Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Several changes

Browse source
This commit is contained in:
Piero 2018-04-02 12:07:58 +02:00
parent 33ed7e7012
commit 33e7ef0c91
2 changed files with 139 additions and 165 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

144
auto_install/install.sh
View file

@ -82,9 +82,19 @@ Would you like to continue anyway?" ${r} ${c}) then
distro_check() {
# if lsb_release command is on their system
if hash lsb_release 2>/dev/null; then
PLAT=$(lsb_release -si)
OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie
else # else get info from os-release
PLAT=$(grep "^NAME" /etc/os-release | awk -F "=" '{print $2}' | tr -d '"' | awk '{print $1}')
VER=$(grep "VERSION_ID" /etc/os-release | awk -F "=" '{print $2}' | tr -d '"')
declare -A VER_MAP=(["9"]="stretch" ["8"]="jessie" ["16.04"]="xenial" ["14.04"]="trusty")
OSCN=${VER_MAP["${VER}"]}
fi
case ${PLAT} in
Ubuntu|Raspbian|Debian|Devuan)
case ${OSCN} in
@ -99,30 +109,6 @@ distro_check() {
noOS_Support
;;
esac
# else get info from os-release
elif grep -q devuan /etc/os-release; then
if grep -q jessie /etc/os-release; then
PLAT="Raspvuan"
OSCN="jessie"
else
noOS_Support
fi
elif grep -q debian /etc/os-release; then
if grep -q jessie /etc/os-release; then
PLAT="Raspbian"
OSCN="jessie"
elif grep -q stretch /etc/os-release; then
PLAT="Raspbian"
OSCN="stretch"
else
PLAT="Ubuntu"
OSCN="unknown"
maybeOS_Support
fi
# else we prob don't want to install
else
noOS_Support
fi
echo "${PLAT}" > /tmp/DET_PLATFORM
}
@ -418,6 +404,23 @@ package_check_install() {
dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}"
}
addSoftwareRepo() {
# Add the official OpenVPN repo for distros that don't have the latest version in their default repos
case ${PLAT} in
Ubuntu|Debian|Devuan)
case ${OSCN} in
trusty|xenial|wheezy|jessie)
wget -qO- https://swupdate.openvpn.net/repos/repo-public.gpg | $SUDO apt-key add -
echo "deb http://build.openvpn.net/debian/openvpn/stable $OSCN main" | $SUDO tee /etc/apt/sources.list.d/swupdate.openvpn.net.list > /dev/null
echo -n "::: Adding OpenVPN repo for $PLAT $OSCN ..."
$SUDO apt-get -qq update & spinner $!
echo " done!"
;;
esac
;;
esac
}
update_package_cache() {
#Running apt-get update/upgrade with minimal output can cause some issues with
#requiring user input
@ -700,49 +703,20 @@ setClientDNS() {
if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
then
case ${DNSchoices} in
Google)
echo "::: Using Google DNS servers."
OVPNDNS1="8.8.8.8"
OVPNDNS2="8.8.4.4"
# These are already in the file
;;
OpenDNS)
echo "::: Using OpenDNS servers."
OVPNDNS1="208.67.222.222"
OVPNDNS2="208.67.220.220"
if [[ ${DNSchoices} != "Custom" ]]; then
echo "::: Using ${DNSchoices} servers."
declare -A DNS_MAP=(["Google"]="8.8.8.8 8.8.4.4" ["OpenDNS"]="208.67.222.222 208.67.220.220" ["Level3"]="209.244.0.3 209.244.0.4" ["DNS.WATCH"]="84.200.69.80 84.200.70.40" ["Norton"]="199.85.126.10 199.85.127.10" ["FamilyShield"]="208.67.222.123 208.67.220.123")
OVPNDNS1=$(awk '{print $1}' <<< "${DNS_MAP["${DNSchoices}"]}")
OVPNDNS2=$(awk '{print $2}' <<< "${DNS_MAP["${DNSchoices}"]}")
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Level3)
echo "::: Using Level3 servers."
OVPNDNS1="209.244.0.3"
OVPNDNS2="209.244.0.4"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
DNS.WATCH)
echo "::: Using DNS.WATCH servers."
OVPNDNS1="84.200.69.80"
OVPNDNS2="84.200.70.40"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Norton)
echo "::: Using Norton ConnectSafe servers."
OVPNDNS1="199.85.126.10"
OVPNDNS2="199.85.127.10"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
FamilyShield)
echo "::: Using FamilyShield servers."
OVPNDNS1="208.67.222.123"
OVPNDNS2="208.67.220.123"
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
;;
Custom)
else
until [[ $DNSSettingsCorrect = True ]]
do
strInvalid="Invalid"
@ -785,8 +759,8 @@ setClientDNS() {
fi
fi
done
;;
esac
fi
else
echo "::: Cancel selected. Exiting..."
exit 1
@ -861,13 +835,18 @@ EOF
${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass
if [[ ${useUpdateVars} == false ]]; then
if (whiptail --backtitle "Setup OpenVPN" --title "Version 2.4 improvements" --yesno --defaultno "OpenVPN 2.4 brings support for stronger key exchange using Elliptic Curves and encrypted control channel, along with faster LZ4 compression.\n\nIf you your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility.\n\nNOTE: Current mobile app, that is OpenVPN connect, is supported." ${r} ${c}); then
if [[ ${PLAT} == "Raspbian" ]] && [[ ${OSCN} != "stretch" ]]; then
APPLY_TWO_POINT_FOUR=false
else
if (whiptail --backtitle "Setup OpenVPN" --title "Version 2.4 improvements" --yesno --defaultno "OpenVPN 2.4 brings support for stronger key exchange using Elliptic Curves and encrypted control channel, along with faster LZ4 compression.\n\nIf your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility.\n\nNOTE: Current mobile app, that is OpenVPN connect, is supported." ${r} ${c}); then
APPLY_TWO_POINT_FOUR=true
$SUDO touch /etc/pivpn/TWO_POINT_FOUR
else
APPLY_TWO_POINT_FOUR=false
fi
fi
fi
if [[ ${useUpdateVars} == false ]]; then
if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then
@ -909,8 +888,8 @@ EOF
fi
if [[ ${APPLY_TWO_POINT_FOUR} == true ]]; then
#If they enabled 2.4 disable dh parameters
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/dh none/" /etc/openvpn/server.conf
#If they enabled 2.4 disable dh parameters, use a specific curve instead
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/dh none\necdh-curve secp384r1/" /etc/openvpn/server.conf
else
# Otherwise set the user encryption key size
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf
@ -965,7 +944,7 @@ confNetwork() {
# if ufw enabled, configure that
if hash ufw 2>/dev/null; then
if $SUDO ufw status | grep -q inactive
if LANG=en_US.UTF-8 $SUDO ufw status | grep -q inactive
then
noUFW=1
else
@ -1077,15 +1056,10 @@ confOVPN() {
}
confLogging() {
# Tell rsyslog to log openvpn messages to a specific file
cat << 'EOT' | $SUDO tee /etc/rsyslog.d/30-openvpn.conf >/dev/null
if $programname == 'ovpn-server' then /var/log/openvpn.log
if $programname == 'ovpn-server' then ~
EOT
echo "if \$programname == 'ovpn-server' then /var/log/openvpn.log
if \$programname == 'ovpn-server' then ~" | $SUDO tee /etc/rsyslog.d/30-openvpn.conf > /dev/null
# Enable log rotation, it rotates weekly and keeps the current log and the previous uncompressed, with the older 4 compressed
cat << 'EOT' | $SUDO tee /etc/logrotate.d/openvpn >/dev/null
/var/log/openvpn.log
echo "/var/log/openvpn.log
{
rotate 4
weekly
@ -1097,8 +1071,7 @@ EOT
postrotate
invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
endscript
}
EOT
}" | $SUDO tee /etc/logrotate.d/openvpn > /dev/null
# Restart the logging service
case ${PLAT} in
@ -1109,13 +1082,12 @@ EOT
$SUDO systemctl restart rsyslog.service || true
;;
esac
}
finalExports() {
# Update variables in setupVars.conf file
if [ -e "${setupVars}" ]; then
sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}"
$SUDO sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}"
fi
{
echo "pivpnUser=${pivpnUser}"
@ -1127,12 +1099,12 @@ finalExports() {
echo "pivpnProto=${pivpnProto}"
echo "PORT=${PORT}"
echo "ENCRYPT=${ENCRYPT}"
echo "APPLY_TWO_POINT_FOUR"="${APPLY_TWO_POINT_FOUR}"
echo "APPLY_TWO_POINT_FOUR=${APPLY_TWO_POINT_FOUR}"
echo "DOWNLOAD_DH_PARAM=${DOWNLOAD_DH_PARAM}"
echo "PUBLICDNS=${PUBLICDNS}"
echo "OVPNDNS1=${OVPNDNS1}"
echo "OVPNDNS2=${OVPNDNS2}"
}>> "${setupVars}"
} | $SUDO tee "${setupVars}" > /dev/null
}
@ -1307,6 +1279,8 @@ main() {
fi
# Install the packages (we do this first because we need whiptail)
addSoftwareRepo
#checkForDependencies
update_package_cache