Merge pull request #1 from pivpn/master

update to current state
2024-10-18 05:33:32 +00:00 · 2021-06-06 00:57:32 +02:00 · 2021-06-06 00:57:32 +02:00 · 96102d009c
commit 96102d009c
parent d7771c2514 5aa0de636f
18 changed files with 161 additions and 75 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -28,7 +28,7 @@ jobs:
      name: "Shellcheck lint"
      dist: linux
      script:
-        - shellcheck autoinstall/install.sh
+        - shellcheck auto_install/install.sh
        - find scripts/ -type f -exec shellcheck {} \;

    - stage: test
--- a/LatestUpdate.md
+++ b/LatestUpdate.md
@ -4,6 +4,19 @@ This file has the objective of describing the major changes for each merge from

 Everytime Test branch is merged into master, a new entry should be created with the date and changes being merged.

+## May 7th 2021
+
+General code quality fixes
+ - #1253, #1254, #1256, #1272
+Disabled progress bar when running unattended
+ - #1276
+Added wireguard MTU support when setting up unattended
+ - #1278
+Support for multiple setupVars while via unattended setup
+- #1279
+Fix for currupted QR code display in multiple fonts
+ - #1305
+
 ## Jan 26th 2021

 Fixed: 
--- a/README.md
+++ b/README.md
@ -1,6 +1,7 @@
 ![WireGuard + OpenVPN logo](logos.jpg)

-**[Is pivpn.io down?](https://status.pivpn.io)** |
+**[Is pivpn.io down?](https://stats.uptimerobot.com/8X64yTjrJO)** |
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/452112df3c2c435d93aacc113f546eae)](https://app.codacy.com/gh/pivpn/pivpn?utm_source=github.com&utm_medium=referral&utm_content=pivpn/pivpn&utm_campaign=Badge_Grade_Settings)
 **Test:** [![Build Status](https://travis-ci.com/pivpn/pivpn.svg?branch=test)](https://travis-ci.com/pivpn/pivpn) |
 **Master:** [![Build Status](https://travis-ci.com/pivpn/pivpn.svg?branch=master)](https://travis-ci.com/pivpn/pivpn)

@ -107,7 +108,7 @@ Please be respectful and be aware that this is maintained with our free time!

 for community support or general questions.
 Feel free to post on our subreddit <https://www.reddit.com/r/pivpn/>
-You can also join #pivpn <ircs://freenode/pivpn> on freenode in IRC
+You can also join #pivpn on [libera.chat](https://libera.chat) IRC network

 For code related issues, code contributions, feature requests, feel free to open an issue here at github.
 We will classify the issues the best we can to keep things sorted.
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@ -24,12 +24,10 @@ piholeSetupVars="/etc/pihole/setupVars.conf"
 dnsmasqConfig="/etc/dnsmasq.d/02-pivpn.conf"

 dhcpcdFile="/etc/dhcpcd.conf"
-subnetClass="24"
 debianOvpnUserGroup="openvpn:openvpn"

 ######## PKG Vars ########
 PKG_MANAGER="apt-get"
-PKG_CACHE="/var/lib/apt/lists/"
 ### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086
 UPDATE_PKG_CACHE="${PKG_MANAGER} update -y"
 PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
@ -439,8 +437,10 @@ preconfigurePackages(){
 		BASE_DEPS+=(dhcpcd5)
 	fi

-	AVAILABLE_OPENVPN="$(apt-cache policy openvpn | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
 	DPKG_ARCH="$(dpkg --print-architecture)"
+
+	AVAILABLE_OPENVPN="$(apt-cache policy openvpn | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
+	OPENVPN_SUPPORT=0
 	NEED_OPENVPN_REPO=0

 	# We require OpenVPN 2.4 or later for ECC support. If not available in the
@ -462,6 +462,7 @@ preconfigurePackages(){
 	fi

 	AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
+	WIREGUARD_SUPPORT=0

 	# If a wireguard kernel object is found and is part of any installed package, then
 	# it has not been build via DKMS or manually (installing via wireguard-dkms does not
@ -535,14 +536,20 @@ installDependentPackages(){
 		fi
 	done

-	local APTLOGFILE="$($SUDO mktemp)"
+	local APTLOGFILE
+	APTLOGFILE="$($SUDO mktemp)"

-	if command -v debconf-apt-progress > /dev/null; then
-        # shellcheck disable=SC2086
-		$SUDO debconf-apt-progress --logfile "${APTLOGFILE}" -- ${PKG_INSTALL} "${TO_INSTALL[@]}"
-	else
+	if [ "${runUnattended}" = 'true' ]; then
 		# shellcheck disable=SC2086
 		$SUDO ${PKG_INSTALL} "${TO_INSTALL[@]}"
+	else
+		if command -v debconf-apt-progress > /dev/null; then
+			# shellcheck disable=SC2086
+			$SUDO debconf-apt-progress --logfile "${APTLOGFILE}" -- ${PKG_INSTALL} "${TO_INSTALL[@]}"
+		else
+			# shellcheck disable=SC2086
+			$SUDO ${PKG_INSTALL} "${TO_INSTALL[@]}"
+		fi
 	fi

 	local FAILED=0
@ -685,7 +692,8 @@ validIP(){
 }

 validIPAndNetmask(){
-	local ip=$1
+	local ip
+	ip=$1
 	local stat=1
 	ip="${ip/\//.}"

@ -764,9 +772,11 @@ getStaticIPv4Settings() {
 			echo "::: Skipping setting static IP address"
 		fi

-		echo "dhcpReserv=${dhcpReserv}" >> ${tempsetupVarsFile}
-		echo "IPv4addr=${IPv4addr}" >> ${tempsetupVarsFile}
-		echo "IPv4gw=${IPv4gw}" >> ${tempsetupVarsFile}
+		{
+		echo "dhcpReserv=${dhcpReserv}"
+		echo "IPv4addr=${IPv4addr}"
+		echo "IPv4gw=${IPv4gw}"
+		} >> ${tempsetupVarsFile}
 		return
 	fi

@ -1056,10 +1066,18 @@ installPiVPN(){
 	$SUDO mkdir -p /etc/pivpn/
 	askWhichVPN

+	# Allow custom subnetClass via unattend setupVARs file. Use default if not provided.
+	if [ -z "$subnetClass" ]; then
+		subnetClass="24"
+	fi
+
 	if [ "$VPN" = "openvpn" ]; then

 		pivpnDEV="tun0"
-		pivpnNET="10.8.0.0"
+		# Allow custom NET via unattend setupVARs file. Use default if not provided.
+		if [ -z "$pivpnNET" ]; then
+			pivpnNET="10.8.0.0"
+		fi
 		vpnGw="${pivpnNET/.0.0/.0.1}"

 		askAboutCustomizing
@ -1081,11 +1099,24 @@ installPiVPN(){
 		# set the protocol here.
 		pivpnPROTO="udp"
 		pivpnDEV="wg0"
-		pivpnNET="10.6.0.0"
+		# Allow custom NET via unattend setupVARs file. Use default if not provided.
+		if [ -z "$pivpnNET" ]; then
+			pivpnNET="10.6.0.0"
+		fi
 		vpnGw="${pivpnNET/.0.0/.0.1}"
-		# Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by
-		# the user after the installation.
-		ALLOWED_IPS="0.0.0.0/0, ::0/0"
+		# Allow custom allowed IPs via unattend setupVARs file. Use default if not provided.
+		if [ -z "$ALLOWED_IPS" ]; then
+			# Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by
+			# the user after the installation.
+			ALLOWED_IPS="0.0.0.0/0, ::0/0"
+		fi
+		# The default MTU should be fine for most users but we allow to set a
+		# custom MTU via unattend setupVARs file. Use default if not provided.
+		if [ -z "$pivpnMTU" ]; then
+			# Using default Wireguard MTU
+			pivpnMTU="1420"
+		fi
+    
 		CUSTOMIZE=0

 		installWireGuard
@ -1096,13 +1127,16 @@ installPiVPN(){
 		confNetwork

 		echo "pivpnPROTO=${pivpnPROTO}" >> ${tempsetupVarsFile}
+		echo "pivpnMTU=${pivpnMTU}" >> ${tempsetupVarsFile}

 	fi

-	echo "pivpnDEV=${pivpnDEV}" >> ${tempsetupVarsFile}
-	echo "pivpnNET=${pivpnNET}" >> ${tempsetupVarsFile}
-	echo "subnetClass=${subnetClass}" >> ${tempsetupVarsFile}
-	echo "ALLOWED_IPS=\"${ALLOWED_IPS}\"" >> ${tempsetupVarsFile}
+	{
+	echo "pivpnDEV=${pivpnDEV}"
+	echo "pivpnNET=${pivpnNET}"
+	echo "subnetClass=${subnetClass}"
+	echo "ALLOWED_IPS=\"${ALLOWED_IPS}\""
+	} >> ${tempsetupVarsFile}
 }

 askWhichVPN(){
@ -1230,11 +1264,15 @@ installWireGuard(){
 				exit 1
 			else
 				if (whiptail --title "Install WireGuard" --yesno "Your Raspberry Pi is running kernel package ${INSTALLED_KERNEL}, however the latest version is ${CANDIDATE_KERNEL}.\n\nInstalling WireGuard requires the latest kernel, so to continue, first you need to upgrade all packages, then reboot, and then run the script again.\n\nProceed to the upgrade?" ${r} ${c}); then
-					if command -v debconf-apt-progress &> /dev/null; then
-						# shellcheck disable=SC2086
-						$SUDO debconf-apt-progress -- ${PKG_MANAGER} upgrade -y
-					else
+					if [ "${runUnattended}" = 'true' ]; then
 						$SUDO ${PKG_MANAGER} upgrade -y
+					else
+						if command -v debconf-apt-progress &> /dev/null; then
+							# shellcheck disable=SC2086
+							$SUDO debconf-apt-progress -- ${PKG_MANAGER} upgrade -y
+						else
+							$SUDO ${PKG_MANAGER} upgrade -y
+						fi
 					fi
 					if (whiptail --title "Reboot" --yesno "You need to reboot after upgrading to run the new kernel.\n\nWould you like to reboot now?" ${r} ${c}); then
 						whiptail --title "Rebooting" --msgbox "The system will now reboot.\n\nWhen you come back, just run the installation command again:\n\n    curl -L https://install.pivpn.io | bash" ${r} ${c}
@ -1254,7 +1292,7 @@ installWireGuard(){
 		echo "::: Installing WireGuard from Debian package... "

 		if [ -z "$AVAILABLE_WIREGUARD" ]; then
-			echo "::: Adding Raspbian repository... "
+			echo "::: Adding Raspbian Bullseye repository... "
 			echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null

 			# Do not upgrade packages from the bullseye repository except for wireguard
@ -1266,7 +1304,13 @@ installWireGuard(){
 		fi

 		# qrencode is used to generate qrcodes from config file, for use with mobile clients
-		PIVPN_DEPS=(raspberrypi-kernel-headers wireguard-tools wireguard-dkms qrencode)
+		PIVPN_DEPS=(wireguard-tools qrencode)
+
+		if [ "$WIREGUARD_BUILTIN" -eq 0 ]; then
+			# Explicitly install the module if not built-in
+			PIVPN_DEPS+=(raspberrypi-kernel-headers wireguard-dkms)
+		fi
+
 		installDependentPackages PIVPN_DEPS[@]

 	elif [ "$PLAT" = "Debian" ]; then
@ -1274,7 +1318,7 @@ installWireGuard(){
 		echo "::: Installing WireGuard from Debian package... "

 		if [ -z "$AVAILABLE_WIREGUARD" ]; then
-			echo "::: Adding Debian repository... "
+			echo "::: Adding Debian Bullseye repository... "
 			echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null

 			printf 'Package: *\nPin: release n=bullseye\nPin-Priority: -1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release n=bullseye\nPin-Priority: 100\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-bullseye > /dev/null
@ -1737,9 +1781,11 @@ askEncryption(){
 			fi
 		fi

-		echo "TWO_POINT_FOUR=${TWO_POINT_FOUR}" >> ${tempsetupVarsFile}
-		echo "pivpnENCRYPT=${pivpnENCRYPT}" >> ${tempsetupVarsFile}
-		echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> ${tempsetupVarsFile}
+		{
+		echo "TWO_POINT_FOUR=${TWO_POINT_FOUR}"
+		echo "pivpnENCRYPT=${pivpnENCRYPT}"
+		echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}"
+		} >> ${tempsetupVarsFile}
 		return
 	fi

@ -1747,9 +1793,11 @@ askEncryption(){
 		if [ "$VPN" = "openvpn" ]; then
 			TWO_POINT_FOUR=1
 			pivpnENCRYPT=256
-			echo "TWO_POINT_FOUR=${TWO_POINT_FOUR}" >> ${tempsetupVarsFile}
-			echo "pivpnENCRYPT=${pivpnENCRYPT}" >> ${tempsetupVarsFile}
-			echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> ${tempsetupVarsFile}
+			{
+			echo "TWO_POINT_FOUR=${TWO_POINT_FOUR}"
+			echo "pivpnENCRYPT=${pivpnENCRYPT}"
+			echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}"
+			} >> ${tempsetupVarsFile}
 			return
 		fi
 	fi
@ -1782,15 +1830,17 @@ askEncryption(){
 		USE_PREDEFINED_DH_PARAM=0
 	fi

-	echo "TWO_POINT_FOUR=${TWO_POINT_FOUR}" >> ${tempsetupVarsFile}
-	echo "pivpnENCRYPT=${pivpnENCRYPT}" >> ${tempsetupVarsFile}
-	echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> ${tempsetupVarsFile}
+	{
+	echo "TWO_POINT_FOUR=${TWO_POINT_FOUR}"
+	echo "pivpnENCRYPT=${pivpnENCRYPT}"
+	echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}"
+	} >> ${tempsetupVarsFile}
 }

 cidrToMask(){
 	# Source: https://stackoverflow.com/a/20767392
 	set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
-	[ $1 -gt 1 ] && shift $1 || shift
+	shift $1
 	echo ${1-0}.${2-0}.${3-0}.${4-0}
 }

@ -2047,6 +2097,7 @@ confWireGuard(){
 	echo "[Interface]
 PrivateKey = $($SUDO cat /etc/wireguard/keys/server_priv)
 Address = ${vpnGw}/${subnetClass}
+MTU = ${pivpnMTU}
 ListenPort = ${pivpnPORT}" | $SUDO tee /etc/wireguard/wg0.conf &> /dev/null
 	echo "::: Server config generated."
 }
@ -2078,7 +2129,7 @@ confNetwork(){
 			$SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE -m comment --comment ${VPN}-nat-rule\nCOMMIT\n" -i /etc/ufw/before.rules
 		fi
 		# Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic)
-		$SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" >/dev/null
+		$SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" comment allow-${VPN} >/dev/null
 		$SUDO ufw route insert 1 allow in on "${pivpnDEV}" from "${pivpnNET}/${subnetClass}" out on "${IPv4dev}" to any >/dev/null

 		$SUDO ufw reload >/dev/null
--- a/examples/unattended_openvpn_example.conf
+++ b/examples/unattended_openvpn_example.conf
@ -4,6 +4,8 @@ IPv4gw=192.168.23.1
 dhcpReserv=0
 install_user=pi
 VPN=openvpn
+pivpnNET=10.8.0.0
+subnetClass=24
 pivpnPROTO=udp
 pivpnPORT=1194
 pivpnDNS1=9.9.9.9
--- a/examples/unattended_wireguard_example.conf
+++ b/examples/unattended_wireguard_example.conf
@ -1,9 +1,10 @@
 IPv4dev=eth0
-IPv4addr=192.168.23.211/24
-IPv4gw=192.168.23.1
-dhcpReserv=0
 install_user=pi
 VPN=wireguard
+pivpnNET=10.6.0.0
+subnetClass=24
+ALLOWED_IPS="0.0.0.0/0, ::0/0"
+pivpnMTU=1420
 pivpnPORT=51820
 pivpnDNS1=9.9.9.9
 pivpnDNS2=149.112.112.112
--- a/scripts/openvpn/bash-completion
+++ b/scripts/openvpn/bash-completion
@ -1,3 +1,4 @@
+#!/bin/bash
 _pivpn()
 {
    local cur prev opts
--- a/scripts/openvpn/makeOVPN.sh
+++ b/scripts/openvpn/makeOVPN.sh
@ -25,7 +25,7 @@ helpFunc() {
    echo "::: Commands:"
    echo ":::  [none]               Interactive mode"
    echo ":::  nopass               Create a client without a password"
-    echo ":::  -n,--name            Name for the Client (default: '"$(hostname)"')"
+    echo ":::  -n,--name            Name for the Client (default: \"$(hostname)\")"
    echo ":::  -p,--password        Password for the Client (no default)"
    echo ":::  -d,--days            Expire the certificate after specified number of days (default: 1080)"
    echo ":::  -b,--bitwarden       Create and save a client through Bitwarden"
@ -133,7 +133,7 @@ function useBitwarden() {
    # login and unlock vault
    printf "****Bitwarden Login****"
    printf "\n"
-    SESSION_KEY=`bw login --raw`
+    SESSION_KEY=$(bw login --raw)
    export BW_SESSION=$SESSION_KEY
    printf "Successfully Logged in!"
    printf "\n"
@ -168,7 +168,7 @@ function useBitwarden() {
    printf "Creating a PiVPN item for your vault..."
    printf "\n"
    # create a new item for your PiVPN Password
-    PASSWD=`bw generate -usln --length $LENGTH`
+    PASSWD=$(bw generate -usln --length $LENGTH)
    bw get template item | jq '.login.type = "1"'| jq '.name = "PiVPN"' | jq -r --arg NAME "$NAME" '.login.username = $NAME' | jq -r --arg PASSWD "$PASSWD" '.login.password = $PASSWD' |  bw encode | bw create item
    bw logout

@ -422,7 +422,7 @@ fi
 cidrToMask(){
 	# Source: https://stackoverflow.com/a/20767392
 	set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
-	[ $1 -gt 1 ] && shift $1 || shift
+	shift $1
 	echo ${1-0}.${2-0}.${3-0}.${4-0}
 }

--- a/scripts/openvpn/removeOVPN.sh
+++ b/scripts/openvpn/removeOVPN.sh
@ -60,7 +60,7 @@ if [[ -z "${CERTS_TO_REVOKE}" ]]; then
                # Prevent printing "server" certificate
                CERTS[$i]=$(echo -e "${NAME}")
            fi
-            let i=i+1
+            ((i++))
        fi
    done <${INDEX}
    
@ -82,7 +82,7 @@ if [[ -z "${CERTS_TO_REVOKE}" ]]; then

    re='^[0-9]+$'
    if [[ ${NAME} =~ $re ]] ; then
-        NAME=${CERTS[$(($NAME))]}
+        NAME=${CERTS[$((NAME))]}
    fi

    for((x=1;x<=i;++x)); do
@ -104,7 +104,7 @@ else
        if [[ "${STATUS}" = "V" ]]; then
            NAME=$(echo -e "$line" | sed -e 's:.*/CN=::')
            CERTS[$i]=${NAME}
-            let i=i+1
+            ((i++))
        fi
    done <${INDEX}

--- a/scripts/wireguard/bash-completion
+++ b/scripts/wireguard/bash-completion
@ -1,9 +1,9 @@
+#!/bin/bash
 _pivpn()
 {
-    local cur prev opts
+    local cur opts
    COMPREPLY=()
    cur="${COMP_WORDS[COMP_CWORD]}"
-    prev="${COMP_WORDS[COMP_CWORD-1]}"
    dashopts="-a -c -d -l -qr -r -h -u -up -bk -off -on"
    opts="add clients debug list qrcode remove help uninstall update backup (temp) off (temp) on"
    if [ "${#COMP_WORDS[@]}" -eq 2 ]
--- a/scripts/wireguard/clientSTAT.sh
+++ b/scripts/wireguard/clientSTAT.sh
@ -2,7 +2,6 @@
 # PiVPN: client status script

 CLIENTS_FILE="/etc/wireguard/configs/clients.txt"
-CONF_FILE="/etc/wireguard/wg0.conf"

 if [ ! -s "$CLIENTS_FILE" ]; then
    echo "::: There are no clients to list"
--- a/scripts/wireguard/disableCONF.sh
+++ b/scripts/wireguard/disableCONF.sh
@ -44,7 +44,7 @@ do
    shift
 done

-cd /etc/wireguard
+cd /etc/wireguard || exit
 if [ ! -s configs/clients.txt ]; then
    echo "::: There are no clients to change"
    exit 1
@ -81,7 +81,7 @@ for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do

    re='^[0-9]+$'
    if [[ ${CLIENT_NAME} =~ $re ]] ; then
-        CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
+        CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
    fi

    if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
--- a/scripts/wireguard/enableCONF.sh
+++ b/scripts/wireguard/enableCONF.sh
@ -44,7 +44,7 @@ do
    shift
 done

-cd /etc/wireguard
+cd /etc/wireguard || exit
 if [ ! -s configs/clients.txt ]; then
    echo "::: There are no clients to change"
    exit 1
@ -79,7 +79,7 @@ for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do

    re='^[0-9]+$'
    if [[ ${CLIENT_NAME} =~ $re ]] ; then
-        CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
+        CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
    fi

    if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
--- a/scripts/wireguard/listCONF.sh
+++ b/scripts/wireguard/listCONF.sh
@ -1,6 +1,6 @@
 #!/bin/bash

-cd /etc/wireguard/configs
+cd /etc/wireguard/configs || exit
 if [ ! -s clients.txt ]; then
    echo "::: There are no clients to list"
    exit 1
--- a/scripts/wireguard/makeCONF.sh
+++ b/scripts/wireguard/makeCONF.sh
@ -53,7 +53,7 @@ if [ ! -d "${install_home}/configs" ]; then
    chmod 0750 "${install_home}/configs"
 fi

-cd /etc/wireguard
+cd /etc/wireguard || exit

 if [ -z "${CLIENT_NAME}" ]; then
    read -r -p "Enter a Name for the Client: " CLIENT_NAME
@ -64,6 +64,11 @@ if [[ "${CLIENT_NAME}" =~ [^a-zA-Z0-9.@_-] ]]; then
    exit 1
 fi

+if [[ "${CLIENT_NAME:0:1}" == "-" ]]; then
+    echo "Name cannot start with -"
+    exit 1
+fi
+
 if [[ "${CLIENT_NAME}" =~ ^[0-9]+$ ]]; then
    echo "Names cannot be integers."
    exit 1
@ -94,11 +99,15 @@ done

 NET_REDUCED="${pivpnNET::-2}"

-echo -n "[Interface]
+echo "[Interface]
 PrivateKey = $(cat "keys/${CLIENT_NAME}_priv")
-Address = ${NET_REDUCED}.${COUNT}/${subnetClass}
-DNS = ${pivpnDNS1}" > "configs/${CLIENT_NAME}.conf"
+Address = ${NET_REDUCED}.${COUNT}/${subnetClass}" > "configs/${CLIENT_NAME}.conf"

+if [ -n "${pivpnMTU}" ]; then
+    echo "MTU = ${pivpnMTU}" >> "configs/${CLIENT_NAME}.conf"
+fi
+
+echo -n "DNS = ${pivpnDNS1}" >> "configs/${CLIENT_NAME}.conf"
 if [ -n "${pivpnDNS2}" ]; then
    echo ", ${pivpnDNS2}" >> "configs/${CLIENT_NAME}.conf"
 else
--- a/scripts/wireguard/pivpnDEBUG.sh
+++ b/scripts/wireguard/pivpnDEBUG.sh
@ -19,7 +19,7 @@ echo -e "::::\t    \e[4mInstallation settings\e[0m    \t ::::"
 sed "s/$pivpnHOST/REDACTED/" < ${setupVars}
 printf "=============================================\n"
 echo -e "::::  \e[4mServer configuration shown below\e[0m   ::::"
-cd /etc/wireguard/keys
+cd /etc/wireguard/keys || exit
 cp ../wg0.conf ../wg0.tmp
 # Replace every key in the server configuration with just its file name
 for k in *; do
--- a/scripts/wireguard/qrcodeCONF.sh
+++ b/scripts/wireguard/qrcodeCONF.sh
@ -3,8 +3,10 @@
 helpFunc(){
    echo "::: Show the qrcode of a client for use with the mobile app"
    echo ":::"
-    echo "::: Usage: pivpn <-qr|qrcode> [-h|--help] [<client-1>] ... [<client-n>] ..."
+    echo "::: Usage: pivpn <-qr|qrcode> [-h|--help] [Options] [<client-1>] ... [<client-n>] ..."
    echo ":::"
+    echo "::: Options:"
+    echo ":::  -a256|ansi256        Shows QR Code in ansi256 characters"
    echo "::: Commands:"
    echo ":::  [none]               Interactive mode"
    echo ":::  <client>             Client(s) to show"
@ -12,6 +14,7 @@ helpFunc(){
 }

 # Parse input arguments
+encoding="ansiutf8"
 while test $# -gt 0
 do
    _key="$1"
@ -20,6 +23,9 @@ do
            helpFunc
            exit 0
            ;;
+        -a256|--ansi256)
+            encoding="ansi256"
+            ;;
        *)
            CLIENTS_TO_SHOW+=("$1")
            ;;
@ -27,20 +33,20 @@ do
    shift
 done

-cd /etc/wireguard/configs
+cd /etc/wireguard/configs || exit
 if [ ! -s clients.txt ]; then
    echo "::: There are no clients to show"
    exit 1
 fi

-LIST=($(awk '{print $1}' clients.txt))
+mapfile -t LIST < <(awk '{print $1}' clients.txt)
 if [ "${#CLIENTS_TO_SHOW[@]}" -eq 0 ]; then

    echo -e "::\e[4m  Client list  \e[0m::"
    len=${#LIST[@]}
    COUNTER=1
-    while [ $COUNTER -le ${len} ]; do
-        printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]}
+    while [ $COUNTER -le "${len}" ]; do
+        printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
        ((COUNTER++))
    done

@ -54,13 +60,16 @@ fi

 for CLIENT_NAME in "${CLIENTS_TO_SHOW[@]}"; do
    re='^[0-9]+$'
-    if [[ ${CLIENT_NAME} =~ $re ]] ; then
-        CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
+    if [[ ${CLIENT_NAME:0:1} == "-" ]]; then
+        echo "${CLIENT_NAME} is not a valid client name or option"
+        exit 1
+    elif [[ ${CLIENT_NAME} =~ $re ]] ; then
+        CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
    fi    
    if grep -qw "${CLIENT_NAME}" clients.txt; then
        echo -e "::: Showing client \e[1m${CLIENT_NAME}\e[0m below"
        echo "====================================================================="
-        qrencode -t ansiutf8 < "${CLIENT_NAME}.conf"
+        qrencode -t "${encoding}" < "${CLIENT_NAME}.conf"
        echo "====================================================================="
    else
        echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
--- a/scripts/wireguard/removeCONF.sh
+++ b/scripts/wireguard/removeCONF.sh
@ -40,7 +40,7 @@ do
    shift
 done

-cd /etc/wireguard
+cd /etc/wireguard || exit
 if [ ! -s configs/clients.txt ]; then
    echo "::: There are no clients to remove"
    exit 1
@ -70,7 +70,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do

    re='^[0-9]+$'
    if [[ ${CLIENT_NAME} =~ $re ]] ; then
-        CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
+        CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
    fi

    if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then