Minor unattended fixes, adjusted openvpn settings

This commit is contained in:
Orazio 2019-11-14 17:42:56 +01:00
parent 07abfc97e9
commit 5cb8a05317
3 changed files with 28 additions and 13 deletions

View file

@ -4,8 +4,6 @@ proto udp
remote IPv4pub 1194 remote IPv4pub 1194
resolv-retry infinite resolv-retry infinite
nobind nobind
persist-key
persist-tun
key-direction 1 key-direction 1
remote-cert-tls server remote-cert-tls server
tls-version-min 1.2 tls-version-min 1.2

View file

@ -1175,7 +1175,10 @@ askEncryption(){
fi fi
fi fi
if [ -n "$DOWNLOAD_DH_PARAM" ]; then if [ -z "$DOWNLOAD_DH_PARAM" ] || [ "$DOWNLOAD_DH_PARAM" -ne 1 ]; then
DOWNLOAD_DH_PARAM=0
echo "::: DH parameters will be generated locally"
else
echo "::: DH parameters will be downloaded from \"2 Ton Digital\"" echo "::: DH parameters will be downloaded from \"2 Ton Digital\""
fi fi
@ -1246,7 +1249,11 @@ set_var EASYRSA_KEY_SIZE ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
${SUDOE} ./easyrsa --batch build-ca nopass ${SUDOE} ./easyrsa --batch build-ca nopass
printf "\n::: CA Complete.\n" printf "\n::: CA Complete.\n"
if [ "${runUnattended}" = 'true' ]; then
echo "::: The server key, Diffie-Hellman parameters, and HMAC key will now be generated."
else
whiptail --msgbox --backtitle "Setup OpenVPN" --title "Server Information" "The server key, Diffie-Hellman parameters, and HMAC key will now be generated." ${r} ${c} whiptail --msgbox --backtitle "Setup OpenVPN" --title "Server Information" "The server key, Diffie-Hellman parameters, and HMAC key will now be generated." ${r} ${c}
fi
# Build the server # Build the server
EASYRSA_CERT_EXPIRE=3650 ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass EASYRSA_CERT_EXPIRE=3650 ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass
@ -1335,9 +1342,10 @@ confWireGuard(){
$SUDO chmod 700 /etc/wireguard $SUDO chmod 700 /etc/wireguard
fi fi
if [ "${runUnattended}" = 'false' ]; then if [ "${runUnattended}" = 'true' ]; then
echo "::: The Server Keys and Pre-Shared key will now be generated."
else
whiptail --title "Server Information" --msgbox "The Server Keys and Pre-Shared key will now be generated." "${r}" "${c}" whiptail --title "Server Information" --msgbox "The Server Keys and Pre-Shared key will now be generated." "${r}" "${c}"
return
fi fi
$SUDO mkdir /etc/wireguard/configs $SUDO mkdir /etc/wireguard/configs
$SUDO touch /etc/wireguard/configs/clients.txt $SUDO touch /etc/wireguard/configs/clients.txt
@ -1564,9 +1572,13 @@ installScripts(){
displayFinalMessage(){ displayFinalMessage(){
if [ "${runUnattended}" = 'true' ]; then if [ "${runUnattended}" = 'true' ]; then
echo "::: Installation Complete!" echo "::: Installation Complete!"
echo "::: Now run 'pivpn add' to create the ovpn profiles. echo "::: Now run 'pivpn add' to create the ovpn profiles."
Run 'pivpn help' to see what else you can do!\n\nIf you run into any issue, please read all our documentation carefully. echo "::: Run 'pivpn help' to see what else you can do!"
All incomplete posts or bug reports will be ignored or deleted.\n\nThank you for using PiVPN." echo
echo "::: If you run into any issue, please read all our documentation carefully."
echo "::: All incomplete posts or bug reports will be ignored or deleted."
echo
echo "::: Thank you for using PiVPN."
echo "::: It is strongly recommended you reboot after installation." echo "::: It is strongly recommended you reboot after installation."
return return
fi fi
@ -1621,10 +1633,15 @@ main(){
if [[ "${runUnattended}" == true ]]; then if [[ "${runUnattended}" == true ]]; then
echo "::: --unattended passed to install script, no whiptail dialogs will be displayed" echo "::: --unattended passed to install script, no whiptail dialogs will be displayed"
if [ -r "$1" ]; then if [ -z "$2" ]; then
source "$1" echo "::: No configuration file passed, using default settings..."
else else
echo "::: Warning: can't open $1, using default settings..." if [ -r "$2" ]; then
source "$2"
else
echo "::: Can't open $2"
exit 1
fi
fi fi
fi fi

View file

@ -17,7 +17,7 @@ push "block-outside-dns"
# overriding but not wiping out the original default gateway. # overriding but not wiping out the original default gateway.
push "redirect-gateway def1" push "redirect-gateway def1"
client-to-client client-to-client
keepalive 1800 3600 keepalive 15 120
remote-cert-tls client remote-cert-tls client
tls-version-min 1.2 tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0 tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0