Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactoring and cleanup

Browse source
This commit is contained in:
angristan 2018-09-20 00:02:14 +02:00
parent 449402382e
commit 6668c54147
1 changed files with 59 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
openvpn-install.sh
View file

@ -71,7 +71,7 @@ function initialCheck () {
checkOS checkOS
} }
function installLocalDNS () { function installUnbound () {
if [[ ! -e /etc/unbound/unbound.conf ]]; then if [[ ! -e /etc/unbound/unbound.conf ]]; then
if [[ "$OS" = "debian" ]]; then if [[ "$OS" = "debian" ]]; then
@ -139,7 +139,7 @@ private-address: ::ffff:0:0/96' > /etc/unbound/openvpn.conf
fi fi
systemctl enable unbound systemctl enable unbound
systemctl start unbound systemctl restart unbound
} }
function installOpenVPN () { function installOpenVPN () {
@ -147,8 +147,8 @@ function installOpenVPN () {
echo "The git repository is available at: https://github.com/angristan/openvpn-install" echo "The git repository is available at: https://github.com/angristan/openvpn-install"
echo "" echo ""
echo "I need to ask you a few questions before starting the setup" echo "I need to ask you a few questions before starting the setup."
echo "You can leave the default options and just press enter if you are ok with them" echo "You can leave the default options and just press enter if you are ok with them."
echo "" echo ""
echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to." echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to."
echo "If your server is running behind a NAT, (e.g. LowEndSpirit, Scaleway) leave the IP address as it is. (local/private IP)" echo "If your server is running behind a NAT, (e.g. LowEndSpirit, Scaleway) leave the IP address as it is. (local/private IP)"
@ -178,7 +178,7 @@ function installOpenVPN () {
echo "" echo ""
# Ask the user if they want to enable IPv6 regardless its availability. # Ask the user if they want to enable IPv6 regardless its availability.
while [[ $IPV6_SUPPORT != "y" && $IPV6_SUPPORT != "n" ]]; do while [[ $IPV6_SUPPORT != "y" && $IPV6_SUPPORT != "n" ]]; do
read -rp "Do you want to enable IPv6 support? [y/n]: " -e -i $SUGGESTION IPV6_SUPPORT read -rp "Do you want to enable IPv6 support (NAT)? [y/n]: " -e -i $SUGGESTION IPV6_SUPPORT
done done
echo "" echo ""
echo "What port do you want OpenVPN to listen to?" echo "What port do you want OpenVPN to listen to?"
@ -412,8 +412,6 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
done done
;; ;;
2) 2)
# Install Unbound
installLocalDNS
echo 'push "dhcp-option DNS 10.8.0.1"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 10.8.0.1"' >> /etc/openvpn/server.conf
;; ;;
3) # Cloudflare 3) # Cloudflare
@ -513,6 +511,10 @@ verb 3" >> /etc/openvpn/server.conf
systemctl enable openvpn@server systemctl enable openvpn@server
fi fi
if [[ $DNS == 2 ]];then
installUnbound
fi
# Add iptables rules in two scripts # Add iptables rules in two scripts
mkdir /etc/iptables mkdir /etc/iptables
@ -703,12 +705,54 @@ function revokeClient () {
echo "Certificate for client $CLIENT revoked." echo "Certificate for client $CLIENT revoked."
} }
function removeUnbound () {
# Remove OpenVPN-related config
sed -i 's|include: \/etc\/unbound\/openvpn.conf||' /etc/unbound/unbound.conf
rm /etc/unbound/openvpn.conf
systemctl restart unbound
until [[ $REMOVE_UNBOUND == "y" || $REMOVE_UNBOUND == "n" ]]; do
echo ""
echo "If you were already using Unbound before installing OpenVPN, I removed the configuration related to OpenVPN."
read -rp "Do you want to completely remove Unbound? [y/n]: " -e REMOVE_UNBOUND
done
if [[ "$REMOVE_UNBOUND" = 'y' ]]; then
# Stop Unbound
systemctl stop unbound
if [[ "$OS" = 'debian' ]]; then
apt-get autoremove --purge -y unbound
elif [[ "$OS" = 'centos' ]]; then
yum remove unbound -y
elif [[ "$OS" = 'fedora' ]]; then
dnf remove unbound -y
fi
rm -rf /etc/unbound/
echo ""
echo "Unbound removed!"
else
echo ""
echo "Unbound wasn't removed."
fi
}
function removeOpenVPN () { function removeOpenVPN () {
echo "" echo ""
read -rp "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE read -rp "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE
if [[ "$REMOVE" = 'y' ]]; then if [[ "$REMOVE" = 'y' ]]; then
# Get OpenVPN port from the configuration
PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2) PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)
# Stop OpenVPN
if [[ "$OS" = 'fedora' ]]; then
systemctl stop openvpn-server@server
else
systemctl stop openvpn@server
fi
# Remove the iptables rules related to the script # Remove the iptables rules related to the script
systemctl stop iptables-openvpn systemctl stop iptables-openvpn
# Cleanup # Cleanup
@ -747,34 +791,7 @@ function removeOpenVPN () {
# Unbound # Unbound
if [[ -e /etc/unbound/openvpn.conf ]]; then if [[ -e /etc/unbound/openvpn.conf ]]; then
# Remove OpenVPN-related config removeUnbound
sed -i 's|include: \/etc\/unbound\/openvpn.conf||' /etc/unbound/unbound.conf
rm /etc/unbound/openvpn.conf
service unbound restart
until [[ $REMOVE_UNBOUND == "y" || $REMOVE_UNBOUND == "n" ]]; do
echo ""
echo "If you were already using Unbound before installing OpenVPN, I removed the configuration related to OpenVPN."
read -rp "Do you want to completely remove Unbound? [y/n]: " -e REMOVE_UNBOUND
done
if [[ "$REMOVE_UNBOUND" = 'y' ]]; then
if [[ "$OS" = 'debian' ]]; then
apt-get autoremove --purge -y unbound
elif [[ "$OS" = 'centos' ]]; then
yum remove unbound -y
elif [[ "$OS" = 'fedora' ]]; then
dnf remove unbound -y
fi
rm -rf /etc/unbound/
echo ""
echo "Unbound removed!"
else
echo ""
echo "Unbound wasn't removed."
fi
fi fi
echo "" echo ""
echo "OpenVPN removed!" echo "OpenVPN removed!"