diff --git a/auto_install/install.sh b/auto_install/install.sh index be43e70..145de92 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -1031,6 +1031,7 @@ installPiVPN(){ pivpnNET="10.8.0.0" vpnGw="${pivpnNET/.0.0/.0.1}" + askAboutCustomizing installOpenVPN askCustomProto askCustomPort @@ -1051,6 +1052,7 @@ installPiVPN(){ pivpnDEV="wg0" pivpnNET="10.6.0.0" vpnGw="${pivpnNET/.0.0/.0.1}" + CUSTOMIZE=0 installWireGuard askCustomPort @@ -1121,6 +1123,14 @@ askWhichVPN(){ echo "VPN=${VPN}" >> ${tempsetupVarsFile} } +askAboutCustomizing(){ + if (whiptail --backtitle "Setup PiVPN" --title "Installation mode" --yesno --defaultno "PiVPN uses some settings that we believe are good defaults for most users.\n\n- UDP or TCP protocol: UDP\n- Custom search domain for the DNS field: None\n- Modern features or best compatibility: Modern features (256 bit certificate + additional TLS encryption)\n\nHowever, we still want to keep flexibility, so if you need to customize them, choose Yes." ${r} ${c}); then + CUSTOMIZE=1 + else + CUSTOMIZE=0 + fi +} + downloadVerifyKey(){ local KEY_URL="$1" local EXPECTED_KEY_ID="$2" @@ -1324,6 +1334,14 @@ askCustomProto(){ return fi + if [ "$CUSTOMIZE" -eq 0 ]; then + if [ "$VPN" = "openvpn" ]; then + pivpnPROTO="udp" + echo "pivpnPROTO=${pivpnPROTO}" >> ${tempsetupVarsFile} + return + fi + fi + # Set the available protocols into an array so it can be used with a whiptail dialog if pivpnPROTO=$(whiptail --title "Protocol" --radiolist \ "Choose a protocol (press space to select). Please only choose TCP if you know why you need TCP." ${r} ${c} 2 \ @@ -1588,6 +1606,13 @@ askCustomDomain(){ return fi + if [ "$CUSTOMIZE" -eq 0 ]; then + if [ "$VPN" = "openvpn" ]; then + echo "pivpnSEARCHDOMAIN=${pivpnSEARCHDOMAIN}" >> ${tempsetupVarsFile} + return + fi + fi + DomainSettingsCorrect=False if (whiptail --backtitle "Custom Search Domain" --title "Custom Search Domain" --yesno --defaultno "Would you like to add a custom search domain? \\n (This is only for advanced users who have their own domain)\\n" ${r} ${c}); then @@ -1738,6 +1763,17 @@ askEncryption(){ return fi + if [ "$CUSTOMIZE" -eq 0 ]; then + if [ "$VPN" = "openvpn" ]; then + TWO_POINT_FOUR=1 + pivpnENCRYPT=256 + echo "TWO_POINT_FOUR=${TWO_POINT_FOUR}" >> ${tempsetupVarsFile} + echo "pivpnENCRYPT=${pivpnENCRYPT}" >> ${tempsetupVarsFile} + echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> ${tempsetupVarsFile} + return + fi + fi + if (whiptail --backtitle "Setup OpenVPN" --title "Installation mode" --yesno "OpenVPN 2.4 can take advantage of Elliptic Curves to provide higher connection speed and improved security over RSA, while keeping smaller certificates.\\n\\nMoreover, the 'tls-crypt' directive encrypts the certificates being used while authenticating, increasing privacy.\\n\\nIf your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility." "${r}" "${c}"); then TWO_POINT_FOUR=1 pivpnENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "ECDSA certificate size" --radiolist \