Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-20 03:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improved OpenVPN and WireGuard availability detection

Browse source
This commit is contained in:
Orazio 2020-09-14 12:25:31 +02:00
parent e64f14271e
commit 551af5f351
2 changed files with 111 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

130
auto_install/install.sh
View file

@ -273,19 +273,10 @@ distroCheck(){
OSCN=${VER_MAP["${VER}"]} OSCN=${VER_MAP["${VER}"]}
fi fi
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then
DPKG_ARCH="$(dpkg --print-architecture)"
if [ "$DPKG_ARCH" = "amd64" ] || [ "$DPKG_ARCH" = "i386" ]; then
X86_SYSTEM=1
else
X86_SYSTEM=0
fi
fi
case ${PLAT} in case ${PLAT} in
Debian|Raspbian|Ubuntu) Debian|Raspbian|Ubuntu)
case ${OSCN} in case ${OSCN} in
buster|xenial|bionic|stretch|focal) stretch|buster|xenial|bionic|focal)
: :
;; ;;
*) *)
@ -464,6 +455,61 @@ preconfigurePackages(){
BASE_DEPS+=(dhcpcd5) BASE_DEPS+=(dhcpcd5)
fi fi
AVAILABLE_OPENVPN="$(apt-cache policy openvpn | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
DPKG_ARCH="$(dpkg --print-architecture)"
NEED_OPENVPN_REPO=0
# We require OpenVPN 2.4 or later for ECC support. If not available in the
# repositories but we are running x86 Debian or Ubuntu, add the official repo
# which provides the updated package.
if [ -n "$AVAILABLE_OPENVPN" ] && dpkg --compare-versions "$AVAILABLE_OPENVPN" ge 2.4; then
OPENVPN_SUPPORT=1
else
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then
if [ "$DPKG_ARCH" = "amd64" ] || [ "$DPKG_ARCH" = "i386" ]; then
NEED_OPENVPN_REPO=1
OPENVPN_SUPPORT=1
else
OPENVPN_SUPPORT=0
fi
else
OPENVPN_SUPPORT=0
fi
fi
AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
WIREGUARD_BUILTIN=0
NEED_WIREGUARD_REPO=0
if [ -n "$AVAILABLE_WIREGUARD" ]; then
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then
# If a wireguard kernel object is found and is part of any installed package, then
# it has not been build via DKMS or manually (installing via wireguard-dkms does not
# make the module part of the package since the module itself is built at install time
# and not part of the .deb).
# Source: https://github.com/MichaIng/DietPi/blob/7bf5e1041f3b2972d7827c48215069d1c90eee07/dietpi/dietpi-software#L1807-L1815
for i in /lib/modules/*/kernel/net/wireguard/wireguard.ko; do
[[ -f $i ]] || continue
dpkg-query -S "$i" &> /dev/null || continue
WIREGUARD_BUILTIN=1
break
done
fi
WIREGUARD_SUPPORT=1
else
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Raspbian" ]; then
NEED_WIREGUARD_REPO=1
WIREGUARD_SUPPORT=1
else
WIREGUARD_SUPPORT=0
fi
fi
if [ "$OPENVPN_SUPPORT" -eq 0 ] && [ "$WIREGUARD_SUPPORT" -eq 0 ]; then
echo "::: Neither OpenVPN nor WireGuard are available to install by PiVPN, exiting..."
exit 1
fi
# if ufw is enabled, configure that. # if ufw is enabled, configure that.
# running as root because sometimes the executable is not in the user's $PATH # running as root because sometimes the executable is not in the user's $PATH
if $SUDO bash -c 'command -v ufw' > /dev/null; then if $SUDO bash -c 'command -v ufw' > /dev/null; then
@ -1068,8 +1114,7 @@ installPiVPN(){
askWhichVPN(){ askWhichVPN(){
if [ "${runUnattended}" = 'true' ]; then if [ "${runUnattended}" = 'true' ]; then
# [ "$OSCN" = "focal" ] > WireGuard is supported in Ubuntu 20.04 on all architectures if [ "$WIREGUARD_SUPPORT" -eq 1 ]; then
if [ "$PLAT" = "Raspbian" ] || [ "$OSCN" = "focal" ] || [ "$X86_SYSTEM" -eq 1 ]; then
if [ -z "$VPN" ]; then if [ -z "$VPN" ]; then
echo ":: No VPN protocol specified, using WireGuard" echo ":: No VPN protocol specified, using WireGuard"
VPN="wireguard" VPN="wireguard"
@ -1084,7 +1129,7 @@ askWhichVPN(){
exit 1 exit 1
fi fi
fi fi
elif [ "$X86_SYSTEM" -eq 0 ]; then else
if [ -z "$VPN" ]; then if [ -z "$VPN" ]; then
echo ":: No VPN protocol specified, using OpenVPN" echo ":: No VPN protocol specified, using OpenVPN"
VPN="openvpn" VPN="openvpn"
@ -1099,8 +1144,7 @@ askWhichVPN(){
fi fi
fi fi
else else
# [ "$OSCN" = "focal" ] > WireGuard is supported in Ubuntu 20.04 on all architectures if [ "$WIREGUARD_SUPPORT" -eq 1 ] && [ "$OPENVPN_SUPPORT" -eq 1 ]; then
if [ "$PLAT" = "Raspbian" ] || [ "$OSCN" = "focal" ] || [ "$X86_SYSTEM" -eq 1 ]; then
chooseVPNCmd=(whiptail --backtitle "Setup PiVPN" --title "Installation mode" --separate-output --radiolist "WireGuard is a new kind of VPN that provides near-instantaneous connection speed, high performance, and modern cryptography.\\n\\nIt's the recommended choice especially if you use mobile devices where WireGuard is easier on battery than OpenVPN.\\n\\nOpenVPN is still available if you need the traditional, flexible, trusted VPN protocol or if you need features like TCP and custom search domain.\\n\\nChoose a VPN (press space to select):" "${r}" "${c}" 2) chooseVPNCmd=(whiptail --backtitle "Setup PiVPN" --title "Installation mode" --separate-output --radiolist "WireGuard is a new kind of VPN that provides near-instantaneous connection speed, high performance, and modern cryptography.\\n\\nIt's the recommended choice especially if you use mobile devices where WireGuard is easier on battery than OpenVPN.\\n\\nOpenVPN is still available if you need the traditional, flexible, trusted VPN protocol or if you need features like TCP and custom search domain.\\n\\nChoose a VPN (press space to select):" "${r}" "${c}" 2)
VPNChooseOptions=(WireGuard "" on VPNChooseOptions=(WireGuard "" on
OpenVPN "" off) OpenVPN "" off)
@ -1112,9 +1156,12 @@ askWhichVPN(){
echo "::: Cancel selected, exiting...." echo "::: Cancel selected, exiting...."
exit 1 exit 1
fi fi
elif [ "$X86_SYSTEM" -eq 0 ]; then elif [ "$OPENVPN_SUPPORT" -eq 1 ] && [ "$WIREGUARD_SUPPORT" -eq 0 ]; then
echo "::: Using VPN: OpenVPN" echo "::: Using VPN: OpenVPN"
VPN="openvpn" VPN="openvpn"
elif [ "$OPENVPN_SUPPORT" -eq 0 ] && [ "$WIREGUARD_SUPPORT" -eq 1 ]; then
echo "::: Using VPN: WireGuard"
VPN="wireguard"
fi fi
fi fi
@ -1162,16 +1209,7 @@ installOpenVPN(){
echo "::: Installing OpenVPN from Debian package... " echo "::: Installing OpenVPN from Debian package... "
# Use x86-only OpenVPN APT repo on x86 Debian/Ubuntu systems if [ "$NEED_OPENVPN_REPO" -eq 1 ]; then
if [ "$PLAT" != "Raspbian" ] && [ "$X86_SYSTEM" -eq 1 ]; then
AVAILABLE_OPENVPN="$(apt-cache policy openvpn | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
# If there is an available openvpn package and its version is at least 2.4
# (required for ECC support), do not add the repository
if [ -n "$AVAILABLE_OPENVPN" ] && dpkg --compare-versions "$AVAILABLE_OPENVPN" ge 2.4; then
echo "::: OpenVPN is already available in the repositories"
else
# gnupg is used by apt-key to import the openvpn GPG key into the # gnupg is used by apt-key to import the openvpn GPG key into the
# APT keyring # APT keyring
PIVPN_DEPS=(gnupg) PIVPN_DEPS=(gnupg)
@ -1197,7 +1235,6 @@ installOpenVPN(){
# shellcheck disable=SC2086 # shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! $SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
fi fi
fi
# grepcidr is used to redact IPs in the debug log whereas expect is used # grepcidr is used to redact IPs in the debug log whereas expect is used
# to feed easy-rsa with passwords # to feed easy-rsa with passwords
@ -1255,11 +1292,9 @@ installWireGuard(){
echo "::: Installing WireGuard from Debian package... " echo "::: Installing WireGuard from Debian package... "
if apt-cache policy wireguard 2> /dev/null | grep -m1 'Candidate: ' | grep -vq '(none)'; then if [ "$NEED_WIREGUARD_REPO" -eq 1 ]; then
echo "::: WireGuard is already available in the repositories"
else
echo "::: Adding Raspbian repository... " echo "::: Adding Raspbian repository... "
echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye.list > /dev/null echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
# Do not upgrade packages from the bullseye repository except for wireguard # Do not upgrade packages from the bullseye repository except for wireguard
printf 'Package: *\nPin: release n=bullseye\nPin-Priority: -1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release n=bullseye\nPin-Priority: 100\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-bullseye > /dev/null printf 'Package: *\nPin: release n=bullseye\nPin-Priority: -1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release n=bullseye\nPin-Priority: 100\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-bullseye > /dev/null
@ -1270,18 +1305,16 @@ installWireGuard(){
fi fi
# qrencode is used to generate qrcodes from config file, for use with mobile clients # qrencode is used to generate qrcodes from config file, for use with mobile clients
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms qrencode) PIVPN_DEPS=(raspberrypi-kernel-headers wireguard-tools wireguard-dkms qrencode)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
elif [ "$PLAT" = "Debian" ]; then elif [ "$PLAT" = "Debian" ]; then
echo "::: Installing WireGuard from Debian package... " echo "::: Installing WireGuard from Debian package... "
if apt-cache policy wireguard 2> /dev/null | grep -m1 'Candidate: ' | grep -vq '(none)'; then if [ "$NEED_WIREGUARD_REPO" -eq 1 ]; then
echo "::: WireGuard is already available in the repositories"
else
echo "::: Adding Debian repository... " echo "::: Adding Debian repository... "
echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye.list > /dev/null echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
printf 'Package: *\nPin: release n=bullseye\nPin-Priority: -1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release n=bullseye\nPin-Priority: 100\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-bullseye > /dev/null printf 'Package: *\nPin: release n=bullseye\nPin-Priority: -1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release n=bullseye\nPin-Priority: 100\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-bullseye > /dev/null
@ -1290,27 +1323,24 @@ installWireGuard(){
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! $SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
fi fi
PIVPN_DEPS=(linux-headers-amd64 wireguard wireguard-tools wireguard-dkms qrencode) PIVPN_DEPS=(wireguard-tools qrencode)
if [ "$WIREGUARD_BUILTIN" -eq 0 ]; then
# Explicitly install the module if not built-in
PIVPN_DEPS+=(linux-headers-amd64 wireguard-dkms)
fi
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
elif [ "$PLAT" = "Ubuntu" ]; then elif [ "$PLAT" = "Ubuntu" ]; then
echo "::: Installing WireGuard... " echo "::: Installing WireGuard... "
if apt-cache policy wireguard 2> /dev/null | grep -m1 'Candidate: ' | grep -vq '(none)'; then if [ "$WIREGUARD_BUILTIN" -eq 0 ]; then
echo "::: WireGuard is already available in the repositories" PIVPN_DEPS+=(linux-headers-generic wireguard-dkms)
else
echo "::: Adding WireGuard PPA... "
PIVPN_DEPS=(software-properties-common)
installDependentPackages PIVPN_DEPS[@]
$SUDO add-apt-repository ppa:wireguard/wireguard -y
echo "::: Updating package cache..."
# shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
fi fi
PIVPN_DEPS=(linux-headers-generic wireguard wireguard-tools wireguard-dkms qrencode) PIVPN_DEPS=(wireguard-tools qrencode)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
fi fi
@ -2249,7 +2279,7 @@ confUnattendedUpgrades(){
# Enable automatic updates via the bullseye repository when installing from debian package # Enable automatic updates via the bullseye repository when installing from debian package
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
if [ -f /etc/apt/sources.list.d/pivpn-bullseye.list ]; then if [ -f /etc/apt/sources.list.d/pivpn-bullseye-repo.list ]; then
if ! grep -q "\"o=$PLAT,n=bullseye\";" "${aptConfDir}/50unattended-upgrades"; then if ! grep -q "\"o=$PLAT,n=bullseye\";" "${aptConfDir}/50unattended-upgrades"; then
$SUDO sed -i "/Unattended-Upgrade::Origins-Pattern {/a\"o=$PLAT,n=bullseye\";" "${aptConfDir}/50unattended-upgrades" $SUDO sed -i "/Unattended-Upgrade::Origins-Pattern {/a\"o=$PLAT,n=bullseye\";" "${aptConfDir}/50unattended-upgrades"
fi fi

17
scripts/uninstall.sh
View file

@ -134,17 +134,17 @@ removeAll(){
while true; do while true; do
read -rp "::: Do you wish to remove $i from your system? [Y/n]: " yn read -rp "::: Do you wish to remove $i from your system? [Y/n]: " yn
case $yn in case $yn in
[Yy]* ) if [ "${i}" = "wireguard" ]; then [Yy]* ) if [ "${i}" = "wireguard-tools" ]; then
# On Debian and Raspbian, remove the bullseye repo. On Ubuntu, remove the PPA. # The bullseye repo may not exist if wireguard was available at the
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Raspbian" ]; then # time of installation.
rm -f /etc/apt/sources.list.d/pivpn-bullseye.list if [ -f /etc/apt/sources.list.d/pivpn-bullseye-repo.list ]; then
echo "::: Removing Debian Bullseye repo..."
rm -f /etc/apt/sources.list.d/pivpn-bullseye-repo.list
rm -f /etc/apt/preferences.d/pivpn-limit-bullseye rm -f /etc/apt/preferences.d/pivpn-limit-bullseye
elif [ "$PLAT" = "Ubuntu" ]; then
add-apt-repository ppa:wireguard/wireguard -r -y
fi
echo "::: Updating package cache..." echo "::: Updating package cache..."
${UPDATE_PKG_CACHE} &> /dev/null & spinner $! ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
fi
elif [ "${i}" = "unattended-upgrades" ]; then elif [ "${i}" = "unattended-upgrades" ]; then
@ -154,7 +154,8 @@ removeAll(){
elif [ "${i}" = "openvpn" ]; then elif [ "${i}" = "openvpn" ]; then
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then if [ -f /etc/apt/sources.list.d/pivpn-openvpn-repo.list ]; then
echo "::: Removing OpenVPN software repo..."
rm -f /etc/apt/sources.list.d/pivpn-openvpn-repo.list rm -f /etc/apt/sources.list.d/pivpn-openvpn-repo.list
echo "::: Updating package cache..." echo "::: Updating package cache..."
${UPDATE_PKG_CACHE} &> /dev/null & spinner $! ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!