Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
583 commits 5 branches 0 tags 1.7 MiB
Commit graph

355 commits

Author SHA1 Message Date
Henry N
15fb5075ec
Merge branch 'master' into patch-7 2020-05-20 00:20:45 +02:00
randomshell
317c4dbdbf
Remove easy-rsa <3.0.7 workaround 
We have easy-rsa 3.0.7 and it's not needed anymore
 2020-05-07 20:07:25 +00:00
Stanislas Lange
5e2e67f78d style: format with shfmt 2020-05-01 00:10:11 +02:00
Henry N
9096af1677
feat: push IPv6 endpoint with DHCP when self-hosted DNS resolver is in use (#600) 
Co-authored-by: randomshell <43271778+randomshell@users.noreply.github.com>
Co-authored-by: Stanislas <angristan@pm.me>
 2020-05-01 00:04:38 +02:00
Henry N
80e89836f1
fix: add IPv6 INPUT iptables rule on incoming port (#601) 
Co-authored-by: Stanislas <angristan@pm.me>
 2020-04-30 23:42:09 +02:00
Stanislas Lange
ec36253e75 Revert "refactor(install): update policycoreutils-python package name on CentOS" 
This reverts commit 2370f802b7.
 2020-04-28 11:51:23 +02:00
Stanislas Lange
2370f802b7 refactor(install): update policycoreutils-python package name on CentOS 2020-04-28 11:44:53 +02:00
Stanislas Lange
0e961a2e6b refactor(install): simplify easy-rsa install process 2020-04-27 19:20:40 +02:00
D. Robin
529d365693
build(easy-rsa): 3.0.6 -> 3.0.7 (#641) 2020-04-27 19:10:49 +02:00
Stanislas Lange
369c8dadaa refactor(menu): remove clear console 2020-04-27 18:06:59 +02:00
Henry N
182c43316f
feat(install): get system IPv6 resolvers if enabled (#599) 2020-04-27 18:04:18 +02:00
Stanislas Lange
96e6ea71e9 fix(newClient): exit if client name already taken 
fix  #613
 2020-04-27 17:45:58 +02:00
Stanislas Lange
f411d9dec7 fix(revokeClient): fix prompt input check 
fix #477 #590
 2020-04-27 17:36:04 +02:00
Stanislas Lange
c758418c6d style(script) format with shfmt 2020-04-27 16:25:20 +02:00
Henry N
2a35a3db16
refactor(install): simplify detection of public IP4, add fallback to IPv6 (#589) 2020-04-27 16:24:30 +02:00
Stanislas Lange
fdb35b86c6 fix(fedora): install policycoreutils-python-utils for selinux 2020-04-27 16:19:09 +02:00
Stanislas Lange
29980e6bef style(script) format with shfmt 2020-04-27 16:05:51 +02:00
randomshell
3b2c84b94d
fix(selinux): fix deletion of selinux policy (#555) 2020-04-27 16:03:55 +02:00
Stanislas
6cc0022dff
style(script): format with shfmt (#638) 
shfmt -w -s
 2020-04-27 14:59:19 +02:00
Stanislas Lange
e3139cd877 Revert "feat(curves): add secp256k1 option (#315)" 
This reverts commit 8d5bb43aed.

Tested with Viscosity, doesn't work
 2020-04-27 14:36:44 +02:00
Sidd
8d5bb43aed
feat(curves): add secp256k1 option (#315) 2020-04-27 14:22:35 +02:00
randomshell
62a4ff3b41
fix(client conf): ignore block-outside-dns if not supported (#628) 2020-04-27 14:19:25 +02:00
randomshell
159ab9af6e
refactor(revoke client): remove uneeded cleanup (#607) 
The deletion of issued files is handled by easy-rsa.
See function move_revoked() f0129cfe62/easyrsa3/easyrsa (L1050)
 2020-04-27 14:12:23 +02:00
John E
fe0b995bdf
feat(headless): make script idempotent 
This set of changes adjusts the script so that you can run it multiple times with the same input and not have any unexpected changes. This makes it appropriate for "enforcing state", as required by automated provisioners like Puppet, Salt, Chef, or Ansible.

 - Unbound, OpenVPN, easy-rsa, and other dependencies are only installed from upstream if they are not already present. This prevents multiple runs of the script from causing unexpected version upgrades.
 - The easy-rsa system is put in a folder called "easy-rsa-auto" so it can't conflict with the "easy-rsa" folder from some older OpenVPN packages
 - The easy-rsa CA is only initialized once
 - SERVER_CN and SERVER_NAME are randomly generated once and saved for future reference
 - File append ('>>') is only done strictly after a file is created with '>' (e.g. /etc/sysctl.d/20-openvpn.conf)
 - Clients are only added to easy-rsa once
 - If AUTO_INSTALL == y, then the script operates in install mode and doesn't enter manageMenu
 2020-04-27 13:56:34 +02:00
Stanislas Lange
3b0c2ace90 fix(checkOS): update Ubuntu/Debian compatibility check 2020-04-27 13:37:52 +02:00
randomshell
6989b0d326
Add support for client-configuration-dir (#609) 2020-04-10 17:49:07 +02:00
Henry N
0bf522ee2f
Merge branch 'master' into patch-7 2020-04-10 12:22:56 +02:00
randomshell
2c9c0ed0c3
Improve sed line deletion (#608) 2020-04-10 11:42:57 +02:00
Henry N
7742636a29
Merge changes from #591 2020-04-07 21:48:08 +02:00
Henry N
ac6d93b31e
Merge branch 'master' into patch-7 2020-04-07 21:43:36 +02:00
Henry N
fdd576eea5
openvpn.conf: TAB/ident 
All entries after "server:" with a TAP/ident
 2020-04-07 20:21:32 +02:00
randomshell
ef5d5faf30
Change = conditional to == (#591) 2020-04-06 14:51:58 +02:00
Henry N
6e8aeb3505
Uninstallation: restart unbound only if not removed (#612) 2020-04-06 14:41:10 +02:00
Henry N
d670973f0b
Arch: do-daemonize no is default 
Arch Linux starts "/usr/bin/unbound -d -p".
"-d" do not fork into the background.
So the "daemonize: no" is default. (For Systemd on Arch Linux)
 2020-04-04 22:14:40 +02:00
Henry N
96e2420ad0
arch-Linux: Remove defaults 
use-syslog is default, directory /etc/unbound is default, port 53 is default
 2020-04-04 21:55:40 +02:00
Henry N
3cc3715b0e
arch: username unbound default 
"username: unbound" is default. Found in arch linu xdefauls unbound.conf and https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/#username
 2020-04-04 21:20:02 +02:00
Henry N
f15c88c0aa
Text unbound.conf.d/openvpn.conf 2020-04-02 21:03:46 +02:00
Henry N
e123635e7c
Add comments to some DNS options in code (#598) 2020-04-02 16:30:50 +02:00
Henry N
e5f169ad3b
Remove intermediate echo 2020-04-01 23:58:37 +02:00
Henry N
6e21a54081
Full path to remove include openvpn.conf 
Full path to remove include of /etc/unbound/unbound.conf.d/openvpn.conf,
and missing ":" after the "include".
 2020-04-01 23:53:36 +02:00
Henry N
d744222674
DNS Rebinding fix for all OS 2020-04-01 23:35:36 +02:00
Henry N
d31dad466a
harden-glue: and qname-minimisation for all OS 
harden-glue: yes and qname-minimisation: yes for all OS, not only for Arch.
 2020-04-01 23:25:27 +02:00
Henry N
148cbf93a9
one unbound config for all OS 
Fix for #602
Create new config as /etc/unbound/unbound.conf.d/openvpn.conf,
include this into /etc/unbound/unbound.conf.
On uninstall simple remove the include, if if was injected by openvpn-install.
 2020-04-01 00:57:56 +02:00
randomshell
7ed9cac8d7
Change Adguard DNS to Anycast (#596) 
See map at https://adguard.com/en/adguard-dns/overview.html
 2020-03-31 23:05:44 +02:00
Henry N
44105eb060 Fix systemd unit issue on Debian 9 (#585) 
On Debian 9 the copy of unit file `/etc/systemd/system/openvpn@.service` has no effect, see #583.
Same problem as #129 and #378, unit can not start on OpenVZ.

It must execute `systemctl enable` before `systemctl restart`.
So the new link to `/etc/systemd/system/openvpn@.service` was created before `systemctl restart`.

Fix https://github.com/angristan/openvpn-install/issues/583
 2020-03-28 15:41:37 +01:00
Henry N
3d075c8708
Print warning about empty public interface (#581) 
Warning, if cannot detect public interface, and give user a choice to continue or abord.
 2020-03-26 21:27:16 +01:00
Henry N
23e533431a
Fix error messag mkdir /etc/iptables (#580) 
Fix this error message:
mkdir: cannot create directory ‘/etc/iptables’: File exists
 2020-03-26 21:24:50 +01:00
Henry N
130659b003
Add explicit-exit-notify for UDP (#579) 
For faster reconnects with UDP is better to send the the explicit-exit-notify to server. With this the server can directly see, that the client will exit.
 2020-03-26 21:24:20 +01:00
Henry N
aab5e7b2ff
Fix getting pulic interface in IPv6 only (#578) 
In a IPv6 only environment, the variable $NIC would be empty and iptables in add-openvpn-rules.sh will fail by missing argument.
 2020-03-26 21:22:22 +01:00
randomshell
6bb87ae716
Install semanage command on CentoOS (#554) 
CentOS has selinux enabled by default but it hasn't the `semanage` command required to run OpenVPN on another port.
'policycoreutils-python*' match `policycoreutils-python' in CentOS 7 and `policycoreutils-python-utils` in Centos 8.
 2020-03-14 20:25:22 +01:00