Merge pull request #863 from orazioedoardo/test-wireguard

Add uninstall script and Pi-hole detection
This commit is contained in:
4s3ti 2019-11-07 20:42:43 +01:00 committed by GitHub
commit 743005e883
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 278 additions and 44 deletions

View file

@ -1,5 +1,5 @@
#!/usr/bin/env bash
# PiVPN: Trivial OpenVPN or WireGUard setup and configuration
# PiVPN: Trivial OpenVPN or WireGuard setup and configuration
# Easiest setup and mangement of OpenVPN or WireGuard on Raspberry Pi
# http://pivpn.io
# Heavily adapted from the pi-hole.net project and...
@ -20,7 +20,12 @@ PKG_CACHE="/var/lib/apt/lists/"
UPDATE_PKG_CACHE="${PKG_MANAGER} update"
PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
# Dependencies that are required by the script, regardless of the VPN protocol chosen
BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools dhcpcd5)
# Dependencies that where actually installed by the script. For example if the script requires
# grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling
# PiVPN we won't prompt to remove packages that may have been installed by the user for other reasons
TO_INSTALL=()
pivpnGitUrl="https://github.com/orazioedoardo/pivpn.git"
easyrsaVer="3.0.6"
@ -30,7 +35,7 @@ easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}
UNATTUPG_RELEASE="1.14"
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz"
WG_SNAPSHOT="0.0.20190913"
WG_SNAPSHOT="0.0.20191012"
WG_SOURCE="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WG_SNAPSHOT}.tar.xz"
# Find the rows and columns. Will default to 80x24 if it can not be detected.
@ -212,10 +217,6 @@ notifyPackageUpdatesAvailable(){
fi
}
packageCheckInstall(){
dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}"
}
preconfigurePackages(){
# Add support for https repositories if there are any that use it otherwise the installation will silently fail
if grep -q https /etc/apt/sources.list; then
@ -236,14 +237,20 @@ installDependentPackages(){
# No spinner - conflicts with set -e
declare -a argArray1=("${!1}")
for i in "${argArray1[@]}"; do
echo -n "::: Checking for $i..."
if dpkg-query -W -f='${Status}' "${i}" 2>/dev/null | grep -q "ok installed"; then
echo " installed!"
else
TO_INSTALL+=("${i}")
echo " not installed!"
fi
done
if command -v debconf-apt-progress &> /dev/null; then
$SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
else
for i in "${argArray1[@]}"; do
echo -n "::: Checking for $i..."
$SUDO packageCheckInstall "${i}" &> /dev/null
echo " installed!"
done
${PKG_INSTALL} "${argArray1[@]}"
fi
}
@ -515,6 +522,7 @@ askWhichVPN(){
if (whiptail --backtitle "Setup PiVPN" --title "Installation mode" --yesno "WireGuard is a new kind of VPN that provides near-istantaneous connection speed, high performance, modern cryptography.\n\nIt's the recommended choise expecially if you use mobile devices where WireGuard is easier on battery than OpenVPN.\n\nOpenVPN is still available if you need the traditional, flexible, trusted VPN protocol. Or if you need features like TCP and custom search domain.\n\nChoose 'Yes' to use WireGuard of 'No' to use OpenVPN." ${r} ${c});
then
VPN="WireGuard"
pivpnPROTO="udp"
pivpnDEV="wg0"
pivpnNET="10.6.0.0/24"
else
@ -559,13 +567,13 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard)
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@]
elif [ "$(uname -m)" = "armv6l" ]; then
echo "::: Installing WireGuard from source... "
PIVPN_DEPS=(libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode)
PIVPN_DEPS=(checkinstall dkms libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode)
installDependentPackages PIVPN_DEPS[@]
# Delete any leftover code
@ -591,8 +599,12 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
exit 1
fi
# Use checkinstall to install userspace tools so if the user wants to uninstall
# PiVPN we can just do apt remove wireguard-tools, instead of manually removing
# files from the file system
echo "::: Installing WireGuard tools... "
if $SUDO make install tools; then
if $SUDO checkinstall --pkgname wireguard-tools --pkgversion "${WG_SNAPSHOT}" -y make tools-install; then
TO_INSTALL+=("wireguard-tools")
echo "done!"
else
echo "failed!"
@ -619,6 +631,7 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
echo "::: Installing WireGuard modules via DKMS... "
if $SUDO dkms install wireguard/"${WG_SNAPSHOT}"; then
TO_INSTALL+=("wireguard-dkms")
echo "done!"
else
echo "failed!"
@ -628,12 +641,14 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
echo "::: Installing WireGuard from Debian package... "
echo "::: Adding Debian repository... "
echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
echo "Package: *
Pin: release a=unstable
Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard)
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@]
fi
@ -727,6 +742,24 @@ askCustomPort(){
}
askClientDNS(){
# Detect and offer to use Pi-hole
if command -v pihole &>/dev/null; then
if (whiptail --backtitle "Setup PiVPN" --title "Pi-hole" --yesno "We have detected a Pi-hole installation, do you want to use it as the DNS server for the VPN, so you get ad blocking on the go?" ${r} ${c}); then
if [ "$VPN" = "WireGuard" ]; then
pivpnDEV="wg0"
elif [ "$VPN" = "OpenVPN" ]; then
pivpnDEV="tun0"
fi
pivpnDNS1="$IPv4addr"
echo "interface=$pivpnDNS" | $SUDO tee /etc/dnsmasq.d/02-pivpn.conf > /dev/null
$SUDO pihole restartdns
echo "pivpnDNS1=${pivpnDNS1}" >> /tmp/setupVars.conf
return
fi
fi
DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider for your VPN Clients (press space to select). To use your own, select Custom." ${r} ${c} 6)
DNSChooseOptions=(Google "" on
OpenDNS "" off
@ -1060,7 +1093,7 @@ confNetwork(){
echo "::: Adding UFW rules..."
$SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s $pivpnNET -o $IPv4dev -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules
# Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic)
$SUDO ufw insert 1 allow "$PORT"/"$PROTO" >/dev/null
$SUDO ufw insert 1 allow "$pivpnPORT"/"$pivpnPROTO" >/dev/null
$SUDO ufw route insert 1 allow in on "$pivpnDEV" from "$pivpnNET" out on "$IPv4dev" to any >/dev/null
$SUDO ufw reload >/dev/null
@ -1093,7 +1126,7 @@ confNetwork(){
# chain (using -I).
if [ "$INPUT_RULES_COUNT" -ne 0 ] || [ "$INPUT_POLICY" != "ACCEPT" ]; then
$SUDO iptables -I INPUT 1 -i "$IPv4dev" -p "$PROTO" --dport "$PORT" -j ACCEPT
$SUDO iptables -I INPUT 1 -i "$IPv4dev" -p "$pivpnPROTO" --dport "$pivpnPORT" -j ACCEPT
INPUT_CHAIN_EDITED=1
else
INPUT_CHAIN_EDITED=0
@ -1221,6 +1254,7 @@ installScripts(){
fi
FOLDER=$(tr '[:upper:]' '[:lower:]' <<< "$VPN")
$SUDO cp /etc/.pivpn/scripts/uninstall.sh /opt/pivpn/
$SUDO cp /etc/.pivpn/scripts/$FOLDER/*.sh /opt/pivpn/
$SUDO chmod 0755 /opt/pivpn/*.sh
$SUDO cp /etc/.pivpn/scripts/$FOLDER/pivpn /usr/local/bin/pivpn
@ -1344,6 +1378,8 @@ main(){
askUnattendedUpgrades
confUnattendedUpgrades
echo "TO_INSTALL=(${TO_INSTALL[*]})" >> /tmp/setupVars.conf
$SUDO cp /tmp/setupVars.conf "$setupVars"
installScripts

View file

@ -1,4 +1,4 @@
#/bin/bash
#!/bin/bash
###Updates pivpn scripts (Not PiVPN)
###Main Vars

198
scripts/uninstall.sh Executable file
View file

@ -0,0 +1,198 @@
#!/usr/bin/env bash
# PiVPN: Uninstall Script
PKG_MANAGER="apt-get"
WG_SNAPSHOT="0.0.20191012"
setupVars="/etc/pivpn/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
fi
source "${setupVars}"
# Find the rows and columns. Will default to 80x24 if it can not be detected.
screen_size=$(stty size 2>/dev/null || echo 24 80)
rows=$(echo $screen_size | awk '{print $1}')
columns=$(echo $screen_size | awk '{print $2}')
# Divide by two so the dialogs take up half of the screen, which looks nice.
r=$(( rows / 2 ))
c=$(( columns / 2 ))
# Unless the screen is tiny
r=$(( r < 20 ? 20 : r ))
c=$(( c < 70 ? 70 : c ))
spinner(){
local pid=$1
local delay=0.50
local spinstr='/-\|'
while [ "$(ps a | awk '{print $1}' | grep "$pid")" ]; do
local temp=${spinstr#?}
printf " [%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
printf "\b\b\b\b\b\b"
done
printf " \b\b\b\b"
}
removeAll(){
# Stopping and disabling services
echo "::: Stopping and disabling services..."
if [ "$VPN" = "WireGuard" ]; then
systemctl stop wg-quick@wg0
systemctl disable wg-quick@wg0 &> /dev/null
elif [ "$VPN" = "OpenVPN" ]; then
systemctl stop openvpn
systemctl disable openvpn &> /dev/null
fi
# Removing firewall rules.
echo "::: Removing firewall rules..."
if [ "$VPN" = "WireGuard" ]; then
pivpnDEV="wg0"
pivpnNET="10.6.0.0/24"
pivpnPROTO="udp"
elif [ "$VPN" = "OpenVPN" ]; then
pivpnDEV="tun0"
pivpnNET="10.8.0.0/24"
fi
if [ "$USING_UFW" -eq 1 ]; then
ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null
ufw route delete allow in on "$pivpnDEV" from "$pivpnNET" out on "${IPv4dev}" to any > /dev/null
sed -z "s/*nat\n:POSTROUTING ACCEPT \[0:0\]\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n\n//" -i /etc/ufw/before.rules
ufw reload &> /dev/null
elif [ "$USING_UFW" -eq 0 ]; then
if [ "$INPUT_CHAIN_EDITED" -eq 1 ]; then
iptables -D INPUT -i "${IPv4dev}" -p "${pivpnPROTO}" --dport "${pivpnPORT}" -j ACCEPT
fi
if [ "$FORWARD_CHAIN_EDITED" -eq 1 ]; then
iptables -D FORWARD -d "$pivpnNET" -i "${IPv4dev}" -o "$pivpnDEV" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -s "$pivpnNET" -i "$pivpnDEV" -o "${IPv4dev}" -j ACCEPT
fi
iptables -t nat -D POSTROUTING -s "$pivpnNET" -o "${IPv4dev}" -j MASQUERADE
iptables-save > /etc/iptables/rules.v4
fi
# Disable IPv4 forwarding
sed -i '/net.ipv4.ip_forward=1/c\#net.ipv4.ip_forward=1' /etc/sysctl.conf
sysctl -p
# Purge dependencies
echo "::: Purge dependencies..."
for i in "${TO_INSTALL[@]}"; do
while true; do
read -rp "::: Do you wish to remove $i from your system? [Y/n]: " yn
case $yn in
[Yy]* ) if [ "${i}" = "wireguard" ]; then
if [ "$(uname -m)" = "armv7l" ] || [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
rm /etc/apt/sources.list.d/unstable.list
rm /etc/apt/preferences.d/limit-unstable
$PKG_MANAGER update &> /dev/null
fi
rm -rf /etc/wireguard
rm -rf $install_home/configs
elif [ "${i}" = "wireguard-dkms" ]; then
# If we installed wireguard-dkms and we are on armv6l, then we manually need
# to remove the kernel module and skip the apt uninstallation (since it's not an
# actual package)
if [ "$(uname -m)" = "armv6l" ]; then
dkms remove wireguard/"${WG_SNAPSHOT}" --all
rm -rf /usr/src/wireguard-*
break
fi
elif [ "${i}" = "dirmngr" ]; then
# If dirmngr was installed, then we had previously installed wireguard on armv7l
# so we remove the repository keys
apt-key remove E1CF20DDFFE4B89E802658F1E0B11894F66AEC98 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE &> /dev/null
elif [ "${i}" = "openvpn" ]; then
rm -rf /var/log/*openvpn*
rm -rf /etc/openvpn
rm -rf $install_home/ovpns
elif [ "${i}" = "unattended-upgrades" ]; then
rm -rf /var/log/unattended-upgrades
rm -rf /etc/apt/apt.conf.d/*periodic
rm -rf /etc/apt/apt.conf.d/*unattended-upgrades
fi
printf ":::\tRemoving %s..." "$i"; $PKG_MANAGER -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n";
break
;;
[Nn]* ) printf ":::\tSkipping %s\n" "$i";
break
;;
* ) printf "::: You must answer yes or no!\n";;
esac
done
done
# Take care of any additional package cleaning
printf "::: Auto removing remaining dependencies..."
$PKG_MANAGER -y autoremove &> /dev/null & spinner $!; printf "done!\n";
printf "::: Auto cleaning remaining dependencies..."
$PKG_MANAGER -y autoclean &> /dev/null & spinner $!; printf "done!\n";
echo ":::"
# Removing pivpn files
echo "::: Removing pivpn system files..."
if [ -f /etc/dnsmasq.d/02-pivpn.conf ]; then
rm /etc/dnsmasq.d/02-pivpn.conf
pihole restartdns
fi
rm -rf /opt/pivpn
rm -rf /etc/.pivpn
rm -rf /etc/pivpn
rm -rf /var/log/*pivpn*
rm /usr/local/bin/pivpn
rm /etc/bash_completion.d/pivpn
echo ":::"
printf "::: Finished removing PiVPN from your system.\n"
printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n"
}
askreboot(){
printf "It is \e[1mstrongly\e[0m recommended to reboot after un-installation.\n"
read -p "Would you like to reboot now? [y/n]: " -n 1 -r
echo
if [[ ${REPLY} =~ ^[Yy]$ ]]; then
printf "\nRebooting system...\n"
sleep 3
shutdown -r now
fi
}
######### SCRIPT ###########
echo "::: Preparing to remove packages, be sure that each may be safely removed depending on your operating system."
echo "::: (SAFE TO REMOVE ALL ON RASPBIAN)"
while true; do
read -rp "::: Do you wish to completely remove PiVPN configuration and installed packages from your system? (You will be prompted for each package) [y/n]: " yn
case $yn in
[Yy]* ) removeAll; askreboot; break;;
[Nn]* ) printf "::: Not removing anything, exiting...\n"; break;;
esac
done

View file

@ -29,7 +29,7 @@ done
cd /etc/wireguard/configs
if [ ! -s clients.txt ]; then
echo "::: There are no clients to remove"
echo "::: There are no clients to show"
exit 1
fi