From aab5e7b2ffe9221b73feaec59d65e613f42e2de5 Mon Sep 17 00:00:00 2001 From: Henry N Date: Thu, 26 Mar 2020 21:22:22 +0100 Subject: [PATCH 1/5] Fix getting pulic interface in IPv6 only (#578) In a IPv6 only environment, the variable $NIC would be empty and iptables in add-openvpn-rules.sh will fail by missing argument. --- openvpn-install.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index d6508b2..ab84a6c 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -606,6 +606,9 @@ function installOpenVPN () { # Get the "public" interface from the default route NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1) + if [[ -z "$NIC" ]] && [[ "$IPV6_SUPPORT" = 'y' ]]; then + NIC=$(ip -6 route show default | sed -ne 's/^default .* dev \([^ ]*\) .*$/\1/p') + fi if [[ "$OS" =~ (debian|ubuntu) ]]; then apt-get update From 14bcfbd531954ee13a5814235e15605879c7721f Mon Sep 17 00:00:00 2001 From: Stanislas Date: Thu, 26 Mar 2020 21:22:48 +0100 Subject: [PATCH 2/5] Run action on PRs (#582) --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index f1a5ccb..c6a36b9 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -1,4 +1,4 @@ -on: push +on: [push, pull_request] name: ShellCheck jobs: shellcheck: From 130659b003c4edeec5a19e0da33db349f5fa77ae Mon Sep 17 00:00:00 2001 From: Henry N Date: Thu, 26 Mar 2020 21:24:20 +0100 Subject: [PATCH 3/5] Add explicit-exit-notify for UDP (#579) For faster reconnects with UDP is better to send the the explicit-exit-notify to server. With this the server can directly see, that the client will exit. --- openvpn-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index ab84a6c..b0703d7 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -964,6 +964,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables-openvpn.service echo "client" > /etc/openvpn/client-template.txt if [[ "$PROTOCOL" = 'udp' ]]; then echo "proto udp" >> /etc/openvpn/client-template.txt + echo "explicit-exit-notify" >> /etc/openvpn/client-template.txt elif [[ "$PROTOCOL" = 'tcp' ]]; then echo "proto tcp-client" >> /etc/openvpn/client-template.txt fi From 23e533431a2954e52ce699af29b663f8563efff5 Mon Sep 17 00:00:00 2001 From: Henry N Date: Thu, 26 Mar 2020 21:24:50 +0100 Subject: [PATCH 4/5] Fix error messag mkdir /etc/iptables (#580) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix this error message: mkdir: cannot create directory ‘/etc/iptables’: File exists --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index b0703d7..d943f7e 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -900,7 +900,7 @@ verb 3" >> /etc/openvpn/server.conf fi # Add iptables rules in two scripts - mkdir /etc/iptables + mkdir -p /etc/iptables # Script to add rules echo "#!/bin/sh From 3d075c8708f9e75d7d1a48b3e225200f028f7900 Mon Sep 17 00:00:00 2001 From: Henry N Date: Thu, 26 Mar 2020 21:27:16 +0100 Subject: [PATCH 5/5] Print warning about empty public interface (#581) Warning, if cannot detect public interface, and give user a choice to continue or abord. --- openvpn-install.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index d943f7e..078d200 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -610,6 +610,19 @@ function installOpenVPN () { NIC=$(ip -6 route show default | sed -ne 's/^default .* dev \([^ ]*\) .*$/\1/p') fi + # $NIC can not be empty for script rm-openvpn-rules.sh + if [[ -z "$NIC" ]]; then + echo + echo "Can not detect public interface." + echo "This needs for setup MASQUERADE." + until [[ $CONTINUE =~ (y|n) ]]; do + read -rp "Continue? [y/n]: " -e CONTINUE + done + if [[ "$CONTINUE" = "n" ]]; then + exit 1 + fi + fi + if [[ "$OS" =~ (debian|ubuntu) ]]; then apt-get update apt-get -y install ca-certificates gnupg