Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #514 from orazioedoardo/master

Browse source 
Several changes and some fixes
This commit is contained in:
redfast00 2018-05-29 22:33:42 +02:00 committed by GitHub
commit 09a73f9d3f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 139 additions and 165 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

284
auto_install/install.sh
View file

@ -82,47 +82,33 @@ Would you like to continue anyway?" ${r} ${c}) then
distro_check() { distro_check() {
# if lsb_release command is on their system # if lsb_release command is on their system
if hash lsb_release 2>/dev/null; then if hash lsb_release 2>/dev/null; then
PLAT=$(lsb_release -si)
OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie
case ${PLAT} in PLAT=$(lsb_release -si)
Ubuntu|Raspbian|Debian|Devuan) OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie
case ${OSCN} in
trusty|xenial|jessie|stretch) else # else get info from os-release
;;
*) PLAT=$(grep "^NAME" /etc/os-release | awk -F "=" '{print $2}' | tr -d '"' | awk '{print $1}')
maybeOS_Support VER=$(grep "VERSION_ID" /etc/os-release | awk -F "=" '{print $2}' | tr -d '"')
;; declare -A VER_MAP=(["9"]="stretch" ["8"]="jessie" ["16.04"]="xenial" ["14.04"]="trusty")
esac OSCN=${VER_MAP["${VER}"]}
fi
case ${PLAT} in
Ubuntu|Raspbian|Debian|Devuan)
case ${OSCN} in
trusty|xenial|jessie|stretch)
;; ;;
*) *)
noOS_Support maybeOS_Support
;; ;;
esac esac
# else get info from os-release ;;
elif grep -q devuan /etc/os-release; then *)
if grep -q jessie /etc/os-release; then
PLAT="Raspvuan"
OSCN="jessie"
else
noOS_Support
fi
elif grep -q debian /etc/os-release; then
if grep -q jessie /etc/os-release; then
PLAT="Raspbian"
OSCN="jessie"
elif grep -q stretch /etc/os-release; then
PLAT="Raspbian"
OSCN="stretch"
else
PLAT="Ubuntu"
OSCN="unknown"
maybeOS_Support
fi
# else we prob don't want to install
else
noOS_Support noOS_Support
fi ;;
esac
echo "${PLAT}" > /tmp/DET_PLATFORM echo "${PLAT}" > /tmp/DET_PLATFORM
} }
@ -418,6 +404,23 @@ package_check_install() {
dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}" dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}"
} }
addSoftwareRepo() {
# Add the official OpenVPN repo for distros that don't have the latest version in their default repos
case ${PLAT} in
Ubuntu|Debian|Devuan)
case ${OSCN} in
trusty|xenial|wheezy|jessie)
wget -qO- https://swupdate.openvpn.net/repos/repo-public.gpg | $SUDO apt-key add -
echo "deb http://build.openvpn.net/debian/openvpn/stable $OSCN main" | $SUDO tee /etc/apt/sources.list.d/swupdate.openvpn.net.list > /dev/null
echo -n "::: Adding OpenVPN repo for $PLAT $OSCN ..."
$SUDO apt-get -qq update & spinner $!
echo " done!"
;;
esac
;;
esac
}
update_package_cache() { update_package_cache() {
#Running apt-get update/upgrade with minimal output can cause some issues with #Running apt-get update/upgrade with minimal output can cause some issues with
#requiring user input #requiring user input
@ -695,60 +698,31 @@ setClientDNS() {
Level3 "" off Level3 "" off
DNS.WATCH "" off DNS.WATCH "" off
Norton "" off Norton "" off
FamilyShield "" off FamilyShield "" off
Custom "" off) Custom "" off)
if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
then then
case ${DNSchoices} in
Google)
echo "::: Using Google DNS servers."
OVPNDNS1="8.8.8.8"
OVPNDNS2="8.8.4.4"
# These are already in the file
;;
OpenDNS)
echo "::: Using OpenDNS servers."
OVPNDNS1="208.67.222.222"
OVPNDNS2="208.67.220.220"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Level3)
echo "::: Using Level3 servers."
OVPNDNS1="209.244.0.3"
OVPNDNS2="209.244.0.4"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
DNS.WATCH)
echo "::: Using DNS.WATCH servers."
OVPNDNS1="84.200.69.80"
OVPNDNS2="84.200.70.40"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Norton)
echo "::: Using Norton ConnectSafe servers."
OVPNDNS1="199.85.126.10"
OVPNDNS2="199.85.127.10"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
FamilyShield)
echo "::: Using FamilyShield servers."
OVPNDNS1="208.67.222.123"
OVPNDNS2="208.67.220.123"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Custom)
until [[ $DNSSettingsCorrect = True ]]
do
strInvalid="Invalid"
if OVPNDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" ${r} ${c} "" 3>&1 1>&2 2>&3) if [[ ${DNSchoices} != "Custom" ]]; then
then
echo "::: Using ${DNSchoices} servers."
declare -A DNS_MAP=(["Google"]="8.8.8.8 8.8.4.4" ["OpenDNS"]="208.67.222.222 208.67.220.220" ["Level3"]="209.244.0.3 209.244.0.4" ["DNS.WATCH"]="84.200.69.80 84.200.70.40" ["Norton"]="199.85.126.10 199.85.127.10" ["FamilyShield"]="208.67.222.123 208.67.220.123")
OVPNDNS1=$(awk '{print $1}' <<< "${DNS_MAP["${DNSchoices}"]}")
OVPNDNS2=$(awk '{print $2}' <<< "${DNS_MAP["${DNSchoices}"]}")
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
else
until [[ $DNSSettingsCorrect = True ]]
do
strInvalid="Invalid"
if OVPNDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" ${r} ${c} "" 3>&1 1>&2 2>&3)
then
OVPNDNS1=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$1}') OVPNDNS1=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$1}')
OVPNDNS2=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$2}') OVPNDNS2=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$2}')
if ! valid_ip "$OVPNDNS1" || [ ! "$OVPNDNS1" ]; then if ! valid_ip "$OVPNDNS1" || [ ! "$OVPNDNS1" ]; then
@ -757,11 +731,11 @@ setClientDNS() {
if ! valid_ip "$OVPNDNS2" && [ "$OVPNDNS2" ]; then if ! valid_ip "$OVPNDNS2" && [ "$OVPNDNS2" ]; then
OVPNDNS2=$strInvalid OVPNDNS2=$strInvalid
fi fi
else else
echo "::: Cancel selected, exiting...." echo "::: Cancel selected, exiting...."
exit 1 exit 1
fi fi
if [[ $OVPNDNS1 == "$strInvalid" ]] || [[ $OVPNDNS2 == "$strInvalid" ]]; then if [[ $OVPNDNS1 == "$strInvalid" ]] || [[ $OVPNDNS2 == "$strInvalid" ]]; then
whiptail --msgbox --backtitle "Invalid IP" --title "Invalid IP" "One or both entered IP addresses were invalid. Please try again.\n\n DNS Server 1: $OVPNDNS1\n DNS Server 2: $OVPNDNS2" ${r} ${c} whiptail --msgbox --backtitle "Invalid IP" --title "Invalid IP" "One or both entered IP addresses were invalid. Please try again.\n\n DNS Server 1: $OVPNDNS1\n DNS Server 2: $OVPNDNS2" ${r} ${c}
if [[ $OVPNDNS1 == "$strInvalid" ]]; then if [[ $OVPNDNS1 == "$strInvalid" ]]; then
OVPNDNS1="" OVPNDNS1=""
@ -770,7 +744,7 @@ setClientDNS() {
OVPNDNS2="" OVPNDNS2=""
fi fi
DNSSettingsCorrect=False DNSSettingsCorrect=False
else else
if (whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\n DNS Server 1: $OVPNDNS1\n DNS Server 2: $OVPNDNS2" ${r} ${c}) then if (whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\n DNS Server 1: $OVPNDNS1\n DNS Server 2: $OVPNDNS2" ${r} ${c}) then
DNSSettingsCorrect=True DNSSettingsCorrect=True
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf $SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
@ -784,12 +758,12 @@ setClientDNS() {
DNSSettingsCorrect=False DNSSettingsCorrect=False
fi fi
fi fi
done done
;; fi
esac
else else
echo "::: Cancel selected. Exiting..." echo "::: Cancel selected. Exiting..."
exit 1 exit 1
fi fi
} }
@ -860,36 +834,41 @@ EOF
# Build the server # Build the server
${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass
if [[ ${useUpdateVars} == false ]]; then if [[ ${useUpdateVars} == false ]]; then
if (whiptail --backtitle "Setup OpenVPN" --title "Version 2.4 improvements" --yesno --defaultno "OpenVPN 2.4 brings support for stronger key exchange using Elliptic Curves and encrypted control channel, along with faster LZ4 compression.\n\nIf you your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility.\n\nNOTE: Current mobile app, that is OpenVPN connect, is supported." ${r} ${c}); then
APPLY_TWO_POINT_FOUR=true if [[ ${PLAT} == "Raspbian" ]] && [[ ${OSCN} != "stretch" ]]; then
$SUDO touch /etc/pivpn/TWO_POINT_FOUR APPLY_TWO_POINT_FOUR=false
else
if (whiptail --backtitle "Setup OpenVPN" --title "Version 2.4 improvements" --yesno --defaultno "OpenVPN 2.4 brings support for stronger key exchange using Elliptic Curves and encrypted control channel, along with faster LZ4 compression.\n\nIf your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility.\n\nNOTE: Current mobile app, that is OpenVPN connect, is supported." ${r} ${c}); then
APPLY_TWO_POINT_FOUR=true
$SUDO touch /etc/pivpn/TWO_POINT_FOUR
else else
APPLY_TWO_POINT_FOUR=false APPLY_TWO_POINT_FOUR=false
fi fi
fi
fi fi
if [[ ${useUpdateVars} == false ]]; then if [[ ${useUpdateVars} == false ]]; then
if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then
if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from a pool of the last 128 generated.\nMore information about this service can be found here: https://2ton.com.au/dhtool/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." ${r} ${c}); then if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from a pool of the last 128 generated.\nMore information about this service can be found here: https://2ton.com.au/dhtool/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." ${r} ${c}); then
DOWNLOAD_DH_PARAM=true DOWNLOAD_DH_PARAM=true
else else
DOWNLOAD_DH_PARAM=false DOWNLOAD_DH_PARAM=false
fi fi
fi fi
fi fi
if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then
if [ "$ENCRYPT" -ge "4096" ] && [[ ${DOWNLOAD_DH_PARAM} == true ]]; then if [ "$ENCRYPT" -ge "4096" ] && [[ ${DOWNLOAD_DH_PARAM} == true ]]; then
# Downloading parameters # Downloading parameters
RANDOM_INDEX=$(( RANDOM % 128 )) RANDOM_INDEX=$(( RANDOM % 128 ))
${SUDOE} curl "https://2ton.com.au/dhparam/${ENCRYPT}/${RANDOM_INDEX}" -o "/etc/openvpn/easy-rsa/pki/dh${ENCRYPT}.pem" ${SUDOE} curl "https://2ton.com.au/dhparam/${ENCRYPT}/${RANDOM_INDEX}" -o "/etc/openvpn/easy-rsa/pki/dh${ENCRYPT}.pem"
else else
# Generate Diffie-Hellman key exchange # Generate Diffie-Hellman key exchange
${SUDOE} ./easyrsa gen-dh ${SUDOE} ./easyrsa gen-dh
${SUDOE} mv pki/dh.pem pki/dh${ENCRYPT}.pem ${SUDOE} mv pki/dh.pem pki/dh${ENCRYPT}.pem
fi fi
fi fi
# Generate static HMAC key to defend against DDoS # Generate static HMAC key to defend against DDoS
${SUDOE} openvpn --genkey --secret pki/ta.key ${SUDOE} openvpn --genkey --secret pki/ta.key
@ -902,19 +881,19 @@ EOF
# Write config file for server using the template .txt file # Write config file for server using the template .txt file
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf $SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then
#If they enabled 2.4 change compression algorithm and use tls-crypt instead of tls-auth to encrypt control channel #If they enabled 2.4 change compression algorithm and use tls-crypt instead of tls-auth to encrypt control channel
$SUDO sed -i "s/comp-lzo/compress lz4/" /etc/openvpn/server.conf $SUDO sed -i "s/comp-lzo/compress lz4/" /etc/openvpn/server.conf
$SUDO sed -i "s/tls-auth \/etc\/openvpn\/easy-rsa\/pki\/ta.key 0/tls-crypt \/etc\/openvpn\/easy-rsa\/pki\/ta.key/" /etc/openvpn/server.conf $SUDO sed -i "s/tls-auth \/etc\/openvpn\/easy-rsa\/pki\/ta.key 0/tls-crypt \/etc\/openvpn\/easy-rsa\/pki\/ta.key/" /etc/openvpn/server.conf
fi fi
if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then
#If they enabled 2.4 disable dh parameters #If they enabled 2.4 disable dh parameters, use a specific curve instead
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/dh none/" /etc/openvpn/server.conf $SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/dh none\necdh-curve secp384r1/" /etc/openvpn/server.conf
else else
# Otherwise set the user encryption key size # Otherwise set the user encryption key size
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf $SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf
fi fi
# if they modified port put value in server.conf # if they modified port put value in server.conf
if [ $PORT != 1194 ]; then if [ $PORT != 1194 ]; then
@ -965,7 +944,7 @@ confNetwork() {
# if ufw enabled, configure that # if ufw enabled, configure that
if hash ufw 2>/dev/null; then if hash ufw 2>/dev/null; then
if $SUDO ufw status | grep -q inactive if LANG=en_US.UTF-8 $SUDO ufw status | grep -q inactive
then then
noUFW=1 noUFW=1
else else
@ -1017,11 +996,11 @@ confOVPN() {
$SUDO cp /etc/.pivpn/Default.txt /etc/openvpn/easy-rsa/pki/Default.txt $SUDO cp /etc/.pivpn/Default.txt /etc/openvpn/easy-rsa/pki/Default.txt
if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then
#If they enabled 2.4 change compression algorithm and remove key-direction options since it's not required #If they enabled 2.4 change compression algorithm and remove key-direction options since it's not required
$SUDO sed -i "s/comp-lzo/compress lz4/" /etc/openvpn/easy-rsa/pki/Default.txt $SUDO sed -i "s/comp-lzo/compress lz4/" /etc/openvpn/easy-rsa/pki/Default.txt
$SUDO sed -i "/key-direction 1/d" /etc/openvpn/easy-rsa/pki/Default.txt $SUDO sed -i "/key-direction 1/d" /etc/openvpn/easy-rsa/pki/Default.txt
fi fi
if [[ ${useUpdateVars} == false ]]; then if [[ ${useUpdateVars} == false ]]; then
METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server (press space to select)?" ${r} ${c} 2 \ METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server (press space to select)?" ${r} ${c} 2 \
@ -1076,16 +1055,11 @@ confOVPN() {
$SUDO chmod 0777 -R "/home/$pivpnUser/ovpns" $SUDO chmod 0777 -R "/home/$pivpnUser/ovpns"
} }
confLogging(){ confLogging() {
# Tell rsyslog to log openvpn messages to a specific file echo "if \$programname == 'ovpn-server' then /var/log/openvpn.log
cat << 'EOT' | $SUDO tee /etc/rsyslog.d/30-openvpn.conf >/dev/null if \$programname == 'ovpn-server' then ~" | $SUDO tee /etc/rsyslog.d/30-openvpn.conf > /dev/null
if $programname == 'ovpn-server' then /var/log/openvpn.log
if $programname == 'ovpn-server' then ~
EOT
# Enable log rotation, it rotates weekly and keeps the current log and the previous uncompressed, with the older 4 compressed echo "/var/log/openvpn.log
cat << 'EOT' | $SUDO tee /etc/logrotate.d/openvpn >/dev/null
/var/log/openvpn.log
{ {
rotate 4 rotate 4
weekly weekly
@ -1097,25 +1071,23 @@ EOT
postrotate postrotate
invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
endscript endscript
} }" | $SUDO tee /etc/logrotate.d/openvpn > /dev/null
EOT
# Restart the logging service # Restart the logging service
case ${PLAT} in case ${PLAT} in
Ubuntu|Debian|*vuan) Ubuntu|Debian|*vuan)
$SUDO service rsyslog restart || true $SUDO service rsyslog restart || true
;; ;;
*) *)
$SUDO systemctl restart rsyslog.service || true $SUDO systemctl restart rsyslog.service || true
;; ;;
esac esac
} }
finalExports() { finalExports() {
# Update variables in setupVars.conf file # Update variables in setupVars.conf file
if [ -e "${setupVars}" ]; then if [ -e "${setupVars}" ]; then
sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}" $SUDO sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}"
fi fi
{ {
echo "pivpnUser=${pivpnUser}" echo "pivpnUser=${pivpnUser}"
@ -1127,12 +1099,12 @@ finalExports() {
echo "pivpnProto=${pivpnProto}" echo "pivpnProto=${pivpnProto}"
echo "PORT=${PORT}" echo "PORT=${PORT}"
echo "ENCRYPT=${ENCRYPT}" echo "ENCRYPT=${ENCRYPT}"
echo "APPLY_TWO_POINT_FOUR"="${APPLY_TWO_POINT_FOUR}" echo "APPLY_TWO_POINT_FOUR=${APPLY_TWO_POINT_FOUR}"
echo "DOWNLOAD_DH_PARAM=${DOWNLOAD_DH_PARAM}" echo "DOWNLOAD_DH_PARAM=${DOWNLOAD_DH_PARAM}"
echo "PUBLICDNS=${PUBLICDNS}" echo "PUBLICDNS=${PUBLICDNS}"
echo "OVPNDNS1=${OVPNDNS1}" echo "OVPNDNS1=${OVPNDNS1}"
echo "OVPNDNS2=${OVPNDNS2}" echo "OVPNDNS2=${OVPNDNS2}"
}>> "${setupVars}" } | $SUDO tee "${setupVars}" > /dev/null
} }
@ -1307,6 +1279,8 @@ main() {
fi fi
# Install the packages (we do this first because we need whiptail) # Install the packages (we do this first because we need whiptail)
addSoftwareRepo
#checkForDependencies #checkForDependencies
update_package_cache update_package_cache

20
scripts/makeOVPN.sh
View file

@ -237,16 +237,16 @@ echo "tls-auth Private Key found: $TA"
cat "private/${NAME}${KEY}" cat "private/${NAME}${KEY}"
echo "</key>" echo "</key>"
#Finally, append the TA Private Key #Finally, append the TA Private Key
if [ -f /etc/pivpn/TWO_POINT_FOUR ]; then if [ -f /etc/pivpn/TWO_POINT_FOUR ]; then
echo "<tls-crypt>" echo "<tls-crypt>"
cat "${TA}" cat "${TA}"
echo "</tls-crypt>" echo "</tls-crypt>"
else else
echo "<tls-auth>" echo "<tls-auth>"
cat "${TA}" cat "${TA}"
echo "</tls-auth>" echo "</tls-auth>"
fi fi
} > "${NAME}${FILEEXT}" } > "${NAME}${FILEEXT}"