Ubuntu uses openvpn repo to get newer version and...

clients get two more security parameters to harden connection further and...
hopefully fix use of testing branch and...
why is there no modern Road Rash game, that was the best.
This commit is contained in:
Kaladin Light 2016-05-07 12:33:52 -04:00
parent b8e736e94b
commit 0277054de1
3 changed files with 23 additions and 11 deletions

View file

@ -7,6 +7,8 @@ nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
verify-x509-name SRVRNAME name
cipher AES-256-CBC
auth SHA256
comp-lzo

View file

@ -333,9 +333,15 @@ checkForDependencies() {
timestampAsDate=$(date -d @"$timestamp" "+%b %e")
today=$(date "+%b %e")
if [ ! "$today" == "$timestampAsDate" ]; then
if [[ $PLAT == "ubuntu" ]]; then
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add -
echo "deb http://swupdate.openvpn.net/apt trusty main" | $SUDO tee /etc/apt/sources.list.d/swupdate.openvpn.net.list > /dev/null
fi
if [ ! "$today" == "$timestampAsDate" ] || [ $PLAT = "ubuntu" ]; then
#update package lists
echo ":::"
echo "::: Either you are on ubuntu or"
echo -n "::: apt-get update has not been run today. Running now..."
$SUDO apt-get -qq update & spinner $!
echo " done!"
@ -355,13 +361,13 @@ checkForDependencies() {
echo ":::"
echo "::: Checking dependencies:"
dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG )
dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG )
for i in "${dependencies[@]}"; do
echo -n "::: Checking for $i..."
if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then
echo -n " Not found! Installing...."
#Supply answers to the questions so we don't prompt user
if [[ $i -eq "iptables-persistent" ]]; then
if [[ $i = "iptables-persistent" ]]; then
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections
fi
@ -407,7 +413,7 @@ make_repo() {
if [ -z ${TESTING+x} ]; then
:
else
$SUDO git checkout test
$SUDO git -C $1 checkout test
fi
echo " done!"
}
@ -420,7 +426,7 @@ update_repo() {
if [ -z ${TESTING+x} ]; then
:
else
$SUDO git checkout test
${SUDOE} git checkout test
fi
echo " done!"
}
@ -672,11 +678,6 @@ confOpenVPN() {
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
# if using ubuntu remove tls-server-min line as they have an older openvpn
if [[ $PLAT == "ubuntu" ]]; then
$SUDO sed -i '/tls-version-min/s/^/# /' /etc/openvpn/server.conf
fi
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
# Set the user encryption key size
@ -779,6 +780,9 @@ confOVPN() {
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi
# verify server name to strengthen security
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
$SUDO mkdir /home/$pivpnUser/ovpns
$SUDO chmod 0777 -R /home/$pivpnUser/ovpns
}

View file

@ -17,6 +17,7 @@ else
fi
INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
PLAT=$(cat /etc/pivpn/DET_PLATFORM)
# Find the rows and columns
rows=$(tput lines)
@ -74,18 +75,23 @@ echo ":::"
echo "::: Removing pivpn system files..."
$SUDO rm -rf /opt/pivpn &> /dev/null
$SUDO rm -rf /etc/.pivpn &> /dev/null
$SUDO rm -rf /etc/pivpn &> /dev/null
$SUDO rm -rf /home/$INSTALL_USER/ovpns &> /dev/null
$SUDO rm -rf /var/log/*pivpn* &> /dev/null
$SUDO rm -rf /var/log/*openvpn* &> /dev/null
if [[ $UINST_OVPN = 1 ]]; then
$SUDO rm -rf /etc/openvpn &> /dev/null
if [[ $PLAT = "ubuntu" ]]; then
printf "::: Removing openvpn apt source..."
$SUDO rm -rf /etc/apt/sources.list.d/swupdate.openvpn.net.list &> /dev/null
$SUDO apt-get -qq update & spinner $!; printf "done!\n";
fi
fi
if [[ $UINST_UNATTUPG = 1 ]]; then
$SUDO rm -rf /var/log/unattended-upgrades
$SUDO rm -rf /etc/apt/apt.conf.d/*periodic
fi
$SUDO rm -rf /etc/pivpn &> /dev/null
$SUDO rm /usr/local/bin/pivpn &> /dev/null
$SUDO rm /etc/bash_completion.d/pivpn