Update openvpndialog.sh
function InstallOpenVpnManual () done will continue next part tommorow
This commit is contained in:
Techroy23
GitHub
parent
d0fb8f6911
commit
78527a389b
1 changed files with 216 additions and 33 deletions
187
openvpndialog.sh
187
openvpndialog.sh
|
|
@ -1318,12 +1318,195 @@ dialog --title "STEP (4 out of N)" \
|
|||
9) DNS="9";;
|
||||
10) DNS="10";;
|
||||
11) DNS="11";;
|
||||
12) DNS="12";;
|
||||
esac
|
||||
|
||||
dialog --title "STEP (5 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Do you want to use compression? It is not recommended since the VORACLE attack make use of it" 16 60 51 \
|
||||
"1" "YES" \
|
||||
"2" "NO" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) COMP="YES";;
|
||||
2) COMP="NO";;
|
||||
esac
|
||||
if [[ $COMP == "YES" ]];then
|
||||
dialog --title "STEP (5 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose which compression algorithm you want to use: (they are ordered by efficiency)" 16 60 51 \
|
||||
"1" "lz4-v2" \
|
||||
"2" "lz4" \
|
||||
"3" "lzo" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) COMP="lz4-v2";;
|
||||
2) COMP="lz4";;
|
||||
3) COMP="lzo";;
|
||||
esac
|
||||
fi
|
||||
|
||||
dialog --title "STEP (6 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose which cipher you want to use for the data channel:" 16 60 51 \
|
||||
"1" "AES-128-GCM" \
|
||||
"2" "AES-192-GCM" \
|
||||
"3" "AES-256-GCM" \
|
||||
"4" "AES-128-CBC" \
|
||||
"5" "AES-192-CBC" \
|
||||
"6" "AES-256-CBC" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) CIPHER="AES-128-GCM";;
|
||||
2) CIPHER="AES-192-GCM";;
|
||||
3) CIPHER="AES-256-GCM";;
|
||||
4) CIPHER="AES-128-CBC";;
|
||||
5) CIPHER="AES-192-CBC";;
|
||||
6) CIPHER="AES-256-CBC";;
|
||||
esac
|
||||
|
||||
dialog --title "STEP (7 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose what kind of certificate you want to use:" 16 60 51 \
|
||||
"1" "ECDSA" \
|
||||
"2" "RSA" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) CERT_TYPE="ECDSA";;
|
||||
2) CERT_TYPE="RSA";;
|
||||
esac
|
||||
if [[ $CERT_TYPE = "ECDSA" ]];then
|
||||
dialog --title "STEP (7 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose which curve you want to use for the certificate's key:" 16 60 51 \
|
||||
"1" "prime256v1" \
|
||||
"2" "secp384r1" \
|
||||
"3" "secp521r1" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) CERT_CURVE_CHOICE="prime256v1";;
|
||||
2) CERT_CURVE_CHOICE="secp384r1";;
|
||||
3) CERT_CURVE_CHOICE="secp521r1";;
|
||||
esac
|
||||
else
|
||||
dialog --title "STEP (7 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose which size you want to use for the certificate's RSA key:" 16 60 51 \
|
||||
"1" "2048 bits" \
|
||||
"2" "3072 bits" \
|
||||
"3" "4096 bits" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) RSA_KEY_SIZE="2048";;
|
||||
2) RSA_KEY_SIZE="3072";;
|
||||
3) RSA_KEY_SIZE="4096";;
|
||||
esac
|
||||
fi
|
||||
|
||||
if [[ $CERT_TYPE = "ECDSA" ]];then
|
||||
dialog --title "STEP (8 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose which cipher you want to use for the control channel:" 16 60 51 \
|
||||
"1" "ECDHE-ECDSA-AES-128-GCM-SHA256" \
|
||||
"2" "ECDHE-ECDSA-AES-256-GCM-SHA384" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256";;
|
||||
2) CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384";;
|
||||
esac
|
||||
else
|
||||
dialog --title "STEP (8 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose which cipher you want to use for the control channel:" 16 60 51 \
|
||||
"1" "ECDHE-RSA-AES-128-GCM-SHA256" \
|
||||
"2" "ECDHE-RSA-AES-256-GCM-SHA384" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256";;
|
||||
2) CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384";;
|
||||
esac
|
||||
fi
|
||||
|
||||
dialog --title "STEP (9 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose what kind of Diffie-Hellman key you want to use:" 16 60 51 \
|
||||
"1" "ECDH" \
|
||||
"2" "DH" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) DH_TYPE="ECDH";;
|
||||
2) DH_TYPE="DH";;
|
||||
esac
|
||||
if [[ $DH_TYPE == ECDH ]]; then
|
||||
dialog --title "STEP (9 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose which curve you want to use for the ECDH key:" 16 60 51 \
|
||||
"1" "prime256v1" \
|
||||
"2" "secp384r1" \
|
||||
"3" "secp521r1" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) DH_CURVE="prime256v1";;
|
||||
2) DH_CURVE="secp384r1";;
|
||||
3) DH_CURVE="secp521r1";;
|
||||
esac
|
||||
else
|
||||
dialog --title "STEP (9 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Choose what size of Diffie-Hellman key you want to use:" 16 60 51 \
|
||||
"1" "2048 bits" \
|
||||
"2" "3072 bits" \
|
||||
"3" "4096 bits" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) DH_KEY_SIZE="2048";;
|
||||
2) DH_KEY_SIZE="3072";;
|
||||
3) DH_KEY_SIZE="4096";;
|
||||
esac
|
||||
fi
|
||||
|
||||
dialog --title "STEP (10 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "Which digest algorithm do you want to use for HMAC?" 16 60 51 \
|
||||
"1" "SHA-256" \
|
||||
"2" "SHA-384" \
|
||||
"3" "SHA-512" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) HMAC_ALG="SHA256";;
|
||||
2) HMAC_ALG="SHA384";;
|
||||
3) HMAC_ALG="SHA512";;
|
||||
esac
|
||||
|
||||
dialog --title "STEP (10 out of N)" \
|
||||
--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
|
||||
--menu "You can add an additional layer of security to the control channel with tls-auth and tls-crypt \n tls-auth authenticates the packets, while tls-crypt authenticate and encrypt them." 16 60 51 \
|
||||
"1" "tls-crypt" \
|
||||
"2" "tls-auth" 2> "${OUTPUT}"
|
||||
menuitem=$(<"${OUTPUT}")
|
||||
case $menuitem in
|
||||
1) TLS_SIG="1";;
|
||||
2) TLS_SIG="2";;
|
||||
esac
|
||||
|
||||
echo "IP/PORT : " $IP:$PORT
|
||||
echo "PROTOCL : " $PROTOCOL
|
||||
echo "DNS : " $DNS
|
||||
echo "COMPRESSION : " $COMP
|
||||
echo "CIPHER : " $CIPHER
|
||||
echo "CERT TYPE : " $CERT_TYPE
|
||||
echo "CERT CURVE CHOICE : " $CERT_CURVE_CHOICE
|
||||
echo "RSA_KEY_SIZE : " $RSA_KEY_SIZE
|
||||
echo "CC_CIPHER : " $CC_CIPHER
|
||||
echo "DH_TYPE : " $DH_TYPE
|
||||
echo "DH_CURVE : " $DH_CURVE
|
||||
echo "DH_KEY_SIZE : " $DH_KEY_SIZE
|
||||
echo "HMAC_ALG : " $HMAC_ALG
|
||||
echo "TLS_SIG : " $TLS_SIG
|
||||
|
||||
# MANUAL DONE
|
||||
|
||||
echo $IP:$PORT - $PROTOCOL - $DNS -
|
||||
exit 1
|
||||
|
||||
}
|
||||
|
||||
function UnInstall_2 () {
|
||||
|
|
|
|||
Loading…
Reference in a new issue