Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update openvpn-install-more-secure.sh

Browse source
This commit is contained in:
dex4k 2019-08-12 13:28:13 +01:00 committed by GitHub
parent 2f16a230da
commit f357ecad9c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
openvpn-install-more-secure.sh
View file

@ -937,7 +937,14 @@ cipher $CIPHER
tls-client tls-client
tls-version-min 1.2 tls-version-min 1.2
tls-cipher $CC_CIPHER tls-cipher $CC_CIPHER
setenv opt block-outside-dns # Prevent Windows 10 DNS leak # Prevent Windows 8/8.1/10 DNS leak
setenv opt block-outside-dns
# Prevent DNS leak on Linux clients
# Tested on Ubuntu 19.04 and Mint 19.2 (latest versions at time of writing)
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# End Linux DNS fix
verb 3" >> /etc/openvpn/client-template.txt verb 3" >> /etc/openvpn/client-template.txt
if [[ $COMPRESSION_ENABLED == "y" ]]; then if [[ $COMPRESSION_ENABLED == "y" ]]; then
@ -946,21 +953,21 @@ fi
# Generate the custom client.ovpn # Generate the custom client.ovpn
newClient newClient
echo "If you want to add more clients, you simply need to run this script another time!" echo "If you want to add more clients, simply run the script again! Enjoy your VPN server!"
} }
function newClient () { function newClient () {
echo "" echo ""
echo "Tell me a name for the client." echo "Choose a name for the client."
echo "Use one word only, no special characters." echo "No spaces or no special characters."
until [[ "$CLIENT" =~ ^[a-zA-Z0-9_]+$ ]]; do until [[ "$CLIENT" =~ ^[a-zA-Z0-9_]+$ ]]; do
read -rp "Client name: " -e CLIENT read -rp "Client name: " -e CLIENT
done done
echo "" echo ""
echo "Do you want to protect the configuration file with a password?" echo "Do you want to protect the client config with a password?"
echo "(e.g. encrypt the private key with a password)" echo "(i.e. encrypt the client private key with a password)"
echo " 1) Add a passwordless client" echo " 1) Add a passwordless client"
echo " 2) Use a password for the client" echo " 2) Use a password for the client"
@ -1181,18 +1188,18 @@ function removeOpenVPN () {
function manageMenu () { function manageMenu () {
clear clear
echo "Welcome to OpenVPN-install!" echo "Welcome to OpenVPN-hardened-install!"
echo "The git repository is available at: https://github.com/angristan/openvpn-install" echo "The git repository is available at: https://github.com/dex4k/openvpn-hardened-install"
echo "" echo ""
echo "It looks like OpenVPN is already installed." echo "It looks like OpenVPN is already installed."
echo "" echo ""
echo "What do you want to do?" echo "What do you want to do?"
echo " 1) Add a new user" echo " 1) Add a new user..."
echo " 2) Revoke existing user" echo " 2) Revoke existing user..."
echo " 3) Remove OpenVPN" echo " 3) Remove OpenVPN..."
echo " 4) Exit" echo " 4) Exit"
until [[ "$MENU_OPTION" =~ ^[1-4]$ ]]; do until [[ "$MENU_OPTION" =~ ^[1-4]$ ]]; do
read -rp "Select an option [1-4]: " MENU_OPTION read -rp "Please select an option [1-4]: " MENU_OPTION
done done
case $MENU_OPTION in case $MENU_OPTION in