formatting code and fix shellcheck error

2019-06-13 16:54:12 +08:00 · 2019-06-13 16:54:12 +08:00 · fbd0769768
commit fbd0769768
parent a34d13adbb
1 changed files with 336 additions and 335 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -3,21 +3,22 @@
 # Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux
 # https://github.com/angristan/openvpn-install

-function isRoot () {
+function isRoot() {
 	if [ "$EUID" -ne 0 ]; then
 		return 1
 	fi
 }

-function tunAvailable () {
+function tunAvailable() {
 	if [ ! -e /dev/net/tun ]; then
 		return 1
 	fi
 }

-function checkOS () {
+function checkOS() {
 	if [[ -e /etc/debian_version ]]; then
 		OS="debian"
+		# shellcheck disable=SC1091
 		source /etc/os-release

 		if [[ "$ID" == "debian" ]]; then
@ -30,11 +31,11 @@ function checkOS () {
 				until [[ $CONTINUE =~ (y|n) ]]; do
 					read -rp "Continue? [y/n]: " -e CONTINUE
 				done
-				if [[ "$CONTINUE" = "n" ]]; then
+				if [[ "$CONTINUE" == "n" ]]; then
 					exit 1
 				fi
 			fi
-		elif [[ "$ID" == "ubuntu" ]];then
+		elif [[ "$ID" == "ubuntu" ]]; then
 			OS="ubuntu"
 			if [[ ! $VERSION_ID =~ (16.04|18.04|19.04) ]]; then
 				echo "⚠️ Your version of Ubuntu is not supported."
@ -45,7 +46,7 @@ function checkOS () {
 				until [[ $CONTINUE =~ (y|n) ]]; do
 					read -rp "Continue? [y/n]: " -e CONTINUE
 				done
-				if [[ "$CONTINUE" = "n" ]]; then
+				if [[ "$CONTINUE" == "n" ]]; then
 					exit 1
 				fi
 			fi
@ -61,7 +62,7 @@ function checkOS () {
 			until [[ $CONTINUE =~ (y|n) ]]; do
 				read -rp "Continue anyway? [y/n]: " -e CONTINUE
 			done
-			if [[ "$CONTINUE" = "n" ]]; then
+			if [[ "$CONTINUE" == "n" ]]; then
 				echo "Ok, bye!"
 				exit 1
 			fi
@ -75,7 +76,7 @@ function checkOS () {
 	fi
 }

-function initialCheck () {
+function initialCheck() {
 	if ! isRoot; then
 		echo "Sorry, you need to run this as root"
 		exit 1
@ -87,7 +88,7 @@ function initialCheck () {
 	checkOS
 }

-function installUnbound () {
+function installUnbound() {
 	if [[ ! -e /etc/unbound/unbound.conf ]]; then

 		if [[ "$OS" =~ (debian|ubuntu) ]]; then
@ -99,9 +100,9 @@ access-control: 10.8.0.1/24 allow
 hide-identity: yes
 hide-version: yes
 use-caps-for-id: yes
-prefetch: yes' >> /etc/unbound/unbound.conf
+prefetch: yes' >>/etc/unbound/unbound.conf

-		elif [[ "$OS" = "centos" ]]; then
+		elif [[ "$OS" == "centos" ]]; then
 			yum install -y unbound

 			# Configuration
@ -111,7 +112,7 @@ prefetch: yes' >> /etc/unbound/unbound.conf
 			sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
 			sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf

-		elif [[ "$OS" = "fedora" ]]; then
+		elif [[ "$OS" == "fedora" ]]; then
 			dnf install -y unbound

 			# Configuration
@ -121,7 +122,7 @@ prefetch: yes' >> /etc/unbound/unbound.conf
 			sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf

-		elif [[ "$OS" = "arch" ]]; then
+		elif [[ "$OS" == "arch" ]]; then
 			pacman -Syu --noconfirm unbound

 			# Get root servers list
@ -145,10 +146,10 @@ prefetch: yes' >> /etc/unbound/unbound.conf
 	hide-identity: yes
 	hide-version: yes
 	qname-minimisation: yes
-	prefetch: yes' > /etc/unbound/unbound.conf
+	prefetch: yes' >/etc/unbound/unbound.conf
 		fi

-		if [[ ! "$OS" =~ (fedora|centos) ]];then
+		if [[ ! "$OS" =~ (fedora|centos) ]]; then
 			# DNS Rebinding fix
 			echo "private-address: 10.0.0.0/8
 private-address: 172.16.0.0/12
@ -157,10 +158,10 @@ private-address: 169.254.0.0/16
 private-address: fd00::/8
 private-address: fe80::/10
 private-address: 127.0.0.0/8
-private-address: ::ffff:0:0/96" >> /etc/unbound/unbound.conf
+private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf
 		fi
 	else # Unbound is already installed
-		echo 'include: /etc/unbound/openvpn.conf' >> /etc/unbound/unbound.conf
+		echo 'include: /etc/unbound/openvpn.conf' >>/etc/unbound/unbound.conf

 		# Add Unbound 'server' for the OpenVPN subnet
 		echo 'server:
@ -177,14 +178,14 @@ private-address: 169.254.0.0/16
 private-address: fd00::/8
 private-address: fe80::/10
 private-address: 127.0.0.0/8
-private-address: ::ffff:0:0/96' > /etc/unbound/openvpn.conf
+private-address: ::ffff:0:0/96' >/etc/unbound/openvpn.conf
 	fi

 	systemctl enable unbound
 	systemctl restart unbound
 }

-function installQuestions () {
+function installQuestions() {
 	echo "Welcome to the OpenVPN installer!"
 	echo "The git repository is available at: https://github.com/angristan/openvpn-install"
 	echo ""
@ -215,7 +216,7 @@ function installQuestions () {
 	echo "Checking for IPv6 connectivity..."
 	echo ""
 	# "ping6" and "ping -6" availability varies depending on the distribution
-	if type ping6 > /dev/null 2>&1; then
+	if type ping6 >/dev/null 2>&1; then
 		PING6="ping6 -c3 ipv6.google.com > /dev/null 2>&1"
 	else
 		PING6="ping -6 -c3 ipv6.google.com > /dev/null 2>&1"
@ -297,7 +298,7 @@ function installQuestions () {
 			until [[ $CONTINUE =~ (y|n) ]]; do
 				read -rp "Apply configuration changes to Unbound? [y/n]: " -e CONTINUE
 			done
-				if [[ $CONTINUE = "n" ]];then
+			if [[ $CONTINUE == "n" ]]; then
 				# Break the loop and cleanup
 				unset DNS
 				unset CONTINUE
@ -307,9 +308,9 @@ function installQuestions () {
 	echo ""
 	echo "Do you want to use compression? It is not recommended since the VORACLE attack make use of it."
 	until [[ $COMPRESSION_ENABLED =~ (y|n) ]]; do
-		read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED
+		read -rp"Enable compression? [y/n]: " -e -in COMPRESSION_ENABLED
 	done
-	if [[ $COMPRESSION_ENABLED == "y" ]];then
+	if [[ $COMPRESSION_ENABLED == "y" ]]; then
 		echo "Choose which compression algorithm you want to use:"
 		echo "   1) LZ4 (more efficient)"
 		echo "   2) LZ0"
@ -332,9 +333,9 @@ function installQuestions () {
 	echo "See https://github.com/angristan/openvpn-install#security-and-encryption to learn more."
 	echo ""
 	until [[ $CUSTOMIZE_ENC =~ (y|n) ]]; do
-		read -rp "Customize encryption settings? [y/n]: " -e -i n CUSTOMIZE_ENC
+		read -rp "Customize encryption settings? [y/n]: " -e -in CUSTOMIZE_ENC
 	done
-	if [[ $CUSTOMIZE_ENC == "n" ]];then
+	if [[ $CUSTOMIZE_ENC == "n" ]]; then
 		# Use default, sane and fast parameters
 		CIPHER="AES-128-GCM"
 		CERT_TYPE="1" # ECDSA
@ -555,7 +556,7 @@ function installQuestions () {
 	fi
 }

-function installOpenVPN () {
+function installOpenVPN() {
 	if [[ $AUTO_INSTALL == "y" ]]; then
 		# Set default choices so that no questions will be asked.
 		APPROVE_INSTALL=${APPROVE_INSTALL:-y}
@ -585,24 +586,24 @@ function installOpenVPN () {
 		apt-get update
 		apt-get -y install ca-certificates gnupg
 		# We add the OpenVPN repo to get the latest version.
-		if [[ "$VERSION_ID" = "8" ]]; then
-			echo "deb http://build.openvpn.net/debian/openvpn/stable jessie main" > /etc/apt/sources.list.d/openvpn.list
+		if [[ "$VERSION_ID" == "8" ]]; then
+			echo "deb http://build.openvpn.net/debian/openvpn/stable jessie main" >/etc/apt/sources.list.d/openvpn.list
 			wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
 			apt-get update
 		fi
-		if [[ "$VERSION_ID" = "16.04" ]]; then
-			echo "deb http://build.openvpn.net/debian/openvpn/stable xenial main" > /etc/apt/sources.list.d/openvpn.list
+		if [[ "$VERSION_ID" == "16.04" ]]; then
+			echo "deb http://build.openvpn.net/debian/openvpn/stable xenial main" >/etc/apt/sources.list.d/openvpn.list
 			wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
 			apt-get update
 		fi
 		# Ubuntu > 16.04 and Debian > 8 have OpenVPN >= 2.4 without the need of a third party repository.
 		apt-get install -y openvpn iptables openssl wget ca-certificates curl
-	elif [[ "$OS" = 'centos' ]]; then
+	elif [[ "$OS" == 'centos' ]]; then
 		yum install -y epel-release
 		yum install -y openvpn iptables openssl wget ca-certificates curl
-	elif [[ "$OS" = 'fedora' ]]; then
+	elif [[ "$OS" == 'fedora' ]]; then
 		dnf install -y openvpn iptables openssl wget ca-certificates curl
-	elif [[ "$OS" = 'arch' ]]; then
+	elif [[ "$OS" == 'arch' ]]; then
 		# Install required dependencies and upgrade the system
 		pacman --needed --noconfirm -Syu openvpn iptables openssl wget ca-certificates curl
 	fi
@ -627,21 +628,21 @@ function installOpenVPN () {
 	chown -R root:root /etc/openvpn/easy-rsa/
 	rm -f ~/EasyRSA-unix-v${version}.tgz

-	cd /etc/openvpn/easy-rsa/
+	cd /etc/openvpn/easy-rsa/ || exit
 	case $CERT_TYPE in
 	1)
-			echo "set_var EASYRSA_ALGO ec" > vars
-			echo "set_var EASYRSA_CURVE $CERT_CURVE" >> vars
+		echo "set_var EASYRSA_ALGO ec" >vars
+		echo "set_var EASYRSA_CURVE $CERT_CURVE" >>vars
 		;;
 	2)
-			echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" > vars
+		echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" >vars
 		;;
 	esac

 	# Generate a random, alphanumeric identifier of 16 characters for CN and one for server name
 	SERVER_CN="cn_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"
 	SERVER_NAME="server_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"
-	echo "set_var EASYRSA_REQ_CN $SERVER_CN" >> vars
+	echo "set_var EASYRSA_REQ_CN $SERVER_CN" >>vars
 	# Create the PKI, set up the CA, the DH params and the server certificate
 	./easyrsa init-pki
 	./easyrsa --batch build-ca nopass
@ -675,11 +676,11 @@ function installOpenVPN () {
 	chmod 644 /etc/openvpn/crl.pem

 	# Generate server.conf
-	echo "port $PORT" > /etc/openvpn/server.conf
-	if [[ "$IPV6_SUPPORT" = 'n' ]]; then
-		echo "proto $PROTOCOL" >> /etc/openvpn/server.conf
-	elif [[ "$IPV6_SUPPORT" = 'y' ]]; then
-		echo "proto ${PROTOCOL}6" >> /etc/openvpn/server.conf
+	echo "port $PORT" >/etc/openvpn/server.conf
+	if [[ "$IPV6_SUPPORT" == 'n' ]]; then
+		echo "proto $PROTOCOL" >>/etc/openvpn/server.conf
+	elif [[ "$IPV6_SUPPORT" == 'y' ]]; then
+		echo "proto ${PROTOCOL}6" >>/etc/openvpn/server.conf
 	fi

 	echo "dev tun
@ -690,7 +691,7 @@ persist-tun
 keepalive 10 120
 topology subnet
 server 10.8.0.0 255.255.255.0
-ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
+ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf

 	# DNS resolvers
 	case $DNS in
@ -704,77 +705,77 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
 		fi
 		# Obtain the resolvers from resolv.conf and use them for OpenVPN
 		grep -v '#' $RESOLVCONF | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read -r line; do
-				echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
+			echo "push \"dhcp-option DNS $line\"" >>/etc/openvpn/server.conf
 		done
 		;;
 	2)
-			echo 'push "dhcp-option DNS 10.8.0.1"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf
 		;;
 	3) # Cloudflare
-			echo 'push "dhcp-option DNS 1.0.0.1"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 1.0.0.1"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 1.1.1.1"' >>/etc/openvpn/server.conf
 		;;
 	4) # Quad9
-			echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 149.112.112.112"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 9.9.9.9"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 149.112.112.112"' >>/etc/openvpn/server.conf
 		;;
 	5) # Quad9 uncensored
-			echo 'push "dhcp-option DNS 9.9.9.10"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 149.112.112.10"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 9.9.9.10"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 149.112.112.10"' >>/etc/openvpn/server.conf
 		;;
 	6) # FDN
-			echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 80.67.169.40"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 80.67.169.12"' >>/etc/openvpn/server.conf
 		;;
 	7) # DNS.WATCH
-			echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 84.200.69.80"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 84.200.70.40"' >>/etc/openvpn/server.conf
 		;;
 	8) # OpenDNS
-			echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 208.67.222.222"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 208.67.220.220"' >>/etc/openvpn/server.conf
 		;;
 	9) # Google
-			echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 8.8.8.8"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 8.8.4.4"' >>/etc/openvpn/server.conf
 		;;
 	10) # Yandex Basic
-			echo 'push "dhcp-option DNS 77.88.8.8"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 77.88.8.1"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 77.88.8.8"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 77.88.8.1"' >>/etc/openvpn/server.conf
 		;;
 	11) # AdGuard DNS
-			echo 'push "dhcp-option DNS 176.103.130.130"' >> /etc/openvpn/server.conf
-			echo 'push "dhcp-option DNS 176.103.130.131"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 176.103.130.130"' >>/etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 176.103.130.131"' >>/etc/openvpn/server.conf
 		;;
 	esac
-	echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
+	echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf

 	# IPv6 network settings if needed
-	if [[ "$IPV6_SUPPORT" = 'y' ]]; then
+	if [[ "$IPV6_SUPPORT" == 'y' ]]; then
 		echo 'server-ipv6 fd42:42:42:42::/112
 tun-ipv6
 push tun-ipv6
 push "route-ipv6 2000::/3"
-push "redirect-gateway ipv6"' >> /etc/openvpn/server.conf
+push "redirect-gateway ipv6"' >>/etc/openvpn/server.conf
 	fi

 	if [[ $COMPRESSION_ENABLED == "y" ]]; then
-		echo "compress $COMPRESSION_ALG" >> /etc/openvpn/server.conf
+		echo "compress $COMPRESSION_ALG" >>/etc/openvpn/server.conf
 	fi

 	if [[ $DH_TYPE == "1" ]]; then
-		echo "dh none" >> /etc/openvpn/server.conf
-		echo "ecdh-curve $DH_CURVE" >> /etc/openvpn/server.conf
+		echo "dh none" >>/etc/openvpn/server.conf
+		echo "ecdh-curve $DH_CURVE" >>/etc/openvpn/server.conf
 	elif [[ $DH_TYPE == "2" ]]; then
-		echo "dh dh.pem" >> /etc/openvpn/server.conf
+		echo "dh dh.pem" >>/etc/openvpn/server.conf
 	fi

 	case $TLS_SIG in
 	1)
-			echo "tls-crypt tls-crypt.key 0" >> /etc/openvpn/server.conf
+		echo "tls-crypt tls-crypt.key 0" >>/etc/openvpn/server.conf
 		;;
 	2)
-			echo "tls-auth tls-auth.key 0" >> /etc/openvpn/server.conf
+		echo "tls-auth tls-auth.key 0" >>/etc/openvpn/server.conf
 		;;
 	esac

@ -789,15 +790,15 @@ tls-server
 tls-version-min 1.2
 tls-cipher $CC_CIPHER
 status /var/log/openvpn/status.log
-verb 3" >> /etc/openvpn/server.conf
+verb 3" >>/etc/openvpn/server.conf

 	# Create log dir
 	mkdir -p /var/log/openvpn

 	# Enable routing
-	echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.d/20-openvpn.conf
-	if [[ "$IPV6_SUPPORT" = 'y' ]]; then
-		echo 'net.ipv6.conf.all.forwarding=1' >> /etc/sysctl.d/20-openvpn.conf
+	echo 'net.ipv4.ip_forward=1' >>/etc/sysctl.d/20-openvpn.conf
+	if [[ "$IPV6_SUPPORT" == 'y' ]]; then
+		echo 'net.ipv6.conf.all.forwarding=1' >>/etc/sysctl.d/20-openvpn.conf
 	fi
 	# Avoid an unneeded reboot
 	sysctl --system
@ -812,7 +813,7 @@ verb 3" >> /etc/openvpn/server.conf
 	fi

 	# Finally, restart and enable OpenVPN
-	if [[ "$OS" = 'arch' || "$OS" = 'fedora' ]]; then
+	if [[ "$OS" == 'arch' || "$OS" == 'fedora' ]]; then
 		# Don't modify package-provided service
 		cp /usr/lib/systemd/system/openvpn-server@.service /etc/systemd/system/openvpn-server@.service

@ -821,7 +822,7 @@ verb 3" >> /etc/openvpn/server.conf
 		# Another workaround to keep using /etc/openvpn/
 		sed -i 's|/etc/openvpn/server|/etc/openvpn|' /etc/systemd/system/openvpn-server@.service
 		# On fedora, the service hardcodes the ciphers. We want to manage the cipher ourselves, so we remove it from the service
-		if [[ "$OS" == "fedora" ]];then
+		if [[ "$OS" == "fedora" ]]; then
 			sed -i 's|--cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC||' /etc/systemd/system/openvpn-server@.service
 		fi

@ -847,7 +848,7 @@ verb 3" >> /etc/openvpn/server.conf
 		systemctl enable openvpn@server
 	fi

-	if [[ $DNS == 2 ]];then
+	if [[ $DNS == 2 ]]; then
 		installUnbound
 	fi

@ -860,13 +861,13 @@ iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE
 iptables -A INPUT -i tun0 -j ACCEPT
 iptables -A FORWARD -i $NIC -o tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -o $NIC -j ACCEPT
-iptables -A INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" > /etc/iptables/add-openvpn-rules.sh
+iptables -A INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/add-openvpn-rules.sh

-	if [[ "$IPV6_SUPPORT" = 'y' ]]; then
+	if [[ "$IPV6_SUPPORT" == 'y' ]]; then
 		echo "ip6tables -t nat -A POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
 ip6tables -A INPUT -i tun0 -j ACCEPT
 ip6tables -A FORWARD -i $NIC -o tun0 -j ACCEPT
-ip6tables -A FORWARD -i tun0 -o $NIC -j ACCEPT" >> /etc/iptables/add-openvpn-rules.sh
+ip6tables -A FORWARD -i tun0 -o $NIC -j ACCEPT" >>/etc/iptables/add-openvpn-rules.sh
 	fi

 	# Script to remove rules
@ -875,13 +876,13 @@ iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE
 iptables -D INPUT -i tun0 -j ACCEPT
 iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT
 iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT
-iptables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" > /etc/iptables/rm-openvpn-rules.sh
+iptables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/rm-openvpn-rules.sh

-	if [[ "$IPV6_SUPPORT" = 'y' ]]; then
+	if [[ "$IPV6_SUPPORT" == 'y' ]]; then
 		echo "ip6tables -t nat -D POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
 ip6tables -D INPUT -i tun0 -j ACCEPT
 ip6tables -D FORWARD -i $NIC -o tun0 -j ACCEPT
-ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT" >> /etc/iptables/rm-openvpn-rules.sh
+ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT" >>/etc/iptables/rm-openvpn-rules.sh
 	fi

 	chmod +x /etc/iptables/add-openvpn-rules.sh
@ -900,7 +901,7 @@ ExecStop=/etc/iptables/rm-openvpn-rules.sh
 RemainAfterExit=yes

 [Install]
-WantedBy=multi-user.target" > /etc/systemd/system/iptables-openvpn.service
+WantedBy=multi-user.target" >/etc/systemd/system/iptables-openvpn.service

 	# Enable service and apply rules
 	systemctl daemon-reload
@ -913,11 +914,11 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables-openvpn.service
 	fi

 	# client-template.txt is created so we have a template to add further users later
-	echo "client" > /etc/openvpn/client-template.txt
-	if [[ "$PROTOCOL" = 'udp' ]]; then
-		echo "proto udp" >> /etc/openvpn/client-template.txt
-	elif [[ "$PROTOCOL" = 'tcp' ]]; then
-		echo "proto tcp-client" >> /etc/openvpn/client-template.txt
+	echo "client" >/etc/openvpn/client-template.txt
+	if [[ "$PROTOCOL" == 'udp' ]]; then
+		echo "proto udp" >>/etc/openvpn/client-template.txt
+	elif [[ "$PROTOCOL" == 'tcp' ]]; then
+		echo "proto tcp-client" >>/etc/openvpn/client-template.txt
 	fi
 	echo "remote $IP $PORT
 dev tun
@ -934,18 +935,18 @@ tls-client
 tls-version-min 1.2
 tls-cipher $CC_CIPHER
 setenv opt block-outside-dns # Prevent Windows 10 DNS leak
-verb 3" >> /etc/openvpn/client-template.txt
+verb 3" >>/etc/openvpn/client-template.txt

-if [[ $COMPRESSION_ENABLED == "y"  ]]; then
-	echo "compress $COMPRESSION_ALG" >> /etc/openvpn/client-template.txt
-fi
+	if [[ $COMPRESSION_ENABLED == "y" ]]; then
+		echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt
+	fi

 	# Generate the custom client.ovpn
 	newClient
 	echo "If you want to add more clients, you simply need to run this script another time!"
 }

-function newClient () {
+function newClient() {
 	echo ""
 	echo "Tell me a name for the client."
 	echo "Use one word only, no special characters."
@ -1019,7 +1020,7 @@ function newClient () {
 			echo "</tls-auth>"
 			;;
 		esac
-	} >> "$homeDir/$CLIENT.ovpn"
+	} >>"$homeDir/$CLIENT.ovpn"

 	echo ""
 	echo "Client $CLIENT added, the configuration file is available at $homeDir/$CLIENT.ovpn."
@ -1028,9 +1029,9 @@ function newClient () {
 	exit 0
 }

-function revokeClient () {
+function revokeClient() {
 	NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
-	if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
+	if [[ "$NUMBEROFCLIENTS" == '0' ]]; then
 		echo ""
 		echo "You have no existing clients!"
 		exit 1
@ -1039,14 +1040,14 @@ function revokeClient () {
 	echo ""
 	echo "Select the existing client certificate you want to revoke"
 	tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
-	if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
+	if [[ "$NUMBEROFCLIENTS" == '1' ]]; then
 		read -rp "Select one client [1]: " CLIENTNUMBER
 	else
 		read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
 	fi

 	CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
-	cd /etc/openvpn/easy-rsa/
+	cd /etc/openvpn/easy-rsa/ || exit
 	./easyrsa --batch revoke "$CLIENT"
 	EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
 	# Cleanup
@ -1064,7 +1065,7 @@ function revokeClient () {
 	echo "Certificate for client $CLIENT revoked."
 }

-function removeUnbound () {
+function removeUnbound() {
 	# Remove OpenVPN-related config
 	sed -i 's|include: \/etc\/unbound\/openvpn.conf||' /etc/unbound/unbound.conf
 	rm /etc/unbound/openvpn.conf
@ -1076,17 +1077,17 @@ function removeUnbound () {
 		read -rp "Do you want to completely remove Unbound? [y/n]: " -e REMOVE_UNBOUND
 	done

-	if [[ "$REMOVE_UNBOUND" = 'y' ]]; then
+	if [[ "$REMOVE_UNBOUND" == 'y' ]]; then
 		# Stop Unbound
 		systemctl stop unbound

 		if [[ "$OS" =~ (debian|ubuntu) ]]; then
 			apt-get autoremove --purge -y unbound
-		elif [[ "$OS" = 'arch' ]]; then
+		elif [[ "$OS" == 'arch' ]]; then
 			pacman --noconfirm -R unbound
-		elif [[ "$OS" = 'centos' ]]; then
+		elif [[ "$OS" == 'centos' ]]; then
 			yum remove -y unbound
-		elif [[ "$OS" = 'fedora' ]]; then
+		elif [[ "$OS" == 'fedora' ]]; then
 			dnf remove -y unbound
 		fi

@ -1100,10 +1101,10 @@ function removeUnbound () {
 	fi
 }

-function removeOpenVPN () {
+function removeOpenVPN() {
 	echo ""
-	read -rp "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE
-	if [[ "$REMOVE" = 'y' ]]; then
+	read -rp "Do you really want to remove OpenVPN? [y/n]: " -e -in REMOVE
+	if [[ "$REMOVE" == 'y' ]]; then
 		# Get OpenVPN port from the configuration
 		PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)

@ -1143,15 +1144,15 @@ function removeOpenVPN () {

 		if [[ "$OS" =~ (debian|ubuntu) ]]; then
 			apt-get autoremove --purge -y openvpn
-			if [[ -e /etc/apt/sources.list.d/openvpn.list ]];then
+			if [[ -e /etc/apt/sources.list.d/openvpn.list ]]; then
 				rm /etc/apt/sources.list.d/openvpn.list
 				apt-get update
 			fi
-		elif [[ "$OS" = 'arch' ]]; then
+		elif [[ "$OS" == 'arch' ]]; then
 			pacman --noconfirm -R openvpn
-		elif [[ "$OS" = 'centos' ]]; then
+		elif [[ "$OS" == 'centos' ]]; then
 			yum remove -y openvpn
-		elif [[ "$OS" = 'fedora' ]]; then
+		elif [[ "$OS" == 'fedora' ]]; then
 			dnf remove -y openvpn
 		fi

@ -1175,7 +1176,7 @@ function removeOpenVPN () {
 	fi
 }

-function manageMenu () {
+function manageMenu() {
 	clear
 	echo "Welcome to OpenVPN-install!"
 	echo "The git repository is available at: https://github.com/angristan/openvpn-install"