2019-11-07 16:29:21 +00:00
#!/usr/bin/env bash
# PiVPN: Uninstall Script
2019-12-09 12:34:25 +00:00
### FIXME: global: config storage, refactor all scripts to adhere to the storage
### FIXME: use variables where appropriate, reduce magic numbers by 99.9%, at least.
2019-11-07 16:29:21 +00:00
PKG_MANAGER = "apt-get"
Merge test (#929)
* added link to server status dashboard
* Replaced Header with bold instead
* More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code
- Add curl as a dependency for those who run the script without 'curl URL | bash'.
- Use POSIX 'command -v' instead of 'hash'.
- Check if packages have actually been installed and abort execution if they have not.
- Fixed issue with getStaticIPv4Settings() that prevented existing network settings
to be used as static IP settings when running the script unattended with empty
$IPv4addr and $IPv4gw variables.
- Exit if processing wireguard-linux-compat fails.
- Exit if 50unattended-upgrades fails to extract.
- Exit clientSTAT.sh if the wg0 interface is not available.
- Moved the Self Check to a single script since dedicated versions were very similar.
- Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel.
* Fixed cosmetic issue with spinner, added missing spinner to some APT commands
* Detect current netmask, validate user input when configuring a static IP
* Inform the user when updating the package cache, which can be slow on some RPis
* Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct
* Restart pihole in the more appropriate restartServices() function
* Improve static IP selection, validate public DNS name of the server
- Default to 'No' when asking if the RPi has DHCP reservation, considered
that the user may not be fully aware, furthermore, setting a static IP
anyways doesn't do harm.
- Validate existing IPv4 settings (address, gateway, DNS) to avoid filling
'/etc/dhcpcd.conf' with invalid data.
- Validate public DNS name of the server inside askPublicIPOrDNS() function
* Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories
- Added a basic sanity check to downloaded DH paramenters, which doubles as a
check for missing .pem file.
- Fix 'pivpn -c' showing the month number instead of the day of the month when
using WireGuard.
- Removing APT keys is risky, it would break APT update/upgrade if the user
already was already using the unstable repo.
- Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for
$i... already installed'.
- Check whether the OpenVPN repo and the Debian unstable repo are already used.
* Improvements to getStaticIPv4Settings()
- Use a regular expression to extract IPs from the 'ip' command. With this,
there is a little need to validate output. Even though the regex will match
invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did,
the script would not have reached this function due to previous functions
using the network with broken routes and addresses.
- Get the IP address from the selected interface rather then from the 'ip route'
command as it's not guaranteed that such IP is the same of the interface the
user decided to use (though on a Raspberry Pi inside a home LAN, most likely
it is, but it also maskes easier to get the IP in the CIDR notation with a
single 'ip | grep' pipe).
* Moved command substitution to specific functions to avoid unnecessary execution
- Moved $availableInterfaces and $CurrentIPv4gw from the script header to
their relevant function, considered that if the OS is not Raspbian a static
IP is not set, so those variables are not used.
* Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919
- Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can
still generate his own if he wishes).
https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups
2020-01-31 15:40:09 +00:00
UPDATE_PKG_CACHE = " ${ PKG_MANAGER } update "
2019-12-10 18:07:08 +00:00
subnetClass = "24"
2019-11-07 16:29:21 +00:00
setupVars = "/etc/pivpn/setupVars.conf"
if [ ! -f " ${ setupVars } " ] ; then
echo "::: Missing setup vars file!"
exit 1
fi
2019-12-09 12:34:25 +00:00
# shellcheck disable=SC1090
2019-11-07 16:29:21 +00:00
source " ${ setupVars } "
# Find the rows and columns. Will default to 80x24 if it can not be detected.
screen_size = $( stty size 2>/dev/null || echo 24 80)
2019-12-09 12:34:25 +00:00
rows = $( echo " $screen_size " | awk '{print $1}' )
columns = $( echo " $screen_size " | awk '{print $2}' )
2019-11-07 16:29:21 +00:00
# Divide by two so the dialogs take up half of the screen, which looks nice.
r = $(( rows / 2 ))
c = $(( columns / 2 ))
# Unless the screen is tiny
r = $(( r < 20 ? 20 : r ))
c = $(( c < 70 ? 70 : c ))
2019-12-09 12:34:25 +00:00
### FIXME: introduce global lib
2019-11-07 16:29:21 +00:00
spinner( ) {
local pid = $1
local delay = 0.50
local spinstr = '/-\|'
Merge test (#929)
* added link to server status dashboard
* Replaced Header with bold instead
* More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code
- Add curl as a dependency for those who run the script without 'curl URL | bash'.
- Use POSIX 'command -v' instead of 'hash'.
- Check if packages have actually been installed and abort execution if they have not.
- Fixed issue with getStaticIPv4Settings() that prevented existing network settings
to be used as static IP settings when running the script unattended with empty
$IPv4addr and $IPv4gw variables.
- Exit if processing wireguard-linux-compat fails.
- Exit if 50unattended-upgrades fails to extract.
- Exit clientSTAT.sh if the wg0 interface is not available.
- Moved the Self Check to a single script since dedicated versions were very similar.
- Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel.
* Fixed cosmetic issue with spinner, added missing spinner to some APT commands
* Detect current netmask, validate user input when configuring a static IP
* Inform the user when updating the package cache, which can be slow on some RPis
* Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct
* Restart pihole in the more appropriate restartServices() function
* Improve static IP selection, validate public DNS name of the server
- Default to 'No' when asking if the RPi has DHCP reservation, considered
that the user may not be fully aware, furthermore, setting a static IP
anyways doesn't do harm.
- Validate existing IPv4 settings (address, gateway, DNS) to avoid filling
'/etc/dhcpcd.conf' with invalid data.
- Validate public DNS name of the server inside askPublicIPOrDNS() function
* Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories
- Added a basic sanity check to downloaded DH paramenters, which doubles as a
check for missing .pem file.
- Fix 'pivpn -c' showing the month number instead of the day of the month when
using WireGuard.
- Removing APT keys is risky, it would break APT update/upgrade if the user
already was already using the unstable repo.
- Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for
$i... already installed'.
- Check whether the OpenVPN repo and the Debian unstable repo are already used.
* Improvements to getStaticIPv4Settings()
- Use a regular expression to extract IPs from the 'ip' command. With this,
there is a little need to validate output. Even though the regex will match
invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did,
the script would not have reached this function due to previous functions
using the network with broken routes and addresses.
- Get the IP address from the selected interface rather then from the 'ip route'
command as it's not guaranteed that such IP is the same of the interface the
user decided to use (though on a Raspberry Pi inside a home LAN, most likely
it is, but it also maskes easier to get the IP in the CIDR notation with a
single 'ip | grep' pipe).
* Moved command substitution to specific functions to avoid unnecessary execution
- Moved $availableInterfaces and $CurrentIPv4gw from the script header to
their relevant function, considered that if the OS is not Raspbian a static
IP is not set, so those variables are not used.
* Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919
- Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can
still generate his own if he wishes).
https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups
2020-01-31 15:40:09 +00:00
while ps a | awk '{print $1}' | grep -q " $pid " ; do
2019-11-07 16:29:21 +00:00
local temp = ${ spinstr #? }
printf " [%c] " " $spinstr "
local spinstr = $temp ${ spinstr % " $temp " }
sleep $delay
2019-12-09 12:34:25 +00:00
printf "\\b\\b\\b\\b\\b\\b"
2019-11-07 16:29:21 +00:00
done
2019-12-09 12:34:25 +00:00
printf " \\b\\b\\b\\b"
2019-11-07 16:29:21 +00:00
}
removeAll( ) {
# Stopping and disabling services
echo "::: Stopping and disabling services..."
2019-11-14 14:07:01 +00:00
if [ " $VPN " = "wireguard" ] ; then
2019-11-07 16:29:21 +00:00
systemctl stop wg-quick@wg0
systemctl disable wg-quick@wg0 & > /dev/null
2019-11-14 14:07:01 +00:00
elif [ " $VPN " = "openvpn" ] ; then
2019-11-07 16:29:21 +00:00
systemctl stop openvpn
systemctl disable openvpn & > /dev/null
fi
# Removing firewall rules.
echo "::: Removing firewall rules..."
2019-12-09 12:34:25 +00:00
### FIXME: introduce global config space!
2019-11-14 14:07:01 +00:00
if [ " $VPN " = "wireguard" ] ; then
2019-11-07 17:12:06 +00:00
pivpnPROTO = "udp"
2019-11-14 14:07:01 +00:00
pivpnDEV = "wg0"
pivpnNET = "10.6.0.0"
elif [ " $VPN " = "openvpn" ] ; then
2019-11-07 16:29:21 +00:00
pivpnDEV = "tun0"
2019-11-14 14:07:01 +00:00
pivpnNET = "10.8.0.0"
2019-11-07 16:29:21 +00:00
fi
if [ " $USING_UFW " -eq 1 ] ; then
2019-12-09 12:34:25 +00:00
### FIXME: SC2154
2019-11-07 17:12:06 +00:00
ufw delete allow " ${ pivpnPORT } " /" ${ pivpnPROTO } " > /dev/null
2019-12-09 12:34:25 +00:00
### FIXME: SC2154
2019-12-10 18:07:08 +00:00
ufw route delete allow in on " ${ pivpnDEV } " from " ${ pivpnNET } / ${ subnetClass } " out on " ${ IPv4dev } " to any > /dev/null
2019-12-29 17:25:35 +00:00
sed -z " s/*nat\\n:POSTROUTING ACCEPT \\[0:0\\]\\n-I POSTROUTING -s ${ pivpnNET } \\/ ${ subnetClass } -o ${ IPv4dev } -j MASQUERADE -m comment --comment ${ VPN } -nat-rule\\nCOMMIT\\n\\n// " -i /etc/ufw/before.rules
iptables -t nat -D POSTROUTING -s " ${ pivpnNET } / ${ subnetClass } " -o " ${ IPv4dev } " -j MASQUERADE -m comment --comment " ${ VPN } -nat-rule "
2019-11-07 16:29:21 +00:00
ufw reload & > /dev/null
elif [ " $USING_UFW " -eq 0 ] ; then
if [ " $INPUT_CHAIN_EDITED " -eq 1 ] ; then
2019-12-29 17:25:35 +00:00
iptables -D INPUT -i " ${ IPv4dev } " -p " ${ pivpnPROTO } " --dport " ${ pivpnPORT } " -j ACCEPT -m comment --comment " ${ VPN } -input-rule "
2019-11-07 16:29:21 +00:00
fi
if [ " $FORWARD_CHAIN_EDITED " -eq 1 ] ; then
2019-12-29 17:25:35 +00:00
iptables -D FORWARD -d " ${ pivpnNET } / ${ subnetClass } " -i " ${ IPv4dev } " -o " ${ pivpnDEV } " -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment " ${ VPN } -forward-rule "
iptables -D FORWARD -s " ${ pivpnNET } / ${ subnetClass } " -i " ${ pivpnDEV } " -o " ${ IPv4dev } " -j ACCEPT -m comment --comment " ${ VPN } -forward-rule "
2019-11-07 16:29:21 +00:00
fi
2019-12-29 17:25:35 +00:00
iptables -t nat -D POSTROUTING -s " ${ pivpnNET } / ${ subnetClass } " -o " ${ IPv4dev } " -j MASQUERADE -m comment --comment " ${ VPN } -nat-rule "
2019-11-07 16:29:21 +00:00
iptables-save > /etc/iptables/rules.v4
fi
# Disable IPv4 forwarding
sed -i '/net.ipv4.ip_forward=1/c\#net.ipv4.ip_forward=1' /etc/sysctl.conf
sysctl -p
# Purge dependencies
echo "::: Purge dependencies..."
Merge test (#929)
* added link to server status dashboard
* Replaced Header with bold instead
* More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code
- Add curl as a dependency for those who run the script without 'curl URL | bash'.
- Use POSIX 'command -v' instead of 'hash'.
- Check if packages have actually been installed and abort execution if they have not.
- Fixed issue with getStaticIPv4Settings() that prevented existing network settings
to be used as static IP settings when running the script unattended with empty
$IPv4addr and $IPv4gw variables.
- Exit if processing wireguard-linux-compat fails.
- Exit if 50unattended-upgrades fails to extract.
- Exit clientSTAT.sh if the wg0 interface is not available.
- Moved the Self Check to a single script since dedicated versions were very similar.
- Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel.
* Fixed cosmetic issue with spinner, added missing spinner to some APT commands
* Detect current netmask, validate user input when configuring a static IP
* Inform the user when updating the package cache, which can be slow on some RPis
* Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct
* Restart pihole in the more appropriate restartServices() function
* Improve static IP selection, validate public DNS name of the server
- Default to 'No' when asking if the RPi has DHCP reservation, considered
that the user may not be fully aware, furthermore, setting a static IP
anyways doesn't do harm.
- Validate existing IPv4 settings (address, gateway, DNS) to avoid filling
'/etc/dhcpcd.conf' with invalid data.
- Validate public DNS name of the server inside askPublicIPOrDNS() function
* Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories
- Added a basic sanity check to downloaded DH paramenters, which doubles as a
check for missing .pem file.
- Fix 'pivpn -c' showing the month number instead of the day of the month when
using WireGuard.
- Removing APT keys is risky, it would break APT update/upgrade if the user
already was already using the unstable repo.
- Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for
$i... already installed'.
- Check whether the OpenVPN repo and the Debian unstable repo are already used.
* Improvements to getStaticIPv4Settings()
- Use a regular expression to extract IPs from the 'ip' command. With this,
there is a little need to validate output. Even though the regex will match
invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did,
the script would not have reached this function due to previous functions
using the network with broken routes and addresses.
- Get the IP address from the selected interface rather then from the 'ip route'
command as it's not guaranteed that such IP is the same of the interface the
user decided to use (though on a Raspberry Pi inside a home LAN, most likely
it is, but it also maskes easier to get the IP in the CIDR notation with a
single 'ip | grep' pipe).
* Moved command substitution to specific functions to avoid unnecessary execution
- Moved $availableInterfaces and $CurrentIPv4gw from the script header to
their relevant function, considered that if the OS is not Raspbian a static
IP is not set, so those variables are not used.
* Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919
- Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can
still generate his own if he wishes).
https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups
2020-01-31 15:40:09 +00:00
for i in " ${ INSTALLED_PACKAGES [@] } " ; do
2019-11-07 16:29:21 +00:00
while true; do
read -rp " ::: Do you wish to remove $i from your system? [Y/n]: " yn
case $yn in
[ Yy] * ) if [ " ${ i } " = "wireguard" ] ; then
2019-11-19 16:29:41 +00:00
# On Debian and armv7l Raspbian, remove the unstable repo (on armv6l Raspbian
# there is no wireguard package). On Ubuntu, remove the PPA.
2019-12-09 12:34:25 +00:00
### FIXME: unconditionally rm'ing unstable.list isn't a good idea, it appears. What if someone else put it there manually?
2019-11-19 16:29:41 +00:00
if [ " $PLAT " = "Debian" ] || { [ " $PLAT " = "Raspbian" ] && [ " $( uname -m) " = "armv7l" ] ; } ; then
2020-01-20 08:56:07 +00:00
rm -f /etc/apt/sources.list.d/pivpn-unstable.list
rm -f /etc/apt/preferences.d/pivpn-limit-unstable
2019-11-19 16:29:41 +00:00
elif [ " $PLAT " = "Ubuntu" ] ; then
add-apt-repository ppa:wireguard/wireguard -r -y
2019-11-07 16:29:21 +00:00
fi
Merge test (#929)
* added link to server status dashboard
* Replaced Header with bold instead
* More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code
- Add curl as a dependency for those who run the script without 'curl URL | bash'.
- Use POSIX 'command -v' instead of 'hash'.
- Check if packages have actually been installed and abort execution if they have not.
- Fixed issue with getStaticIPv4Settings() that prevented existing network settings
to be used as static IP settings when running the script unattended with empty
$IPv4addr and $IPv4gw variables.
- Exit if processing wireguard-linux-compat fails.
- Exit if 50unattended-upgrades fails to extract.
- Exit clientSTAT.sh if the wg0 interface is not available.
- Moved the Self Check to a single script since dedicated versions were very similar.
- Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel.
* Fixed cosmetic issue with spinner, added missing spinner to some APT commands
* Detect current netmask, validate user input when configuring a static IP
* Inform the user when updating the package cache, which can be slow on some RPis
* Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct
* Restart pihole in the more appropriate restartServices() function
* Improve static IP selection, validate public DNS name of the server
- Default to 'No' when asking if the RPi has DHCP reservation, considered
that the user may not be fully aware, furthermore, setting a static IP
anyways doesn't do harm.
- Validate existing IPv4 settings (address, gateway, DNS) to avoid filling
'/etc/dhcpcd.conf' with invalid data.
- Validate public DNS name of the server inside askPublicIPOrDNS() function
* Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories
- Added a basic sanity check to downloaded DH paramenters, which doubles as a
check for missing .pem file.
- Fix 'pivpn -c' showing the month number instead of the day of the month when
using WireGuard.
- Removing APT keys is risky, it would break APT update/upgrade if the user
already was already using the unstable repo.
- Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for
$i... already installed'.
- Check whether the OpenVPN repo and the Debian unstable repo are already used.
* Improvements to getStaticIPv4Settings()
- Use a regular expression to extract IPs from the 'ip' command. With this,
there is a little need to validate output. Even though the regex will match
invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did,
the script would not have reached this function due to previous functions
using the network with broken routes and addresses.
- Get the IP address from the selected interface rather then from the 'ip route'
command as it's not guaranteed that such IP is the same of the interface the
user decided to use (though on a Raspberry Pi inside a home LAN, most likely
it is, but it also maskes easier to get the IP in the CIDR notation with a
single 'ip | grep' pipe).
* Moved command substitution to specific functions to avoid unnecessary execution
- Moved $availableInterfaces and $CurrentIPv4gw from the script header to
their relevant function, considered that if the OS is not Raspbian a static
IP is not set, so those variables are not used.
* Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919
- Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can
still generate his own if he wishes).
https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups
2020-01-31 15:40:09 +00:00
echo "::: Updating package cache..."
${ UPDATE_PKG_CACHE } & > /dev/null & spinner $!
2019-11-07 16:29:21 +00:00
elif [ " ${ i } " = "wireguard-dkms" ] ; then
2019-11-19 16:29:41 +00:00
# On armv6l Raspbian we manually remove the kernel module and skip the apt
# uninstallation (since it's not an actual package).
if [ " $PLAT " = "Raspbian" ] && [ " $( uname -m) " = "armv6l" ] ; then
2019-12-29 17:25:35 +00:00
dkms remove wireguard/" ${ WG_MODULE_SNAPSHOT } " --all
rm -rf /usr/src/wireguard-" ${ WG_MODULE_SNAPSHOT } "
2019-11-07 16:29:21 +00:00
break
fi
2019-12-29 17:25:35 +00:00
elif [ " ${ i } " = "wireguard-tools" ] ; then
if [ " $PLAT " = "Raspbian" ] && [ " $( uname -m) " = "armv6l" ] ; then
rm -rf /usr/src/wireguard-tools-" ${ WG_TOOLS_SNAPSHOT } "
fi
2019-11-07 16:29:21 +00:00
elif [ " ${ i } " = "unattended-upgrades" ] ; then
2019-12-09 12:34:25 +00:00
### REALLY???
2019-11-07 16:29:21 +00:00
rm -rf /var/log/unattended-upgrades
rm -rf /etc/apt/apt.conf.d/*periodic
rm -rf /etc/apt/apt.conf.d/*unattended-upgrades
2019-12-09 12:34:25 +00:00
elif [ " ${ i } " = "openvpn" ] ; then
2020-01-20 08:56:07 +00:00
2020-01-21 12:51:25 +00:00
if [ " $PLAT " = "Debian" ] || [ " $PLAT " = "Ubuntu" ] ; then
2020-01-21 14:54:20 +00:00
rm -f /etc/apt/sources.list.d/pivpn-openvpn-repo.list
Merge test (#929)
* added link to server status dashboard
* Replaced Header with bold instead
* More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code
- Add curl as a dependency for those who run the script without 'curl URL | bash'.
- Use POSIX 'command -v' instead of 'hash'.
- Check if packages have actually been installed and abort execution if they have not.
- Fixed issue with getStaticIPv4Settings() that prevented existing network settings
to be used as static IP settings when running the script unattended with empty
$IPv4addr and $IPv4gw variables.
- Exit if processing wireguard-linux-compat fails.
- Exit if 50unattended-upgrades fails to extract.
- Exit clientSTAT.sh if the wg0 interface is not available.
- Moved the Self Check to a single script since dedicated versions were very similar.
- Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel.
* Fixed cosmetic issue with spinner, added missing spinner to some APT commands
* Detect current netmask, validate user input when configuring a static IP
* Inform the user when updating the package cache, which can be slow on some RPis
* Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct
* Restart pihole in the more appropriate restartServices() function
* Improve static IP selection, validate public DNS name of the server
- Default to 'No' when asking if the RPi has DHCP reservation, considered
that the user may not be fully aware, furthermore, setting a static IP
anyways doesn't do harm.
- Validate existing IPv4 settings (address, gateway, DNS) to avoid filling
'/etc/dhcpcd.conf' with invalid data.
- Validate public DNS name of the server inside askPublicIPOrDNS() function
* Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories
- Added a basic sanity check to downloaded DH paramenters, which doubles as a
check for missing .pem file.
- Fix 'pivpn -c' showing the month number instead of the day of the month when
using WireGuard.
- Removing APT keys is risky, it would break APT update/upgrade if the user
already was already using the unstable repo.
- Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for
$i... already installed'.
- Check whether the OpenVPN repo and the Debian unstable repo are already used.
* Improvements to getStaticIPv4Settings()
- Use a regular expression to extract IPs from the 'ip' command. With this,
there is a little need to validate output. Even though the regex will match
invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did,
the script would not have reached this function due to previous functions
using the network with broken routes and addresses.
- Get the IP address from the selected interface rather then from the 'ip route'
command as it's not guaranteed that such IP is the same of the interface the
user decided to use (though on a Raspberry Pi inside a home LAN, most likely
it is, but it also maskes easier to get the IP in the CIDR notation with a
single 'ip | grep' pipe).
* Moved command substitution to specific functions to avoid unnecessary execution
- Moved $availableInterfaces and $CurrentIPv4gw from the script header to
their relevant function, considered that if the OS is not Raspbian a static
IP is not set, so those variables are not used.
* Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919
- Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can
still generate his own if he wishes).
https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups
2020-01-31 15:40:09 +00:00
echo "::: Updating package cache..."
${ UPDATE_PKG_CACHE } & > /dev/null & spinner $!
2020-01-21 12:51:25 +00:00
fi
2020-01-20 08:56:07 +00:00
deluser openvpn
rm -f /etc/rsyslog.d/30-openvpn.conf
rm -f /etc/logrotate.d/openvpn
2019-11-07 16:29:21 +00:00
fi
2019-12-09 12:34:25 +00:00
printf ":::\\tRemoving %s..." " $i " ; $PKG_MANAGER -y remove --purge " $i " & > /dev/null & spinner $! ; printf "done!\\n" ;
2019-11-07 16:29:21 +00:00
break
; ;
2019-12-09 12:34:25 +00:00
[ Nn] * ) printf ":::\\tSkipping %s\\n" " $i " ;
2019-11-07 16:29:21 +00:00
break
; ;
2019-12-09 12:34:25 +00:00
* ) printf "::: You must answer yes or no!\\n" ; ;
2019-11-07 16:29:21 +00:00
esac
done
done
# Take care of any additional package cleaning
printf "::: Auto removing remaining dependencies..."
2019-12-09 12:34:25 +00:00
$PKG_MANAGER -y autoremove & > /dev/null & spinner $! ; printf "done!\\n" ;
2019-11-07 16:29:21 +00:00
printf "::: Auto cleaning remaining dependencies..."
2019-12-09 12:34:25 +00:00
$PKG_MANAGER -y autoclean & > /dev/null & spinner $! ; printf "done!\\n" ;
2019-11-07 16:29:21 +00:00
echo ":::"
# Removing pivpn files
echo "::: Removing pivpn system files..."
if [ -f /etc/dnsmasq.d/02-pivpn.conf ] ; then
2019-11-16 13:58:58 +00:00
rm -f /etc/dnsmasq.d/02-pivpn.conf
2019-11-07 16:29:21 +00:00
pihole restartdns
fi
rm -rf /opt/pivpn
rm -rf /etc/.pivpn
rm -rf /etc/pivpn
2019-12-09 12:34:25 +00:00
rm -f /var/log/*pivpn*
2019-11-16 13:58:58 +00:00
rm -f /usr/local/bin/pivpn
rm -f /etc/bash_completion.d/pivpn
echo ":::"
echo "::: Removing VPN configuration files..."
if [ " $VPN " = "wireguard" ] ; then
rm -f /etc/wireguard/wg0.conf
2019-12-10 15:06:28 +00:00
rm -rf /etc/wireguard/configs
rm -rf /etc/wireguard/keys
2019-12-09 12:34:25 +00:00
### FIXME SC2154
2019-12-10 15:06:28 +00:00
rm -rf " $install_home /configs "
2019-11-16 13:58:58 +00:00
elif [ " $VPN " = "openvpn" ] ; then
2019-12-29 17:25:35 +00:00
rm -rf /var/log/*openvpn*
2019-11-16 13:58:58 +00:00
rm -f /etc/openvpn/server.conf
rm -f /etc/openvpn/crl.pem
2019-12-10 15:06:28 +00:00
rm -rf /etc/openvpn/easy-rsa
rm -rf " $install_home /ovpns "
2019-11-16 13:58:58 +00:00
fi
2019-11-07 16:29:21 +00:00
echo ":::"
2019-12-09 12:34:25 +00:00
printf "::: Finished removing PiVPN from your system.\\n"
2020-02-05 19:29:14 +00:00
printf "::: Reinstall by simpling running\\n:::\\n:::\\tcurl -L https://install.pivpn.io | bash\\n:::\\n::: at any time!\\n:::\\n"
2019-11-07 16:29:21 +00:00
}
askreboot( ) {
2019-12-09 12:34:25 +00:00
printf "It is \\e[1mstrongly\\e[0m recommended to reboot after un-installation.\\n"
2019-11-07 16:29:21 +00:00
read -p "Would you like to reboot now? [y/n]: " -n 1 -r
echo
if [ [ ${ REPLY } = ~ ^[ Yy] $ ] ] ; then
2019-12-09 12:34:25 +00:00
printf "\\nRebooting system...\\n"
2019-11-07 16:29:21 +00:00
sleep 3
shutdown -r now
fi
}
######### SCRIPT ###########
echo "::: Preparing to remove packages, be sure that each may be safely removed depending on your operating system."
echo "::: (SAFE TO REMOVE ALL ON RASPBIAN)"
while true; do
read -rp "::: Do you wish to completely remove PiVPN configuration and installed packages from your system? (You will be prompted for each package) [y/n]: " yn
case $yn in
[ Yy] * ) removeAll; askreboot; break; ;
2019-12-09 12:34:25 +00:00
[ Nn] * ) printf "::: Not removing anything, exiting...\\n" ; break; ;
2019-11-07 16:29:21 +00:00
esac
done