From 0277054de1ba3014e52fa4e0b486615ba3becb0b Mon Sep 17 00:00:00 2001 From: Kaladin Light <0.kaladin@gmail.com> Date: Sat, 7 May 2016 12:33:52 -0400 Subject: [PATCH] Ubuntu uses openvpn repo to get newer version and... clients get two more security parameters to harden connection further and... hopefully fix use of testing branch and... why is there no modern Road Rash game, that was the best. --- Default.txt | 2 ++ auto_install/install.sh | 24 ++++++++++++++---------- scripts/uninstall.sh | 8 +++++++- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/Default.txt b/Default.txt index d73440e..2c4d2af 100644 --- a/Default.txt +++ b/Default.txt @@ -7,6 +7,8 @@ nobind persist-key persist-tun key-direction 1 +remote-cert-tls server +verify-x509-name SRVRNAME name cipher AES-256-CBC auth SHA256 comp-lzo diff --git a/auto_install/install.sh b/auto_install/install.sh index ddb9d26..bea8079 100644 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -332,10 +332,16 @@ checkForDependencies() { timestamp=$(stat -c %Y /var/cache/apt/) timestampAsDate=$(date -d @"$timestamp" "+%b %e") today=$(date "+%b %e") + + if [[ $PLAT == "ubuntu" ]]; then + wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add - + echo "deb http://swupdate.openvpn.net/apt trusty main" | $SUDO tee /etc/apt/sources.list.d/swupdate.openvpn.net.list > /dev/null + fi - if [ ! "$today" == "$timestampAsDate" ]; then + if [ ! "$today" == "$timestampAsDate" ] || [ $PLAT = "ubuntu" ]; then #update package lists echo ":::" + echo "::: Either you are on ubuntu or" echo -n "::: apt-get update has not been run today. Running now..." $SUDO apt-get -qq update & spinner $! echo " done!" @@ -355,13 +361,13 @@ checkForDependencies() { echo ":::" echo "::: Checking dependencies:" - dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG ) + dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG ) for i in "${dependencies[@]}"; do echo -n "::: Checking for $i..." if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then echo -n " Not found! Installing...." #Supply answers to the questions so we don't prompt user - if [[ $i -eq "iptables-persistent" ]]; then + if [[ $i = "iptables-persistent" ]]; then echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections fi @@ -407,7 +413,7 @@ make_repo() { if [ -z ${TESTING+x} ]; then : else - $SUDO git checkout test + $SUDO git -C $1 checkout test fi echo " done!" } @@ -420,7 +426,7 @@ update_repo() { if [ -z ${TESTING+x} ]; then : else - $SUDO git checkout test + ${SUDOE} git checkout test fi echo " done!" } @@ -672,11 +678,6 @@ confOpenVPN() { LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*') $SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf - # if using ubuntu remove tls-server-min line as they have an older openvpn - if [[ $PLAT == "ubuntu" ]]; then - $SUDO sed -i '/tls-version-min/s/^/# /' /etc/openvpn/server.conf - fi - $SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf # Set the user encryption key size @@ -779,6 +780,9 @@ confOVPN() { $SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt fi + # verify server name to strengthen security + $SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt + $SUDO mkdir /home/$pivpnUser/ovpns $SUDO chmod 0777 -R /home/$pivpnUser/ovpns } diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 82336f4..afe1553 100644 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -17,6 +17,7 @@ else fi INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER) +PLAT=$(cat /etc/pivpn/DET_PLATFORM) # Find the rows and columns rows=$(tput lines) @@ -74,18 +75,23 @@ echo ":::" echo "::: Removing pivpn system files..." $SUDO rm -rf /opt/pivpn &> /dev/null $SUDO rm -rf /etc/.pivpn &> /dev/null - $SUDO rm -rf /etc/pivpn &> /dev/null $SUDO rm -rf /home/$INSTALL_USER/ovpns &> /dev/null $SUDO rm -rf /var/log/*pivpn* &> /dev/null $SUDO rm -rf /var/log/*openvpn* &> /dev/null if [[ $UINST_OVPN = 1 ]]; then $SUDO rm -rf /etc/openvpn &> /dev/null + if [[ $PLAT = "ubuntu" ]]; then + printf "::: Removing openvpn apt source..." + $SUDO rm -rf /etc/apt/sources.list.d/swupdate.openvpn.net.list &> /dev/null + $SUDO apt-get -qq update & spinner $!; printf "done!\n"; + fi fi if [[ $UINST_UNATTUPG = 1 ]]; then $SUDO rm -rf /var/log/unattended-upgrades $SUDO rm -rf /etc/apt/apt.conf.d/*periodic fi + $SUDO rm -rf /etc/pivpn &> /dev/null $SUDO rm /usr/local/bin/pivpn &> /dev/null $SUDO rm /etc/bash_completion.d/pivpn