Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'test' of https://github.com/pivpn/pivpn into unbound

Browse source
This commit is contained in:
corbolais 2019-12-12 14:41:43 +01:00
commit 1594d951af
4 changed files with 89 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
auto_install/install.sh
View file

@ -14,9 +14,12 @@
setupVars=/etc/pivpn/setupVars.conf setupVars=/etc/pivpn/setupVars.conf
pivpnFilesDir="/etc/.pivpn" pivpnFilesDir="/etc/.pivpn"
debianOvpnUserGroup="openvpn:openvpn"
### PKG Vars ### ### PKG Vars ###
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
PKG_CACHE="/var/lib/apt/lists/" PKG_CACHE="/var/lib/apt/lists/"
### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086
UPDATE_PKG_CACHE="${PKG_MANAGER} update" UPDATE_PKG_CACHE="${PKG_MANAGER} update"
PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install" PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
@ -33,6 +36,8 @@ pivpnGitUrl="https://github.com/pivpn/pivpn.git"
easyrsaVer="3.0.6" easyrsaVer="3.0.6"
easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-unix-v${easyrsaVer}.tgz" easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-unix-v${easyrsaVer}.tgz"
subnetClass="24"
# Raspbian's unattended-upgrades package downloads Debian's config, so this is the link for the proper config # Raspbian's unattended-upgrades package downloads Debian's config, so this is the link for the proper config
UNATTUPG_RELEASE="1.14" UNATTUPG_RELEASE="1.14"
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz" UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz"
@ -223,7 +228,7 @@ updatePackageCache(){
#update package lists #update package lists
echo ":::" echo ":::"
echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n" echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n"
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null $SUDO ${UPDATE_PKG_CACHE} &> /dev/null
echo " done!" echo " done!"
fi fi
} }
@ -278,16 +283,7 @@ installDependentPackages(){
done done
if command -v debconf-apt-progress &> /dev/null; then if command -v debconf-apt-progress &> /dev/null; then
set +e $SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
$SUDO debconf-apt-progress -- "${PKG_INSTALL}" "${argArray1[@]}"
res="$?";
set -e
### apt-get install above returns 100 after an otherwise successfull installation of iptables-persistent,
### everything else was aready installed.
### Prevent from exiting the installation script in this case, exit for any other error code.
if [[ "$res" -ne 100 ]]; then
exit "$res";
fi;
else else
${PKG_INSTALL} "${argArray1[@]}" ${PKG_INSTALL} "${argArray1[@]}"
fi fi
@ -706,6 +702,7 @@ askWhichVPN(){
pivpnDEV="tun0" pivpnDEV="tun0"
pivpnNET="10.8.0.0" pivpnNET="10.8.0.0"
fi fi
vpnGw="${pivpnNET/.0.0/.0.1}"
echo "VPN=${VPN}" >> /tmp/setupVars.conf echo "VPN=${VPN}" >> /tmp/setupVars.conf
} }
@ -740,7 +737,7 @@ installWireGuard(){
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release a=unstable\nPin-Priority: 500\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null printf 'Package: *\nPin: release a=unstable\nPin-Priority: 1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release a=unstable\nPin-Priority: 500\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138 $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null $SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms) PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
@ -826,7 +823,7 @@ installWireGuard(){
echo "::: Adding Debian repository... " echo "::: Adding Debian repository... "
echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null $SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms) PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
@ -991,8 +988,10 @@ askClientDNS(){
fi fi
DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider
for your VPN Clients (press space to select). To use your own, select Custom." for your VPN Clients (press space to select). To use your own, select
"${r}" "${c}" 6) Custom.\\n\\nIn case you have a local resolver running, i.e. unbound, select
\"PiVPN-is-local-DNS\" and make sure your resolver is listening on
\"$vpnGw\", allowing requests from \"${pivpnNET}/${subnetClass}\"." ${r} ${c} 6)
DNSChooseOptions=(Google "" on DNSChooseOptions=(Google "" on
OpenDNS "" off OpenDNS "" off
Level3 "" off Level3 "" off
@ -1000,6 +999,7 @@ askClientDNS(){
Norton "" off Norton "" off
FamilyShield "" off FamilyShield "" off
CloudFlare "" off CloudFlare "" off
PiVPN-is-local-DNS "" off
Custom "" off) Custom "" off)
if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
@ -1014,7 +1014,8 @@ askClientDNS(){
["DNS.WATCH"]="84.200.69.80 84.200.70.40" ["DNS.WATCH"]="84.200.69.80 84.200.70.40"
["Norton"]="199.85.126.10 199.85.127.10" ["Norton"]="199.85.126.10 199.85.127.10"
["FamilyShield"]="208.67.222.123 208.67.220.123" ["FamilyShield"]="208.67.222.123 208.67.220.123"
["CloudFlare"]="1.1.1.1 1.0.0.1") ["CloudFlare"]="1.1.1.1 1.0.0.1"
["PiVPN-is-local-DNS"]="$vpnGw")
pivpnDNS1=$(awk '{print $1}' <<< "${DNS_MAP["${DNSchoices}"]}") pivpnDNS1=$(awk '{print $1}' <<< "${DNS_MAP["${DNSchoices}"]}")
pivpnDNS2=$(awk '{print $2}' <<< "${DNS_MAP["${DNSchoices}"]}") pivpnDNS2=$(awk '{print $2}' <<< "${DNS_MAP["${DNSchoices}"]}")
@ -1307,7 +1308,10 @@ set_var EASYRSA_KEY_SIZE ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
# Generate an empty Certificate Revocation List # Generate an empty Certificate Revocation List
${SUDOE} ./easyrsa gen-crl ${SUDOE} ./easyrsa gen-crl
${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem ${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem if ! getent passwd openvpn; then
${SUDOE} adduser --system --home /var/lib/openvpn/ --group --disabled-login ${debianOvpnUserGroup%:*}
fi
${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem
# Write config file for server using the template.txt file # Write config file for server using the template.txt file
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf $SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
@ -1399,7 +1403,7 @@ confWireGuard(){
echo "[Interface] echo "[Interface]
PrivateKey = $($SUDO cat /etc/wireguard/keys/server_priv) PrivateKey = $($SUDO cat /etc/wireguard/keys/server_priv)
Address = 10.6.0.1/24 Address = ${vpnGw}/${subnetClass}
ListenPort = ${pivpnPORT}" | $SUDO tee /etc/wireguard/wg0.conf &> /dev/null ListenPort = ${pivpnPORT}" | $SUDO tee /etc/wireguard/wg0.conf &> /dev/null
echo "::: Server config generated." echo "::: Server config generated."
} }
@ -1418,10 +1422,23 @@ confNetwork(){
USING_UFW=1 USING_UFW=1
echo "::: Detected UFW is enabled." echo "::: Detected UFW is enabled."
echo "::: Adding UFW rules..." echo "::: Adding UFW rules..."
$SUDO sed "/delete these required/i *nat\\n:POSTROUTING ACCEPT [0:0]\\n-I POSTROUTING -s ${pivpnNET}\\/24 -o ${IPv4dev} -j MASQUERADE\\nCOMMIT\\n" -i /etc/ufw/before.rules ### Basic safeguard: if file is empty, there's been something weird going on.
### Note: no safeguard against imcomplete content as a result of previous failures.
if test -s /etc/ufw/before.rules; then
$SUDO cp -f /etc/ufw/before.rules /etc/ufw/before.rules.pre-pivpn
else
echo "$0: ERR: Sorry, won't touch empty file \"/etc/ufw/before.rules\".";
exit 1;
fi
### If there is already a "*nat" section just add our POSTROUTING MASQUERADE
if $SUDO grep -q "*nat" /etc/ufw/before.rules; then
$SUDO sed "/^*nat/{n;s/\(:POSTROUTING ACCEPT .*\)/\1\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE/}" -i /etc/ufw/before.rules
else
$SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules
fi
# Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic) # Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic)
$SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" >/dev/null $SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" >/dev/null
$SUDO ufw route insert 1 allow in on "${pivpnDEV}" from "${pivpnNET}/24" out on "${IPv4dev}" to any >/dev/null $SUDO ufw route insert 1 allow in on "${pivpnDEV}" from "${pivpnNET}/${subnetClass}" out on "${IPv4dev}" to any >/dev/null
$SUDO ufw reload >/dev/null $SUDO ufw reload >/dev/null
echo "::: UFW configuration completed." echo "::: UFW configuration completed."
@ -1434,7 +1451,7 @@ confNetwork(){
# Now some checks to detect which rules we need to add. On a newly installed system all policies # Now some checks to detect which rules we need to add. On a newly installed system all policies
# should be ACCEPT, so the only required rule would be the MASQUERADE one. # should be ACCEPT, so the only required rule would be the MASQUERADE one.
$SUDO iptables -t nat -I POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE $SUDO iptables -t nat -I POSTROUTING -s "${pivpnNET}/${subnetClass}" -o "${IPv4dev}" -j MASQUERADE
# Count how many rules are in the INPUT and FORWARD chain. When parsing input from # Count how many rules are in the INPUT and FORWARD chain. When parsing input from
# iptables -S, '^-P' skips the policies and 'ufw-' skips ufw chains (in case ufw was found # iptables -S, '^-P' skips the policies and 'ufw-' skips ufw chains (in case ufw was found
@ -1460,8 +1477,8 @@ confNetwork(){
fi fi
if [ "$FORWARD_RULES_COUNT" -ne 0 ] || [ "$FORWARD_POLICY" != "ACCEPT" ]; then if [ "$FORWARD_RULES_COUNT" -ne 0 ] || [ "$FORWARD_POLICY" != "ACCEPT" ]; then
$SUDO iptables -I FORWARD 1 -d "${pivpnNET}/24" -i "${IPv4dev}" -o "${pivpnDEV}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT $SUDO iptables -I FORWARD 1 -d "${pivpnNET}/${subnetClass}" -i "${IPv4dev}" -o "${pivpnDEV}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$SUDO iptables -I FORWARD 2 -s "${pivpnNET}/24" -i "${pivpnDEV}" -o "${IPv4dev}" -j ACCEPT $SUDO iptables -I FORWARD 2 -s "${pivpnNET}/${subnetClass}" -i "${pivpnDEV}" -o "${IPv4dev}" -j ACCEPT
FORWARD_CHAIN_EDITED=1 FORWARD_CHAIN_EDITED=1
else else
FORWARD_CHAIN_EDITED=0 FORWARD_CHAIN_EDITED=0

31
scripts/openvpn/pivpnDebug.sh
View file

@ -133,30 +133,15 @@ else
fi fi
fi fi
if [ "$OLD_UFW" -eq 1 ]; then if iptables -C ufw-user-forward -i tun0 -o "${IPv4dev}" -s 10.8.0.0/24 -j ACCEPT &> /dev/null; then
FORWARD_POLICY="$(iptables -S FORWARD | grep '^-P' | awk '{print $3}')" echo ":: [OK] Ufw forwarding rule set"
if [ "$FORWARD_POLICY" = "ACCEPT" ]; then
echo ":: [OK] Ufw forwarding policy is accept"
else
ERR=1
read -r -p ":: [ERR] Ufw forwarding policy is not 'ACCEPT', attempt fix now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
ufw reload > /dev/null
echo "Done"
fi
fi
else else
if iptables -C ufw-user-forward -i tun0 -o "${IPv4dev}" -s 10.8.0.0/24 -j ACCEPT &> /dev/null; then ERR=1
echo ":: [OK] Ufw forwarding rule set" read -r -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " REPLY
else if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
ERR=1 ufw route insert 1 allow in on tun0 from 10.8.0.0/24 out on "$IPv4dev" to any
read -r -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " REPLY ufw reload
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then echo "Done"
ufw route insert 1 allow in on tun0 from 10.8.0.0/24 out on "$IPv4dev" to any
ufw reload
echo "Done"
fi
fi fi
fi fi

64
scripts/uninstall.sh
View file

@ -1,7 +1,11 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# PiVPN: Uninstall Script # PiVPN: Uninstall Script
### FIXME: global: config storage, refactor all scripts to adhere to the storage
### FIXME: use variables where appropriate, reduce magic numbers by 99.9%, at least.
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
subnetClass="24"
setupVars="/etc/pivpn/setupVars.conf" setupVars="/etc/pivpn/setupVars.conf"
if [ ! -f "${setupVars}" ]; then if [ ! -f "${setupVars}" ]; then
@ -9,12 +13,13 @@ if [ ! -f "${setupVars}" ]; then
exit 1 exit 1
fi fi
# shellcheck disable=SC1090
source "${setupVars}" source "${setupVars}"
# Find the rows and columns. Will default to 80x24 if it can not be detected. # Find the rows and columns. Will default to 80x24 if it can not be detected.
screen_size=$(stty size 2>/dev/null || echo 24 80) screen_size=$(stty size 2>/dev/null || echo 24 80)
rows=$(echo $screen_size | awk '{print $1}') rows=$(echo "$screen_size" | awk '{print $1}')
columns=$(echo $screen_size | awk '{print $2}') columns=$(echo "$screen_size" | awk '{print $2}')
# Divide by two so the dialogs take up half of the screen, which looks nice. # Divide by two so the dialogs take up half of the screen, which looks nice.
r=$(( rows / 2 )) r=$(( rows / 2 ))
@ -23,18 +28,19 @@ c=$(( columns / 2 ))
r=$(( r < 20 ? 20 : r )) r=$(( r < 20 ? 20 : r ))
c=$(( c < 70 ? 70 : c )) c=$(( c < 70 ? 70 : c ))
### FIXME: introduce global lib
spinner(){ spinner(){
local pid=$1 local pid=$1
local delay=0.50 local delay=0.50
local spinstr='/-\|' local spinstr='/-\|'
while [ "$(ps a | awk '{print $1}' | grep "$pid")" ]; do while ps a | awk '{print $1}' | grep "$pid"; do
local temp=${spinstr#?} local temp=${spinstr#?}
printf " [%c] " "$spinstr" printf " [%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"} local spinstr=$temp${spinstr%"$temp"}
sleep $delay sleep $delay
printf "\b\b\b\b\b\b" printf "\\b\\b\\b\\b\\b\\b"
done done
printf " \b\b\b\b" printf " \\b\\b\\b\\b"
} }
removeAll(){ removeAll(){
@ -52,6 +58,7 @@ removeAll(){
# Removing firewall rules. # Removing firewall rules.
echo "::: Removing firewall rules..." echo "::: Removing firewall rules..."
### FIXME: introduce global config space!
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
pivpnPROTO="udp" pivpnPROTO="udp"
pivpnDEV="wg0" pivpnDEV="wg0"
@ -63,10 +70,12 @@ removeAll(){
if [ "$USING_UFW" -eq 1 ]; then if [ "$USING_UFW" -eq 1 ]; then
### FIXME: SC2154
ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null
ufw route delete allow in on "${pivpnDEV}" from "${pivpnNET}/24" out on "${IPv4dev}" to any > /dev/null ### FIXME: SC2154
sed -z "s/*nat\n:POSTROUTING ACCEPT \[0:0\]\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n\n//" -i /etc/ufw/before.rules ufw route delete allow in on "${pivpnDEV}" from "${pivpnNET}/${subnetClass}" out on "${IPv4dev}" to any > /dev/null
iptables -t nat -D POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE sed -z "s/*nat\\n:POSTROUTING ACCEPT \\[0:0\\]\\n-I POSTROUTING -s ${pivpnNET}\\/${subnetClass} -o ${IPv4dev} -j MASQUERADE\\nCOMMIT\\n\\n//" -i /etc/ufw/before.rules
iptables -t nat -D POSTROUTING -s "${pivpnNET}/${subnetClass}" -o "${IPv4dev}" -j MASQUERADE
ufw reload &> /dev/null ufw reload &> /dev/null
elif [ "$USING_UFW" -eq 0 ]; then elif [ "$USING_UFW" -eq 0 ]; then
@ -76,11 +85,11 @@ removeAll(){
fi fi
if [ "$FORWARD_CHAIN_EDITED" -eq 1 ]; then if [ "$FORWARD_CHAIN_EDITED" -eq 1 ]; then
iptables -D FORWARD -d "${pivpnNET}/24" -i "${IPv4dev}" -o "${pivpnDEV}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -D FORWARD -d "${pivpnNET}/${subnetClass}" -i "${IPv4dev}" -o "${pivpnDEV}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -s "${pivpnNET}/24" -i "${pivpnDEV}" -o "${IPv4dev}" -j ACCEPT iptables -D FORWARD -s "${pivpnNET}/${subnetClass}" -i "${pivpnDEV}" -o "${IPv4dev}" -j ACCEPT
fi fi
iptables -t nat -D POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE iptables -t nat -D POSTROUTING -s "${pivpnNET}/${subnetClass}" -o "${IPv4dev}" -j MASQUERADE
iptables-save > /etc/iptables/rules.v4 iptables-save > /etc/iptables/rules.v4
fi fi
@ -100,6 +109,7 @@ removeAll(){
# On Debian and armv7l Raspbian, remove the unstable repo (on armv6l Raspbian # On Debian and armv7l Raspbian, remove the unstable repo (on armv6l Raspbian
# there is no wireguard package). On Ubuntu, remove the PPA. # there is no wireguard package). On Ubuntu, remove the PPA.
### FIXME: unconditionally rm'ing unstable.list isn't a good idea, it appears. What if someone else put it there manually?
if [ "$PLAT" = "Debian" ] || { [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv7l" ]; }; then if [ "$PLAT" = "Debian" ] || { [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv7l" ]; }; then
rm /etc/apt/sources.list.d/unstable.list rm /etc/apt/sources.list.d/unstable.list
rm /etc/apt/preferences.d/limit-unstable rm /etc/apt/preferences.d/limit-unstable
@ -126,27 +136,30 @@ removeAll(){
elif [ "${i}" = "unattended-upgrades" ]; then elif [ "${i}" = "unattended-upgrades" ]; then
### REALLY???
rm -rf /var/log/unattended-upgrades rm -rf /var/log/unattended-upgrades
rm -rf /etc/apt/apt.conf.d/*periodic rm -rf /etc/apt/apt.conf.d/*periodic
rm -rf /etc/apt/apt.conf.d/*unattended-upgrades rm -rf /etc/apt/apt.conf.d/*unattended-upgrades
elif [ "${i}" = "openvpn" ]; then
deluser openvpn
fi fi
printf ":::\tRemoving %s..." "$i"; $PKG_MANAGER -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; printf ":::\\tRemoving %s..." "$i"; $PKG_MANAGER -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\\n";
break break
;; ;;
[Nn]* ) printf ":::\tSkipping %s\n" "$i"; [Nn]* ) printf ":::\\tSkipping %s\\n" "$i";
break break
;; ;;
* ) printf "::: You must answer yes or no!\n";; * ) printf "::: You must answer yes or no!\\n";;
esac esac
done done
done done
# Take care of any additional package cleaning # Take care of any additional package cleaning
printf "::: Auto removing remaining dependencies..." printf "::: Auto removing remaining dependencies..."
$PKG_MANAGER -y autoremove &> /dev/null & spinner $!; printf "done!\n"; $PKG_MANAGER -y autoremove &> /dev/null & spinner $!; printf "done!\\n";
printf "::: Auto cleaning remaining dependencies..." printf "::: Auto cleaning remaining dependencies..."
$PKG_MANAGER -y autoclean &> /dev/null & spinner $!; printf "done!\n"; $PKG_MANAGER -y autoclean &> /dev/null & spinner $!; printf "done!\\n";
echo ":::" echo ":::"
# Removing pivpn files # Removing pivpn files
@ -160,7 +173,7 @@ removeAll(){
rm -rf /opt/pivpn rm -rf /opt/pivpn
rm -rf /etc/.pivpn rm -rf /etc/.pivpn
rm -rf /etc/pivpn rm -rf /etc/pivpn
rm -rf /var/log/*pivpn* rm -f /var/log/*pivpn*
rm -f /usr/local/bin/pivpn rm -f /usr/local/bin/pivpn
rm -f /etc/bash_completion.d/pivpn rm -f /etc/bash_completion.d/pivpn
@ -171,26 +184,27 @@ removeAll(){
rm -f /etc/wireguard/wg0.conf rm -f /etc/wireguard/wg0.conf
rm -rf /etc/wireguard/configs rm -rf /etc/wireguard/configs
rm -rf /etc/wireguard/keys rm -rf /etc/wireguard/keys
rm -rf $install_home/configs ### FIXME SC2154
rm -rf "$install_home/configs"
elif [ "$VPN" = "openvpn" ]; then elif [ "$VPN" = "openvpn" ]; then
rm -rf /var/log/*openvpn* rm -f /var/log/*openvpn*
rm -f /etc/openvpn/server.conf rm -f /etc/openvpn/server.conf
rm -f /etc/openvpn/crl.pem rm -f /etc/openvpn/crl.pem
rm -rf /etc/openvpn/easy-rsa rm -rf /etc/openvpn/easy-rsa
rm -rf $install_home/ovpns rm -rf "$install_home/ovpns"
fi fi
echo ":::" echo ":::"
printf "::: Finished removing PiVPN from your system.\n" printf "::: Finished removing PiVPN from your system.\\n"
printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n" printf "::: Reinstall by simpling running\\n:::\\n:::\\tcurl -L https://install.pivpn.io | bash\\n:::\\n::: at any time!\\n:::\\n"
} }
askreboot(){ askreboot(){
printf "It is \e[1mstrongly\e[0m recommended to reboot after un-installation.\n" printf "It is \\e[1mstrongly\\e[0m recommended to reboot after un-installation.\\n"
read -p "Would you like to reboot now? [y/n]: " -n 1 -r read -p "Would you like to reboot now? [y/n]: " -n 1 -r
echo echo
if [[ ${REPLY} =~ ^[Yy]$ ]]; then if [[ ${REPLY} =~ ^[Yy]$ ]]; then
printf "\nRebooting system...\n" printf "\\nRebooting system...\\n"
sleep 3 sleep 3
shutdown -r now shutdown -r now
fi fi
@ -204,6 +218,6 @@ while true; do
case $yn in case $yn in
[Yy]* ) removeAll; askreboot; break;; [Yy]* ) removeAll; askreboot; break;;
[Nn]* ) printf "::: Not removing anything, exiting...\n"; break;; [Nn]* ) printf "::: Not removing anything, exiting...\\n"; break;;
esac esac
done done

4
server_config.txt
View file

@ -23,8 +23,8 @@ tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0 tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC cipher AES-256-CBC
auth SHA256 auth SHA256
user nobody user openvpn
group nogroup group openvpn
persist-key persist-key
persist-tun persist-tun
crl-verify /etc/openvpn/crl.pem crl-verify /etc/openvpn/crl.pem