From 41860dd960c8665f6337bf874d2a47e1ba24c170 Mon Sep 17 00:00:00 2001 From: Luclu7 Date: Sun, 25 Mar 2018 18:21:20 +0200 Subject: [PATCH 01/15] typo (#183) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 47b0699..4a6cdb7 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,7 @@ It also supports SHA1 and MD5, which are unsafe, and all the SHA2 family. I didn ### Data channel's cipher -By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old (1993) an weak alogorithm. What's *funny* is that even the official OpenVPN documentation admits it. +By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old (1993) and weak alogorithm. What's *funny* is that even the official OpenVPN documentation admits it. >The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details. From 56881521426aef75c7940fc9e4b20e5a6dab6f81 Mon Sep 17 00:00:00 2001 From: phjanderson Date: Sun, 1 Apr 2018 19:01:08 +0200 Subject: [PATCH 02/15] Added support for Ubuntu 16.04 on armhf to readme (#191) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4a6cdb7..3d35ed8 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ The script is made to work on these OS and architectures : - **Debian 8** (i386, amd64) - **Debian 9** (i386, amd64, armhf, arm64) - **Ubuntu 14.04 LTS** (i386, amd64) -- **Ubuntu 16.04 LTS** (i386, amd64) +- **Ubuntu 16.04 LTS** (i386, amd64, armhf) - **Ubuntu 17.10** (i386, amd64, armhf, arm64) - **Fedora 25** (amd64) - **Fedora 26** (amd64) From d7e706ac241a90bbaa25fb6e41b73e1c9e737fc1 Mon Sep 17 00:00:00 2001 From: Angristan Date: Sun, 1 Apr 2018 23:12:05 +0200 Subject: [PATCH 03/15] Add Cloudflare resolvers Fixes #193 --- README.md | 1 + openvpn-install.sh | 33 +++++++++++++++++++-------------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 3d35ed8..fbc7869 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,7 @@ The script will ask you which DNS resolvers you want to use when connected to th Here are the possibilities : - Current system resolvers, those that are in `/etc/resolv.conf` +- [Cloudflare](https://1.1.1.1/), recommended, fastest resolvers available (Anycast servers) - [Quad9](https://www.quad9.net), recommended, security and privacy oriented, fast worldwide (Anycast servers) - [FDN's DNS Servers](http://www.fdn.fr/actions/dns/), recommended if you're in western europe (France) - [DNS.WATCH DNS Servers](https://dns.watch/index), recommended if you're in western europe (Germany) diff --git a/openvpn-install.sh b/openvpn-install.sh index 54aacdf..46568ca 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -225,13 +225,14 @@ else echo "" echo "What DNS do you want to use with the VPN?" echo " 1) Current system resolvers (from /etc/resolv.conf)" - echo " 2) Quad9 (Anycast: worldwide)" - echo " 3) FDN (France)" - echo " 4) DNS.WATCH (Germany)" - echo " 5) OpenDNS (Anycast: worldwide)" - echo " 6) Google (Anycast: worldwide)" - echo " 7) Yandex Basic (Russia)" - echo " 8) AdGuard DNS (Russia)" + echo " 2) Cloudflare (Anycast: worldwide)" + echo " 3) Quad9 (Anycast: worldwide)" + echo " 4) FDN (France)" + echo " 5) DNS.WATCH (Germany)" + echo " 6) OpenDNS (Anycast: worldwide)" + echo " 7) Google (Anycast: worldwide)" + echo " 8) Yandex Basic (Russia)" + echo " 9) AdGuard DNS (Russia)" while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" && $DNS != "7" && $DNS != "8" ]]; do read -p "DNS [1-8]: " -e -i 1 DNS done @@ -506,30 +507,34 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf done ;; - 2) #Quad9 + 2) # Cloudflare + echo 'push "dhcp-option DNS 1.0.0.1"' >> /etc/openvpn/server.conf + echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server.conf + ;; + 3) # Quad9 echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf ;; - 3) #FDN + 4) # FDN echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf ;; - 4) #DNS.WATCH + 5) # DNS.WATCH echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf ;; - 5) #OpenDNS + 6) # OpenDNS echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf ;; - 6) #Google + 7) # Google echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf ;; - 7) #Yandex Basic + 8) # Yandex Basic echo 'push "dhcp-option DNS 77.88.8.8"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 77.88.8.1"' >> /etc/openvpn/server.conf ;; - 8) #AdGuard DNS + 9) # AdGuard DNS echo 'push "dhcp-option DNS 176.103.130.130"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 176.103.130.131"' >> /etc/openvpn/server.conf ;; From 853683b0b389903878c2d7e26d5ecf07bdba24d8 Mon Sep 17 00:00:00 2001 From: Angristan Date: Tue, 3 Apr 2018 22:52:42 +0200 Subject: [PATCH 04/15] Add saythanks.io Thanks to @cezar97 (#188) --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index fbc7869..71ead65 100644 --- a/README.md +++ b/README.md @@ -254,6 +254,10 @@ SHA-1 is not safe anymore, so I use SHA-256 which is safe and widely used. TLS-Auth is not enabled by default by OpenVPN, but it is in this script. +## Say thanks + +You can [say thanks](https://saythanks.io/to/Angristan) if you want! + ## Credits & Licence Thanks to the [contributors](https://github.com/Angristan/OpenVPN-install/graphs/contributors) and of course Nyr's orginal work. From 61d89e3ba20af7b4530dde08ebb4a73a6c84f1fe Mon Sep 17 00:00:00 2001 From: cezar97 Date: Tue, 10 Apr 2018 11:06:19 +0200 Subject: [PATCH 05/15] Remove .ovpn on cert revoke or OpenVPN uninstall (#178) --- openvpn-install.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index 46568ca..1b6af00 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -146,6 +146,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then rm -rf /etc/openvpn/crl.pem cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem chmod 644 /etc/openvpn/crl.pem + rm -rf $(find /home -maxdepth 2 | grep $CLIENT.ovpn) 2>/dev/null + rm -rf /root/$CLIENT.ovpn 2>/dev/null echo "" echo "Certificate for client $CLIENT revoked" echo "Exiting..." @@ -188,6 +190,12 @@ if [[ -e /etc/openvpn/server.conf ]]; then else yum remove openvpn -y fi + OVPNS=$(ls /etc/openvpn/easy-rsa/pki/issued | awk -F "." {'print $1'}) + for i in $OVPNS + do + rm $(find /home -maxdepth 2 | grep $i.ovpn) 2>/dev/null + rm /root/$i.ovpn 2>/dev/null + done rm -rf /etc/openvpn rm -rf /usr/share/doc/openvpn* echo "" From 71bb6e8371e0c9b03ace8c88e7e4834808239a11 Mon Sep 17 00:00:00 2001 From: Timofey Vasenin Date: Mon, 7 May 2018 23:50:01 +0700 Subject: [PATCH 06/15] Remove unneeded -r argument from some rm commands Backport the relevant part of: https://github.com/Nyr/openvpn-install/commit/d7173537692df686afa26e74c456aede8bc569f3 --- openvpn-install.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 1b6af00..d0c3215 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -140,14 +140,14 @@ if [[ -e /etc/openvpn/server.conf ]]; then cd /etc/openvpn/easy-rsa/ ./easyrsa --batch revoke $CLIENT EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl - rm -rf pki/reqs/$CLIENT.req - rm -rf pki/private/$CLIENT.key - rm -rf pki/issued/$CLIENT.crt - rm -rf /etc/openvpn/crl.pem + rm -f pki/reqs/$CLIENT.req + rm -f pki/private/$CLIENT.key + rm -f pki/issued/$CLIENT.crt + rm -f /etc/openvpn/crl.pem cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem chmod 644 /etc/openvpn/crl.pem - rm -rf $(find /home -maxdepth 2 | grep $CLIENT.ovpn) 2>/dev/null - rm -rf /root/$CLIENT.ovpn 2>/dev/null + rm -f $(find /home -maxdepth 2 | grep $CLIENT.ovpn) 2>/dev/null + rm -f /root/$CLIENT.ovpn 2>/dev/null echo "" echo "Certificate for client $CLIENT revoked" echo "Exiting..." @@ -470,7 +470,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service mv ~/EasyRSA-3.0.4/ /etc/openvpn/ mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/ chown -R root:root /etc/openvpn/easy-rsa/ - rm -rf ~/EasyRSA-3.0.4.tgz + rm -f ~/EasyRSA-3.0.4.tgz cd /etc/openvpn/easy-rsa/ # Generate a random, alphanumeric identifier of 16 characters for CN and one for server name SERVER_CN="cn_$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" From 2f6821d778779bb38dbb52915752980a7c46cedc Mon Sep 17 00:00:00 2001 From: Stanislas Date: Tue, 8 May 2018 20:53:57 +0200 Subject: [PATCH 07/15] Add support for Ubuntu 18.04 --- README.md | 1 + openvpn-install.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 71ead65..7ffa7b3 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ The script is made to work on these OS and architectures : - **Ubuntu 14.04 LTS** (i386, amd64) - **Ubuntu 16.04 LTS** (i386, amd64, armhf) - **Ubuntu 17.10** (i386, amd64, armhf, arm64) +- **Ubuntu 18.04 LTS** (i386, amd64, armhf, arm64) - **Fedora 25** (amd64) - **Fedora 26** (amd64) - **Fedora 27** (amd64) diff --git a/openvpn-install.sh b/openvpn-install.sh index d0c3215..645da2e 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -25,7 +25,7 @@ if [[ -e /etc/debian_version ]]; then VERSION_ID=$(cat /etc/os-release | grep "VERSION_ID") IPTABLES='/etc/iptables/iptables.rules' SYSCTL='/etc/sysctl.conf' - if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.10"' ]]; then + if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="18.04"' ]]; then echo "Your version of Debian/Ubuntu is not supported." echo "I can't install a recent version of OpenVPN on your system." echo "" From b3fba4fddcd5797cf64237fe66451ef679ca6426 Mon Sep 17 00:00:00 2001 From: Timofey Vasenin Date: Wed, 9 May 2018 02:01:32 +0700 Subject: [PATCH 08/15] [backport] Fix system resolvers option for environments running systemd-resolved (#214) --- openvpn-install.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 645da2e..c960034 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -510,8 +510,15 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf # DNS resolvers case $DNS in 1) + # Locate the proper resolv.conf + # Needed for systems running systemd-resolved + if grep -q "127.0.0.53" "/etc/resolv.conf"; then + RESOLVCONF='/run/systemd/resolve/resolv.conf' + else + RESOLVCONF='/etc/resolv.conf' + fi # Obtain the resolvers from resolv.conf and use them for OpenVPN - grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do + grep -v '#' $RESOLVCONF | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf done ;; From d2a3b3bec673cdb010860e5075e17bf7fb4f1c40 Mon Sep 17 00:00:00 2001 From: Timofey Vasenin Date: Wed, 9 May 2018 02:23:36 +0700 Subject: [PATCH 09/15] Backport improvements of external IP handling (#213) * [backport] Remove IP address detection fallback It was never used, the one-liner is enough. * [backport] Improve NAT detection Cleaner and better: - Not relying in an external service - Avoids a false positive when the server has multiple public IPv4 addresses and the user selects one which is not the default gateway --- openvpn-install.sh | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index c960034..93ca3c5 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -83,13 +83,6 @@ newclient () { echo "" >> $homeDir/$1.ovpn } -# Try to get our IP from the system and fallback to the Internet. -# I do this to make the script compatible with NATed servers (LowEndSpirit/Scaleway) -# and to avoid getting an IPv6. -IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) -if [[ "$IP" = "" ]]; then - IP=$(wget -qO- ipv4.icanhazip.com) -fi # Get Internet network interface with default route NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1) @@ -220,10 +213,18 @@ else echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to." echo "If your server is running behind a NAT, (e.g. LowEndSpirit, Scaleway) leave the IP address as it is. (local/private IP)" echo "Otherwise, it should be your public IPv4 address." + # Autodetect IP address and pre-fill for the user + IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) read -p "IP address: " -e -i $IP IP echo "" echo "What port do you want for OpenVPN?" read -p "Port: " -e -i 1194 PORT + # If $IP is a private IP address, the server must be behind NAT + if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then + echo "" + echo "This server is behind NAT. What is the public IPv4 address or hostname?" + read -p "Public IP address / hostname: " -e PUBLICIP + fi echo "" echo "What protocol do you want for OpenVPN?" echo "Unless UDP is blocked, you should not use TCP (unnecessarily slower)" @@ -661,19 +662,9 @@ verb 3" >> /etc/openvpn/server.conf chkconfig openvpn on fi fi - # Try to detect a NATed connection and ask about it to potential LowEndSpirit/Scaleway users - EXTERNALIP=$(wget -qO- ipv4.icanhazip.com) - if [[ "$IP" != "$EXTERNALIP" ]]; then - echo "" - echo "Looks like your server is behind a NAT!" - echo "" - echo "If your server is NATed (e.g. LowEndSpirit, Scaleway, or behind a router)," - echo "then I need to know the address that can be used to access it from outside." - echo "If that's not the case, just ignore this and leave the next field blank" - read -p "External IP or domain name: " -e USEREXTERNALIP - if [[ "$USEREXTERNALIP" != "" ]]; then - IP=$USEREXTERNALIP - fi + # If the server is behind a NAT, use the correct IP address + if [[ "$PUBLICIP" != "" ]]; then + IP=$PUBLICIP fi # client-template.txt is created so we have a template to add further users later echo "client" > /etc/openvpn/client-template.txt From 6cecc16f0db54b4a81383f5e0a80b67ee244c113 Mon Sep 17 00:00:00 2001 From: Angristan Date: Thu, 10 May 2018 00:29:05 +0200 Subject: [PATCH 10/15] Fixes #217 "Package 'gpg' has no installation candidate" --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 93ca3c5..cc05a99 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -336,7 +336,7 @@ else read -n1 -r -p "Press any key to continue..." if [[ "$OS" = 'debian' ]]; then - apt-get install ca-certificates gpg -y + apt-get install ca-certificates gnupg -y # We add the OpenVPN repo to get the latest version. # Debian 7 if [[ "$VERSION_ID" = 'VERSION_ID="7"' ]]; then From b8f0b44c55861a2805b48f080ac24200648afa35 Mon Sep 17 00:00:00 2001 From: Jebtrix Date: Tue, 29 May 2018 04:18:24 -0400 Subject: [PATCH 11/15] [FIX] Unable to select AdGuard DNS choice (#228) --- openvpn-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index cc05a99..e74d854 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -242,8 +242,8 @@ else echo " 7) Google (Anycast: worldwide)" echo " 8) Yandex Basic (Russia)" echo " 9) AdGuard DNS (Russia)" - while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" && $DNS != "7" && $DNS != "8" ]]; do - read -p "DNS [1-8]: " -e -i 1 DNS + while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" && $DNS != "7" && $DNS != "8" && $DNS != "9" ]]; do + read -p "DNS [1-9]: " -e -i 1 DNS done echo "" echo "See https://github.com/Angristan/OpenVPN-install#encryption to learn more about " From 1be089735be08b02d94e9667d84c6c3331f4d237 Mon Sep 17 00:00:00 2001 From: Vahid Shirvani Date: Tue, 3 Jul 2018 23:10:27 +0200 Subject: [PATCH 12/15] Change the order of cloudflare dns resolver --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index ca4beb1..aec8874 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -725,8 +725,8 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf done ;; 2) # Cloudflare + echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 1.0.0.1"' >> /etc/openvpn/server.conf - echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server.conf ;; 3) # Quad9 echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf From c42b028538b38a4aa8973565e05903fdde0b9a91 Mon Sep 17 00:00:00 2001 From: cezar97 Date: Fri, 6 Jul 2018 01:25:57 +0300 Subject: [PATCH 13/15] Add "Check for DNS leaks" paragraph in README (#242) --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 7ffa7b3..21b1a3f 100644 --- a/README.md +++ b/README.md @@ -255,6 +255,10 @@ SHA-1 is not safe anymore, so I use SHA-256 which is safe and widely used. TLS-Auth is not enabled by default by OpenVPN, but it is in this script. +## Check for DNS leaks + +Go to [dnsleaktest.com](https://dnsleaktest.com/) or [ipleak.net](https://ipleak.net/) with your browser. Only your server's IP should show up. + ## Say thanks You can [say thanks](https://saythanks.io/to/Angristan) if you want! From 63ac18075d07a1c944e9b4e08ba6e01b99c9cf2e Mon Sep 17 00:00:00 2001 From: cezar97 Date: Fri, 6 Jul 2018 23:11:22 +0300 Subject: [PATCH 14/15] Add quad9 secondary DNS (#248) See https://www.quad9.net/faq/#Is_there_a_service_that_Quad9_offers_that_does_not_have_the_blocklist_or_other_security. --- openvpn-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index e74d854..44647c5 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -529,6 +529,7 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf ;; 3) # Quad9 echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf + echo 'push "dhcp-option DNS 149.112.112.112"' >> /etc/openvpn/server.conf ;; 4) # FDN echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf From 7905a726ef7e2ce5d0466811291014d22d5d4b01 Mon Sep 17 00:00:00 2001 From: Vahid Shirvani Date: Thu, 12 Jul 2018 21:25:48 +0200 Subject: [PATCH 15/15] Verified that it works on ubuntu 18.04 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8c75e83..f0a97e2 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ On the client-side, it's less problematic, but if you want to use an OpenVPN ser | Ubuntu 14.04 | ✔️ | ✔️ | ❌ | ❌ | | Ubuntu 16.04 | ✔️ | ✔️ | ❌ | ❌ | | [Ubuntu 17.10](https://github.com/Angristan/OpenVPN-install/issues/125) | ❌ | ❌ | ❌ | ❌ | -| Ubuntu 18.04 | ❔ | ❔️ | ❔ | ❔ | +| Ubuntu 18.04 | ❔ | ✔️️ | ❔ | ❔ | | CentOS 6 | ✔️ | ✔️ | ❔ | ❔ | | CentOS 7 | ✔️ | ✔️ | ✔️ | ❔ | | Fedora 25 | ❔ | ✔️ | ❔ | ❔ |