From 202e03c71b49ba57a9bb42cf3327381b89c33d73 Mon Sep 17 00:00:00 2001 From: Jack Jackson Date: Sun, 5 Dec 2021 15:28:42 -0800 Subject: [PATCH 1/7] Correct typo in Debug script output styling Compare with `scripts/openvpn/pivpnDebug.sh`, where the escape characters are correctly sequenced for "a tab, and then some styled text". --- scripts/wireguard/pivpnDEBUG.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/wireguard/pivpnDEBUG.sh b/scripts/wireguard/pivpnDEBUG.sh index b7f8f73..3a68198 100755 --- a/scripts/wireguard/pivpnDEBUG.sh +++ b/scripts/wireguard/pivpnDEBUG.sh @@ -47,7 +47,7 @@ else fi printf "=============================================\n" -echo -e ":::: \t\e[4mRecursive list of files in\e[0m\t ::::\n::::\e\t[4m/etc/wireguard shown below\e[0m\t ::::" +echo -e ":::: \t\e[4mRecursive list of files in\e[0m\t ::::\n::::\t\e[4m/etc/wireguard shown below\e[0m\t ::::" ls -LR /etc/wireguard printf "=============================================\n" echo -e "::::\t\t\e[4mSelf check\e[0m\t\t ::::" From b00205c83d29d11d971d8578d12046e3d2d80db6 Mon Sep 17 00:00:00 2001 From: Martin Date: Tue, 7 Dec 2021 20:42:13 +0100 Subject: [PATCH 2/7] Fix typo in removeOVPN.sh for default action The action if the user does not input anything when revoking a certificate is to not revoke. Let the text reflect that by making N uppercase. --- scripts/openvpn/removeOVPN.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/openvpn/removeOVPN.sh b/scripts/openvpn/removeOVPN.sh index e8d33d7..e67ab59 100755 --- a/scripts/openvpn/removeOVPN.sh +++ b/scripts/openvpn/removeOVPN.sh @@ -134,7 +134,7 @@ for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do if [ -n "$CONFIRM" ]; then REPLY="y" else - read -r -p "Do you really want to revoke '${CERTS_TO_REVOKE[ii]}'? [Y/n] " + read -r -p "Do you really want to revoke '${CERTS_TO_REVOKE[ii]}'? [y/N] " fi if [[ $REPLY =~ ^[Yy]$ ]]; then printf "\n::: Revoking certificate '%s'. \n" "${CERTS_TO_REVOKE[ii]}" From fdf58a95c61156b586ce5451780003c627e31e1e Mon Sep 17 00:00:00 2001 From: Peter Lewis Date: Thu, 16 Dec 2021 11:44:59 +0000 Subject: [PATCH 3/7] Replace 'user' with 'client' in help text Text replacement so as to provide clarity and consistency as to the behaviour of this command. --- scripts/wireguard/pivpn.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/wireguard/pivpn.sh b/scripts/wireguard/pivpn.sh index d849a95..623c79b 100755 --- a/scripts/wireguard/pivpn.sh +++ b/scripts/wireguard/pivpn.sh @@ -92,8 +92,8 @@ showHelp(){ echo "::: -l, list List all clients" echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app" echo "::: -r, remove Remove a client" - echo "::: -off, off Disable a user" - echo "::: -on, on Enable a user" + echo "::: -off, off Disable a client" + echo "::: -on, on Enable a client" echo "::: -h, help Show this help dialog" echo "::: -u, uninstall Uninstall pivpn from your system!" echo "::: -up, update Updates PiVPN Scripts" From 85b3e822745fc88bb58a514614d18fb2c4add19e Mon Sep 17 00:00:00 2001 From: Orazio <22700499+orazioedoardo@users.noreply.github.com> Date: Sat, 25 Dec 2021 14:40:37 +0100 Subject: [PATCH 4/7] Generate random virtual subnet, avoiding common subnets and those already used by the system --- auto_install/install.sh | 46 ++++++++++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index debdf78..32a8419 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -34,7 +34,7 @@ PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install" PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" # Dependencies that are required by the script, regardless of the VPN protocol chosen -BASE_DEPS=(git tar curl grep dnsutils whiptail net-tools bsdmainutils bash-completion) +BASE_DEPS=(git tar curl grep dnsutils grepcidr whiptail net-tools bsdmainutils bash-completion) # Dependencies that where actually installed by the script. For example if the script requires # grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling @@ -1085,13 +1085,44 @@ setVPNDefaultVars(){ fi } +generateRandomSubnet() { + # Source: https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts + declare -a SUBNET_EXCLUDE_LIST=(10.0.0.0/24 10.0.1.0/24 10.1.1.0/24 10.1.10.0/24 10.2.0.0/24 10.8.0.0/24 10.10.1.0/24 10.90.90.0/24 10.100.1.0/24 10.255.255.0/24) + + readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip -o addr show | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" + + SUBNET_EXCLUDE_LIST=("${SUBNET_EXCLUDE_LIST[@]}" "${CURRENTLY_USED_SUBNETS[@]}") + + local MATCHES + + while true; do + + MATCHES=0 + + pivpnNET="10.$((RANDOM%256)).$((RANDOM%256)).0" + + for SUB in "${SUBNET_EXCLUDE_LIST[@]}"; do + if grepcidr "${SUB}" <<< "${pivpnNET}/$subnetClass" 2>&1 > /dev/null; then + ((MATCHES++)) + fi + done + + if [ "${MATCHES}" -eq 0 ]; then + break + fi + + done + + echo "${pivpnNET}" +} + setOpenVPNDefaultVars(){ pivpnDEV="tun0" # Allow custom NET via unattend setupVARs file. Use default if not provided. if [ -z "$pivpnNET" ]; then - pivpnNET="10.8.0.0" + pivpnNET="$(generateRandomSubnet)" fi - vpnGw="${pivpnNET/.0.0/.0.1}" + vpnGw="${pivpnNET/.0/.1}" } setWireguardDefaultVars(){ @@ -1101,9 +1132,9 @@ setWireguardDefaultVars(){ pivpnDEV="wg0" # Allow custom NET via unattend setupVARs file. Use default if not provided. if [ -z "$pivpnNET" ]; then - pivpnNET="10.6.0.0" + pivpnNET="$(generateRandomSubnet)" fi - vpnGw="${pivpnNET/.0.0/.0.1}" + vpnGw="${pivpnNET/.0/.1}" # Allow custom allowed IPs via unattend setupVARs file. Use default if not provided. if [ -z "$ALLOWED_IPS" ]; then # Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by @@ -1233,9 +1264,8 @@ installOpenVPN(){ updatePackageCache fi - # grepcidr is used to redact IPs in the debug log whereas expect is used - # to feed easy-rsa with passwords - PIVPN_DEPS=(openvpn grepcidr expect) + # Expect is used to feed easy-rsa with passwords + PIVPN_DEPS=(openvpn expect) installDependentPackages PIVPN_DEPS[@] } From ba2527d67b010dd8d647bc2287d0eec05d74e12b Mon Sep 17 00:00:00 2001 From: Orazio <22700499+orazioedoardo@users.noreply.github.com> Date: Sat, 25 Dec 2021 14:51:56 +0100 Subject: [PATCH 5/7] Fix vpnGW variable creation when pivpnNET was 10.X.0.0 or 10.0.0.0 Bash built-in substitution doesn't work in those cases, example: $ pivpnNET=10.34.0.0 $ vpnGw="${pivpnNET/.0/.1}" $ echo $vpnGw 10.34.1.0 --- auto_install/install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 32a8419..177deb8 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -1122,7 +1122,7 @@ setOpenVPNDefaultVars(){ if [ -z "$pivpnNET" ]; then pivpnNET="$(generateRandomSubnet)" fi - vpnGw="${pivpnNET/.0/.1}" + vpnGw="$(cut -d '.' -f 1-3 <<< "${pivpnNET}").1" } setWireguardDefaultVars(){ @@ -1134,7 +1134,7 @@ setWireguardDefaultVars(){ if [ -z "$pivpnNET" ]; then pivpnNET="$(generateRandomSubnet)" fi - vpnGw="${pivpnNET/.0/.1}" + vpnGw="$(cut -d '.' -f 1-3 <<< "${pivpnNET}").1" # Allow custom allowed IPs via unattend setupVARs file. Use default if not provided. if [ -z "$ALLOWED_IPS" ]; then # Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by From b9c6078ec374207c122a93ca3ab15f6d962477c8 Mon Sep 17 00:00:00 2001 From: Orazio <22700499+orazioedoardo@users.noreply.github.com> Date: Sat, 25 Dec 2021 15:44:08 +0100 Subject: [PATCH 6/7] Exclude subnets for which there is a route --- auto_install/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 177deb8..c8795a2 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -1089,7 +1089,7 @@ generateRandomSubnet() { # Source: https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts declare -a SUBNET_EXCLUDE_LIST=(10.0.0.0/24 10.0.1.0/24 10.1.1.0/24 10.1.10.0/24 10.2.0.0/24 10.8.0.0/24 10.10.1.0/24 10.90.90.0/24 10.100.1.0/24 10.255.255.0/24) - readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip -o addr show | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" + readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip route show | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" SUBNET_EXCLUDE_LIST=("${SUBNET_EXCLUDE_LIST[@]}" "${CURRENTLY_USED_SUBNETS[@]}") From 28485fc696059f840267cf54777a09173eb01512 Mon Sep 17 00:00:00 2001 From: Orazio <22700499+orazioedoardo@users.noreply.github.com> Date: Sat, 25 Dec 2021 16:42:23 +0100 Subject: [PATCH 7/7] Too many empty lines --- auto_install/install.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index c8795a2..4314acb 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -1088,17 +1088,12 @@ setVPNDefaultVars(){ generateRandomSubnet() { # Source: https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts declare -a SUBNET_EXCLUDE_LIST=(10.0.0.0/24 10.0.1.0/24 10.1.1.0/24 10.1.10.0/24 10.2.0.0/24 10.8.0.0/24 10.10.1.0/24 10.90.90.0/24 10.100.1.0/24 10.255.255.0/24) - readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip route show | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" - SUBNET_EXCLUDE_LIST=("${SUBNET_EXCLUDE_LIST[@]}" "${CURRENTLY_USED_SUBNETS[@]}") local MATCHES - while true; do - MATCHES=0 - pivpnNET="10.$((RANDOM%256)).$((RANDOM%256)).0" for SUB in "${SUBNET_EXCLUDE_LIST[@]}"; do @@ -1110,7 +1105,6 @@ generateRandomSubnet() { if [ "${MATCHES}" -eq 0 ]; then break fi - done echo "${pivpnNET}"