Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'test' into wg_ipv6_client_config

Browse source
This commit is contained in:
DerDanilo 2022-03-10 10:56:50 +01:00 committed by GitHub
commit 642aa383a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
auto_install/install.sh
View file

@ -34,7 +34,7 @@ PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
# Dependencies that are required by the script, regardless of the VPN protocol chosen # Dependencies that are required by the script, regardless of the VPN protocol chosen
BASE_DEPS=(git tar curl grep dnsutils whiptail net-tools bsdmainutils bash-completion) BASE_DEPS=(git tar curl grep dnsutils grepcidr whiptail net-tools bsdmainutils bash-completion)
# Dependencies that where actually installed by the script. For example if the script requires # Dependencies that where actually installed by the script. For example if the script requires
# grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling # grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling
@ -1150,13 +1150,38 @@ setVPNDefaultVars(){
fi fi
} }
generateRandomSubnet() {
# Source: https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts
declare -a SUBNET_EXCLUDE_LIST=(10.0.0.0/24 10.0.1.0/24 10.1.1.0/24 10.1.10.0/24 10.2.0.0/24 10.8.0.0/24 10.10.1.0/24 10.90.90.0/24 10.100.1.0/24 10.255.255.0/24)
readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip route show | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')"
SUBNET_EXCLUDE_LIST=("${SUBNET_EXCLUDE_LIST[@]}" "${CURRENTLY_USED_SUBNETS[@]}")
local MATCHES
while true; do
MATCHES=0
pivpnNET="10.$((RANDOM%256)).$((RANDOM%256)).0"
for SUB in "${SUBNET_EXCLUDE_LIST[@]}"; do
if grepcidr "${SUB}" <<< "${pivpnNET}/$subnetClass" 2>&1 > /dev/null; then
((MATCHES++))
fi
done
if [ "${MATCHES}" -eq 0 ]; then
break
fi
done
echo "${pivpnNET}"
}
setOpenVPNDefaultVars(){ setOpenVPNDefaultVars(){
pivpnDEV="tun0" pivpnDEV="tun0"
# Allow custom NET via unattend setupVARs file. Use default if not provided. # Allow custom NET via unattend setupVARs file. Use default if not provided.
if [ -z "$pivpnNET" ]; then if [ -z "$pivpnNET" ]; then
pivpnNET="10.8.0.0" pivpnNET="$(generateRandomSubnet)"
fi fi
vpnGw="${pivpnNET/.0.0/.0.1}" vpnGw="$(cut -d '.' -f 1-3 <<< "${pivpnNET}").1"
} }
setWireguardDefaultVars(){ setWireguardDefaultVars(){
@ -1166,12 +1191,12 @@ setWireguardDefaultVars(){
pivpnDEV="wg0" pivpnDEV="wg0"
# Allow custom NET via unattend setupVARs file. Use default if not provided. # Allow custom NET via unattend setupVARs file. Use default if not provided.
if [ -z "$pivpnNET" ]; then if [ -z "$pivpnNET" ]; then
pivpnNET="10.6.0.0" pivpnNET="$(generateRandomSubnet)"
fi fi
if [ "$pivpnenableipv6" == "1" ] && [ -z "$pivpnNETv6" ]; then if [ "$pivpnenableipv6" == "1" ] && [ -z "$pivpnNETv6" ]; then
pivpnNETv6="fd11:5ee:bad:c0de::" pivpnNETv6="fd11:5ee:bad:c0de::"
fi fi
vpnGw="${pivpnNET/.0.0/.0.1}" vpnGw="$(cut -d '.' -f 1-3 <<< "${pivpnNET}").1"
if [ "$pivpnenableipv6" == "1" ]; then if [ "$pivpnenableipv6" == "1" ]; then
vpnGwv6="${pivpnNETv6}1" vpnGwv6="${pivpnNETv6}1"
fi fi
@ -1315,9 +1340,8 @@ installOpenVPN(){
updatePackageCache updatePackageCache
fi fi
# grepcidr is used to redact IPs in the debug log whereas expect is used # Expect is used to feed easy-rsa with passwords
# to feed easy-rsa with passwords PIVPN_DEPS=(openvpn expect)
PIVPN_DEPS=(openvpn grepcidr expect)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
} }

2
scripts/openvpn/removeOVPN.sh
View file

@ -134,7 +134,7 @@ for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
if [ -n "$CONFIRM" ]; then if [ -n "$CONFIRM" ]; then
REPLY="y" REPLY="y"
else else
read -r -p "Do you really want to revoke '${CERTS_TO_REVOKE[ii]}'? [Y/n] " read -r -p "Do you really want to revoke '${CERTS_TO_REVOKE[ii]}'? [y/N] "
fi fi
if [[ $REPLY =~ ^[Yy]$ ]]; then if [[ $REPLY =~ ^[Yy]$ ]]; then
printf "\n::: Revoking certificate '%s'. \n" "${CERTS_TO_REVOKE[ii]}" printf "\n::: Revoking certificate '%s'. \n" "${CERTS_TO_REVOKE[ii]}"

4
scripts/wireguard/pivpn.sh
View file

@ -92,8 +92,8 @@ showHelp(){
echo "::: -l, list List all clients" echo "::: -l, list List all clients"
echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app" echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app"
echo "::: -r, remove Remove a client" echo "::: -r, remove Remove a client"
echo "::: -off, off Disable a user" echo "::: -off, off Disable a client"
echo "::: -on, on Enable a user" echo "::: -on, on Enable a client"
echo "::: -h, help Show this help dialog" echo "::: -h, help Show this help dialog"
echo "::: -u, uninstall Uninstall pivpn from your system!" echo "::: -u, uninstall Uninstall pivpn from your system!"
echo "::: -up, update Updates PiVPN Scripts" echo "::: -up, update Updates PiVPN Scripts"

2
scripts/wireguard/pivpnDEBUG.sh
View file

@ -47,7 +47,7 @@ else
fi fi
printf "=============================================\n" printf "=============================================\n"
echo -e ":::: \t\e[4mRecursive list of files in\e[0m\t ::::\n::::\e\t[4m/etc/wireguard shown below\e[0m\t ::::" echo -e ":::: \t\e[4mRecursive list of files in\e[0m\t ::::\n::::\t\e[4m/etc/wireguard shown below\e[0m\t ::::"
ls -LR /etc/wireguard ls -LR /etc/wireguard
printf "=============================================\n" printf "=============================================\n"
echo -e "::::\t\t\e[4mSelf check\e[0m\t\t ::::" echo -e "::::\t\t\e[4mSelf check\e[0m\t\t ::::"