Merge pull request #4 from angristan/master

Merge back
2020-04-05 14:41:39 -07:00 · 2020-04-05 14:41:39 -07:00 · f1d63cf4ac
commit f1d63cf4ac
parent b9be231564 7e7a494f59
4 changed files with 60 additions and 11 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -7,7 +7,7 @@ Before opening an issue, please make sure:
 - Your issue is about the script, NOT OpenVPN itself
 - ⚠ PLEASE Post your OpenVPN version and OS for both the server and the client if needed

-FYI, you can excute the script with `bash -x openvpn-install.sh` to enable debug mode.
+FYI, you can execute the script with `bash -x openvpn-install.sh` to enable debug mode.

 You can format your comments with Markdown: https://guides.github.com/features/mastering-markdown/
 --->
--- a/FAQ.md
+++ b/FAQ.md
@ -0,0 +1,47 @@
+# FAQ
+
+**Q:** The script has been updated since I installed OpenVPN. How do I update?
+
+**A:** You can't. Managing updates and new features from the script would require way too much work. Your only solution is to uninstall OpenVPN and reinstall with the updated script.
+
+You can, of course, it's even recommended, update the `openvpn` package with your package manager.
+
+---
+
+**Q:** How do I check for DNS leaks?
+
+**A:** Go to [dnsleaktest.com](https://dnsleaktest.com/) or [ipleak.net](https://ipleak.net/) with your browser. Only your server's IP should show up.
+
+---
+
+**Q:** Can I use an OpenVPN 2.3 client?
+
+**A:** Yes. I really recommend using an up-to-date client, but if you really need it, choose the following options:
+
+- No compression or LZ0
+- RSA certificate
+- DH Key
+- AES CBC
+- tls-auth
+
+If your client is <2.3.3, remove `tls-version-min 1.2` from your `/etc/openvpn/server.conf` and `.ovpn` files.
+
+---
+
+**Q:** IPv6 is not working on my Hetzner VM
+
+**A:** This an issue on their side. See https://angristan.xyz/fix-ipv6-hetzner-cloud/
+
+---
+
+**Q:** DNS is not working on my Linux client
+
+**A:** Make sure the `resolvconf` package is installed. If it does not solve the issue, look at https://wiki.archlinux.org/index.php/OpenVPN#Update_systemd-resolved_script
+
+---
+
+**Q:** How to setup openVPN in a LXC container? (f.e. Proxmox)
+
+**A:** See https://github.com/Nyr/openvpn-install/wiki/How-to-setup-openVPN-in-a-LXC-container-(f.e.-Proxmox)
+
+---
--- a/README.md
+++ b/README.md
@ -33,7 +33,9 @@ When OpenVPN is installed, you can run the script again, and you will get the ch

 In your home directory, you will have `.ovpn` files. These are the client configuration files. Download them from your server and connect using your favorite OpenVPN client.

-If you have any question, head to the [FAQ](#faq) first.
+If you have any question, head to the [FAQ](#faq) first. Please read everything before opening an issue.
+
+**PLEASE do net send me emails or private messages asking for help.** The only place to get help is the issues. Other people may be able to help and in the future, other users may also run into the same issue as you. My time is not available for free just for you, you're not special.

 ### Headless install

@ -134,9 +136,7 @@ Since 2016, the two scripts have diverged and are not alike anymore, especially

 ## FAQ

-**LOOK AT THE [WIKI](https://github.com/angristan/openvpn-install/wiki/FAQ) FOR MORE INFORMATION. PLEASE READ BOTH BEFORE OPENING AN ISSUE.**
-
-**PLEASE do net send me emails or private messages asking for help.** The only place to get help is the issues. Other people may be able to help and in the future, other users may also run into the same issue as you.
+More Q&A in [FAQ.md](FAQ.md).

 **Q:** Which provider do you recommend?

@ -172,6 +172,8 @@ Since 2016, the two scripts have diverged and are not alike anymore, especially

 ---

+More Q&A in [FAQ.md](FAQ.md).
+
 ##  One-stop solutions for public cloud

 Solutions that provision a ready to use OpenVPN server based on this script in one go are available for:
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -294,8 +294,8 @@ function installQuestions () {
 	echo "   8) OpenDNS (Anycast: worldwide)"
 	echo "   9) Google (Anycast: worldwide)"
 	echo "   10) Yandex Basic (Russia)"
-	echo "   11) AdGuard DNS (Russia)"
-	echo "   12) NextDNS (Worldwide)"
+	echo "   11) AdGuard DNS (Anycast: worldwide)"
+	echo "   12) NextDNS (Anycast: worldwide)"
 	echo "   13) Custom"
 	until [[ "$DNS" =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 13 ]; do
 		read -rp "DNS [1-12]: " -e -i 3 DNS
@ -758,7 +758,7 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf

 	# DNS resolvers
 	case $DNS in
-		1)
+		1) # Current system resolvers
 			# Locate the proper resolv.conf
 			# Needed for systems running systemd-resolved
 			if grep -q "127.0.0.53" "/etc/resolv.conf"; then
@ -771,7 +771,7 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
 				echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
 			done
 		;;
-		2)
+		2) # Self-hosted DNS resolver (Unbound)
 			echo 'push "dhcp-option DNS 10.8.0.1"' >> /etc/openvpn/server.conf
 		;;
 		3) # Cloudflare
@ -904,8 +904,8 @@ echo "log-append /var/log/openvpn.log" >> /etc/openvpn/server.conf
 		fi

 		systemctl daemon-reload
-		systemctl restart openvpn-server@server
 		systemctl enable openvpn-server@server
+		systemctl restart openvpn-server@server
 	elif [[ "$OS" == "ubuntu" ]] && [[ "$VERSION_ID" == "16.04" ]]; then
 		# On Ubuntu 16.04, we use the package from the OpenVPN repo
 		# This package uses a sysvinit service
@ -921,8 +921,8 @@ echo "log-append /var/log/openvpn.log" >> /etc/openvpn/server.conf
 		sed -i 's|/etc/openvpn/server|/etc/openvpn|' /etc/systemd/system/openvpn\@.service

 		systemctl daemon-reload
-		systemctl restart openvpn@server
 		systemctl enable openvpn@server
+		systemctl restart openvpn@server
 	fi

 	if [[ $DNS == 2 ]];then