mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-19 11:20:15 +00:00
/feature/add_tcp_option
Adding a correct tcp option
This commit is contained in:
Stephen KINGER
parent
8f09ee9afd
commit
a7c9a35352
1 changed files with 54 additions and 17 deletions
71
auto_install/install.sh
Normal file → Executable file
71
auto_install/install.sh
Normal file → Executable file
|
|
@ -65,7 +65,7 @@ If you think you received this message in error, you can post an issue on the Gi
|
|||
}
|
||||
|
||||
function maybeOS_Support() {
|
||||
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
|
||||
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
|
||||
Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial).
|
||||
Would you like to continue anyway?" $r $c) then
|
||||
echo "::: Did not detect perfectly supported OS but,"
|
||||
|
|
@ -97,7 +97,7 @@ elif [[ "$(cat /etc/os-release | grep raspbian)" ]]; then
|
|||
PLAT="Ubuntu"
|
||||
OSCN="unknown"
|
||||
maybeOS_Support
|
||||
fi
|
||||
fi
|
||||
# else we prob don't want to install
|
||||
else
|
||||
noOS_Support
|
||||
|
|
@ -127,7 +127,7 @@ welcomeDialogs() {
|
|||
|
||||
# Explain the need for a static address
|
||||
whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly.
|
||||
|
||||
|
||||
In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c
|
||||
}
|
||||
|
||||
|
|
@ -372,7 +372,7 @@ checkForDependencies() {
|
|||
timestamp=$(stat -c %Y /var/cache/apt/)
|
||||
timestampAsDate=$(date -d @"$timestamp" "+%b %e")
|
||||
today=$(date "+%b %e")
|
||||
|
||||
|
||||
if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then
|
||||
if [[ $OSCN == "trusty" || $OSCN == "jessie" || $OSCN == "wheezy" ]]; then
|
||||
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add -
|
||||
|
|
@ -475,6 +475,34 @@ update_repo() {
|
|||
echo " done!"
|
||||
}
|
||||
|
||||
setCustomProto() {
|
||||
# Turn the available interfaces into an array so it can be used with a whiptail dialog
|
||||
protoArray=()
|
||||
|
||||
protoArray+=("udp" "available" "ON")
|
||||
protoArray+=("tcp" "available" "OFF")
|
||||
|
||||
# Find out how many interfaces are available to choose from
|
||||
chooseProtoCmd=(whiptail --separate-output --radiolist "Choose A Protocol" $r $c 2)
|
||||
echo "${chooseProtoCmd[@]}" "${protoArray[@]}"
|
||||
chooseProtoOptions=$("${chooseProtoCmd[@]}" "${protoArray[@]}" 2>&1 >/dev/tty)
|
||||
if [[ $? = 0 ]]; then
|
||||
for desiredProto in $chooseProtoOptions
|
||||
do
|
||||
pivpnProto=$desiredProto
|
||||
echo "::: Using protocol: $pivpnProto"
|
||||
echo "${pivpnProto}" > /tmp/pivpnPROTO
|
||||
done
|
||||
else
|
||||
echo "::: Cancel selected, exiting...."
|
||||
exit 1
|
||||
fi
|
||||
# write out the PROTO
|
||||
PROTO=$pivpnProto
|
||||
$SUDO cp /tmp/pivpnPROTO /etc/pivpn/INSTALL_PROTO
|
||||
}
|
||||
|
||||
|
||||
setCustomPort() {
|
||||
until [[ $PORTNumCorrect = True ]]
|
||||
do
|
||||
|
|
@ -617,7 +645,7 @@ confOpenVPN() {
|
|||
cd /etc/openvpn/easy-rsa
|
||||
$SUDO sed -i 's:"`pwd`":"/etc/openvpn/easy-rsa":' vars
|
||||
$SUDO sed -i "s/\(KEY_SIZE=\).*/\1${ENCRYPT}/" vars
|
||||
|
||||
|
||||
# Init Cert Values
|
||||
COUNTRY="US"
|
||||
STATE="CA"
|
||||
|
|
@ -698,7 +726,7 @@ confOpenVPN() {
|
|||
|
||||
# It seems you have to set this if you mess with key_cn, lets not.
|
||||
# grep -q 'KEY_ALTNAMES=' vars || printf '\nexport KEY_ALTNAMES="PiVPN_KEYALT"\n' >> vars
|
||||
|
||||
|
||||
# source the vars file just edited
|
||||
source ./vars
|
||||
|
||||
|
|
@ -724,17 +752,21 @@ confOpenVPN() {
|
|||
# Write config file for server using the template .txt file
|
||||
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
||||
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
|
||||
|
||||
|
||||
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
|
||||
|
||||
# Set the user encryption key size
|
||||
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/keys\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf
|
||||
|
||||
|
||||
# if they modified port put value in server.conf
|
||||
if [ $PORT != 1194 ]; then
|
||||
$SUDO sed -i "s/1194/${PORT}/g" /etc/openvpn/server.conf
|
||||
fi
|
||||
|
||||
if [ $PROTO != "udp" ]; then
|
||||
$SUDO sed -i "s/proto udp/proto tcp/g" /etc/openvpn/server.conf
|
||||
fi
|
||||
|
||||
# write out server certs to conf file
|
||||
$SUDO sed -i "s/\(key \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.key/" /etc/openvpn/server.conf
|
||||
$SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf
|
||||
|
|
@ -783,7 +815,7 @@ confNetwork() {
|
|||
$SUDO sed -i 's/IPv4dev/'$IPv4dev'/' /tmp/ufw_add.txt
|
||||
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
|
||||
$SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules
|
||||
$SUDO ufw allow ${PORT}/udp
|
||||
$SUDO ufw allow ${PORT}/${PROTO}
|
||||
$SUDO ufw allow from 10.8.0.0/24
|
||||
$SUDO ufw reload
|
||||
echo "::: UFW configuration completed."
|
||||
|
|
@ -803,7 +835,7 @@ confNetwork() {
|
|||
else
|
||||
echo 0 > /tmp/noUFW
|
||||
fi
|
||||
|
||||
|
||||
$SUDO cp /tmp/noUFW /etc/pivpn/NO_UFW
|
||||
}
|
||||
|
||||
|
|
@ -818,8 +850,8 @@ confOVPN() {
|
|||
|
||||
METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" $r $c 2 \
|
||||
"$IPv4pub" "Use this public IP" "ON" \
|
||||
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
|
||||
|
||||
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
|
||||
|
||||
exitstatus=$?
|
||||
if [ $exitstatus != 0 ]; then
|
||||
echo "::: Cancel selected. Exiting..."
|
||||
|
|
@ -830,7 +862,7 @@ confOVPN() {
|
|||
|
||||
if [ "$METH" == "$IPv4pub" ]; then
|
||||
$SUDO sed -i 's/IPv4pub/'$IPv4pub'/' /etc/openvpn/easy-rsa/keys/Default.txt
|
||||
else
|
||||
else
|
||||
until [[ $publicDNSCorrect = True ]]
|
||||
do
|
||||
PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" $r $c 3>&1 1>&2 2>&3)
|
||||
|
|
@ -844,16 +876,20 @@ confOVPN() {
|
|||
$SUDO sed -i 's/IPv4pub/'$PUBLICDNS'/' /etc/openvpn/easy-rsa/keys/Default.txt
|
||||
else
|
||||
publicDNSCorrect=False
|
||||
|
||||
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
# if they modified port put value in Default.txt for clients to use
|
||||
if [ $PORT != 1194 ]; then
|
||||
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
|
||||
fi
|
||||
|
||||
|
||||
if [ $PROTO != "udp" ]; then
|
||||
$SUDO sed -i -e "s/proto udp/proto tcp/g" /etc/openvpn/easy-rsa/keys/Default.txt
|
||||
fi
|
||||
|
||||
# verify server name to strengthen security
|
||||
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
|
||||
|
||||
|
|
@ -868,6 +904,7 @@ installPiVPN() {
|
|||
$SUDO mkdir -p /etc/pivpn/
|
||||
getGitFiles
|
||||
installScripts
|
||||
setCustomProto
|
||||
setCustomPort
|
||||
confOpenVPN
|
||||
confNetwork
|
||||
|
|
@ -884,7 +921,7 @@ displayFinalMessage() {
|
|||
$SUDO systemctl start openvpn.service
|
||||
fi
|
||||
|
||||
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
|
||||
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
|
||||
Run 'pivpn help' to see what else you can do!
|
||||
The install log is in /etc/pivpn." $r $c
|
||||
if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" $r $c); then
|
||||
|
|
|
|||
Loading…
Reference in a new issue