mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-19 03:10:16 +00:00
Added option to download dh parameters
This commit is contained in:
redfast00
parent
8f09ee9afd
commit
8c880f9093
1 changed files with 24 additions and 19 deletions
|
|
@ -65,7 +65,7 @@ If you think you received this message in error, you can post an issue on the Gi
|
||||||
}
|
}
|
||||||
|
|
||||||
function maybeOS_Support() {
|
function maybeOS_Support() {
|
||||||
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
|
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
|
||||||
Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial).
|
Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial).
|
||||||
Would you like to continue anyway?" $r $c) then
|
Would you like to continue anyway?" $r $c) then
|
||||||
echo "::: Did not detect perfectly supported OS but,"
|
echo "::: Did not detect perfectly supported OS but,"
|
||||||
|
|
@ -97,7 +97,7 @@ elif [[ "$(cat /etc/os-release | grep raspbian)" ]]; then
|
||||||
PLAT="Ubuntu"
|
PLAT="Ubuntu"
|
||||||
OSCN="unknown"
|
OSCN="unknown"
|
||||||
maybeOS_Support
|
maybeOS_Support
|
||||||
fi
|
fi
|
||||||
# else we prob don't want to install
|
# else we prob don't want to install
|
||||||
else
|
else
|
||||||
noOS_Support
|
noOS_Support
|
||||||
|
|
@ -127,7 +127,7 @@ welcomeDialogs() {
|
||||||
|
|
||||||
# Explain the need for a static address
|
# Explain the need for a static address
|
||||||
whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly.
|
whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly.
|
||||||
|
|
||||||
In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c
|
In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -372,7 +372,7 @@ checkForDependencies() {
|
||||||
timestamp=$(stat -c %Y /var/cache/apt/)
|
timestamp=$(stat -c %Y /var/cache/apt/)
|
||||||
timestampAsDate=$(date -d @"$timestamp" "+%b %e")
|
timestampAsDate=$(date -d @"$timestamp" "+%b %e")
|
||||||
today=$(date "+%b %e")
|
today=$(date "+%b %e")
|
||||||
|
|
||||||
if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then
|
if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then
|
||||||
if [[ $OSCN == "trusty" || $OSCN == "jessie" || $OSCN == "wheezy" ]]; then
|
if [[ $OSCN == "trusty" || $OSCN == "jessie" || $OSCN == "wheezy" ]]; then
|
||||||
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add -
|
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add -
|
||||||
|
|
@ -617,7 +617,7 @@ confOpenVPN() {
|
||||||
cd /etc/openvpn/easy-rsa
|
cd /etc/openvpn/easy-rsa
|
||||||
$SUDO sed -i 's:"`pwd`":"/etc/openvpn/easy-rsa":' vars
|
$SUDO sed -i 's:"`pwd`":"/etc/openvpn/easy-rsa":' vars
|
||||||
$SUDO sed -i "s/\(KEY_SIZE=\).*/\1${ENCRYPT}/" vars
|
$SUDO sed -i "s/\(KEY_SIZE=\).*/\1${ENCRYPT}/" vars
|
||||||
|
|
||||||
# Init Cert Values
|
# Init Cert Values
|
||||||
COUNTRY="US"
|
COUNTRY="US"
|
||||||
STATE="CA"
|
STATE="CA"
|
||||||
|
|
@ -698,7 +698,7 @@ confOpenVPN() {
|
||||||
|
|
||||||
# It seems you have to set this if you mess with key_cn, lets not.
|
# It seems you have to set this if you mess with key_cn, lets not.
|
||||||
# grep -q 'KEY_ALTNAMES=' vars || printf '\nexport KEY_ALTNAMES="PiVPN_KEYALT"\n' >> vars
|
# grep -q 'KEY_ALTNAMES=' vars || printf '\nexport KEY_ALTNAMES="PiVPN_KEYALT"\n' >> vars
|
||||||
|
|
||||||
# source the vars file just edited
|
# source the vars file just edited
|
||||||
source ./vars
|
source ./vars
|
||||||
|
|
||||||
|
|
@ -715,21 +715,26 @@ confOpenVPN() {
|
||||||
# Build the server
|
# Build the server
|
||||||
${SUDOE} ./build-key-server --batch $SERVER_NAME
|
${SUDOE} ./build-key-server --batch $SERVER_NAME
|
||||||
|
|
||||||
# Generate Diffie-Hellman key exchange
|
if (whiptail --backtitle "Setup OpenVPN" --title "Diffie-Hellman Parameters" --yesno "Generating Diffie-Hellman might take a long time on a Raspberry Pi. Do you want to download them?" $r $c)
|
||||||
${SUDOE} ./build-dh
|
then
|
||||||
|
# Downloading parameters
|
||||||
|
${SUDOE} curl "https://2ton.com.au/dhparam/${ENCRYPT}" -o "${KEY_DIR}/dh${KEY_SIZE}.pem"
|
||||||
|
else
|
||||||
|
# Generate Diffie-Hellman key exchange
|
||||||
|
${SUDOE} ./build-dh
|
||||||
|
fi
|
||||||
# Generate static HMAC key to defend against DDoS
|
# Generate static HMAC key to defend against DDoS
|
||||||
${SUDOE} openvpn --genkey --secret keys/ta.key
|
${SUDOE} openvpn --genkey --secret keys/ta.key
|
||||||
|
|
||||||
# Write config file for server using the template .txt file
|
# Write config file for server using the template .txt file
|
||||||
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
||||||
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
|
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
|
||||||
|
|
||||||
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
|
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
|
||||||
|
|
||||||
# Set the user encryption key size
|
# Set the user encryption key size
|
||||||
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/keys\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf
|
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/keys\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf
|
||||||
|
|
||||||
# if they modified port put value in server.conf
|
# if they modified port put value in server.conf
|
||||||
if [ $PORT != 1194 ]; then
|
if [ $PORT != 1194 ]; then
|
||||||
$SUDO sed -i "s/1194/${PORT}/g" /etc/openvpn/server.conf
|
$SUDO sed -i "s/1194/${PORT}/g" /etc/openvpn/server.conf
|
||||||
|
|
@ -803,7 +808,7 @@ confNetwork() {
|
||||||
else
|
else
|
||||||
echo 0 > /tmp/noUFW
|
echo 0 > /tmp/noUFW
|
||||||
fi
|
fi
|
||||||
|
|
||||||
$SUDO cp /tmp/noUFW /etc/pivpn/NO_UFW
|
$SUDO cp /tmp/noUFW /etc/pivpn/NO_UFW
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -818,8 +823,8 @@ confOVPN() {
|
||||||
|
|
||||||
METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" $r $c 2 \
|
METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" $r $c 2 \
|
||||||
"$IPv4pub" "Use this public IP" "ON" \
|
"$IPv4pub" "Use this public IP" "ON" \
|
||||||
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
|
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
exitstatus=$?
|
exitstatus=$?
|
||||||
if [ $exitstatus != 0 ]; then
|
if [ $exitstatus != 0 ]; then
|
||||||
echo "::: Cancel selected. Exiting..."
|
echo "::: Cancel selected. Exiting..."
|
||||||
|
|
@ -830,7 +835,7 @@ confOVPN() {
|
||||||
|
|
||||||
if [ "$METH" == "$IPv4pub" ]; then
|
if [ "$METH" == "$IPv4pub" ]; then
|
||||||
$SUDO sed -i 's/IPv4pub/'$IPv4pub'/' /etc/openvpn/easy-rsa/keys/Default.txt
|
$SUDO sed -i 's/IPv4pub/'$IPv4pub'/' /etc/openvpn/easy-rsa/keys/Default.txt
|
||||||
else
|
else
|
||||||
until [[ $publicDNSCorrect = True ]]
|
until [[ $publicDNSCorrect = True ]]
|
||||||
do
|
do
|
||||||
PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" $r $c 3>&1 1>&2 2>&3)
|
PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" $r $c 3>&1 1>&2 2>&3)
|
||||||
|
|
@ -844,16 +849,16 @@ confOVPN() {
|
||||||
$SUDO sed -i 's/IPv4pub/'$PUBLICDNS'/' /etc/openvpn/easy-rsa/keys/Default.txt
|
$SUDO sed -i 's/IPv4pub/'$PUBLICDNS'/' /etc/openvpn/easy-rsa/keys/Default.txt
|
||||||
else
|
else
|
||||||
publicDNSCorrect=False
|
publicDNSCorrect=False
|
||||||
|
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# if they modified port put value in Default.txt for clients to use
|
# if they modified port put value in Default.txt for clients to use
|
||||||
if [ $PORT != 1194 ]; then
|
if [ $PORT != 1194 ]; then
|
||||||
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
|
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# verify server name to strengthen security
|
# verify server name to strengthen security
|
||||||
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
|
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
|
||||||
|
|
||||||
|
|
@ -884,7 +889,7 @@ displayFinalMessage() {
|
||||||
$SUDO systemctl start openvpn.service
|
$SUDO systemctl start openvpn.service
|
||||||
fi
|
fi
|
||||||
|
|
||||||
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
|
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
|
||||||
Run 'pivpn help' to see what else you can do!
|
Run 'pivpn help' to see what else you can do!
|
||||||
The install log is in /etc/pivpn." $r $c
|
The install log is in /etc/pivpn." $r $c
|
||||||
if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" $r $c); then
|
if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" $r $c); then
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue