Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-20 03:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Ubuntu uses openvpn repo to get newer version and...

Browse source 
clients get two more security parameters to harden connection further and...
hopefully fix use of testing branch and...
why is there no modern Road Rash game, that was the best.
This commit is contained in:
Kaladin Light 2016-05-07 12:33:52 -04:00
parent b8e736e94b
commit 0277054de1
3 changed files with 23 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Default.txt
View file

@ -7,6 +7,8 @@ nobind
persist-key persist-key
persist-tun persist-tun
key-direction 1 key-direction 1
remote-cert-tls server
verify-x509-name SRVRNAME name
cipher AES-256-CBC cipher AES-256-CBC
auth SHA256 auth SHA256
comp-lzo comp-lzo

24
auto_install/install.sh
View file

@ -333,9 +333,15 @@ checkForDependencies() {
timestampAsDate=$(date -d @"$timestamp" "+%b %e") timestampAsDate=$(date -d @"$timestamp" "+%b %e")
today=$(date "+%b %e") today=$(date "+%b %e")
if [ ! "$today" == "$timestampAsDate" ]; then if [[ $PLAT == "ubuntu" ]]; then
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add -
echo "deb http://swupdate.openvpn.net/apt trusty main" | $SUDO tee /etc/apt/sources.list.d/swupdate.openvpn.net.list > /dev/null
fi
if [ ! "$today" == "$timestampAsDate" ] || [ $PLAT = "ubuntu" ]; then
#update package lists #update package lists
echo ":::" echo ":::"
echo "::: Either you are on ubuntu or"
echo -n "::: apt-get update has not been run today. Running now..." echo -n "::: apt-get update has not been run today. Running now..."
$SUDO apt-get -qq update & spinner $! $SUDO apt-get -qq update & spinner $!
echo " done!" echo " done!"
@ -355,13 +361,13 @@ checkForDependencies() {
echo ":::" echo ":::"
echo "::: Checking dependencies:" echo "::: Checking dependencies:"
dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG ) dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG )
for i in "${dependencies[@]}"; do for i in "${dependencies[@]}"; do
echo -n "::: Checking for $i..." echo -n "::: Checking for $i..."
if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then
echo -n " Not found! Installing...." echo -n " Not found! Installing...."
#Supply answers to the questions so we don't prompt user #Supply answers to the questions so we don't prompt user
if [[ $i -eq "iptables-persistent" ]]; then if [[ $i = "iptables-persistent" ]]; then
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections
fi fi
@ -407,7 +413,7 @@ make_repo() {
if [ -z ${TESTING+x} ]; then if [ -z ${TESTING+x} ]; then
: :
else else
$SUDO git checkout test $SUDO git -C $1 checkout test
fi fi
echo " done!" echo " done!"
} }
@ -420,7 +426,7 @@ update_repo() {
if [ -z ${TESTING+x} ]; then if [ -z ${TESTING+x} ]; then
: :
else else
$SUDO git checkout test ${SUDOE} git checkout test
fi fi
echo " done!" echo " done!"
} }
@ -672,11 +678,6 @@ confOpenVPN() {
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*') LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf $SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
# if using ubuntu remove tls-server-min line as they have an older openvpn
if [[ $PLAT == "ubuntu" ]]; then
$SUDO sed -i '/tls-version-min/s/^/# /' /etc/openvpn/server.conf
fi
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf $SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
# Set the user encryption key size # Set the user encryption key size
@ -779,6 +780,9 @@ confOVPN() {
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt $SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi fi
# verify server name to strengthen security
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
$SUDO mkdir /home/$pivpnUser/ovpns $SUDO mkdir /home/$pivpnUser/ovpns
$SUDO chmod 0777 -R /home/$pivpnUser/ovpns $SUDO chmod 0777 -R /home/$pivpnUser/ovpns
} }

8
scripts/uninstall.sh
View file

@ -17,6 +17,7 @@ else
fi fi
INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER) INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
PLAT=$(cat /etc/pivpn/DET_PLATFORM)
# Find the rows and columns # Find the rows and columns
rows=$(tput lines) rows=$(tput lines)
@ -74,18 +75,23 @@ echo ":::"
echo "::: Removing pivpn system files..." echo "::: Removing pivpn system files..."
$SUDO rm -rf /opt/pivpn &> /dev/null $SUDO rm -rf /opt/pivpn &> /dev/null
$SUDO rm -rf /etc/.pivpn &> /dev/null $SUDO rm -rf /etc/.pivpn &> /dev/null
$SUDO rm -rf /etc/pivpn &> /dev/null
$SUDO rm -rf /home/$INSTALL_USER/ovpns &> /dev/null $SUDO rm -rf /home/$INSTALL_USER/ovpns &> /dev/null
$SUDO rm -rf /var/log/*pivpn* &> /dev/null $SUDO rm -rf /var/log/*pivpn* &> /dev/null
$SUDO rm -rf /var/log/*openvpn* &> /dev/null $SUDO rm -rf /var/log/*openvpn* &> /dev/null
if [[ $UINST_OVPN = 1 ]]; then if [[ $UINST_OVPN = 1 ]]; then
$SUDO rm -rf /etc/openvpn &> /dev/null $SUDO rm -rf /etc/openvpn &> /dev/null
if [[ $PLAT = "ubuntu" ]]; then
printf "::: Removing openvpn apt source..."
$SUDO rm -rf /etc/apt/sources.list.d/swupdate.openvpn.net.list &> /dev/null
$SUDO apt-get -qq update & spinner $!; printf "done!\n";
fi
fi fi
if [[ $UINST_UNATTUPG = 1 ]]; then if [[ $UINST_UNATTUPG = 1 ]]; then
$SUDO rm -rf /var/log/unattended-upgrades $SUDO rm -rf /var/log/unattended-upgrades
$SUDO rm -rf /etc/apt/apt.conf.d/*periodic $SUDO rm -rf /etc/apt/apt.conf.d/*periodic
fi fi
$SUDO rm -rf /etc/pivpn &> /dev/null
$SUDO rm /usr/local/bin/pivpn &> /dev/null $SUDO rm /usr/local/bin/pivpn &> /dev/null
$SUDO rm /etc/bash_completion.d/pivpn $SUDO rm /etc/bash_completion.d/pivpn