Merge pull request #528 from pfgithub/patch-2

Add 1.1.1.1 (CloudFlare) to DNS server list
This commit is contained in:
redfast00 2018-05-29 23:34:13 +02:00 committed by GitHub
commit 290d0d08f2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 141 additions and 166 deletions

View file

@ -16,7 +16,7 @@
(yes/no / which issues?) (yes/no / which issues?)
## Console output of `curl install.pivpn.io | bash` ## Console output of `curl -L install.pivpn.io | bash`
``` ```
Output Here Output Here
``` ```

View file

@ -82,9 +82,19 @@ Would you like to continue anyway?" ${r} ${c}) then
distro_check() { distro_check() {
# if lsb_release command is on their system # if lsb_release command is on their system
if hash lsb_release 2>/dev/null; then if hash lsb_release 2>/dev/null; then
PLAT=$(lsb_release -si) PLAT=$(lsb_release -si)
OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie
else # else get info from os-release
PLAT=$(grep "^NAME" /etc/os-release | awk -F "=" '{print $2}' | tr -d '"' | awk '{print $1}')
VER=$(grep "VERSION_ID" /etc/os-release | awk -F "=" '{print $2}' | tr -d '"')
declare -A VER_MAP=(["9"]="stretch" ["8"]="jessie" ["16.04"]="xenial" ["14.04"]="trusty")
OSCN=${VER_MAP["${VER}"]}
fi
case ${PLAT} in case ${PLAT} in
Ubuntu|Raspbian|Debian|Devuan) Ubuntu|Raspbian|Debian|Devuan)
case ${OSCN} in case ${OSCN} in
@ -99,30 +109,6 @@ distro_check() {
noOS_Support noOS_Support
;; ;;
esac esac
# else get info from os-release
elif grep -q devuan /etc/os-release; then
if grep -q jessie /etc/os-release; then
PLAT="Raspvuan"
OSCN="jessie"
else
noOS_Support
fi
elif grep -q debian /etc/os-release; then
if grep -q jessie /etc/os-release; then
PLAT="Raspbian"
OSCN="jessie"
elif grep -q stretch /etc/os-release; then
PLAT="Raspbian"
OSCN="stretch"
else
PLAT="Ubuntu"
OSCN="unknown"
maybeOS_Support
fi
# else we prob don't want to install
else
noOS_Support
fi
echo "${PLAT}" > /tmp/DET_PLATFORM echo "${PLAT}" > /tmp/DET_PLATFORM
} }
@ -418,6 +404,23 @@ package_check_install() {
dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}" dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}"
} }
addSoftwareRepo() {
# Add the official OpenVPN repo for distros that don't have the latest version in their default repos
case ${PLAT} in
Ubuntu|Debian|Devuan)
case ${OSCN} in
trusty|xenial|wheezy|jessie)
wget -qO- https://swupdate.openvpn.net/repos/repo-public.gpg | $SUDO apt-key add -
echo "deb http://build.openvpn.net/debian/openvpn/stable $OSCN main" | $SUDO tee /etc/apt/sources.list.d/swupdate.openvpn.net.list > /dev/null
echo -n "::: Adding OpenVPN repo for $PLAT $OSCN ..."
$SUDO apt-get -qq update & spinner $!
echo " done!"
;;
esac
;;
esac
}
update_package_cache() { update_package_cache() {
#Running apt-get update/upgrade with minimal output can cause some issues with #Running apt-get update/upgrade with minimal output can cause some issues with
#requiring user input #requiring user input
@ -696,53 +699,25 @@ setClientDNS() {
DNS.WATCH "" off DNS.WATCH "" off
Norton "" off Norton "" off
FamilyShield "" off FamilyShield "" off
CloudFlare "" off
Custom "" off) Custom "" off)
if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
then then
case ${DNSchoices} in
Google) if [[ ${DNSchoices} != "Custom" ]]; then
echo "::: Using Google DNS servers."
OVPNDNS1="8.8.8.8" echo "::: Using ${DNSchoices} servers."
OVPNDNS2="8.8.4.4" declare -A DNS_MAP=(["Google"]="8.8.8.8 8.8.4.4" ["OpenDNS"]="208.67.222.222 208.67.220.220" ["Level3"]="209.244.0.3 209.244.0.4" ["DNS.WATCH"]="84.200.69.80 84.200.70.40" ["Norton"]="199.85.126.10 199.85.127.10" ["FamilyShield"]="208.67.222.123 208.67.220.123" ["CloudFlare"]="1.1.1.1 1.0.0.1")
# These are already in the file
;; OVPNDNS1=$(awk '{print $1}' <<< "${DNS_MAP["${DNSchoices}"]}")
OpenDNS) OVPNDNS2=$(awk '{print $2}' <<< "${DNS_MAP["${DNSchoices}"]}")
echo "::: Using OpenDNS servers."
OVPNDNS1="208.67.222.222"
OVPNDNS2="208.67.220.220"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf $SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf $SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Level3) else
echo "::: Using Level3 servers."
OVPNDNS1="209.244.0.3"
OVPNDNS2="209.244.0.4"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
DNS.WATCH)
echo "::: Using DNS.WATCH servers."
OVPNDNS1="84.200.69.80"
OVPNDNS2="84.200.70.40"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Norton)
echo "::: Using Norton ConnectSafe servers."
OVPNDNS1="199.85.126.10"
OVPNDNS2="199.85.127.10"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
FamilyShield)
echo "::: Using FamilyShield servers."
OVPNDNS1="208.67.222.123"
OVPNDNS2="208.67.220.123"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Custom)
until [[ $DNSSettingsCorrect = True ]] until [[ $DNSSettingsCorrect = True ]]
do do
strInvalid="Invalid" strInvalid="Invalid"
@ -785,8 +760,8 @@ setClientDNS() {
fi fi
fi fi
done done
;; fi
esac
else else
echo "::: Cancel selected. Exiting..." echo "::: Cancel selected. Exiting..."
exit 1 exit 1
@ -861,13 +836,18 @@ EOF
${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass
if [[ ${useUpdateVars} == false ]]; then if [[ ${useUpdateVars} == false ]]; then
if (whiptail --backtitle "Setup OpenVPN" --title "Version 2.4 improvements" --yesno --defaultno "OpenVPN 2.4 brings support for stronger key exchange using Elliptic Curves and encrypted control channel, along with faster LZ4 compression.\n\nIf you your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility.\n\nNOTE: Current mobile app, that is OpenVPN connect, is supported." ${r} ${c}); then
if [[ ${PLAT} == "Raspbian" ]] && [[ ${OSCN} != "stretch" ]]; then
APPLY_TWO_POINT_FOUR=false
else
if (whiptail --backtitle "Setup OpenVPN" --title "Version 2.4 improvements" --yesno --defaultno "OpenVPN 2.4 brings support for stronger key exchange using Elliptic Curves and encrypted control channel, along with faster LZ4 compression.\n\nIf your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility.\n\nNOTE: Current mobile app, that is OpenVPN connect, is supported." ${r} ${c}); then
APPLY_TWO_POINT_FOUR=true APPLY_TWO_POINT_FOUR=true
$SUDO touch /etc/pivpn/TWO_POINT_FOUR $SUDO touch /etc/pivpn/TWO_POINT_FOUR
else else
APPLY_TWO_POINT_FOUR=false APPLY_TWO_POINT_FOUR=false
fi fi
fi fi
fi
if [[ ${useUpdateVars} == false ]]; then if [[ ${useUpdateVars} == false ]]; then
if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then
@ -909,8 +889,8 @@ EOF
fi fi
if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then
#If they enabled 2.4 disable dh parameters #If they enabled 2.4 disable dh parameters, use a specific curve instead
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/dh none/" /etc/openvpn/server.conf $SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/dh none\necdh-curve secp384r1/" /etc/openvpn/server.conf
else else
# Otherwise set the user encryption key size # Otherwise set the user encryption key size
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf $SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf
@ -965,7 +945,7 @@ confNetwork() {
# if ufw enabled, configure that # if ufw enabled, configure that
if hash ufw 2>/dev/null; then if hash ufw 2>/dev/null; then
if $SUDO ufw status | grep -q inactive if LANG=en_US.UTF-8 $SUDO ufw status | grep -q inactive
then then
noUFW=1 noUFW=1
else else
@ -1076,16 +1056,11 @@ confOVPN() {
$SUDO chmod 0777 -R "/home/$pivpnUser/ovpns" $SUDO chmod 0777 -R "/home/$pivpnUser/ovpns"
} }
confLogging(){ confLogging() {
# Tell rsyslog to log openvpn messages to a specific file echo "if \$programname == 'ovpn-server' then /var/log/openvpn.log
cat << 'EOT' | $SUDO tee /etc/rsyslog.d/30-openvpn.conf >/dev/null if \$programname == 'ovpn-server' then ~" | $SUDO tee /etc/rsyslog.d/30-openvpn.conf > /dev/null
if $programname == 'ovpn-server' then /var/log/openvpn.log
if $programname == 'ovpn-server' then ~
EOT
# Enable log rotation, it rotates weekly and keeps the current log and the previous uncompressed, with the older 4 compressed echo "/var/log/openvpn.log
cat << 'EOT' | $SUDO tee /etc/logrotate.d/openvpn >/dev/null
/var/log/openvpn.log
{ {
rotate 4 rotate 4
weekly weekly
@ -1097,8 +1072,7 @@ EOT
postrotate postrotate
invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
endscript endscript
} }" | $SUDO tee /etc/logrotate.d/openvpn > /dev/null
EOT
# Restart the logging service # Restart the logging service
case ${PLAT} in case ${PLAT} in
@ -1109,13 +1083,12 @@ EOT
$SUDO systemctl restart rsyslog.service || true $SUDO systemctl restart rsyslog.service || true
;; ;;
esac esac
} }
finalExports() { finalExports() {
# Update variables in setupVars.conf file # Update variables in setupVars.conf file
if [ -e "${setupVars}" ]; then if [ -e "${setupVars}" ]; then
sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}" $SUDO sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}"
fi fi
{ {
echo "pivpnUser=${pivpnUser}" echo "pivpnUser=${pivpnUser}"
@ -1127,12 +1100,12 @@ finalExports() {
echo "pivpnProto=${pivpnProto}" echo "pivpnProto=${pivpnProto}"
echo "PORT=${PORT}" echo "PORT=${PORT}"
echo "ENCRYPT=${ENCRYPT}" echo "ENCRYPT=${ENCRYPT}"
echo "APPLY_TWO_POINT_FOUR"="${APPLY_TWO_POINT_FOUR}" echo "APPLY_TWO_POINT_FOUR=${APPLY_TWO_POINT_FOUR}"
echo "DOWNLOAD_DH_PARAM=${DOWNLOAD_DH_PARAM}" echo "DOWNLOAD_DH_PARAM=${DOWNLOAD_DH_PARAM}"
echo "PUBLICDNS=${PUBLICDNS}" echo "PUBLICDNS=${PUBLICDNS}"
echo "OVPNDNS1=${OVPNDNS1}" echo "OVPNDNS1=${OVPNDNS1}"
echo "OVPNDNS2=${OVPNDNS2}" echo "OVPNDNS2=${OVPNDNS2}"
}>> "${setupVars}" } | $SUDO tee "${setupVars}" > /dev/null
} }
@ -1307,6 +1280,8 @@ main() {
fi fi
# Install the packages (we do this first because we need whiptail) # Install the packages (we do this first because we need whiptail)
addSoftwareRepo
#checkForDependencies #checkForDependencies
update_package_cache update_package_cache