Update openvpndialog.sh

function InstallOpenVpnManual () done will continue next part tommorow
2019-08-15 08:33:08 +08:00 · 2019-08-15 08:33:08 +08:00 · 78527a389b
commit 78527a389b
parent d0fb8f6911
1 changed files with 216 additions and 33 deletions
--- a/openvpndialog.sh
+++ b/openvpndialog.sh
@ -1282,7 +1282,7 @@ PORT=$(<$OUTPUT)

 dialog --title "STEP (3 out of N)" \
 --backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
-        --menu "What protocol do you want OpenVPN to use?" 16 60 51 \
+--menu "What protocol do you want OpenVPN to use?" 16 60 51 \
    "1" "UDP" \
    "2" "TCP" 2> "${OUTPUT}"	
 	menuitem=$(<"${OUTPUT}")
@ -1293,7 +1293,7 @@ dialog --title "STEP (3 out of N)" \

 dialog --title "STEP (4 out of N)" \
 --backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
-        --menu "What DNS resolvers do you want to use with the VPN?" 16 60 51 \
+--menu "What DNS resolvers do you want to use with the VPN?" 16 60 51 \
 	"1" "Current system resolvers (from /etc/resolv.conf)" \
 	"2" "Self-hosted DNS Resolver (Unbound)" \
 	"3" "Cloudflare (Anycast: worldwide)" \
@ -1318,12 +1318,195 @@ dialog --title "STEP (4 out of N)" \
 		9)		DNS="9";;
 		10)		DNS="10";;
 		11)		DNS="11";;
-			12)		DNS="12";;
 		esac

+dialog --title "STEP (5 out of N)" \
+--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+--menu "Do you want to use compression? It is not recommended since the VORACLE attack make use of it" 16 60 51 \
+    "1" "YES" \
+    "2" "NO" 2> "${OUTPUT}"	
+	menuitem=$(<"${OUTPUT}")
+		case $menuitem in
+		1)		COMP="YES";;
+		2)		COMP="NO";;
+		esac
+	if [[ $COMP == "YES" ]];then			
+		dialog --title "STEP (5 out of N)" \
+		--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+        --menu "Choose which compression algorithm you want to use: (they are ordered by efficiency)" 16 60 51 \
+        "1" "lz4-v2" \
+        "2" "lz4" \
+		"3" "lzo" 2> "${OUTPUT}"
+		menuitem=$(<"${OUTPUT}")
+			case $menuitem in
+			1)		COMP="lz4-v2";;
+			2)		COMP="lz4";;
+			3)		COMP="lzo";;
+			esac
+	fi
+	
+dialog --title "STEP (6 out of N)" \
+--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+--menu "Choose which cipher you want to use for the data channel:" 16 60 51 \
+	"1" "AES-128-GCM" \
+	"2" "AES-192-GCM" \
+	"3" "AES-256-GCM" \
+	"4" "AES-128-CBC" \
+	"5" "AES-192-CBC" \
+	"6" "AES-256-CBC" 2> "${OUTPUT}"
+	menuitem=$(<"${OUTPUT}")
+		case $menuitem in
+		1)		CIPHER="AES-128-GCM";;
+		2)		CIPHER="AES-192-GCM";;
+		3)		CIPHER="AES-256-GCM";;
+		4)		CIPHER="AES-128-CBC";;
+		5)		CIPHER="AES-192-CBC";;
+		6)		CIPHER="AES-256-CBC";;
+		esac
+			
+dialog --title "STEP (7 out of N)" \
+--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+--menu "Choose what kind of certificate you want to use:" 16 60 51 \
+    "1" "ECDSA" \
+    "2" "RSA" 2> "${OUTPUT}"	
+	menuitem=$(<"${OUTPUT}")
+		case $menuitem in
+		1)		CERT_TYPE="ECDSA";;
+		2)		CERT_TYPE="RSA";;
+		esac
+	if [[ $CERT_TYPE = "ECDSA" ]];then
+		dialog --title "STEP (7 out of N)" \
+		--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+        --menu "Choose which curve you want to use for the certificate's key:" 16 60 51 \
+        "1" "prime256v1" \
+		"2" "secp384r1" \
+        "3" "secp521r1" 2> "${OUTPUT}"	
+		menuitem=$(<"${OUTPUT}")
+			case $menuitem in
+			1)		CERT_CURVE_CHOICE="prime256v1";;
+			2)		CERT_CURVE_CHOICE="secp384r1";;
+			3)		CERT_CURVE_CHOICE="secp521r1";;
+			esac
+	else
+		dialog --title "STEP (7 out of N)" \
+		--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+        --menu "Choose which size you want to use for the certificate's RSA key:" 16 60 51 \
+        "1" "2048 bits" \
+		"2" "3072 bits" \
+        "3" "4096 bits" 2> "${OUTPUT}"	
+		menuitem=$(<"${OUTPUT}")
+			case $menuitem in
+			1)		RSA_KEY_SIZE="2048";;
+			2)		RSA_KEY_SIZE="3072";;
+			3)		RSA_KEY_SIZE="4096";;
+			esac
+	fi
+
+if [[ $CERT_TYPE = "ECDSA" ]];then
+dialog --title "STEP (8 out of N)" \
+--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+--menu "Choose which cipher you want to use for the control channel:" 16 60 51 \
+    "1" "ECDHE-ECDSA-AES-128-GCM-SHA256" \
+    "2" "ECDHE-ECDSA-AES-256-GCM-SHA384" 2> "${OUTPUT}"	
+	menuitem=$(<"${OUTPUT}")
+		case $menuitem in
+		1)		CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256";;
+		2)		CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384";;
+		esac
+else
+dialog --title "STEP (8 out of N)" \
+--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+--menu "Choose which cipher you want to use for the control channel:" 16 60 51 \
+    "1" "ECDHE-RSA-AES-128-GCM-SHA256" \
+    "2" "ECDHE-RSA-AES-256-GCM-SHA384" 2> "${OUTPUT}"	
+	menuitem=$(<"${OUTPUT}")
+		case $menuitem in
+		1)		CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256";;
+		2)		CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384";;
+		esac
+fi
+
+dialog --title "STEP (9 out of N)" \
+--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+--menu "Choose what kind of Diffie-Hellman key you want to use:" 16 60 51 \
+    "1" "ECDH" \
+    "2" "DH" 2> "${OUTPUT}"	
+	menuitem=$(<"${OUTPUT}")
+		case $menuitem in
+		1)		DH_TYPE="ECDH";;
+		2)		DH_TYPE="DH";;
+		esac
+	if [[ $DH_TYPE == ECDH ]]; then
+		dialog --title "STEP (9 out of N)" \
+		--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+		--menu "Choose which curve you want to use for the ECDH key:" 16 60 51 \
+		"1" "prime256v1" \
+		"2" "secp384r1" \
+		"3" "secp521r1" 2> "${OUTPUT}"	
+		menuitem=$(<"${OUTPUT}")
+			case $menuitem in
+			1)		DH_CURVE="prime256v1";;
+			2)		DH_CURVE="secp384r1";;
+			3)		DH_CURVE="secp521r1";;
+			esac
+	else
+		dialog --title "STEP (9 out of N)" \
+		--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+		--menu "Choose what size of Diffie-Hellman key you want to use:" 16 60 51 \
+        "1" "2048 bits" \
+		"2" "3072 bits" \
+        "3" "4096 bits" 2> "${OUTPUT}"	
+		menuitem=$(<"${OUTPUT}")
+			case $menuitem in
+			1)		DH_KEY_SIZE="2048";;
+			2)		DH_KEY_SIZE="3072";;
+			3)		DH_KEY_SIZE="4096";;
+			esac
+	fi
+
+dialog --title "STEP (10 out of N)" \
+		--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+		--menu "Which digest algorithm do you want to use for HMAC?" 16 60 51 \
+        "1" "SHA-256" \
+		"2" "SHA-384" \
+        "3" "SHA-512" 2> "${OUTPUT}"	
+		menuitem=$(<"${OUTPUT}")
+			case $menuitem in
+			1)		HMAC_ALG="SHA256";;
+			2)		HMAC_ALG="SHA384";;
+			3)		HMAC_ALG="SHA512";;
+			esac
+
+dialog --title "STEP (10 out of N)" \
+		--backtitle "Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux" \
+		--menu "You can add an additional layer of security to the control channel with tls-auth and tls-crypt \n tls-auth authenticates the packets, while tls-crypt authenticate and encrypt them." 16 60 51 \
+        "1" "tls-crypt" \
+		"2" "tls-auth" 2> "${OUTPUT}"	
+		menuitem=$(<"${OUTPUT}")
+			case $menuitem in
+			1)		TLS_SIG="1";;
+			2)		TLS_SIG="2";;
+			esac
+
+echo "IP/PORT : " $IP:$PORT
+echo "PROTOCL : " $PROTOCOL
+echo "DNS : " $DNS
+echo "COMPRESSION : " $COMP
+echo "CIPHER : " $CIPHER
+echo "CERT TYPE : " $CERT_TYPE
+echo "CERT CURVE CHOICE : " $CERT_CURVE_CHOICE
+echo "RSA_KEY_SIZE : " $RSA_KEY_SIZE
+echo "CC_CIPHER : " $CC_CIPHER
+echo "DH_TYPE : " $DH_TYPE
+echo "DH_CURVE : " $DH_CURVE
+echo "DH_KEY_SIZE : " $DH_KEY_SIZE
+echo "HMAC_ALG : " $HMAC_ALG
+echo "TLS_SIG : " $TLS_SIG
+
+# MANUAL DONE

-echo $IP:$PORT - $PROTOCOL - $DNS - 
 exit 1
+
 }

 function UnInstall_2 () {