octoleo/openvpn-install
1
1
Fork 0
mirror of https://github.com/namibia/openvpn-install.git synced 2024-10-31 18:52:33 +00:00
Code Issues Releases Activity
652 Commits 5 Branches 0 Tags 828 KiB
dd9d0aa281
Commit Graph

366 Commits

Author SHA1 Message Date
randomshell
2c9c0ed0c3
Improve sed line deletion (#608) 2020-04-10 11:42:57 +02:00
randomshell
ef5d5faf30
Change = conditional to == (#591) 2020-04-06 14:51:58 +02:00
Henry N
6e8aeb3505
Uninstallation: restart unbound only if not removed (#612) 2020-04-06 14:41:10 +02:00
Henry N
e123635e7c
Add comments to some DNS options in code (#598) 2020-04-02 16:30:50 +02:00
randomshell
7ed9cac8d7
Change Adguard DNS to Anycast (#596) 
See map at https://adguard.com/en/adguard-dns/overview.html
 2020-03-31 23:05:44 +02:00
Henry N
44105eb060 Fix systemd unit issue on Debian 9 (#585) 
On Debian 9 the copy of unit file `/etc/systemd/system/openvpn@.service` has no effect, see #583.
Same problem as #129 and #378, unit can not start on OpenVZ.

It must execute `systemctl enable` before `systemctl restart`.
So the new link to `/etc/systemd/system/openvpn@.service` was created before `systemctl restart`.

Fix https://github.com/angristan/openvpn-install/issues/583
 2020-03-28 15:41:37 +01:00
Henry N
3d075c8708
Print warning about empty public interface (#581) 
Warning, if cannot detect public interface, and give user a choice to continue or abord.
 2020-03-26 21:27:16 +01:00
Henry N
23e533431a
Fix error messag mkdir /etc/iptables (#580) 
Fix this error message:
mkdir: cannot create directory ‘/etc/iptables’: File exists
 2020-03-26 21:24:50 +01:00
Henry N
130659b003
Add explicit-exit-notify for UDP (#579) 
For faster reconnects with UDP is better to send the the explicit-exit-notify to server. With this the server can directly see, that the client will exit.
 2020-03-26 21:24:20 +01:00
Henry N
aab5e7b2ff
Fix getting pulic interface in IPv6 only (#578) 
In a IPv6 only environment, the variable $NIC would be empty and iptables in add-openvpn-rules.sh will fail by missing argument.
 2020-03-26 21:22:22 +01:00
randomshell
6bb87ae716
Install semanage command on CentoOS (#554) 
CentOS has selinux enabled by default but it hasn't the `semanage` command required to run OpenVPN on another port.
'policycoreutils-python*' match `policycoreutils-python' in CentOS 7 and `policycoreutils-python-utils` in Centos 8.
 2020-03-14 20:25:22 +01:00
xPakrikx
3f2ad88cbf
Custom DNS option wrong value fix (#559) 
Custom DNS option wrong value fix
 2020-03-10 10:43:13 +01:00
Stanislas Lange
7a4f9278e7 Add new DNS option: NextDNS 2020-03-03 23:04:18 +01:00
angristan
4b0f47b534 Fix Fedora detection 2020-01-27 18:08:06 +01:00
Stanislas
caa571f768
Fix GitHub action (#515) 2019-11-11 15:37:09 +09:00
Safa Bayar
12ba1a9d9a Add Centos 8 Support (#506) 2019-11-11 15:18:34 +09:00
Stanislas
bc109db04f
Add support for custom DNS input (#470) 
Close #258 #260

Co-authored-by: Sayem Chowdhury <sayem314@gmail.com>
 2019-08-20 21:02:47 +02:00
Stanislas
4080585ab5
Workaround to remove unharmful easy-rsa error (#469) 
Until easy-rsa 3.0.7.

https://github.com/OpenVPN/easy-rsa/issues/261

Fix #454
 2019-08-20 21:02:05 +02:00
Stanislas
04141c6c91
Support Raspbian (#462) 
Fix #382
 2019-08-20 21:01:35 +02:00
angristan
0e3e7f2705 Update sysctl comment 2019-08-20 17:58:51 +02:00
Stanislas
cee02eb803
Fix CentOS detection during install (#468) 
Fix #463
 2019-08-20 13:36:16 +02:00
Stanislas
1acab15a26
Insert iptables rules at the top (#466) 
Fix #346 #465
 2019-08-20 11:55:43 +02:00
Stanislas Lange
f207302334 Revert "Insert iptables rules at the top (#461)" 
This reverts commit de021b67d5.
 2019-08-20 11:20:24 +02:00
Stanislas
de021b67d5
Insert iptables rules at the top (#461) 
Fix #346
 2019-08-20 00:24:01 +02:00
Stanislas
30735c91d8
Add Amazon Linux 2 support (#459) 2019-08-19 23:25:48 +02:00
Stanislas
dea1d6db2b
Add support for lz4-v2 (#444) 
Close #366
 2019-07-05 17:49:31 +02:00
angristan
5844a8440f Add support for Debian 10 
Fix #439
 2019-06-30 23:06:42 +02:00
Kcchouette
73095990eb Fix APT repo for Ubuntu 16.04 (#421) 2019-05-13 18:38:10 +02:00
Stanislas
a0685af1a3
Update mv easy-rsa command 
Maybe fix #420
 2019-05-12 20:59:15 +02:00
Stanislas
066b48bd84
Add support for Ubuntu 19.04 (#416) 2019-04-22 21:59:04 +02:00
Nathan Lopez
3bf72c7df7 Fix Variable Substitution for ENDPOINT (#397) 2019-02-26 22:39:00 +01:00
Stanislas
6e402289bd
Add Vagrantfile for easier testing (#396) 2019-02-25 23:31:18 +01:00
angristan
52d67286de Fix auto-install 2019-02-25 21:54:36 +01:00
Stanislas
7ba776ce7a
Improve automated install (#395) 
#390 follow up, fixes #261
 2019-02-25 21:30:46 +01:00
Cliff Cotino
f023de298d Headless installation (#390) 
Fixes #261
 2019-02-25 20:02:50 +01:00
randomshell
a0027f1b42 Update easy-rsa to 3.0.6 (#393) 2019-02-21 15:59:57 +01:00
Samuel FORESTIER
676e68fe4f Removes trailing space within server configuration (#369) 2018-12-16 19:14:34 +01:00
xiagw
19820e886e Remove OpenVPN log during uninstallation (#339) 2018-10-19 12:10:56 +02:00
angristan
0d19b57e7f Fix iptables-openvpn service on Debian 8 2018-10-08 21:11:52 +02:00
angristan
bca57c483d Fix "ping6" and "ping -6" usage 2018-10-01 21:00:26 +02:00
GoliathLabs
c9c6089cd6 Use ping -6 instead of ping6 (#317) 2018-09-30 21:17:30 +02:00
angristan
043843850e Improve Debian detection 
e.g. for Raspbian
 2018-09-29 20:15:20 +02:00
Sidd
d2bd051d97 Spelling fixes (#314) 2018-09-28 16:36:00 +02:00
angristan
ef6c2c2a78 Improve -y usage with package managers 2018-09-27 22:23:40 +02:00
angristan
e231c8924a CentOS: Make sure epel-release is installed before openvpn 2018-09-27 22:09:12 +02:00
angristan
9716e868a0 Fix service handling on Ubuntu 16.04 2018-09-27 19:57:01 +02:00
angristan
0648e6a0b7 Fix IPv6 connectivity test 2018-09-27 19:52:52 +02:00
angristan
e4a9851b4f Remove revoked client from ifconfig-pool-persist 2018-09-24 15:24:31 +02:00
angristan
0f117352c7 Remove hardcoded ciphers from Fedora systemd service 2018-09-24 14:33:08 +02:00
angristan
bbea708175 Do not modify package-provided systemd service 2018-09-24 14:26:41 +02:00
angristan
071baf477f Update link, DNS name 2018-09-24 11:45:12 +02:00
angristan
73c52daf84 Add Quad9 uncensored 2018-09-24 11:42:29 +02:00
angristan
1dad1579ad Better code 2018-09-24 11:37:13 +02:00
angristan
8d5d080cc0 Remove plaintext metadata from client certificate 2018-09-24 11:32:43 +02:00
angristan
b0fdb24984 Improve Debian/Ubuntu detection 2018-09-23 22:23:13 +02:00
Jun Hui
c14355a34c Update easy-rsa to 3.0.5 (#301) 2018-09-23 17:09:33 +02:00
angristan
70ebe5620d secp256r1 -> prime256v1 2018-09-23 17:06:15 +02:00
angristan
8e1cf382c3 Fix unset usage 2018-09-23 16:33:59 +02:00
angristan
5a67d3b3e7 Fix regex 2018-09-23 16:30:48 +02:00
GoliathLabs
ecf5f0d623 Add Arch Linux support (#303) 2018-09-23 16:27:36 +02:00
angristan
8de3957afb Disable and stop OpenVPN upon removal 2018-09-23 14:32:24 +02:00
angristan
7f35106687 Fix condition 2018-09-23 14:30:08 +02:00
angristan
09b29ddc9c Fix OS condition 2018-09-23 14:26:28 +02:00
angristan
ef30d3c9df Fix service on Ubuntu 16.04 2018-09-23 14:25:18 +02:00
angristan
e2906fd5e4 Use APT repo for Ubuntu 16.04 
Ubuntu 16.04 has OpenVPN 2.3.10
 2018-09-23 12:47:52 +02:00
angristan
21f15d9aef Little fixes according to OpenVPN 2.4 
Yeah, seconds, really :)
 2018-09-23 00:47:18 +02:00
angristan
c2a502be92 Add support for tls-crypt 
Choice between tls-auth/tls-crypt
 2018-09-22 22:34:10 +02:00
angristan
f716380080 Fixes 2018-09-22 22:33:25 +02:00
angristan
62c89af954 Support ncp-ciphers 
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP)
It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
 2018-09-22 18:18:36 +02:00
angristan
a85c13e4ec Move setup questions to installQuestions () 2018-09-22 17:59:21 +02:00
angristan
bbdabedbec Add --auth choice (HMAC digest algorithm) 2018-09-22 17:54:30 +02:00
angristan
e0b4a5aae7 Use read -rp 2018-09-22 16:42:48 +02:00
angristan
3a5e23c5c1 Add ECDH support 2018-09-22 16:41:28 +02:00
angristan
cfa5eed6bd Re-add possibility to use a hostname as the endpoint 2018-09-22 16:17:51 +02:00
angristan
db6a253676 Improve tests using regex 2018-09-22 15:23:01 +02:00
angristan
4d1baca0c7 Add ECDSA support and make tls-cipher configurable 2018-09-22 15:17:13 +02:00
angristan
06e7597942 Use AES-128-GCM by default 2018-09-22 14:25:30 +02:00
angristan
c1b069b501 Fix 10a1d04 2018-09-22 14:23:58 +02:00
angristan
7449bfc550 Remove trailing tabs 2018-09-22 14:21:20 +02:00
angristan
11e023b6dc Use 2048 bits RSA key by default 2018-09-22 14:20:57 +02:00
angristan
10a1d04f3b Add AES GCM support 2018-09-22 14:20:20 +02:00
angristan
36af5ec100 Update DH/RSA defaults 2018-09-22 14:19:51 +02:00
angristan
b898a99485 Add compression support 
It is disabled by default.
 2018-09-22 14:08:42 +02:00
angristan
7ed823cdf2 Remove OpenVPN APT repo during removal 2018-09-22 11:41:31 +02:00
angristan
c96a71c7d6 Fix OpenVPN repo for Debian 8 2018-09-22 11:40:54 +02:00
angristan
80c0b971d6 Improved and safer code 
Thanks to shellcheck!
 2018-09-21 23:48:11 +02:00
angristan
76607e781c Sorry... 2018-09-21 22:22:09 +02:00
angristan
a0ff4d7cf9 Improve questions for NATed servers 2018-09-21 21:53:39 +02:00
angristan
4144fa9dff Make encryption customization optional 
A lot of people don't know much about cryptography.
Since the script already overwrite OpenVPN's default settings, there is no need for most people to modify them.
 2018-09-21 17:17:41 +02:00
xiagw
0f67214490 Improve Debian/Ubuntu version checking (#187) 2018-09-20 22:00:16 +02:00
angristan
0a5c3c1401 Rewrite README 2018-09-20 17:16:04 +02:00
Stanislas
e920f7fbc2
Refactoring, cleanup and fixes (#293) 2018-09-20 00:05:02 +02:00
Stanislas
136a46874e
Rework and cleanup systemd service handling (#294) 
* Don't hardcode server.conf in systemd service

* Rework and cleanup service handling
 2018-09-18 14:55:00 +02:00
angristan
d3974220ef Fix public interface in iptables rules 2018-09-18 12:37:07 +02:00
angristan
974b80dbc1 Remove unused variables 2018-09-17 18:05:51 +02:00
Stanislas
594486c177
Rework iptables handling (#291) 2018-09-17 01:11:30 +02:00
angristan
18b025e831 Improve sysctl config 2018-09-16 22:45:04 +02:00
Stanislas
bfed14544e
Add IPv6 NAT support (#238) 2018-09-16 17:55:50 +02:00
angristan
f6c9a63e38 Drop support for Arch Linux 
Arch Linux isn't very used and is not available on cloud providers. I cannot test it easily so it is a burden to maintain for me
 2018-09-16 01:34:01 +02:00
angristan
8a5de575b7 Drop Debian 7 support 
Debian 7 is EOL and I can't test it on cloud providers anymore
 2018-09-16 01:29:04 +02:00