Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Simplified the OpenVPN installation flow by moving some settings behind a "customize" dialog.

Browse source 
Additional features could fall in there without compromising the simplicity of PiVPN.
This commit is contained in:
Orazio 2020-06-07 13:59:51 +02:00
parent 8e514a5f74
commit 71bae41cda
1 changed files with 36 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
auto_install/install.sh
View file

@ -1031,6 +1031,7 @@ installPiVPN(){
pivpnNET="10.8.0.0" pivpnNET="10.8.0.0"
vpnGw="${pivpnNET/.0.0/.0.1}" vpnGw="${pivpnNET/.0.0/.0.1}"
askAboutCustomizing
installOpenVPN installOpenVPN
askCustomProto askCustomProto
askCustomPort askCustomPort
@ -1051,6 +1052,7 @@ installPiVPN(){
pivpnDEV="wg0" pivpnDEV="wg0"
pivpnNET="10.6.0.0" pivpnNET="10.6.0.0"
vpnGw="${pivpnNET/.0.0/.0.1}" vpnGw="${pivpnNET/.0.0/.0.1}"
CUSTOMIZE=0
installWireGuard installWireGuard
askCustomPort askCustomPort
@ -1121,6 +1123,14 @@ askWhichVPN(){
echo "VPN=${VPN}" >> ${tempsetupVarsFile} echo "VPN=${VPN}" >> ${tempsetupVarsFile}
} }
askAboutCustomizing(){
if (whiptail --backtitle "Setup PiVPN" --title "Installation mode" --yesno --defaultno "PiVPN uses some settings that we believe are good defaults for most users.\n\n- UDP or TCP protocol: UDP\n- Custom search domain for the DNS field: None\n- Modern features or best compatibility: Modern features (256 bit certificate + additional TLS encryption)\n\nHowever, we still want to keep flexibility, so if you need to customize them, choose Yes." ${r} ${c}); then
CUSTOMIZE=1
else
CUSTOMIZE=0
fi
}
downloadVerifyKey(){ downloadVerifyKey(){
local KEY_URL="$1" local KEY_URL="$1"
local EXPECTED_KEY_ID="$2" local EXPECTED_KEY_ID="$2"
@ -1324,6 +1334,14 @@ askCustomProto(){
return return
fi fi
if [ "$CUSTOMIZE" -eq 0 ]; then
if [ "$VPN" = "openvpn" ]; then
pivpnPROTO="udp"
echo "pivpnPROTO=${pivpnPROTO}" >> ${tempsetupVarsFile}
return
fi
fi
# Set the available protocols into an array so it can be used with a whiptail dialog # Set the available protocols into an array so it can be used with a whiptail dialog
if pivpnPROTO=$(whiptail --title "Protocol" --radiolist \ if pivpnPROTO=$(whiptail --title "Protocol" --radiolist \
"Choose a protocol (press space to select). Please only choose TCP if you know why you need TCP." ${r} ${c} 2 \ "Choose a protocol (press space to select). Please only choose TCP if you know why you need TCP." ${r} ${c} 2 \
@ -1588,6 +1606,13 @@ askCustomDomain(){
return return
fi fi
if [ "$CUSTOMIZE" -eq 0 ]; then
if [ "$VPN" = "openvpn" ]; then
echo "pivpnSEARCHDOMAIN=${pivpnSEARCHDOMAIN}" >> ${tempsetupVarsFile}
return
fi
fi
DomainSettingsCorrect=False DomainSettingsCorrect=False
if (whiptail --backtitle "Custom Search Domain" --title "Custom Search Domain" --yesno --defaultno "Would you like to add a custom search domain? \\n (This is only for advanced users who have their own domain)\\n" ${r} ${c}); then if (whiptail --backtitle "Custom Search Domain" --title "Custom Search Domain" --yesno --defaultno "Would you like to add a custom search domain? \\n (This is only for advanced users who have their own domain)\\n" ${r} ${c}); then
@ -1738,6 +1763,17 @@ askEncryption(){
return return
fi fi
if [ "$CUSTOMIZE" -eq 0 ]; then
if [ "$VPN" = "openvpn" ]; then
TWO_POINT_FOUR=1
pivpnENCRYPT=256
echo "TWO_POINT_FOUR=${TWO_POINT_FOUR}" >> ${tempsetupVarsFile}
echo "pivpnENCRYPT=${pivpnENCRYPT}" >> ${tempsetupVarsFile}
echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> ${tempsetupVarsFile}
return
fi
fi
if (whiptail --backtitle "Setup OpenVPN" --title "Installation mode" --yesno "OpenVPN 2.4 can take advantage of Elliptic Curves to provide higher connection speed and improved security over RSA, while keeping smaller certificates.\\n\\nMoreover, the 'tls-crypt' directive encrypts the certificates being used while authenticating, increasing privacy.\\n\\nIf your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility." "${r}" "${c}"); then if (whiptail --backtitle "Setup OpenVPN" --title "Installation mode" --yesno "OpenVPN 2.4 can take advantage of Elliptic Curves to provide higher connection speed and improved security over RSA, while keeping smaller certificates.\\n\\nMoreover, the 'tls-crypt' directive encrypts the certificates being used while authenticating, increasing privacy.\\n\\nIf your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility." "${r}" "${c}"); then
TWO_POINT_FOUR=1 TWO_POINT_FOUR=1
pivpnENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "ECDSA certificate size" --radiolist \ pivpnENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "ECDSA certificate size" --radiolist \