mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-23 21:30:15 +00:00
Merge pull request #863 from orazioedoardo/test-wireguard
Add uninstall script and Pi-hole detection
This commit is contained in:
commit
743005e883
9 changed files with 278 additions and 44 deletions
|
@ -1,5 +1,5 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# PiVPN: Trivial OpenVPN or WireGUard setup and configuration
|
# PiVPN: Trivial OpenVPN or WireGuard setup and configuration
|
||||||
# Easiest setup and mangement of OpenVPN or WireGuard on Raspberry Pi
|
# Easiest setup and mangement of OpenVPN or WireGuard on Raspberry Pi
|
||||||
# http://pivpn.io
|
# http://pivpn.io
|
||||||
# Heavily adapted from the pi-hole.net project and...
|
# Heavily adapted from the pi-hole.net project and...
|
||||||
|
@ -20,7 +20,12 @@ PKG_CACHE="/var/lib/apt/lists/"
|
||||||
UPDATE_PKG_CACHE="${PKG_MANAGER} update"
|
UPDATE_PKG_CACHE="${PKG_MANAGER} update"
|
||||||
PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
|
PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
|
||||||
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
|
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
|
||||||
|
# Dependencies that are required by the script, regardless of the VPN protocol chosen
|
||||||
BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools dhcpcd5)
|
BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools dhcpcd5)
|
||||||
|
# Dependencies that where actually installed by the script. For example if the script requires
|
||||||
|
# grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling
|
||||||
|
# PiVPN we won't prompt to remove packages that may have been installed by the user for other reasons
|
||||||
|
TO_INSTALL=()
|
||||||
|
|
||||||
pivpnGitUrl="https://github.com/orazioedoardo/pivpn.git"
|
pivpnGitUrl="https://github.com/orazioedoardo/pivpn.git"
|
||||||
easyrsaVer="3.0.6"
|
easyrsaVer="3.0.6"
|
||||||
|
@ -30,7 +35,7 @@ easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}
|
||||||
UNATTUPG_RELEASE="1.14"
|
UNATTUPG_RELEASE="1.14"
|
||||||
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz"
|
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz"
|
||||||
|
|
||||||
WG_SNAPSHOT="0.0.20190913"
|
WG_SNAPSHOT="0.0.20191012"
|
||||||
WG_SOURCE="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WG_SNAPSHOT}.tar.xz"
|
WG_SOURCE="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WG_SNAPSHOT}.tar.xz"
|
||||||
|
|
||||||
# Find the rows and columns. Will default to 80x24 if it can not be detected.
|
# Find the rows and columns. Will default to 80x24 if it can not be detected.
|
||||||
|
@ -212,10 +217,6 @@ notifyPackageUpdatesAvailable(){
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
packageCheckInstall(){
|
|
||||||
dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}"
|
|
||||||
}
|
|
||||||
|
|
||||||
preconfigurePackages(){
|
preconfigurePackages(){
|
||||||
# Add support for https repositories if there are any that use it otherwise the installation will silently fail
|
# Add support for https repositories if there are any that use it otherwise the installation will silently fail
|
||||||
if grep -q https /etc/apt/sources.list; then
|
if grep -q https /etc/apt/sources.list; then
|
||||||
|
@ -236,14 +237,20 @@ installDependentPackages(){
|
||||||
# No spinner - conflicts with set -e
|
# No spinner - conflicts with set -e
|
||||||
declare -a argArray1=("${!1}")
|
declare -a argArray1=("${!1}")
|
||||||
|
|
||||||
|
for i in "${argArray1[@]}"; do
|
||||||
|
echo -n "::: Checking for $i..."
|
||||||
|
if dpkg-query -W -f='${Status}' "${i}" 2>/dev/null | grep -q "ok installed"; then
|
||||||
|
echo " installed!"
|
||||||
|
else
|
||||||
|
TO_INSTALL+=("${i}")
|
||||||
|
echo " not installed!"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
if command -v debconf-apt-progress &> /dev/null; then
|
if command -v debconf-apt-progress &> /dev/null; then
|
||||||
$SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
|
$SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
|
||||||
else
|
else
|
||||||
for i in "${argArray1[@]}"; do
|
${PKG_INSTALL} "${argArray1[@]}"
|
||||||
echo -n "::: Checking for $i..."
|
|
||||||
$SUDO packageCheckInstall "${i}" &> /dev/null
|
|
||||||
echo " installed!"
|
|
||||||
done
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -301,8 +308,8 @@ chooseInterface(){
|
||||||
}
|
}
|
||||||
|
|
||||||
avoidStaticIPv4Ubuntu() {
|
avoidStaticIPv4Ubuntu() {
|
||||||
# If we are in Ubuntu then they need to have previously set their network, so just use what you have.
|
# If we are in Ubuntu then they need to have previously set their network, so just use what you have.
|
||||||
whiptail --msgbox --backtitle "IP Information" --title "IP Information" "Since we think you are not using Raspbian, we will not configure a static IP for you.
|
whiptail --msgbox --backtitle "IP Information" --title "IP Information" "Since we think you are not using Raspbian, we will not configure a static IP for you.
|
||||||
If you are in Amazon then you can not configure a static IP anyway. Just ensure before this installer started you had set an elastic IP on your instance." ${r} ${c}
|
If you are in Amazon then you can not configure a static IP anyway. Just ensure before this installer started you had set an elastic IP on your instance." ${r} ${c}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -515,6 +522,7 @@ askWhichVPN(){
|
||||||
if (whiptail --backtitle "Setup PiVPN" --title "Installation mode" --yesno "WireGuard is a new kind of VPN that provides near-istantaneous connection speed, high performance, modern cryptography.\n\nIt's the recommended choise expecially if you use mobile devices where WireGuard is easier on battery than OpenVPN.\n\nOpenVPN is still available if you need the traditional, flexible, trusted VPN protocol. Or if you need features like TCP and custom search domain.\n\nChoose 'Yes' to use WireGuard of 'No' to use OpenVPN." ${r} ${c});
|
if (whiptail --backtitle "Setup PiVPN" --title "Installation mode" --yesno "WireGuard is a new kind of VPN that provides near-istantaneous connection speed, high performance, modern cryptography.\n\nIt's the recommended choise expecially if you use mobile devices where WireGuard is easier on battery than OpenVPN.\n\nOpenVPN is still available if you need the traditional, flexible, trusted VPN protocol. Or if you need features like TCP and custom search domain.\n\nChoose 'Yes' to use WireGuard of 'No' to use OpenVPN." ${r} ${c});
|
||||||
then
|
then
|
||||||
VPN="WireGuard"
|
VPN="WireGuard"
|
||||||
|
pivpnPROTO="udp"
|
||||||
pivpnDEV="wg0"
|
pivpnDEV="wg0"
|
||||||
pivpnNET="10.6.0.0/24"
|
pivpnNET="10.6.0.0/24"
|
||||||
else
|
else
|
||||||
|
@ -559,13 +567,13 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
|
||||||
|
|
||||||
$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
|
$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
|
||||||
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
|
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
|
||||||
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard)
|
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
|
||||||
installDependentPackages PIVPN_DEPS[@]
|
installDependentPackages PIVPN_DEPS[@]
|
||||||
|
|
||||||
elif [ "$(uname -m)" = "armv6l" ]; then
|
elif [ "$(uname -m)" = "armv6l" ]; then
|
||||||
|
|
||||||
echo "::: Installing WireGuard from source... "
|
echo "::: Installing WireGuard from source... "
|
||||||
PIVPN_DEPS=(libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode)
|
PIVPN_DEPS=(checkinstall dkms libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode)
|
||||||
installDependentPackages PIVPN_DEPS[@]
|
installDependentPackages PIVPN_DEPS[@]
|
||||||
|
|
||||||
# Delete any leftover code
|
# Delete any leftover code
|
||||||
|
@ -591,8 +599,12 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Use checkinstall to install userspace tools so if the user wants to uninstall
|
||||||
|
# PiVPN we can just do apt remove wireguard-tools, instead of manually removing
|
||||||
|
# files from the file system
|
||||||
echo "::: Installing WireGuard tools... "
|
echo "::: Installing WireGuard tools... "
|
||||||
if $SUDO make install tools; then
|
if $SUDO checkinstall --pkgname wireguard-tools --pkgversion "${WG_SNAPSHOT}" -y make tools-install; then
|
||||||
|
TO_INSTALL+=("wireguard-tools")
|
||||||
echo "done!"
|
echo "done!"
|
||||||
else
|
else
|
||||||
echo "failed!"
|
echo "failed!"
|
||||||
|
@ -619,6 +631,7 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
|
||||||
|
|
||||||
echo "::: Installing WireGuard modules via DKMS... "
|
echo "::: Installing WireGuard modules via DKMS... "
|
||||||
if $SUDO dkms install wireguard/"${WG_SNAPSHOT}"; then
|
if $SUDO dkms install wireguard/"${WG_SNAPSHOT}"; then
|
||||||
|
TO_INSTALL+=("wireguard-dkms")
|
||||||
echo "done!"
|
echo "done!"
|
||||||
else
|
else
|
||||||
echo "failed!"
|
echo "failed!"
|
||||||
|
@ -628,12 +641,14 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
|
||||||
|
|
||||||
elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
|
elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
|
||||||
|
|
||||||
|
echo "::: Installing WireGuard from Debian package... "
|
||||||
|
echo "::: Adding Debian repository... "
|
||||||
echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
|
echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
|
||||||
echo "Package: *
|
echo "Package: *
|
||||||
Pin: release a=unstable
|
Pin: release a=unstable
|
||||||
Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
|
Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
|
||||||
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
|
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
|
||||||
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard)
|
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
|
||||||
installDependentPackages PIVPN_DEPS[@]
|
installDependentPackages PIVPN_DEPS[@]
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
@ -726,7 +741,25 @@ askCustomPort(){
|
||||||
echo "pivpnPORT=${pivpnPORT}" >> /tmp/setupVars.conf
|
echo "pivpnPORT=${pivpnPORT}" >> /tmp/setupVars.conf
|
||||||
}
|
}
|
||||||
|
|
||||||
askClientDNS() {
|
askClientDNS(){
|
||||||
|
|
||||||
|
# Detect and offer to use Pi-hole
|
||||||
|
if command -v pihole &>/dev/null; then
|
||||||
|
if (whiptail --backtitle "Setup PiVPN" --title "Pi-hole" --yesno "We have detected a Pi-hole installation, do you want to use it as the DNS server for the VPN, so you get ad blocking on the go?" ${r} ${c}); then
|
||||||
|
if [ "$VPN" = "WireGuard" ]; then
|
||||||
|
pivpnDEV="wg0"
|
||||||
|
elif [ "$VPN" = "OpenVPN" ]; then
|
||||||
|
pivpnDEV="tun0"
|
||||||
|
fi
|
||||||
|
|
||||||
|
pivpnDNS1="$IPv4addr"
|
||||||
|
echo "interface=$pivpnDNS" | $SUDO tee /etc/dnsmasq.d/02-pivpn.conf > /dev/null
|
||||||
|
$SUDO pihole restartdns
|
||||||
|
echo "pivpnDNS1=${pivpnDNS1}" >> /tmp/setupVars.conf
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider for your VPN Clients (press space to select). To use your own, select Custom." ${r} ${c} 6)
|
DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider for your VPN Clients (press space to select). To use your own, select Custom." ${r} ${c} 6)
|
||||||
DNSChooseOptions=(Google "" on
|
DNSChooseOptions=(Google "" on
|
||||||
OpenDNS "" off
|
OpenDNS "" off
|
||||||
|
@ -1060,7 +1093,7 @@ confNetwork(){
|
||||||
echo "::: Adding UFW rules..."
|
echo "::: Adding UFW rules..."
|
||||||
$SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s $pivpnNET -o $IPv4dev -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules
|
$SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s $pivpnNET -o $IPv4dev -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules
|
||||||
# Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic)
|
# Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic)
|
||||||
$SUDO ufw insert 1 allow "$PORT"/"$PROTO" >/dev/null
|
$SUDO ufw insert 1 allow "$pivpnPORT"/"$pivpnPROTO" >/dev/null
|
||||||
$SUDO ufw route insert 1 allow in on "$pivpnDEV" from "$pivpnNET" out on "$IPv4dev" to any >/dev/null
|
$SUDO ufw route insert 1 allow in on "$pivpnDEV" from "$pivpnNET" out on "$IPv4dev" to any >/dev/null
|
||||||
|
|
||||||
$SUDO ufw reload >/dev/null
|
$SUDO ufw reload >/dev/null
|
||||||
|
@ -1093,7 +1126,7 @@ confNetwork(){
|
||||||
# chain (using -I).
|
# chain (using -I).
|
||||||
|
|
||||||
if [ "$INPUT_RULES_COUNT" -ne 0 ] || [ "$INPUT_POLICY" != "ACCEPT" ]; then
|
if [ "$INPUT_RULES_COUNT" -ne 0 ] || [ "$INPUT_POLICY" != "ACCEPT" ]; then
|
||||||
$SUDO iptables -I INPUT 1 -i "$IPv4dev" -p "$PROTO" --dport "$PORT" -j ACCEPT
|
$SUDO iptables -I INPUT 1 -i "$IPv4dev" -p "$pivpnPROTO" --dport "$pivpnPORT" -j ACCEPT
|
||||||
INPUT_CHAIN_EDITED=1
|
INPUT_CHAIN_EDITED=1
|
||||||
else
|
else
|
||||||
INPUT_CHAIN_EDITED=0
|
INPUT_CHAIN_EDITED=0
|
||||||
|
@ -1221,6 +1254,7 @@ installScripts(){
|
||||||
fi
|
fi
|
||||||
|
|
||||||
FOLDER=$(tr '[:upper:]' '[:lower:]' <<< "$VPN")
|
FOLDER=$(tr '[:upper:]' '[:lower:]' <<< "$VPN")
|
||||||
|
$SUDO cp /etc/.pivpn/scripts/uninstall.sh /opt/pivpn/
|
||||||
$SUDO cp /etc/.pivpn/scripts/$FOLDER/*.sh /opt/pivpn/
|
$SUDO cp /etc/.pivpn/scripts/$FOLDER/*.sh /opt/pivpn/
|
||||||
$SUDO chmod 0755 /opt/pivpn/*.sh
|
$SUDO chmod 0755 /opt/pivpn/*.sh
|
||||||
$SUDO cp /etc/.pivpn/scripts/$FOLDER/pivpn /usr/local/bin/pivpn
|
$SUDO cp /etc/.pivpn/scripts/$FOLDER/pivpn /usr/local/bin/pivpn
|
||||||
|
@ -1344,6 +1378,8 @@ main(){
|
||||||
askUnattendedUpgrades
|
askUnattendedUpgrades
|
||||||
confUnattendedUpgrades
|
confUnattendedUpgrades
|
||||||
|
|
||||||
|
echo "TO_INSTALL=(${TO_INSTALL[*]})" >> /tmp/setupVars.conf
|
||||||
|
|
||||||
$SUDO cp /tmp/setupVars.conf "$setupVars"
|
$SUDO cp /tmp/setupVars.conf "$setupVars"
|
||||||
installScripts
|
installScripts
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@ backup_openvpn(){
|
||||||
cp -r $openvpndir $ovpnsdir $backupdir 2&>1
|
cp -r $openvpndir $ovpnsdir $backupdir 2&>1
|
||||||
backupzip=$date-pivpnbackup.tgz
|
backupzip=$date-pivpnbackup.tgz
|
||||||
tar -czf $backupzip -C ${install_home} $backupdir 2&>1
|
tar -czf $backupzip -C ${install_home} $backupdir 2&>1
|
||||||
echo -e "Backup crated to $install_home/$backupdir/$backupzip \nTo restore the backup, follow instructions at:\nhttps://github.com/pivpn/pivpn/wiki/FAQ#how-can-i-migrate-my-configs-to-another-pivpn-instance"
|
echo -e "Backup crated to $install_home/$backupdir/$backupzip \nTo restore the backup, follow instructions at:\nhttps://github.com/pivpn/pivpn/wiki/FAQ#how-can-i-migrate-my-configs-to-another-pivpn-instance"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ helpFunc() {
|
||||||
if [ -z "$HELP_SHOWN" ]; then
|
if [ -z "$HELP_SHOWN" ]; then
|
||||||
helpFunc
|
helpFunc
|
||||||
echo
|
echo
|
||||||
echo "HELP_SHOWN=1" >> "$setupVars"
|
echo "HELP_SHOWN=1" >> "$setupVars"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Parse input arguments
|
# Parse input arguments
|
||||||
|
@ -351,9 +351,9 @@ if [ "$iOS" = "1" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
} > "${NAME}${FILEEXT}"
|
} > "${NAME}${FILEEXT}"
|
||||||
|
|
||||||
# Copy the .ovpn profile to the home directory for convenient remote access
|
# Copy the .ovpn profile to the home directory for convenient remote access
|
||||||
|
|
||||||
printf "========================================================\n"
|
printf "========================================================\n"
|
||||||
printf "Generating an .ovpn12 file for use with iOS devices\n"
|
printf "Generating an .ovpn12 file for use with iOS devices\n"
|
||||||
printf "Please remember the export password\n"
|
printf "Please remember the export password\n"
|
||||||
|
|
|
@ -62,7 +62,7 @@ function update {
|
||||||
|
|
||||||
function backup {
|
function backup {
|
||||||
|
|
||||||
$SUDO /opt/pivpn/backup.sh
|
$SUDO /opt/pivpn/backup.sh
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,7 +46,7 @@ fi
|
||||||
if [[ -z "${CERTS_TO_REVOKE}" ]]; then
|
if [[ -z "${CERTS_TO_REVOKE}" ]]; then
|
||||||
printf "\n"
|
printf "\n"
|
||||||
printf " ::\e[4m Certificate List \e[0m:: \n"
|
printf " ::\e[4m Certificate List \e[0m:: \n"
|
||||||
|
|
||||||
i=0
|
i=0
|
||||||
while read -r line || [ -n "$line" ]; do
|
while read -r line || [ -n "$line" ]; do
|
||||||
STATUS=$(echo "$line" | awk '{print $1}')
|
STATUS=$(echo "$line" | awk '{print $1}')
|
||||||
|
@ -61,26 +61,26 @@ if [[ -z "${CERTS_TO_REVOKE}" ]]; then
|
||||||
fi
|
fi
|
||||||
done <${INDEX}
|
done <${INDEX}
|
||||||
printf "\n"
|
printf "\n"
|
||||||
|
|
||||||
echo -n "::: Please enter the Name of the client to be revoked from the list above: "
|
echo -n "::: Please enter the Name of the client to be revoked from the list above: "
|
||||||
read -r NAME
|
read -r NAME
|
||||||
|
|
||||||
if [[ -z "${NAME}" ]]; then
|
if [[ -z "${NAME}" ]]; then
|
||||||
echo "You can not leave this blank!"
|
echo "You can not leave this blank!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for((x=1;x<=i;++x)); do
|
for((x=1;x<=i;++x)); do
|
||||||
if [ "${CERTS[$x]}" = "${NAME}" ]; then
|
if [ "${CERTS[$x]}" = "${NAME}" ]; then
|
||||||
VALID=1
|
VALID=1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ -z "${VALID}" ]; then
|
if [ -z "${VALID}" ]; then
|
||||||
printf "You didn't enter a valid cert name!\n"
|
printf "You didn't enter a valid cert name!\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
CERTS_TO_REVOKE=( "${NAME}" )
|
CERTS_TO_REVOKE=( "${NAME}" )
|
||||||
else
|
else
|
||||||
i=0
|
i=0
|
||||||
|
@ -92,7 +92,7 @@ else
|
||||||
let i=i+1
|
let i=i+1
|
||||||
fi
|
fi
|
||||||
done <${INDEX}
|
done <${INDEX}
|
||||||
|
|
||||||
for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
|
for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
|
||||||
VALID=0
|
VALID=0
|
||||||
for((x=1;x<=i;++x)); do
|
for((x=1;x<=i;++x)); do
|
||||||
|
@ -100,7 +100,7 @@ else
|
||||||
VALID=1
|
VALID=1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ "${VALID}" != 1 ]; then
|
if [ "${VALID}" != 1 ]; then
|
||||||
printf "You passed an invalid cert name: '"%s"'!\n" "${CERTS_TO_REVOKE[ii]}"
|
printf "You passed an invalid cert name: '"%s"'!\n" "${CERTS_TO_REVOKE[ii]}"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
###Updates pivpn scripts (Not PiVPN)
|
###Updates pivpn scripts (Not PiVPN)
|
||||||
###Main Vars
|
###Main Vars
|
||||||
|
@ -11,7 +11,7 @@ bashcompletiondir="/etc/bash_completion.d/pivpn"
|
||||||
###Functions
|
###Functions
|
||||||
##Updates scripts
|
##Updates scripts
|
||||||
updatepivpnscripts(){
|
updatepivpnscripts(){
|
||||||
##We don't know what sort of changes users have made.
|
##We don't know what sort of changes users have made.
|
||||||
##Lets remove first /etc/.pivpn dir then clone it back again
|
##Lets remove first /etc/.pivpn dir then clone it back again
|
||||||
echo "going do update PiVPN Scripts"
|
echo "going do update PiVPN Scripts"
|
||||||
if [[ -d $pivpnlocalpath ]]; then
|
if [[ -d $pivpnlocalpath ]]; then
|
||||||
|
@ -25,9 +25,9 @@ updatepivpnscripts(){
|
||||||
echo "PiVPN Scripts have been updated"
|
echo "PiVPN Scripts have been updated"
|
||||||
}
|
}
|
||||||
|
|
||||||
##Updates scripts using test branch
|
##Updates scripts using test branch
|
||||||
updatefromtest(){
|
updatefromtest(){
|
||||||
##We don't know what sort of changes users have made.
|
##We don't know what sort of changes users have made.
|
||||||
##Lets remove first /etc/.pivpn dir then clone it back again
|
##Lets remove first /etc/.pivpn dir then clone it back again
|
||||||
echo "PiVPN Scripts updating from test branch"
|
echo "PiVPN Scripts updating from test branch"
|
||||||
if [[ -d /etc/.pivpn ]]; then
|
if [[ -d /etc/.pivpn ]]; then
|
||||||
|
@ -89,8 +89,8 @@ else
|
||||||
scriptusage
|
scriptusage
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
* )
|
* )
|
||||||
updatepivpnscripts
|
updatepivpnscripts
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
198
scripts/uninstall.sh
Executable file
198
scripts/uninstall.sh
Executable file
|
@ -0,0 +1,198 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# PiVPN: Uninstall Script
|
||||||
|
|
||||||
|
PKG_MANAGER="apt-get"
|
||||||
|
WG_SNAPSHOT="0.0.20191012"
|
||||||
|
setupVars="/etc/pivpn/setupVars.conf"
|
||||||
|
|
||||||
|
if [ ! -f "${setupVars}" ]; then
|
||||||
|
echo "::: Missing setup vars file!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
source "${setupVars}"
|
||||||
|
|
||||||
|
# Find the rows and columns. Will default to 80x24 if it can not be detected.
|
||||||
|
screen_size=$(stty size 2>/dev/null || echo 24 80)
|
||||||
|
rows=$(echo $screen_size | awk '{print $1}')
|
||||||
|
columns=$(echo $screen_size | awk '{print $2}')
|
||||||
|
|
||||||
|
# Divide by two so the dialogs take up half of the screen, which looks nice.
|
||||||
|
r=$(( rows / 2 ))
|
||||||
|
c=$(( columns / 2 ))
|
||||||
|
# Unless the screen is tiny
|
||||||
|
r=$(( r < 20 ? 20 : r ))
|
||||||
|
c=$(( c < 70 ? 70 : c ))
|
||||||
|
|
||||||
|
spinner(){
|
||||||
|
local pid=$1
|
||||||
|
local delay=0.50
|
||||||
|
local spinstr='/-\|'
|
||||||
|
while [ "$(ps a | awk '{print $1}' | grep "$pid")" ]; do
|
||||||
|
local temp=${spinstr#?}
|
||||||
|
printf " [%c] " "$spinstr"
|
||||||
|
local spinstr=$temp${spinstr%"$temp"}
|
||||||
|
sleep $delay
|
||||||
|
printf "\b\b\b\b\b\b"
|
||||||
|
done
|
||||||
|
printf " \b\b\b\b"
|
||||||
|
}
|
||||||
|
|
||||||
|
removeAll(){
|
||||||
|
# Stopping and disabling services
|
||||||
|
echo "::: Stopping and disabling services..."
|
||||||
|
|
||||||
|
if [ "$VPN" = "WireGuard" ]; then
|
||||||
|
systemctl stop wg-quick@wg0
|
||||||
|
systemctl disable wg-quick@wg0 &> /dev/null
|
||||||
|
elif [ "$VPN" = "OpenVPN" ]; then
|
||||||
|
systemctl stop openvpn
|
||||||
|
systemctl disable openvpn &> /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Removing firewall rules.
|
||||||
|
echo "::: Removing firewall rules..."
|
||||||
|
|
||||||
|
if [ "$VPN" = "WireGuard" ]; then
|
||||||
|
pivpnDEV="wg0"
|
||||||
|
pivpnNET="10.6.0.0/24"
|
||||||
|
pivpnPROTO="udp"
|
||||||
|
elif [ "$VPN" = "OpenVPN" ]; then
|
||||||
|
pivpnDEV="tun0"
|
||||||
|
pivpnNET="10.8.0.0/24"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$USING_UFW" -eq 1 ]; then
|
||||||
|
|
||||||
|
ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null
|
||||||
|
ufw route delete allow in on "$pivpnDEV" from "$pivpnNET" out on "${IPv4dev}" to any > /dev/null
|
||||||
|
sed -z "s/*nat\n:POSTROUTING ACCEPT \[0:0\]\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n\n//" -i /etc/ufw/before.rules
|
||||||
|
ufw reload &> /dev/null
|
||||||
|
|
||||||
|
elif [ "$USING_UFW" -eq 0 ]; then
|
||||||
|
|
||||||
|
if [ "$INPUT_CHAIN_EDITED" -eq 1 ]; then
|
||||||
|
iptables -D INPUT -i "${IPv4dev}" -p "${pivpnPROTO}" --dport "${pivpnPORT}" -j ACCEPT
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$FORWARD_CHAIN_EDITED" -eq 1 ]; then
|
||||||
|
iptables -D FORWARD -d "$pivpnNET" -i "${IPv4dev}" -o "$pivpnDEV" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
iptables -D FORWARD -s "$pivpnNET" -i "$pivpnDEV" -o "${IPv4dev}" -j ACCEPT
|
||||||
|
fi
|
||||||
|
|
||||||
|
iptables -t nat -D POSTROUTING -s "$pivpnNET" -o "${IPv4dev}" -j MASQUERADE
|
||||||
|
iptables-save > /etc/iptables/rules.v4
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Disable IPv4 forwarding
|
||||||
|
sed -i '/net.ipv4.ip_forward=1/c\#net.ipv4.ip_forward=1' /etc/sysctl.conf
|
||||||
|
sysctl -p
|
||||||
|
|
||||||
|
# Purge dependencies
|
||||||
|
echo "::: Purge dependencies..."
|
||||||
|
|
||||||
|
for i in "${TO_INSTALL[@]}"; do
|
||||||
|
while true; do
|
||||||
|
read -rp "::: Do you wish to remove $i from your system? [Y/n]: " yn
|
||||||
|
case $yn in
|
||||||
|
[Yy]* ) if [ "${i}" = "wireguard" ]; then
|
||||||
|
|
||||||
|
if [ "$(uname -m)" = "armv7l" ] || [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
|
||||||
|
rm /etc/apt/sources.list.d/unstable.list
|
||||||
|
rm /etc/apt/preferences.d/limit-unstable
|
||||||
|
$PKG_MANAGER update &> /dev/null
|
||||||
|
fi
|
||||||
|
rm -rf /etc/wireguard
|
||||||
|
rm -rf $install_home/configs
|
||||||
|
|
||||||
|
elif [ "${i}" = "wireguard-dkms" ]; then
|
||||||
|
|
||||||
|
# If we installed wireguard-dkms and we are on armv6l, then we manually need
|
||||||
|
# to remove the kernel module and skip the apt uninstallation (since it's not an
|
||||||
|
# actual package)
|
||||||
|
if [ "$(uname -m)" = "armv6l" ]; then
|
||||||
|
dkms remove wireguard/"${WG_SNAPSHOT}" --all
|
||||||
|
rm -rf /usr/src/wireguard-*
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
|
||||||
|
elif [ "${i}" = "dirmngr" ]; then
|
||||||
|
|
||||||
|
# If dirmngr was installed, then we had previously installed wireguard on armv7l
|
||||||
|
# so we remove the repository keys
|
||||||
|
apt-key remove E1CF20DDFFE4B89E802658F1E0B11894F66AEC98 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE &> /dev/null
|
||||||
|
|
||||||
|
elif [ "${i}" = "openvpn" ]; then
|
||||||
|
|
||||||
|
rm -rf /var/log/*openvpn*
|
||||||
|
rm -rf /etc/openvpn
|
||||||
|
rm -rf $install_home/ovpns
|
||||||
|
|
||||||
|
elif [ "${i}" = "unattended-upgrades" ]; then
|
||||||
|
|
||||||
|
rm -rf /var/log/unattended-upgrades
|
||||||
|
rm -rf /etc/apt/apt.conf.d/*periodic
|
||||||
|
rm -rf /etc/apt/apt.conf.d/*unattended-upgrades
|
||||||
|
|
||||||
|
fi
|
||||||
|
printf ":::\tRemoving %s..." "$i"; $PKG_MANAGER -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n";
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
[Nn]* ) printf ":::\tSkipping %s\n" "$i";
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
* ) printf "::: You must answer yes or no!\n";;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
# Take care of any additional package cleaning
|
||||||
|
printf "::: Auto removing remaining dependencies..."
|
||||||
|
$PKG_MANAGER -y autoremove &> /dev/null & spinner $!; printf "done!\n";
|
||||||
|
printf "::: Auto cleaning remaining dependencies..."
|
||||||
|
$PKG_MANAGER -y autoclean &> /dev/null & spinner $!; printf "done!\n";
|
||||||
|
|
||||||
|
echo ":::"
|
||||||
|
# Removing pivpn files
|
||||||
|
echo "::: Removing pivpn system files..."
|
||||||
|
|
||||||
|
if [ -f /etc/dnsmasq.d/02-pivpn.conf ]; then
|
||||||
|
rm /etc/dnsmasq.d/02-pivpn.conf
|
||||||
|
pihole restartdns
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -rf /opt/pivpn
|
||||||
|
rm -rf /etc/.pivpn
|
||||||
|
rm -rf /etc/pivpn
|
||||||
|
rm -rf /var/log/*pivpn*
|
||||||
|
rm /usr/local/bin/pivpn
|
||||||
|
rm /etc/bash_completion.d/pivpn
|
||||||
|
|
||||||
|
echo ":::"
|
||||||
|
printf "::: Finished removing PiVPN from your system.\n"
|
||||||
|
printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
askreboot(){
|
||||||
|
printf "It is \e[1mstrongly\e[0m recommended to reboot after un-installation.\n"
|
||||||
|
read -p "Would you like to reboot now? [y/n]: " -n 1 -r
|
||||||
|
echo
|
||||||
|
if [[ ${REPLY} =~ ^[Yy]$ ]]; then
|
||||||
|
printf "\nRebooting system...\n"
|
||||||
|
sleep 3
|
||||||
|
shutdown -r now
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
######### SCRIPT ###########
|
||||||
|
echo "::: Preparing to remove packages, be sure that each may be safely removed depending on your operating system."
|
||||||
|
echo "::: (SAFE TO REMOVE ALL ON RASPBIAN)"
|
||||||
|
while true; do
|
||||||
|
read -rp "::: Do you wish to completely remove PiVPN configuration and installed packages from your system? (You will be prompted for each package) [y/n]: " yn
|
||||||
|
case $yn in
|
||||||
|
[Yy]* ) removeAll; askreboot; break;;
|
||||||
|
|
||||||
|
[Nn]* ) printf "::: Not removing anything, exiting...\n"; break;;
|
||||||
|
esac
|
||||||
|
done
|
|
@ -29,7 +29,7 @@ done
|
||||||
|
|
||||||
cd /etc/wireguard/configs
|
cd /etc/wireguard/configs
|
||||||
if [ ! -s clients.txt ]; then
|
if [ ! -s clients.txt ]; then
|
||||||
echo "::: There are no clients to remove"
|
echo "::: There are no clients to show"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -79,18 +79,18 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
|
||||||
|
|
||||||
# Then remove the client matching the variables above
|
# Then remove the client matching the variables above
|
||||||
sed "/${CLIENT_NAME} ${CREATION_DATE} ${COUNT}/d" -i configs/clients.txt
|
sed "/${CLIENT_NAME} ${CREATION_DATE} ${COUNT}/d" -i configs/clients.txt
|
||||||
|
|
||||||
# Remove the peer section from the server config
|
# Remove the peer section from the server config
|
||||||
sed "/# begin ${CLIENT_NAME}/,/# end ${CLIENT_NAME}/d" -i wg0.conf
|
sed "/# begin ${CLIENT_NAME}/,/# end ${CLIENT_NAME}/d" -i wg0.conf
|
||||||
echo "::: Updated server config"
|
echo "::: Updated server config"
|
||||||
|
|
||||||
rm "configs/${CLIENT_NAME}.conf"
|
rm "configs/${CLIENT_NAME}.conf"
|
||||||
echo "::: Client config for ${CLIENT_NAME} removed"
|
echo "::: Client config for ${CLIENT_NAME} removed"
|
||||||
|
|
||||||
rm "keys/${CLIENT_NAME}_priv"
|
rm "keys/${CLIENT_NAME}_priv"
|
||||||
rm "keys/${CLIENT_NAME}_pub"
|
rm "keys/${CLIENT_NAME}_pub"
|
||||||
echo "::: Client Keys for ${CLIENT_NAME} removed"
|
echo "::: Client Keys for ${CLIENT_NAME} removed"
|
||||||
|
|
||||||
# Find all .conf files in the home folder of the user matching the checksum of the
|
# Find all .conf files in the home folder of the user matching the checksum of the
|
||||||
# config and delete them. '-maxdepth 3' is used to avoid traversing too many folders.
|
# config and delete them. '-maxdepth 3' is used to avoid traversing too many folders.
|
||||||
find "${install_home}" -maxdepth 3 -type f -name '*.conf' -print0 | while IFS= read -r -d '' CONFIG; do
|
find "${install_home}" -maxdepth 3 -type f -name '*.conf' -print0 | while IFS= read -r -d '' CONFIG; do
|
||||||
|
@ -108,7 +108,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
|
||||||
done
|
done
|
||||||
|
|
||||||
# Restart WireGuard only if some clients were actually deleted
|
# Restart WireGuard only if some clients were actually deleted
|
||||||
if [ "${DELETED_COUNT}" -gt 0 ]; then
|
if [ "${DELETED_COUNT}" -gt 0 ]; then
|
||||||
if systemctl restart wg-quick@wg0; then
|
if systemctl restart wg-quick@wg0; then
|
||||||
echo "::: WireGuard restarted"
|
echo "::: WireGuard restarted"
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in a new issue