Merge branch 'master' into openvpn-2.4-update

README.md

@@ -1,5 +1,5 @@
 # OpenVPN-install
-Secure OpenVPN installer for Debian, Ubuntu, CentOS and Arch Linux.
+OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux.
 
 This script will let you setup your own secure VPN server in just a few minutes.
 
@@ -12,7 +12,7 @@ Here is a preview of the installer :
 
 **You have to enable the TUN module otherwise OpenVPN won't work.** Ask your host if you don't know how to do it. If the TUN module is not enabled, the script will warn you and exit.
 
-You can get a cheap VPS to run this script for $2.50/month worldwide at [Vultr](https://goo.gl/Xyd1Sc) or 3€/month for unlimited bandwidth in France at [PulseHeberg](https://goo.gl/oBhgaj).
+You can get a cheap VPS to run this script for $2.50/month worldwide at [Vultr](https://goo.gl/Xyd1Sc) or 3€/month for unlimited bandwidth in France at [PulseHeberg](https://goo.gl/76yqW5).
 
 First, get the script and make it executable :
 
@@ -98,6 +98,7 @@ The script will ask you which DNS resolvers you want to use when connected to th
 Here are the possibilities :
 
 - Current system resolvers, those that are in `/etc/resolv.conf`
+- [Quad9](https://www.quad9.net), recommended, security and privacy oriented, fast worldwide (Anycast servers)
 - [FDN's DNS Servers](http://www.fdn.fr/actions/dns/), recommended if you're in western europe (France)
 - [DNS.WATCH DNS Servers](https://dns.watch/index), recommended if you're in western europe (Germany)
 - [OpenDNS](https://en.wikipedia.org/wiki/OpenDNS), not recommened but fast wordlwide (Anycast servers)

openvpn-install.sh

@@ -40,7 +40,7 @@ if [[ -e /etc/debian_version ]]; then
 			exit 4
 		fi
 	fi
-elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
+elif [[ -e /etc/centos-release || -e /etc/redhat-release && ! -e /etc/fedora-release ]]; then
 	OS=centos
 	IPTABLES='/etc/iptables/iptables.rules'
 	SYSCTL='/etc/sysctl.conf'
@@ -48,6 +48,10 @@ elif [[ -e /etc/arch-release ]]; then
 	OS=arch
 	IPTABLES='/etc/iptables/iptables.rules'
 	SYSCTL='/etc/sysctl.d/openvpn.conf'
+elif [[ -e /etc/fedora-release ]]; then
+	OS=fedora
+	IPTABLES='/etc/iptables/iptables.rules'
+	SYSCTL='/etc/sysctl.d/openvpn.conf'
 else
 	echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system"
 	exit 4
@@ -235,15 +239,16 @@ else
 	done
 	echo ""
 	echo "What DNS do you want to use with the VPN?"
-	echo "   1) Current system resolvers (in /etc/resolv.conf)"
+	echo "   1) Current system resolvers (from /etc/resolv.conf)"
-	echo "   2) FDN (France)"
+	echo "   2) Quad9 (Anycast: worldwide)"
-	echo "   3) DNS.WATCH (Germany)"
+	echo "   3) FDN (France)"
-	echo "   4) OpenDNS (Anycast: worldwide)"
+	echo "   4) DNS.WATCH (Germany)"
-	echo "   5) Google (Anycast: worldwide)"
+	echo "   5) OpenDNS (Anycast: worldwide)"
-	echo "   6) Yandex Basic (Russia)"
+	echo "   6) Google (Anycast: worldwide)"
-	echo "   7) AdGuard DNS (Russia)"
+	echo "   7) Yandex Basic (Russia)"
-	while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" && $DNS != "7" ]]; do
+	echo "   8) AdGuard DNS (Russia)"
-		read -p "DNS [1-7]: " -e -i 1 DNS
+	while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" && $DNS != "7" && $DNS != "8" ]]; do
+		read -p "DNS [1-8]: " -e -i 1 DNS
 	done
 	echo ""
 	echo "Choose which compression algorithm you want to use:"
@@ -553,8 +558,10 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
 			systemctl daemon-reload
 			systemctl enable iptables.service
 		fi
-	elif [[ "$OS" = 'centos' ]]; then
+	elif [[ "$OS" = 'centos' || "$OS" = 'fedora' ]]; then
-		yum install epel-release -y
+		if [[ "$OS" = 'centos' ]]; then
+			yum install epel-release -y
+		fi
 		yum install openvpn iptables openssl wget ca-certificates curl -y
 		# Install iptables service
 		if [[ ! -e /etc/systemd/system/iptables.service ]]; then
@@ -588,6 +595,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
 			systemctl enable iptables.service
 			# Disable firewalld to allow iptables to start upon reboot
 			systemctl disable firewalld
+			systemctl mask firewalld
 		fi
 	else
 		# Else, the distro is ArchLinux
@@ -604,7 +612,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
 			echo "Ok, bye !"
 			exit 4
 		fi
-		
+
 		if [[ "$OS" = 'arch' ]]; then
 			# Install dependencies
 			pacman -Syu openvpn iptables openssl wget ca-certificates curl --needed --noconfirm
@@ -692,27 +700,30 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
 			echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
 		done
 		;;
-		2) #FDN
+		2) #Quad9
+		echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf
+		;;
+		3) #FDN
 		echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf
 		echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf
 		;;
-		3) #DNS.WATCH
+		4) #DNS.WATCH
 		echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf
 		echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf
 		;;
-		4) #OpenDNS
+		5) #OpenDNS
 		echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
 		echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
 		;;
-		5) #Google
+		6) #Google
 		echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
 		echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
 		;;
-		6) #Yandex Basic
+		7) #Yandex Basic
 		echo 'push "dhcp-option DNS 77.88.8.8"' >> /etc/openvpn/server.conf
 		echo 'push "dhcp-option DNS 77.88.8.1"' >> /etc/openvpn/server.conf
 		;;
-		7) #AdGuard DNS
+		8) #AdGuard DNS
 		echo 'push "dhcp-option DNS 176.103.130.130"' >> /etc/openvpn/server.conf
 		echo 'push "dhcp-option DNS 176.103.130.131"' >> /etc/openvpn/server.conf
 		;;
@@ -816,24 +827,20 @@ verb 3" >> /etc/openvpn/server.conf
 	if [[ "$OS" = 'debian' ]]; then
 		# Little hack to check for systemd
 		if pgrep systemd-journal; then
-			if [[ "$VERSION_ID" = 'VERSION_ID="9"' ]]; then
+				#Workaround to fix OpenVPN service on OpenVZ
-				#Workaround to fix OpenVPN service on Debian 9 OpenVZ
+				sed -i 's|LimitNPROC|#LimitNPROC|' /lib/systemd/system/openvpn\@.service
-				sed -i 's|LimitNPROC|#LimitNPROC|' /lib/systemd/system/openvpn-server\@.service
+				sed -i 's|/etc/openvpn/server|/etc/openvpn|' /lib/systemd/system/openvpn\@.service
-				sed -i 's|/etc/openvpn/server|/etc/openvpn|' /lib/systemd/system/openvpn-server\@.service
+				sed -i 's|%i.conf|server.conf|' /lib/systemd/system/openvpn\@.service
-				sed -i 's|%i.conf|server.conf|' /lib/systemd/system/openvpn-server\@.service
 				systemctl daemon-reload
-				systemctl restart openvpn-server@openvpn.service
+				systemctl restart openvpn
-				systemctl enable openvpn-server@openvpn.service
+				systemctl enable openvpn
-			else
-				systemctl restart openvpn@server.service
-			fi
 		else
 			/etc/init.d/openvpn restart
 		fi
 	else
 		if pgrep systemd-journal; then
-			if [[ "$OS" = 'arch' ]]; then
+			if [[ "$OS" = 'arch' || "$OS" = 'fedora' ]]; then
-				#Workaround to avoid rewriting the entire script for Arch
+				#Workaround to avoid rewriting the entire script for Arch & Fedora
 				sed -i 's|/etc/openvpn/server|/etc/openvpn|' /usr/lib/systemd/system/openvpn-server@.service
 				sed -i 's|%i.conf|server.conf|' /usr/lib/systemd/system/openvpn-server@.service
 				systemctl daemon-reload
@@ -897,4 +904,4 @@ verb 3" >> /etc/openvpn/client-template.txt
 	echo "Your client config is available at $homeDir/$CLIENT.ovpn"
 	echo "If you want to add more clients, you simply need to run this script another time!"
 fi
-exit 0;
+exit 0;