Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Don't assume user's DNS is their gateway. Use what they have.

Browse source
This commit is contained in:
Kaladin Light 2016-11-22 13:23:51 -05:00
parent 1cada67979
commit 542bcda9a1
1 changed files with 44 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
auto_install/install.sh
View file

@ -34,6 +34,7 @@ c=$(( c < 70 ? 70 : c ))
IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}') IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}') IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
IPv4dns=$(nslookup 127.0.0.1 | grep Server: | awk '{print $2}')
availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1) availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
dhcpcdFile=/etc/dhcpcd.conf dhcpcdFile=/etc/dhcpcd.conf
@ -60,14 +61,14 @@ fi
function noOS_Support() { function noOS_Support() {
whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS. whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS.
Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial). Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial).
If you think you received this message in error, you can post an issue on the GitHub at https://github.com/pivpn/pivpn/issues." $r $c If you think you received this message in error, you can post an issue on the GitHub at https://github.com/pivpn/pivpn/issues." ${r} ${c}
exit 1 exit 1
} }
function maybeOS_Support() { function maybeOS_Support() {
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work. if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial). Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial).
Would you like to continue anyway?" $r $c) then Would you like to continue anyway?" ${r} ${c}) then
echo "::: Did not detect perfectly supported OS but," echo "::: Did not detect perfectly supported OS but,"
echo "::: Continuing installation at user's own risk..." echo "::: Continuing installation at user's own risk..."
else else
@ -123,26 +124,26 @@ spinner()
welcomeDialogs() { welcomeDialogs() {
# Display the welcome dialog # Display the welcome dialog
whiptail --msgbox --backtitle "Welcome" --title "PiVPN Automated Installer" "This installer will transform your Raspberry Pi into an OpenVPN server!" $r $c whiptail --msgbox --backtitle "Welcome" --title "PiVPN Automated Installer" "This installer will transform your Raspberry Pi into an OpenVPN server!" ${r} ${c}
# Explain the need for a static address # Explain the need for a static address
whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly. whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly.
In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." ${r} ${c}
} }
chooseUser() { chooseUser() {
# Explain the local user # Explain the local user
whiptail --msgbox --backtitle "Parsing User List" --title "Local Users" "Choose a local user that will hold your ovpn configurations." $r $c whiptail --msgbox --backtitle "Parsing User List" --title "Local Users" "Choose a local user that will hold your ovpn configurations." ${r} ${c}
# First, let's check if there is a user available. # First, let's check if there is a user available.
numUsers=$(awk -F':' 'BEGIN {count=0} $3>=500 && $3<=60000 { count++ } END{ print count }' /etc/passwd) numUsers=$(awk -F':' 'BEGIN {count=0} $3>=500 && $3<=60000 { count++ } END{ print count }' /etc/passwd)
if [ "$numUsers" -eq 0 ] if [ "$numUsers" -eq 0 ]
then then
# We don't have a user, let's ask to add one. # We don't have a user, let's ask to add one.
if userToAdd=$(whiptail --title "Choose A User" --inputbox "No non-root user account was found. Please type a new username." $r $c 3>&1 1>&2 2>&3) if userToAdd=$(whiptail --title "Choose A User" --inputbox "No non-root user account was found. Please type a new username." ${r} ${c} 3>&1 1>&2 2>&3)
then then
# See http://askubuntu.com/a/667842/459815 # See http://askubuntu.com/a/667842/459815
PASSWORD=$(whiptail --title "password dialog" --passwordbox "Please enter the new user password" $r $c 3>&1 1>&2 2>&3) PASSWORD=$(whiptail --title "password dialog" --passwordbox "Please enter the new user password" ${r} ${c} 3>&1 1>&2 2>&3)
CRYPT=$(perl -e 'printf("%s\n", crypt($ARGV[0], "password"))' "$password") CRYPT=$(perl -e 'printf("%s\n", crypt($ARGV[0], "password"))' "$password")
$SUDO useradd -m -p "$CRYPT" -s /bin/bash "$userToAdd" $SUDO useradd -m -p "$CRYPT" -s /bin/bash "$userToAdd"
if [ $? -eq 0 ] if [ $? -eq 0 ]
@ -168,13 +169,13 @@ chooseUser() {
mode="ON" mode="ON"
fi fi
userArray+=("$line" "" "$mode") userArray+=("$line" "" "$mode")
done <<< "$availableUsers" done <<< "${availableUsers}"
chooseUserCmd=(whiptail --title "Choose A User" --separate-output --radiolist "Choose:" $r $c $numUsers) chooseUserCmd=(whiptail --title "Choose A User" --separate-output --radiolist "Choose:" ${r} ${c} ${numUsers})
if chooseUserOptions=$("${chooseUserCmd[@]}" "${userArray[@]}" 2>&1 >/dev/tty) if chooseUserOptions=$("${chooseUserCmd[@]}" "${userArray[@]}" 2>&1 >/dev/tty)
then then
for desiredUser in $chooseUserOptions for desiredUser in ${chooseUserOptions}
do do
pivpnUser=$desiredUser pivpnUser=${desiredUser}
echo "::: Using User: $pivpnUser" echo "::: Using User: $pivpnUser"
echo "${pivpnUser}" > /tmp/pivpnUSR echo "${pivpnUser}" > /tmp/pivpnUSR
done done
@ -243,7 +244,7 @@ chooseInterface() {
# Find out how many interfaces are available to choose from # Find out how many interfaces are available to choose from
interfaceCount=$(echo "${availableInterfaces}" | wc -l) interfaceCount=$(echo "${availableInterfaces}" | wc -l)
chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to select)" $r $c ${interfaceCount}) chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to select)" ${r} ${c} ${interfaceCount})
chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty) chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty)
if [[ $? = 0 ]]; then if [[ $? = 0 ]]; then
for desiredInterface in ${chooseInterfaceOptions}; do for desiredInterface in ${chooseInterfaceOptions}; do
@ -260,7 +261,7 @@ chooseInterface() {
avoidStaticIPv4Ubuntu() { avoidStaticIPv4Ubuntu() {
# If we are in Ubuntu then they need to have previously set their network, so just use what you have. # If we are in Ubuntu then they need to have previously set their network, so just use what you have.
whiptail --msgbox --backtitle "IP Information" --title "IP Information" "Since we think you are not using Raspbian, we will not configure a static IP for you. whiptail --msgbox --backtitle "IP Information" --title "IP Information" "Since we think you are not using Raspbian, we will not configure a static IP for you.
If you are in Amazon then you can not configure a static IP anyway. Just ensure before this installer started you had set an elastic IP on your instance." $r $c If you are in Amazon then you can not configure a static IP anyway. Just ensure before this installer started you had set an elastic IP on your instance." ${r} ${c}
} }
getStaticIPv4Settings() { getStaticIPv4Settings() {
@ -321,7 +322,7 @@ setDHCPCD() {
echo "::: interface ${pivpnInterface} echo "::: interface ${pivpnInterface}
static ip_address=${IPv4addr} static ip_address=${IPv4addr}
static routers=${IPv4gw} static routers=${IPv4gw}
static domain_name_servers=${IPv4gw}" | $SUDO tee -a ${dhcpcdFile} >/dev/null static domain_name_servers=${IPv4dns}" | $SUDO tee -a ${dhcpcdFile} >/dev/null
} }
setStaticIPv4() { setStaticIPv4() {
@ -393,9 +394,9 @@ installScripts() {
} }
unattendedUpgrades() { unattendedUpgrades() {
whiptail --msgbox --backtitle "Security Updates" --title "Unattended Upgrades" "Since this server will have at least one port open to the internet, it is recommended you enable unattended-upgrades.\nThis feature will check daily for security package updates only and apply them when necessary.\nIt will NOT automatically reboot the server so to fully apply some updates you should periodically reboot." $r $c whiptail --msgbox --backtitle "Security Updates" --title "Unattended Upgrades" "Since this server will have at least one port open to the internet, it is recommended you enable unattended-upgrades.\nThis feature will check daily for security package updates only and apply them when necessary.\nIt will NOT automatically reboot the server so to fully apply some updates you should periodically reboot." ${r} ${c}
if (whiptail --backtitle "Security Updates" --title "Unattended Upgrades" --yesno "Do you want to enable unattended upgrades of security patches to this server?" $r $c) then if (whiptail --backtitle "Security Updates" --title "Unattended Upgrades" --yesno "Do you want to enable unattended upgrades of security patches to this server?" ${r} ${c}) then
UNATTUPG="unattended-upgrades" UNATTUPG="unattended-upgrades"
$SUDO apt-get --yes --quiet --no-install-recommends install "$UNATTUPG" > /dev/null & spinner $! $SUDO apt-get --yes --quiet --no-install-recommends install "$UNATTUPG" > /dev/null & spinner $!
else else
@ -529,7 +530,7 @@ update_repo() {
setCustomProto() { setCustomProto() {
# Set the available protocols into an array so it can be used with a whiptail dialog # Set the available protocols into an array so it can be used with a whiptail dialog
if protocol=$(whiptail --title "Protocol" --radiolist \ if protocol=$(whiptail --title "Protocol" --radiolist \
"Choose a protocol. Please only choose TCP if you know why you need TCP." $r $c 2 \ "Choose a protocol. Please only choose TCP if you know why you need TCP." ${r} ${c} 2 \
"UDP" "" ON \ "UDP" "" ON \
"TCP" "" OFF 3>&1 1>&2 2>&3) "TCP" "" OFF 3>&1 1>&2 2>&3)
then then
@ -558,7 +559,7 @@ setCustomPort() {
else else
DEFAULT_PORT=443 DEFAULT_PORT=443
fi fi
if PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c $DEFAULT_PORT 3>&1 1>&2 2>&3) if PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" ${r} ${c} $DEFAULT_PORT 3>&1 1>&2 2>&3)
then then
if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; then if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; then
: :
@ -571,10 +572,10 @@ setCustomPort() {
fi fi
if [[ $PORT == "$portInvalid" ]]; then if [[ $PORT == "$portInvalid" ]]; then
whiptail --msgbox --backtitle "Invalid Port" --title "Invalid Port" "You entered an invalid Port number.\n Please enter a number from 1 - 65535.\n If you are not sure, please just keep the default." $r $c whiptail --msgbox --backtitle "Invalid Port" --title "Invalid Port" "You entered an invalid Port number.\n Please enter a number from 1 - 65535.\n If you are not sure, please just keep the default." ${r} ${c}
PORTNumCorrect=False PORTNumCorrect=False
else else
if (whiptail --backtitle "Specify Custom Port" --title "Confirm Custom Port Number" --yesno "Are these settings correct?\n PORT: $PORT" $r $c) then if (whiptail --backtitle "Specify Custom Port" --title "Confirm Custom Port Number" --yesno "Are these settings correct?\n PORT: $PORT" ${r} ${c}) then
PORTNumCorrect=True PORTNumCorrect=True
else else
# If the settings are wrong, the loop continues # If the settings are wrong, the loop continues
@ -588,7 +589,7 @@ setCustomPort() {
} }
setClientDNS() { setClientDNS() {
DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider for your VPN Clients. To use your own, select Custom." $r $c 5) DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider for your VPN Clients. To use your own, select Custom." ${r} ${c} 5)
DNSChooseOptions=(Google "" on DNSChooseOptions=(Google "" on
OpenDNS "" off OpenDNS "" off
Level3 "" off Level3 "" off
@ -630,7 +631,7 @@ setClientDNS() {
do do
strInvalid="Invalid" strInvalid="Invalid"
if OVPNDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" $r $c "" 3>&1 1>&2 2>&3) if OVPNDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" ${r} ${c} "" 3>&1 1>&2 2>&3)
then then
OVPNDNS1=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$1}') OVPNDNS1=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$1}')
OVPNDNS2=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$2}') OVPNDNS2=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$2}')
@ -645,7 +646,7 @@ setClientDNS() {
exit 1 exit 1
fi fi
if [[ $OVPNDNS1 == "$strInvalid" ]] || [[ $OVPNDNS2 == "$strInvalid" ]]; then if [[ $OVPNDNS1 == "$strInvalid" ]] || [[ $OVPNDNS2 == "$strInvalid" ]]; then
whiptail --msgbox --backtitle "Invalid IP" --title "Invalid IP" "One or both entered IP addresses were invalid. Please try again.\n\n DNS Server 1: $OVPNDNS1\n DNS Server 2: $OVPNDNS2" $r $c whiptail --msgbox --backtitle "Invalid IP" --title "Invalid IP" "One or both entered IP addresses were invalid. Please try again.\n\n DNS Server 1: $OVPNDNS1\n DNS Server 2: $OVPNDNS2" ${r} ${c}
if [[ $OVPNDNS1 == "$strInvalid" ]]; then if [[ $OVPNDNS1 == "$strInvalid" ]]; then
OVPNDNS1="" OVPNDNS1=""
fi fi
@ -654,7 +655,7 @@ setClientDNS() {
fi fi
DNSSettingsCorrect=False DNSSettingsCorrect=False
else else
if (whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\n DNS Server 1: $OVPNDNS1\n DNS Server 2: $OVPNDNS2" $r $c) then if (whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\n DNS Server 1: $OVPNDNS1\n DNS Server 2: $OVPNDNS2" ${r} ${c}) then
DNSSettingsCorrect=True DNSSettingsCorrect=True
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf $SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
if [ -z ${OVPNDNS2} ]; then if [ -z ${OVPNDNS2} ]; then
@ -682,7 +683,7 @@ confOpenVPN() {
# Ask user for desired level of encryption # Ask user for desired level of encryption
ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "Encryption Strength" --radiolist \ ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "Encryption Strength" --radiolist \
"Choose your desired level of encryption:\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications it is recommended to use 2048 bit. If you are testing or just want to get through it quicker you can use 1024. If you are paranoid about ... things... then grab a cup of joe and pick 4096." $r $c 3 \ "Choose your desired level of encryption:\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications it is recommended to use 2048 bit. If you are testing or just want to get through it quicker you can use 1024. If you are paranoid about ... things... then grab a cup of joe and pick 4096." ${r} ${c} 3 \
"2048" "Use 2048-bit encryption. Recommended level." ON \ "2048" "Use 2048-bit encryption. Recommended level." ON \
"1024" "Use 1024-bit encryption. Test level." OFF \ "1024" "Use 1024-bit encryption. Test level." OFF \
"4096" "Use 4096-bit encryption. Paranoid level." OFF 3>&1 1>&2 2>&3) "4096" "Use 4096-bit encryption. Paranoid level." OFF 3>&1 1>&2 2>&3)
@ -711,11 +712,11 @@ confOpenVPN() {
KEY_NAME="EasyRSA" KEY_NAME="EasyRSA"
EMAIL="me@myhost.mydomain" EMAIL="me@myhost.mydomain"
whiptail --title "Certificate Information" --msgbox "You will now be shown the default values for fields that will be used in the certificate. \nIt is fine to leave these as-is since only you and the clients you create will ever see this. \nHowever, if you want to change the values, simply select the ones you wish to modify." $r $c whiptail --title "Certificate Information" --msgbox "You will now be shown the default values for fields that will be used in the certificate. \nIt is fine to leave these as-is since only you and the clients you create will ever see this. \nHowever, if you want to change the values, simply select the ones you wish to modify." ${r} ${c}
until [[ $CERTVALCorrect = True ]] until [[ $CERTVALCorrect = True ]]
do do
CERTVAL=$(whiptail --title "Certificate Information" --checklist "Choose any certificate values you want to change" $r $c 7 \ CERTVAL=$(whiptail --title "Certificate Information" --checklist "Choose any certificate values you want to change" ${r} ${c} 7 \
"COUNTRY" "= US" OFF \ "COUNTRY" "= US" OFF \
"STATE" "= CA" OFF \ "STATE" "= CA" OFF \
"CITY" "= SanFranciso" OFF \ "CITY" "= SanFranciso" OFF \
@ -734,43 +735,43 @@ confOpenVPN() {
do do
if [ "$i" == '"COUNTRY"' ]; then if [ "$i" == '"COUNTRY"' ]; then
COUNTRY=$(whiptail --title "Certificate Country" --inputbox \ COUNTRY=$(whiptail --title "Certificate Country" --inputbox \
"Enter a 2 letter abbreviation for Country" $r $c US 3>&1 1>&2 2>&3) "Enter a 2 letter abbreviation for Country" ${r} ${c} US 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_COUNTRY=\"\).*/\1${COUNTRY}\"/" vars $SUDO sed -i "s/\(KEY_COUNTRY=\"\).*/\1${COUNTRY}\"/" vars
fi fi
if [ "$i" == '"STATE"' ]; then if [ "$i" == '"STATE"' ]; then
STATE=$(whiptail --title "Certificate State" --inputbox \ STATE=$(whiptail --title "Certificate State" --inputbox \
"Enter a 2 letter abbreviated State or Province" $r $c CA 3>&1 1>&2 2>&3) "Enter a 2 letter abbreviated State or Province" ${r} ${c} CA 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_PROVINCE=\"\).*/\1${STATE}\"/" vars $SUDO sed -i "s/\(KEY_PROVINCE=\"\).*/\1${STATE}\"/" vars
fi fi
if [ "$i" == '"CITY"' ]; then if [ "$i" == '"CITY"' ]; then
CITY=$(whiptail --title "Certificate City" --inputbox \ CITY=$(whiptail --title "Certificate City" --inputbox \
"Enter a City name" $r $c SanFrancisco 3>&1 1>&2 2>&3) "Enter a City name" ${r} ${c} SanFrancisco 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_CITY=\"\).*/\1${CITY}\"/" vars $SUDO sed -i "s/\(KEY_CITY=\"\).*/\1${CITY}\"/" vars
fi fi
if [ "$i" == '"ORG"' ]; then if [ "$i" == '"ORG"' ]; then
ORG=$(whiptail --title "Certificate Org" --inputbox \ ORG=$(whiptail --title "Certificate Org" --inputbox \
"Enter an Organization name" $r $c Fort-Funston 3>&1 1>&2 2>&3) "Enter an Organization name" ${r} ${c} Fort-Funston 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_ORG=\"\).*/\1${ORG}\"/" vars $SUDO sed -i "s/\(KEY_ORG=\"\).*/\1${ORG}\"/" vars
fi fi
if [ "$i" == '"EMAIL"' ]; then if [ "$i" == '"EMAIL"' ]; then
EMAIL=$(whiptail --title "Certificate Email" --inputbox \ EMAIL=$(whiptail --title "Certificate Email" --inputbox \
"Enter an Email Address" $r $c "me@myhost.mydomain" 3>&1 1>&2 2>&3) "Enter an Email Address" ${r} ${c} "me@myhost.mydomain" 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_EMAIL=\"\).*/\1${EMAIL}\"/" vars $SUDO sed -i "s/\(KEY_EMAIL=\"\).*/\1${EMAIL}\"/" vars
fi fi
if [ "$i" == '"SERVER_NAME"' ]; then if [ "$i" == '"SERVER_NAME"' ]; then
SERVER_NAME=$(whiptail --title "Server Name" --inputbox \ SERVER_NAME=$(whiptail --title "Server Name" --inputbox \
"Enter a Server Name" $r $c "pivpn" 3>&1 1>&2 2>&3) "Enter a Server Name" ${r} ${c} "pivpn" 3>&1 1>&2 2>&3)
# This began a rabbit hole of errors. Nope. # This began a rabbit hole of errors. Nope.
#sed -i '/export KEY_CN/s/^#//g' vars #sed -i '/export KEY_CN/s/^#//g' vars
#sed -i "s/\(KEY_CN=\"\).*/\1${SERVER_NAME}\"/" vars #sed -i "s/\(KEY_CN=\"\).*/\1${SERVER_NAME}\"/" vars
fi fi
if [ "$i" == '"KEY_NAME"' ]; then if [ "$i" == '"KEY_NAME"' ]; then
KEY_NAME=$(whiptail --title "Key Name" --inputbox \ KEY_NAME=$(whiptail --title "Key Name" --inputbox \
"Enter a Key Name" $r $c "EasyRSA" 3>&1 1>&2 2>&3) "Enter a Key Name" ${r} ${c} "EasyRSA" 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_NAME=\"\).*/\1${KEY_NAME}\"/" vars $SUDO sed -i "s/\(KEY_NAME=\"\).*/\1${KEY_NAME}\"/" vars
fi fi
done done
if (whiptail --backtitle "Confirm Certificate Fields" --title "Confirm Certificate Fields" --yesno "Are these values correct?\n\n Country: $COUNTRY\n State: $STATE\n City: $CITY\n Org: $ORG\n Email: $EMAIL\n Server Name: $SERVER_NAME\n Key Name: $KEY_NAME" $r $c) then if (whiptail --backtitle "Confirm Certificate Fields" --title "Confirm Certificate Fields" --yesno "Are these values correct?\n\n Country: $COUNTRY\n State: $STATE\n City: $CITY\n Org: $ORG\n Email: $EMAIL\n Server Name: $SERVER_NAME\n Key Name: $KEY_NAME" ${r} ${c}) then
CERTVALCorrect=True CERTVALCorrect=True
else else
CERTVALCorrect=False CERTVALCorrect=False
@ -794,12 +795,12 @@ confOpenVPN() {
${SUDOE} ./build-ca < /etc/.pivpn/ca_info.txt ${SUDOE} ./build-ca < /etc/.pivpn/ca_info.txt
printf "\n::: CA Complete.\n" printf "\n::: CA Complete.\n"
whiptail --msgbox --backtitle "Setup OpenVPN" --title "Server Information" "The server key, Diffie-Hellman key, and HMAC key will now be generated." $r $c whiptail --msgbox --backtitle "Setup OpenVPN" --title "Server Information" "The server key, Diffie-Hellman key, and HMAC key will now be generated." ${r} ${c}
# Build the server # Build the server
${SUDOE} ./build-key-server --batch "$SERVER_NAME" ${SUDOE} ./build-key-server --batch "$SERVER_NAME"
if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from a pool of the last 128 generated.\nMore information about this service can be found here: https://2ton.com.au/dhtool/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." $r $c) if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from a pool of the last 128 generated.\nMore information about this service can be found here: https://2ton.com.au/dhtool/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." ${r} ${c})
then then
# Downloading parameters, $KEY_DIR and $KEY_SIZE get set by sourcing ./vars # Downloading parameters, $KEY_DIR and $KEY_SIZE get set by sourcing ./vars
RANDOM_INDEX=$(( RANDOM % 128 )) RANDOM_INDEX=$(( RANDOM % 128 ))
@ -920,7 +921,7 @@ confOVPN() {
echo 0 > /tmp/REVOKE_STATUS echo 0 > /tmp/REVOKE_STATUS
$SUDO cp /tmp/REVOKE_STATUS /etc/pivpn/REVOKE_STATUS $SUDO cp /tmp/REVOKE_STATUS /etc/pivpn/REVOKE_STATUS
METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" $r $c 2 \ METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" ${r} ${c} 2 \
"$IPv4pub" "Use this public IP" "ON" \ "$IPv4pub" "Use this public IP" "ON" \
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3) "DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
@ -937,13 +938,13 @@ confOVPN() {
else else
until [[ $publicDNSCorrect = True ]] until [[ $publicDNSCorrect = True ]]
do do
PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" $r $c 3>&1 1>&2 2>&3) PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" ${r} ${c} 3>&1 1>&2 2>&3)
exitstatus=$? exitstatus=$?
if [ $exitstatus != 0 ]; then if [ $exitstatus != 0 ]; then
echo "::: Cancel selected. Exiting..." echo "::: Cancel selected. Exiting..."
exit 1 exit 1
fi fi
if (whiptail --backtitle "Confirm DNS Name" --title "Confirm DNS Name" --yesno "Is this correct?\n\n Public DNS Name: $PUBLICDNS" $r $c) then if (whiptail --backtitle "Confirm DNS Name" --title "Confirm DNS Name" --yesno "Is this correct?\n\n Public DNS Name: $PUBLICDNS" ${r} ${c}) then
publicDNSCorrect=True publicDNSCorrect=True
$SUDO sed -i 's/IPv4pub/'"$PUBLICDNS"'/' /etc/openvpn/easy-rsa/keys/Default.txt $SUDO sed -i 's/IPv4pub/'"$PUBLICDNS"'/' /etc/openvpn/easy-rsa/keys/Default.txt
else else
@ -995,9 +996,9 @@ displayFinalMessage() {
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles. whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
Run 'pivpn help' to see what else you can do! Run 'pivpn help' to see what else you can do!
The install log is in /etc/pivpn." $r $c The install log is in /etc/pivpn." ${r} ${c}
if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" $r $c); then if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" ${r} ${c}); then
whiptail --title "Rebooting" --msgbox "The system will now reboot." $r $c whiptail --title "Rebooting" --msgbox "The system will now reboot." ${r} ${c}
printf "\nRebooting system...\n" printf "\nRebooting system...\n"
$SUDO sleep 3 $SUDO sleep 3
$SUDO shutdown -r now $SUDO shutdown -r now