Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge d4c8e96ef7 into 29d4dc20f8

Browse source
This commit is contained in:
Ufuk Tan 2021-03-04 23:41:01 +01:00 committed by GitHub
commit 69101234c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
openvpn-install.sh
View file

@ -4,6 +4,19 @@
# Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Amazon Linux 2, Fedora and Arch Linux
# https://github.com/angristan/openvpn-install
function apt_get_with_retry() {
attempts=0
until apt-get $@; do
attempts=$((attempts + 1))
if [[ $attempts -gt 10 ]]; then
echo "apt-get is busy right now, please try again later"
exit 1
fi
echo "Failed to run apt-get, trying again..."
sleep 1
done
}
function isRoot() {
if [ "$EUID" -ne 0 ]; then
return 1
@ -100,8 +113,7 @@ function installUnbound() {
if [[ ! -e /etc/unbound/unbound.conf ]]; then
if [[ $OS =~ (debian|ubuntu) ]]; then
apt-get install -y unbound
apt_get_with_retry install -y unbound
# Configuration
echo 'interface: 10.8.0.1
access-control: 10.8.0.1/24 allow
@ -229,7 +241,7 @@ function installQuestions() {
if [[ $APPROVE_IP =~ n ]]; then
read -rp "IP address: " -e -i "$IP" IP
fi
# If $IP is a private IP address, the server must be behind NAT
# If $IP is a private IP address, the server must be behind NAT
if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
echo ""
echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?"
@ -652,16 +664,16 @@ function installOpenVPN() {
# the first time.
if [[ ! -e /etc/openvpn/server.conf ]]; then
if [[ $OS =~ (debian|ubuntu) ]]; then
apt-get update
apt-get -y install ca-certificates gnupg
apt_get_with_retry update
apt_get_with_retry -y install ca-certificates gnupg
# We add the OpenVPN repo to get the latest version.
if [[ $VERSION_ID == "16.04" ]]; then
echo "deb http://build.openvpn.net/debian/openvpn/stable xenial main" >/etc/apt/sources.list.d/openvpn.list
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
apt-get update
apt_get_with_retry update
fi
# Ubuntu > 16.04 and Debian > 8 have OpenVPN >= 2.4 without the need of a third party repository.
apt-get install -y openvpn iptables openssl wget ca-certificates curl
apt_get_with_retry install -y openvpn iptables openssl wget ca-certificates curl
elif [[ $OS == 'centos' ]]; then
yum install -y epel-release
yum install -y openvpn iptables openssl wget ca-certificates curl tar 'policycoreutils-python*'
@ -1186,7 +1198,7 @@ function removeUnbound() {
systemctl stop unbound
if [[ $OS =~ (debian|ubuntu) ]]; then
apt-get autoremove --purge -y unbound
apt_get_with_retry autoremove --purge -y unbound
elif [[ $OS == 'arch' ]]; then
pacman --noconfirm -R unbound
elif [[ $OS =~ (centos|amzn) ]]; then
@ -1249,10 +1261,10 @@ function removeOpenVPN() {
fi
if [[ $OS =~ (debian|ubuntu) ]]; then
apt-get autoremove --purge -y openvpn
apt_get_with_retry autoremove --purge -y openvpn
if [[ -e /etc/apt/sources.list.d/openvpn.list ]]; then
rm /etc/apt/sources.list.d/openvpn.list
apt-get update
apt_get_with_retry update
fi
elif [[ $OS == 'arch' ]]; then
pacman --noconfirm -R openvpn