This set of changes adjusts the script so that you can run it multiple times with the same input and not have any unexpected changes. This makes it appropriate for "enforcing state", as required by automated provisioners like Puppet, Salt, Chef, or Ansible.
- Unbound, OpenVPN, easy-rsa, and other dependencies are only installed from upstream if they are not already present. This prevents multiple runs of the script from causing unexpected version upgrades.
- The easy-rsa system is put in a folder called "easy-rsa-auto" so it can't conflict with the "easy-rsa" folder from some older OpenVPN packages
- The easy-rsa CA is only initialized once
- SERVER_CN and SERVER_NAME are randomly generated once and saved for future reference
- File append ('>>') is only done strictly after a file is created with '>' (e.g. /etc/sysctl.d/20-openvpn.conf)
- Clients are only added to easy-rsa once
- If AUTO_INSTALL == y, then the script operates in install mode and doesn't enter manageMenu
On Debian 9 the copy of unit file `/etc/systemd/system/openvpn@.service` has no effect, see #583.
Same problem as #129 and #378, unit can not start on OpenVZ.
It must execute `systemctl enable` before `systemctl restart`.
So the new link to `/etc/systemd/system/openvpn@.service` was created before `systemctl restart`.
Fix https://github.com/angristan/openvpn-install/issues/583
For faster reconnects with UDP is better to send the the explicit-exit-notify to server. With this the server can directly see, that the client will exit.
CentOS has selinux enabled by default but it hasn't the `semanage` command required to run OpenVPN on another port.
'policycoreutils-python*' match `policycoreutils-python' in CentOS 7 and `policycoreutils-python-utils` in Centos 8.
