octoleo/openvpn-install
1
1
Fork 0
mirror of https://github.com/namibia/openvpn-install.git synced 2024-11-18 10:15:11 +00:00
Code Issues Releases Activity
390 Commits 5 Branches 0 Tags 869 KiB
c1b069b501
Commit Graph

239 Commits

Author SHA1 Message Date
Angristan
cffe4bee4a Inverse FDN's DNS servers for DNSSEC 
The .12 does not validate DNSSEC while the .40 does, so I'm putting the .40 first.
 2018-01-27 20:21:28 +01:00
Angristan
edbf48646e
Merge pull request #151 from cezar97/master 
Randomize CN and Server Name and verify Server Name
 2018-01-25 12:24:50 +01:00
Angristan
d19283c46f
Optmize vars 
I'm not removing the PiVPN mention because I don't want to credit them, but to not bloat the script.

Their contribution will be available via git blame + https://github.com/Angristan/OpenVPN-install/pull/151 :)
 2018-01-25 12:23:25 +01:00
Angristan
7c7084238f Update EasyRSA to 3.0.4 
Fixes "./easyrsa: 644: ./easyrsa: [[: not found"
 2018-01-23 12:19:01 +01:00
cezar97
931190dd59
Verify server name to strengthen security 2018-01-18 17:36:31 +01:00
cezar97
4f5f43e503
Randomize CN and server name, fixed #48 
Solution taken from pivpn install script here: https://github.com/pivpn/pivpn/blob/master/auto_install/install.sh.
Repo in https://github.com/pivpn/pivpn.
 2018-01-18 17:19:51 +01:00
Angristan
f681c0bd34
Add Amazon Linux support 
Fixes https://github.com/Angristan/OpenVPN-install/issues/128
 2018-01-11 11:08:35 +01:00
Angristan
bb23ed1227
Merge pull request #139 from Angristan/systemd-openvz-fix 
Fix systemd service on OpenVZ
 2017-12-16 15:29:02 +01:00
Arda
6931364a23 Fedora Support 2017-11-30 22:54:53 +03:00
Angristan
3b8c5d776a
Update DNS list with Quad9 2017-11-29 11:21:33 +01:00
Angristan
6ac1b185fa
Update DNS list with Quad9 2017-11-29 11:17:06 +01:00
Nicolas Duchon
449361007a Add Quad9 DNS 2017-11-29 10:46:58 +01:00
Angristan
1241072bb2
Fix systemd service on OpenVZ 
fix the service on all systemd/ubuntu versions
 2017-11-28 22:14:27 +01:00
Angristan
f47fc795d5 Merge PR #83 : Remove rc.local and use an iptables systemd service 
- Install iptables systemd service for Debian, Ubuntu and CentOS
- Fix iptables install for ArcLinux
- Remove the use rc.local file
- Remove all iptables rules when removing openvpn (cf. #60 )
 2017-11-12 22:56:02 +01:00
Angristan
80fd8678a6 Revert "Merge PR #83 : Remove rc.local and use an iptables systemd service" 
This reverts commit e874013112, reversing
changes made to 998d1e8b13.
 2017-11-12 22:51:54 +01:00
Angristan
e874013112 Merge PR #83 : Remove rc.local and use an iptables systemd service 2017-11-12 22:43:55 +01:00
Angristan
aca3b4a019
Fix the network interface variable 
Fix for https://github.com/Angristan/OpenVPN-install/pull/83#issuecomment-343758329
 2017-11-12 19:54:44 +01:00
Angristan
dcec3f12a4
Disable firewalld to allow iptables to start upon reboot 2017-11-12 18:30:05 +01:00
Angristan
ed17fc074d
Resolve conflicts 
Merge changes from master to resolve conflicts
 2017-11-12 18:07:07 +01:00
Angristan
998d1e8b13
Merge pull request #92 from NathanZepol/master 
Adding auth-nocache option to .ovpn configuration
 2017-11-12 16:04:11 +01:00
Angristan
a7a277e2dc
Remove "local" parameter 
Revert ad3c223385

On some servers, this prevented OpenVPN to start on boot. (Socket bind failed on local address [AF_INET] IP:1194 Cannot assign requested address)
 2017-11-12 15:48:39 +01:00
Angristan
a0821ee5b4 Fix typo 2017-10-17 22:05:11 +02:00
Angristan
dccbe2f71d Add AdGuard DNS 2017-10-09 17:12:46 +02:00
Jelle Dekker
603d6747b9 Extended the expiration date of the certificate revocation list to 10 years. 2017-09-29 16:13:02 -05:00
Nathan
641510984b Adding auth-nocache Option to .ovpn Configuration 2017-08-27 13:59:08 -05:00
Angristan
37d42e25fe Update Easy-RSA to v3.0.3 2017-08-23 10:39:33 +02:00
Angristan
c0ed60e8cf Update openvpn-install.sh 2017-08-22 11:12:42 +02:00
Ola Tuvesson
ad3c223385 Will now set "local" in server.conf to the chosen IP adderess 
If you want to run OpenVPN in UDP mode on an secondary IP, UDP routing will fail unless you explicitly bind OpenVPN to the chosen IP address. This change includes the "local" parameter in the config and sets it to the IP address entered at the beginning.
 2017-08-22 00:39:43 +01:00
Angristan
edbe4fed90 Rename OpenVPN's APT list 2017-08-20 22:38:55 +02:00
Angristan
a3c005c556 Update Debian and Ubuntu repository 
swupdate.openvpn.net hasn't been updated since OpenVPN 2.3.14 whereas build.openvpn.net supports OpenVPN 2.4.x as of today
Fixes https://github.com/Angristan/OpenVPN-install/issues/86
 2017-08-07 16:44:16 +02:00
patlol
58a5282e17 Update openvpn-install.sh 2017-07-22 21:08:06 +02:00
patlol
3c5c87b031 Update openvpn-install.sh 2017-07-22 20:18:46 +02:00
patlol
5787c45a03 Update openvpn-install.sh 2017-07-22 19:40:29 +02:00
patlol
031afd587e fix #8 Client files not beeing created in the right folder when using sudo 2017-07-22 19:30:36 +02:00
DrXala
b5c624eb76 Adjust indents + change iptables.service 2017-07-20 17:12:40 +02:00
DrXala
8f28593112 Fix iptables.service 2017-07-16 16:01:05 +02:00
DrXala
23222fd59f Fix syntax error... 2017-07-16 15:39:14 +02:00
DrXala
d3d7d18ab1 Removing the use of rc.local file 2017-07-16 14:11:29 +02:00
DrXala
1be7733c0b Install iptables systemd service for Debian, Ubuntu and Centos. Fix iptables install for ArchLinux. 2017-07-16 12:55:09 +02:00
Angristan
c703d41795 Fix for Debian 9 on OpenVZ 2017-07-14 17:15:07 +02:00
Angristan
276284458f Fix DNS choice 2017-07-08 13:30:58 +02:00
jackdwyer
d1f665c458 fixes last case statement for SEED-CBC 2017-07-03 14:14:39 -04:00
Angristan
cd01329585 Add support for Debian 9 Stretch 2017-06-26 02:41:40 +02:00
Angristan
e185698445 Use current system resolvers as default 
That makes more sense that putting French servers.

What is in /etc/resolv.conf is not always good, but most of the time it's the hoster's or something nearby. Thus it makes more sense for the user to use them by default.
 2017-06-26 02:37:41 +02:00
Angristan
6800ef35f7 Typo 
It's late.
 2017-06-26 02:20:38 +02:00
Angristan
19fe6626f1 Implements OpenVPN 2.4 changes for Arch Linux (kind of) 
Since OpenVPN 2.4 is out on Arch, the script wasn't working completely because of this : https://www.archlinux.org/news/openvpn-240-update-requires-administrative-interaction/

There is a new path for OpenVPN server config. This is just needed on Arch for now, and you're probably not going to run an OpenVPN client on an OpenVPN server. 

Thus I modified the systemd script to use `/etc/openvpn/` and `server.conf` instead of the new `/etc/openvpn/server/` and `openvpn.conf`.

By using the same paths as the other distros, I avoid to rewrite the entire script to change the paths...

It's not 100% clean, but it works pretty well. If you have any objection please leave a comment.

Also, I updated the new service name.

As far as I tested, it's working fine on Arch Linux for now.

Fixes #63 and #61
 2017-06-26 02:17:14 +02:00
Angristan
ac203dd5ee Fix iptables rules on reboot for some OS 
Thanks a lot to Nyr for the fix : a31aaf82f3

Fixes https://github.com/Angristan/OpenVPN-install/issues/6.

On Ubuntu 17.04, 16.10 and Debian 9, the iptables rules were not applied because of rc.local
 2017-06-25 22:01:05 +02:00
Angristan
10351305e3 Google Compute Engine support 
Merge pull request #57 and close issue #46
 2017-06-25 20:21:36 +02:00
Angristan
8c66c8e684 Fix client revocation 
A client revocation would make crl.pem unreadable and thus blocking any other client to connect.

Fixes https://github.com/Angristan/OpenVPN-install/pull/47, https://github.com/Angristan/OpenVPN-install/issues/25 and https://github.com/Angristan/OpenVPN-install/issues/49.
 2017-06-25 19:58:41 +02:00
Kenneth Zhao
d74318562d adding support for debian 9 stretch 2017-06-25 09:38:52 -07:00
Angristan
a2a3bfc605 Added Yandex Basic DNS resolvers 
https://dns.yandex.com/

Nice for Russia.
 2017-06-23 14:30:57 +02:00
Angristan
d712e15795 Support OpenSSL 1.1.0 DH generation 
Fixes dh.pem gen on Debian 9 and Arch Linux

https://github.com/Angristan/OpenVPN-install/issues/64
https://github.com/Angristan/OpenVPN-install/issues/74

https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#openssl-issues
 2017-06-18 21:12:25 +02:00
Angristan
5d40c041dd More proper remove 
openvpn-blacklist isn't installed with Debian 9.
 2017-06-18 21:07:15 +02:00
Angristan
823ff21fcc Add support for Ubuntu 17.04 2017-05-07 23:56:19 +02:00
DrXala
fa9e5235f9 Close Angristan/OpenVPN-install#46 
This patch is for Angristan/OpenVPN-install#46
 2017-04-23 12:43:33 +02:00
Seeder101
89925cbbe8 Update openvpn-install.sh 
change sould to should and correct adress to address in line 195
 2016-12-11 16:03:40 +03:00
Seeder101
e548a61dcc Update openvpn-install.sh 
change sould to should
 2016-12-11 15:58:06 +03:00
Angristan
316ecfe7f4 Use SHA-256 instead of SHA-384 
Following 693bd13fa7
 2016-12-11 12:11:11 +01:00
Angristan
7a5bb93cbe AES-256 is not necessarily the most secure cipher 
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack

Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
 2016-12-04 17:21:41 +01:00
Angristan
56477bba34 The crypto update 🔐 
- Removed "fast" and "slow" mode (not a good idea, I prefer to give the choice for the parameters directly)
- Corrected some confusion between the cipher for the data channel and the control channel, my bad.
- using TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 by default for the control channel
- using SHA384 by default for HMAC auth and RSA certificate
- giving the choice for the cipher of the data channel, the size of the DH key and the RSA Key

I will explain all my choices here : https://github.com/Angristan/OpenVPN-install#encryption (likely tomorrow)
 2016-11-28 22:13:32 +01:00
Angristan
c03a55f11f Making sure a correct DNS option is selected 2016-11-27 14:31:25 +01:00
TheKinrar
f76db9f589 Merge branch 'master' of https://github.com/TheKinrar/OpenVPN-install into TheKinrar-master 2016-11-26 16:13:02 +01:00
TheKinrar
f3ff29d6c7 rc.local fix 2016-11-25 18:25:37 +01:00
Angristan
17a9d76ae9 Remove ufw and MASQUERADE support 
Not useful, badly implemented.
 2016-11-25 00:59:03 +01:00
Angristan
218e474f85 Add logs 
Can be useful.
 2016-11-24 23:34:15 +01:00
Angristan
98ca79a9de Move rc.local and sysctl installation after the confirmation 2016-11-24 20:28:49 +01:00
TheKinrar
358e80b5a6 sysctl fix, again. 2016-11-24 19:37:45 +01:00
TheKinrar
cc657fa459 Fixed rc.local and sysctl.conf files on ArchLinux 2016-11-24 18:07:23 +01:00
TheKinrar
9b261809eb Automatically enable and start iptables on ArchLinux. 2016-11-22 19:55:17 +01:00
TheKinrar
6e2b5cb439 Added ArchLinux support. 2016-11-21 20:59:00 +01:00
Angristan
80dbca6e63 Add TCP support 
There is now the choice to use TCP or UDP for OpenVPN protocol. You should always use UDP, but TCP can be useful sometimes : on lossy networks or to bypass some blockage
 2016-11-21 19:57:52 +01:00
Angristan
662fe26f5b I don't know why it wasn't like this from the beginning 2016-11-20 23:09:42 +01:00
Angristan
552709059e Fix my previous commit 
My bad.
 2016-11-20 22:50:51 +01:00
Angristan
a09ef4868a The user can choose to continue the installer even if its OS is not supported 
At its own risk of course. But usefull if using Ubuntu beta or Debian unstable/testing
 2016-11-20 22:47:23 +01:00
Angristan
903270be4b Remove OpenNIC servers 
Not consistant and can't really be trusted
 2016-11-20 15:01:42 +01:00
Angristan
b0f271bc5f Specify the location of the DNS servers 2016-11-20 14:52:47 +01:00
Angristan
3f58eb781c Some cleanup 2016-11-20 14:22:08 +01:00
Angristan
7295627e67 Removing support for Ubuntu 15.10 
Ubuntu 15.10 is not supported anymore since july 2016 : not safe to use it now
 2016-10-20 14:33:16 +02:00
Angristan
fce638b552 Add support for Ubuntu 16.10 Yakketi Yak 2016-10-13 22:55:04 +02:00
Angristan
2c9701d477 Better way to enable IP forwarding 
791c54786c
 2016-10-04 17:34:11 +02:00
Angristan
aefb516958 Changed iptables to not lookup hosts 
56f079289e
 2016-10-04 17:31:35 +02:00
Kcchouette
87a191f8a1 Update openvpn-install.sh 2016-09-07 17:41:57 +02:00
Angristan
c8eed87ebd Fix UFW error 2016-08-18 18:52:58 +02:00
Super-Baleine
a14809e7c3 delete read 2016-07-12 11:07:08 +02:00
Super-Baleine
72ca23e880 let the choice 
because it's more clean

enhancement
 2016-07-12 00:09:39 +02:00
Kcchouette
8550d3474c fix the dns case error 2016-07-07 13:45:14 +02:00
Angristan
52f4e471bb Add DNS.WATCH DNS resolvers 2016-06-11 00:32:08 +02:00
jtbr
52cae76873 fix typo 2016-06-10 14:36:22 +02:00
jtbr
b93a3369fb Avoid inline comments in /etc/default/ufw; place pre-openvpn settings on new line 2016-06-10 14:33:26 +02:00
jtbr
eff3b83fe3 Support old clients that might not recognize blocking 2016-06-03 13:09:00 +02:00
jtbr
4a07541953 uninstall new firewalld rules 2016-05-17 05:55:27 +02:00
jtbr
a420a6cbcd add firewalld configuration for masquerading and reorganize to ensure firewalld command ordering is safe 2016-05-17 05:44:47 +02:00
jtbr
4f8cad83cf add ufw rule to allow traffic on chosen udp port 2016-05-17 05:29:31 +02:00
jtbr
e2b9f116d4 Add setup for ufw firewall when using MASQUERADE 2016-05-17 05:04:23 +02:00
jtbr
ff7a7a5c3d Prevent DNS leaks on windows (v2.3.9+, ignored on other platforms) 2016-05-17 05:03:26 +02:00
jtbr
b910dbb9ec clarify that the external address can be either an IP or a domain name 2016-05-10 22:50:58 +00:00
jtbr
3c8a6a0469 Merge branch 'master' of https://github.com/jtbr/OpenVPN-install 
Conflicts:
	README.md
	openvpn-install.sh
 2016-05-10 22:34:51 +00:00
jtbr
ecf2a3ed81 Undo TLS-CIPHER changes in f376ce91 in deference to harvester57's pull request 2016-05-10 22:30:38 +00:00
jtbr
2d39183284 Revert "my personal preferences, and limit 3 simultaneous clients" 
This reverts commit 804c7aa9ed.
 2016-05-10 22:30:38 +00:00
jtbr
de648aaa83 my personal preferences, and limit 3 simultaneous clients 2016-05-10 22:30:38 +00:00