Merge pull request #788 from orazioedoardo/miscellaneous

Miscellaneous fixes
2024-12-19 19:30:16 +00:00 · 2019-07-14 00:22:43 +01:00 · 2019-07-14 00:22:43 +01:00 · a8df7f26cf
commit a8df7f26cf
parent 52bf326d8a 8a6d32ced5
2 changed files with 12 additions and 6 deletions
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@ -532,7 +532,7 @@ getGitFiles() {
    echo ":::"
    echo "::: Checking for existing base files..."
    if is_repo "${1}"; then
-        update_repo "${1}"
+        update_repo "${1}" "${2}"
    else
        make_repo "${1}" "${2}"
    fi
@ -565,6 +565,9 @@ update_repo() {
        # Pull the latest commits
        echo -n ":::     Updating repo in $1..."
        $SUDO rm -rf "${1}"
+        # Go back to /etc otherwhise git will complain when the current working directory has
+        # just been deleted (/etc/.pivpn).
+        cd /etc
        $SUDO git clone -q --depth 1 --no-single-branch "${2}" "${1}" > /dev/null & spinner $!
        cd "${1}" || exit 1
        if [ -z "${TESTING+x}" ]; then
@ -753,6 +756,8 @@ confOpenVPN() {
    NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
    SERVER_NAME="server_${NEW_UUID}"

+    declare -A ECDSA_MAP=(["256"]="prime256v1" ["384"]="secp384r1" ["521"]="secp521r1")
+
    if [[ ${useUpdateVars} == false ]]; then
        # Ask user for desired level of encryption

@ -783,7 +788,6 @@ confOpenVPN() {

        else

-            declare -A ECDSA_MAP=(["256"]="prime256v1" ["384"]="secp384r1" ["521"]="secp521r1")
            ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "ECDSA certificate size" --radiolist \
            "Choose the desired size of your certificate (press space to select):\n   This is an certificate that will be generated on your system.  The larger the certificate, the more time this will take.  For most applications, it is recommended to use 256 bits.  You can increase the number of bits if you care about, however, consider that 256 bits are already as secure as 3072 bit RSA." ${r} ${c} 3 \
            "256" "Use a 256-bit certificate (recommended level)" ON \
@ -851,7 +855,7 @@ EOF
    fi

    # Build the server
-    ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass
+    EASYRSA_CERT_EXPIRE=3650 ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass

    if [[ ${useUpdateVars} == false ]]; then
      if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then
@ -988,8 +992,10 @@ confNetwork() {
        # iptables -S, '^-P' skips the policies and 'ufw-' skips ufw chains (in case ufw was found
        # installed but not enabled).

-        INPUT_RULES_COUNT="$($SUDO iptables -S INPUT | grep -vcE '(^-P|ufw-)')"
-        FORWARD_RULES_COUNT="$($SUDO iptables -S FORWARD | grep -vcE '(^-P|ufw-)')"
+        # Grep returns non 0 exit code where there are no matches, however that would make the script exit,
+        # for this reasons we use '|| true' to force exit code 0
+        INPUT_RULES_COUNT="$($SUDO iptables -S INPUT | grep -vcE '(^-P|ufw-)' || true)"
+        FORWARD_RULES_COUNT="$($SUDO iptables -S FORWARD | grep -vcE '(^-P|ufw-)' || true)"

        INPUT_POLICY="$($SUDO iptables -S INPUT | grep '^-P' | awk '{print $3}')"
        FORWARD_POLICY="$($SUDO iptables -S FORWARD | grep '^-P' | awk '{print $3}')"
--- a/scripts/makeOVPN.sh
+++ b/scripts/makeOVPN.sh
@ -147,7 +147,7 @@ if [[ ${NAME::1} == "." ]] || [[ ${NAME::1} == "-" ]]; then
    exit 1
 fi

-if [[ "${NAME}" =~ [^a-zA-Z0-9\.\-\@\_] ]]; then
+if [[ "${NAME}" =~ [^a-zA-Z0-9.@_-] ]]; then
    echo "Name can only contain alphanumeric characters and these characters (.-@_)."
    exit 1
 fi