Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improvements

Browse source
This commit is contained in:
angristan 2018-09-15 21:15:00 +02:00
parent cee3978fe2
commit 56bf67a2e4
1 changed files with 41 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
openvpn-install.sh
View file

@ -134,14 +134,14 @@ prefetch: yes' >> /etc/unbound/unbound.conf
pacman -Syu unbound expat pacman -Syu unbound expat
#Permissions for the DNSSEC keys #Permissions for the DNSSEC keys
chown root:unbound /etc/unbound chown root:unbound /etc/unbound
chmod 775 /etc/unbound chmod 775 /etc/unbound
# Get root servers list # Get root servers list
wget https://www.internic.net/domain/named.root -O /etc/unbound/root.hints wget https://www.internic.net/domain/named.root -O /etc/unbound/root.hints
# Configuration # Configuration
mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
echo 'server: echo 'server:
root-hints: root.hints root-hints: root.hints
auto-trust-anchor-file: trusted-key.key auto-trust-anchor-file: trusted-key.key
@ -174,32 +174,28 @@ private-address: ::ffff:0:0/96" >> /etc/unbound/unbound.conf
# Restart the service # Restart the service
systemctl restart unbound systemctl restart unbound
else else
echo "" # Unbound is already installed
echo "Unbound is already installed." echo 'include: /etc/unbound/openvpn.conf' >> /etc/unbound/unbound.conf
echo "You can allow the script to configure it in order to use it from your OpenVPN clients"
echo "We will simply add a second server to /etc/unbound/unbound.conf for the OpenVPN subnet."
echo "No changes are made to the current configuration."
echo ""
while [[ $CONTINUE != "y" && $CONTINUE != "n" ]]; do # Add OpenVPN integration
read -rp "Apply configuration changes? [y/n]: " -e CONTINUE echo 'server:
done interface: 10.8.0.1
access-control: 10.8.0.1/24 allow
hide-identity: yes
hide-version: yes
use-caps-for-id: yes
prefetch: yes
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
private-address: 127.0.0.0/8
private-address: ::ffff:0:0/96' >> /etc/unbound/openvpn.conf
if [[ $CONTINUE = "y" ]]; then # Restart the service
systemctl restart unbound
echo 'include: /etc/unbound/openvpn.conf' >> /etc/unbound/unbound.conf
# Add OpenVPN integration
echo 'server:
interface: 10.8.0.1
access-control: 10.8.0.1/24 allow' >> /etc/unbound/openvpn.conf
# Restart the service
systemctl restart unbound
else
echo "OpenVPN clients will be configured to use 10.8.0.1 as DNS resolver."
echo "You need to manually configure Unbound to listen on this interface and accept connections from the subnet."
fi
fi fi
} }
@ -445,6 +441,21 @@ else
echo " 10) AdGuard DNS (Russia)" echo " 10) AdGuard DNS (Russia)"
until [[ "$DNS" =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 -a "$DNS" -le 10 ]; do until [[ "$DNS" =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 -a "$DNS" -le 10 ]; do
read -rp "DNS [1-10]: " -e -i 1 DNS read -rp "DNS [1-10]: " -e -i 1 DNS
if [[ $DNS == 2 ]] && [[ ! -e /etc/unbound/unbound.conf ]]; then
echo ""
echo "Unbound is already installed."
echo "You can allow the script to configure it in order to use it from your OpenVPN clients"
echo "We will simply add a second server to /etc/unbound/unbound.conf for the OpenVPN subnet."
echo "No changes are made to the current configuration."
echo ""
while [[ $CONTINUE != "y" && $CONTINUE != "n" ]]; do
read -rp "Apply configuration changes to Unbound? [y/n]: " -e CONTINUE
done
if [[ $CONTINUE = "n" ]];then
DNS=""
fi
fi
done done
echo "" echo ""
echo "See https://github.com/Angristan/OpenVPN-install#encryption to learn more about " echo "See https://github.com/Angristan/OpenVPN-install#encryption to learn more about "