From 241e06f970dc19f645e3b2baa174b7a10a9dd2da Mon Sep 17 00:00:00 2001 From: Orazio Date: Sat, 13 Jul 2019 10:45:44 +0200 Subject: [PATCH 1/3] Miscellaeous fixes --- auto_install/install.sh | 5 +++-- scripts/makeOVPN.sh | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 4f9d0b5..299f53f 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -532,7 +532,7 @@ getGitFiles() { echo ":::" echo "::: Checking for existing base files..." if is_repo "${1}"; then - update_repo "${1}" + update_repo "${1}" "${2}" else make_repo "${1}" "${2}" fi @@ -565,6 +565,7 @@ update_repo() { # Pull the latest commits echo -n "::: Updating repo in $1..." $SUDO rm -rf "${1}" + cd /etc $SUDO git clone -q --depth 1 --no-single-branch "${2}" "${1}" > /dev/null & spinner $! cd "${1}" || exit 1 if [ -z "${TESTING+x}" ]; then @@ -851,7 +852,7 @@ EOF fi # Build the server - ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass + EASYRSA_CERT_EXPIRE=3650 ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass if [[ ${useUpdateVars} == false ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index 0a571b4..6e6bee6 100755 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -147,7 +147,7 @@ if [[ ${NAME::1} == "." ]] || [[ ${NAME::1} == "-" ]]; then exit 1 fi -if [[ "${NAME}" =~ [^a-zA-Z0-9\.\-\@\_] ]]; then +if [[ "${NAME}" =~ [^a-zA-Z0-9\.\\-\@\_] ]]; then echo "Name can only contain alphanumeric characters and these characters (.-@_)." exit 1 fi From 1b54558769b2a646c708c09be9230c65eed8e76e Mon Sep 17 00:00:00 2001 From: Orazio Date: Sat, 13 Jul 2019 12:48:53 +0200 Subject: [PATCH 2/3] Fix update option --- auto_install/install.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 299f53f..ab68e84 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -565,6 +565,8 @@ update_repo() { # Pull the latest commits echo -n "::: Updating repo in $1..." $SUDO rm -rf "${1}" + # Go back to /etc otherwhise git will complain when the current working directory has + # just been deleted (/etc/.pivpn). cd /etc $SUDO git clone -q --depth 1 --no-single-branch "${2}" "${1}" > /dev/null & spinner $! cd "${1}" || exit 1 @@ -754,6 +756,8 @@ confOpenVPN() { NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) SERVER_NAME="server_${NEW_UUID}" + declare -A ECDSA_MAP=(["256"]="prime256v1" ["384"]="secp384r1" ["521"]="secp521r1") + if [[ ${useUpdateVars} == false ]]; then # Ask user for desired level of encryption @@ -784,7 +788,6 @@ confOpenVPN() { else - declare -A ECDSA_MAP=(["256"]="prime256v1" ["384"]="secp384r1" ["521"]="secp521r1") ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "ECDSA certificate size" --radiolist \ "Choose the desired size of your certificate (press space to select):\n This is an certificate that will be generated on your system. The larger the certificate, the more time this will take. For most applications, it is recommended to use 256 bits. You can increase the number of bits if you care about, however, consider that 256 bits are already as secure as 3072 bit RSA." ${r} ${c} 3 \ "256" "Use a 256-bit certificate (recommended level)" ON \ @@ -989,8 +992,10 @@ confNetwork() { # iptables -S, '^-P' skips the policies and 'ufw-' skips ufw chains (in case ufw was found # installed but not enabled). - INPUT_RULES_COUNT="$($SUDO iptables -S INPUT | grep -vcE '(^-P|ufw-)')" - FORWARD_RULES_COUNT="$($SUDO iptables -S FORWARD | grep -vcE '(^-P|ufw-)')" + # Grep returns non 0 exit code where there are no matches, however that would make the script exit, + # for this reasons we use '|| true' to force exit code 0 + INPUT_RULES_COUNT="$($SUDO iptables -S INPUT | grep -vcE '(^-P|ufw-)' || true)" + FORWARD_RULES_COUNT="$($SUDO iptables -S FORWARD | grep -vcE '(^-P|ufw-)' || true)" INPUT_POLICY="$($SUDO iptables -S INPUT | grep '^-P' | awk '{print $3}')" FORWARD_POLICY="$($SUDO iptables -S FORWARD | grep '^-P' | awk '{print $3}')" From 8a6d32ced53299909032050a9bb7d3947869acaa Mon Sep 17 00:00:00 2001 From: Orazio Date: Sat, 13 Jul 2019 19:59:28 +0200 Subject: [PATCH 3/3] Fixed regular expression --- scripts/makeOVPN.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index 6e6bee6..7e88ad7 100755 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -147,7 +147,7 @@ if [[ ${NAME::1} == "." ]] || [[ ${NAME::1} == "-" ]]; then exit 1 fi -if [[ "${NAME}" =~ [^a-zA-Z0-9\.\\-\@\_] ]]; then +if [[ "${NAME}" =~ [^a-zA-Z0-9.@_-] ]]; then echo "Name can only contain alphanumeric characters and these characters (.-@_)." exit 1 fi