:24:01 +02:00
Stanislas
30735c91d8
Add Amazon Linux 2 support (#459) 2019-08-19 23:25:48 +02:00
Stanislas
dea1d6db2b
Add support for lz4-v2 (#444)
Close #366
2019-07-05 17:49:31 +02:00
angristan
5844a8440f Add support for Debian 10
Fix #439
2019-06-30 23:06:42 +02:00
Kcchouette
73095990eb Fix APT repo for Ubuntu 16.04 (#421) 2019-05-13 18:38:10 +02:00
Stanislas
a0685af1a3
Update mv easy-rsa command
Maybe fix #420
2019-05-12 20:59:15 +02:00
Stanislas
066b48bd84
Add support for Ubuntu 19.04 (#416) 2019-04-22 21:59:04 +02:00
Nathan Lopez
3bf72c7df7 Fix Variable Substitution for ENDPOINT (#397) 2019-02-26 22:39:00 +01:00
Stanislas
6e402289bd
Add Vagrantfile for easier testing (#396) 2019-02-25 23:31:18 +01:00
angristan
52d67286de Fix auto-install 2019-02-25 21:54:36 +01:00
Stanislas
7ba776ce7a
Improve automated install (#395)
#390 follow up, fixes #261
2019-02-25 21:30:46 +01:00
Cliff Cotino
f023de298d Headless installation (#390)
Fixes #261
2019-02-25 20:02:50 +01:00
randomshell
a0027f1b42 Update easy-rsa to 3.0.6 (#393) 2019-02-21 15:59:57 +01:00
Samuel FORESTIER
676e68fe4f Removes trailing space within server configuration (#369) 2018-12-16 19:14:34 +01:00
xiagw
19820e886e Remove OpenVPN log during uninstallation (#339) 2018-10-19 12:10:56 +02:00
angristan
0d19b57e7f Fix iptables-openvpn service on Debian 8 2018-10-08 21:11:52 +02:00
angristan
bca57c483d Fix "ping6" and "ping -6" usage 2018-10-01 21:00:26 +02:00
GoliathLabs
c9c6089cd6 Use ping -6 instead of ping6 (#317) 2018-09-30 21:17:30 +02:00
angristan
043843850e Improve Debian detection
e.g. for Raspbian
2018-09-29 20:15:20 +02:00
Sidd
d2bd051d97 Spelling fixes (#314) 2018-09-28 16:36:00 +02:00
angristan
ef6c2c2a78 Improve -y usage with package managers 2018-09-27 22:23:40 +02:00
angristan
e231c8924a CentOS: Make sure epel-release is installed before openvpn 2018-09-27 22:09:12 +02:00
angristan
9716e868a0 Fix service handling on Ubuntu 16.04 2018-09-27 19:57:01 +02:00
angristan
0648e6a0b7 Fix IPv6 connectivity test 2018-09-27 19:52:52 +02:00
angristan
e4a9851b4f Remove revoked client from ifconfig-pool-persist 2018-09-24 15:24:31 +02:00
angristan
0f117352c7 Remove hardcoded ciphers from Fedora systemd service 2018-09-24 14:33:08 +02:00
angristan
bbea708175 Do not modify package-provided systemd service 2018-09-24 14:26:41 +02:00
angristan
071baf477f Update link, DNS name 2018-09-24 11:45:12 +02:00
angristan
73c52daf84 Add Quad9 uncensored 2018-09-24 11:42:29 +02:00
angristan
1dad1579ad Better code 2018-09-24 11:37:13 +02:00
angristan
8d5d080cc0 Remove plaintext metadata from client certificate 2018-09-24 11:32:43 +02:00
angristan
b0fdb24984 Improve Debian/Ubuntu detection 2018-09-23 22:23:13 +02:00
Jun Hui
c14355a34c Update easy-rsa to 3.0.5 (#301) 2018-09-23 17:09:33 +02:00
angristan
70ebe5620d secp256r1 -> prime256v1 2018-09-23 17:06:15 +02:00
angristan
8e1cf382c3 Fix unset usage 2018-09-23 16:33:59 +02:00
angristan
5a67d3b3e7 Fix regex 2018-09-23 16:30:48 +02:00
GoliathLabs
ecf5f0d623 Add Arch Linux support (#303) 2018-09-23 16:27:36 +02:00
angristan
8de3957afb Disable and stop OpenVPN upon removal 2018-09-23 14:32:24 +02:00
angristan
7f35106687 Fix condition 2018-09-23 14:30:08 +02:00
angristan
09b29ddc9c Fix OS condition 2018-09-23 14:26:28 +02:00
angristan
ef30d3c9df Fix service on Ubuntu 16.04 2018-09-23 14:25:18 +02:00
angristan
e2906fd5e4 Use APT repo for Ubuntu 16.04
Ubuntu 16.04 has OpenVPN 2.3.10
2018-09-23 12:47:52 +02:00
angristan
21f15d9aef Little fixes according to OpenVPN 2.4
Yeah, seconds, really :)
2018-09-23 00:47:18 +02:00
angristan
c2a502be92 Add support for tls-crypt
Choice between tls-auth/tls-crypt
2018-09-22 22:34:10 +02:00
angristan
f716380080 Fixes 2018-09-22 22:33:25 +02:00
angristan
62c89af954 Support ncp-ciphers
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP)
It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
2018-09-22 18:18:36 +02:00
angristan
a85c13e4ec Move setup questions to installQuestions () 2018-09-22 17:59:21 +02:00
angristan
bbdabedbec Add --auth choice (HMAC digest algorithm) 2018-09-22 17:54:30 +02:00
angristan
e0b4a5aae7 Use read -rp 2018-09-22 16:42:48 +02:00
angristan
3a5e23c5c1 Add ECDH support 2018-09-22 16:41:28 +02:00
angristan
cfa5eed6bd Re-add possibility to use a hostname as the endpoint 2018-09-22 16:17:51 +02:00
angristan
db6a253676 Improve tests using regex 2018-09-22 15:23:01 +02:00
angristan
4d1baca0c7 Add ECDSA support and make tls-cipher configurable 2018-09-22 15:17:13 +02:00
angristan
06e7597942 Use AES-128-GCM by default 2018-09-22 14:25:30 +02:00
angristan
c1b069b501 Fix 10a1d04 2018-09-22 14:23:58 +02:00
angristan
7449bfc550 Remove trailing tabs 2018-09-22 14:21:20 +02:00
angristan
11e023b6dc Use 2048 bits RSA key by default 2018-09-22 14:20:57 +02:00
angristan
10a1d04f3b Add AES GCM support 2018-09-22 14:20:20 +02:00
angristan
36af5ec100 Update DH/RSA defaults 2018-09-22 14:19:51 +02:00
angristan
b898a99485 Add compression support
It is disabled by default.
2018-09-22 14:08:42 +02:00
angristan
7ed823cdf2 Remove OpenVPN APT repo during removal 2018-09-22 11:41:31 +02:00
angristan
c96a71c7d6 Fix OpenVPN repo for Debian 8 2018-09-22 11:40:54 +02:00
angristan
80c0b971d6 Improved and safer code
Thanks to shellcheck!
2018-09-21 23:48:11 +02:00
angristan
76607e781c Sorry... 2018-09-21 22:22:09 +02:00
angristan
a0ff4d7cf9 Improve questions for NATed servers 2018-09-21 21:53:39 +02:00
angristan
4144fa9dff Make encryption customization optional
A lot of people don't know much about cryptography.
Since the script already overwrite OpenVPN's default settings, there is no need for most people to modify them.
2018-09-21 17:17:41 +02:00
xiagw
0f67214490 Improve Debian/Ubuntu version checking (#187) 2018-09-20 22:00:16 +02:00
angristan
0a5c3c1401 Rewrite README 2018-09-20 17:16:04 +02:00
Stanislas
e920f7fbc2
Refactoring, cleanup and fixes (#293) 2018-09-20 00:05:02 +02:00
Stanislas
136a46874e
Rework and cleanup systemd service handling (#294)
* Don't hardcode server.conf in systemd service

* Rework and cleanup service handling
2018-09-18 14:55:00 +02:00
angristan
d3974220ef Fix public interface in iptables rules 2018-09-18 12:37:07 +02:00