mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-19 19:30:16 +00:00
Ubuntu uses openvpn repo to get newer version and...
clients get two more security parameters to harden connection further and... hopefully fix use of testing branch and... why is there no modern Road Rash game, that was the best.
This commit is contained in:
Kaladin Light
parent
b8e736e94b
commit
0277054de1
3 changed files with 23 additions and 11 deletions
|
|
@ -7,6 +7,8 @@ nobind
|
|||
persist-key
|
||||
persist-tun
|
||||
key-direction 1
|
||||
remote-cert-tls server
|
||||
verify-x509-name SRVRNAME name
|
||||
cipher AES-256-CBC
|
||||
auth SHA256
|
||||
comp-lzo
|
||||
|
|
|
|||
|
|
@ -332,10 +332,16 @@ checkForDependencies() {
|
|||
timestamp=$(stat -c %Y /var/cache/apt/)
|
||||
timestampAsDate=$(date -d @"$timestamp" "+%b %e")
|
||||
today=$(date "+%b %e")
|
||||
|
||||
if [[ $PLAT == "ubuntu" ]]; then
|
||||
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add -
|
||||
echo "deb http://swupdate.openvpn.net/apt trusty main" | $SUDO tee /etc/apt/sources.list.d/swupdate.openvpn.net.list > /dev/null
|
||||
fi
|
||||
|
||||
if [ ! "$today" == "$timestampAsDate" ]; then
|
||||
if [ ! "$today" == "$timestampAsDate" ] || [ $PLAT = "ubuntu" ]; then
|
||||
#update package lists
|
||||
echo ":::"
|
||||
echo "::: Either you are on ubuntu or"
|
||||
echo -n "::: apt-get update has not been run today. Running now..."
|
||||
$SUDO apt-get -qq update & spinner $!
|
||||
echo " done!"
|
||||
|
|
@ -355,13 +361,13 @@ checkForDependencies() {
|
|||
echo ":::"
|
||||
echo "::: Checking dependencies:"
|
||||
|
||||
dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG )
|
||||
dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG )
|
||||
for i in "${dependencies[@]}"; do
|
||||
echo -n "::: Checking for $i..."
|
||||
if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then
|
||||
echo -n " Not found! Installing...."
|
||||
#Supply answers to the questions so we don't prompt user
|
||||
if [[ $i -eq "iptables-persistent" ]]; then
|
||||
if [[ $i = "iptables-persistent" ]]; then
|
||||
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections
|
||||
echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections
|
||||
fi
|
||||
|
|
@ -407,7 +413,7 @@ make_repo() {
|
|||
if [ -z ${TESTING+x} ]; then
|
||||
:
|
||||
else
|
||||
$SUDO git checkout test
|
||||
$SUDO git -C $1 checkout test
|
||||
fi
|
||||
echo " done!"
|
||||
}
|
||||
|
|
@ -420,7 +426,7 @@ update_repo() {
|
|||
if [ -z ${TESTING+x} ]; then
|
||||
:
|
||||
else
|
||||
$SUDO git checkout test
|
||||
${SUDOE} git checkout test
|
||||
fi
|
||||
echo " done!"
|
||||
}
|
||||
|
|
@ -672,11 +678,6 @@ confOpenVPN() {
|
|||
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
||||
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
|
||||
|
||||
# if using ubuntu remove tls-server-min line as they have an older openvpn
|
||||
if [[ $PLAT == "ubuntu" ]]; then
|
||||
$SUDO sed -i '/tls-version-min/s/^/# /' /etc/openvpn/server.conf
|
||||
fi
|
||||
|
||||
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
|
||||
|
||||
# Set the user encryption key size
|
||||
|
|
@ -779,6 +780,9 @@ confOVPN() {
|
|||
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
|
||||
fi
|
||||
|
||||
# verify server name to strengthen security
|
||||
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
|
||||
|
||||
$SUDO mkdir /home/$pivpnUser/ovpns
|
||||
$SUDO chmod 0777 -R /home/$pivpnUser/ovpns
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ else
|
|||
fi
|
||||
|
||||
INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
|
||||
PLAT=$(cat /etc/pivpn/DET_PLATFORM)
|
||||
|
||||
# Find the rows and columns
|
||||
rows=$(tput lines)
|
||||
|
|
@ -74,18 +75,23 @@ echo ":::"
|
|||
echo "::: Removing pivpn system files..."
|
||||
$SUDO rm -rf /opt/pivpn &> /dev/null
|
||||
$SUDO rm -rf /etc/.pivpn &> /dev/null
|
||||
$SUDO rm -rf /etc/pivpn &> /dev/null
|
||||
$SUDO rm -rf /home/$INSTALL_USER/ovpns &> /dev/null
|
||||
|
||||
$SUDO rm -rf /var/log/*pivpn* &> /dev/null
|
||||
$SUDO rm -rf /var/log/*openvpn* &> /dev/null
|
||||
if [[ $UINST_OVPN = 1 ]]; then
|
||||
$SUDO rm -rf /etc/openvpn &> /dev/null
|
||||
if [[ $PLAT = "ubuntu" ]]; then
|
||||
printf "::: Removing openvpn apt source..."
|
||||
$SUDO rm -rf /etc/apt/sources.list.d/swupdate.openvpn.net.list &> /dev/null
|
||||
$SUDO apt-get -qq update & spinner $!; printf "done!\n";
|
||||
fi
|
||||
fi
|
||||
if [[ $UINST_UNATTUPG = 1 ]]; then
|
||||
$SUDO rm -rf /var/log/unattended-upgrades
|
||||
$SUDO rm -rf /etc/apt/apt.conf.d/*periodic
|
||||
fi
|
||||
$SUDO rm -rf /etc/pivpn &> /dev/null
|
||||
$SUDO rm /usr/local/bin/pivpn &> /dev/null
|
||||
$SUDO rm /etc/bash_completion.d/pivpn
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue