Revert some minor changes

This commit is contained in:
Orazio 2019-12-10 16:06:28 +01:00
parent ca11f79629
commit d022cafa25
4 changed files with 22 additions and 45 deletions

View file

@ -227,7 +227,7 @@ updatePackageCache(){
#update package lists
echo ":::"
echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n"
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
echo " done!"
fi
}
@ -282,16 +282,7 @@ installDependentPackages(){
done
if command -v debconf-apt-progress &> /dev/null; then
set +e
$SUDO debconf-apt-progress -- "${PKG_INSTALL}" "${argArray1[@]}"
res="$?";
set -e
### apt-get install above returns 100 after an otherwise successfull installation of iptables-persistent,
### everything else was aready installed.
### Prevent from exiting the installation script in this case, exit for any other error code.
if [[ "$res" -ne 100 ]]; then
exit "$res";
fi;
$SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
else
${PKG_INSTALL} "${argArray1[@]}"
fi
@ -710,7 +701,7 @@ askWhichVPN(){
pivpnDEV="tun0"
pivpnNET="10.8.0.0"
fi
vpnGw="${pivpnNET/.0/.1}"
vpnGw="${pivpnNET/.0.0/.0.1}"
echo "VPN=${VPN}" >> /tmp/setupVars.conf
}
@ -745,7 +736,7 @@ installWireGuard(){
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release a=unstable\nPin-Priority: 500\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@]
@ -831,7 +822,7 @@ installWireGuard(){
echo "::: Adding Debian repository... "
echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@]
@ -1317,6 +1308,7 @@ set_var EASYRSA_KEY_SIZE ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
${SUDOE} ./easyrsa gen-crl
${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
if ! getent passwd openvpn; then
mkdir -p /var/lib/openvpn
${SUDOE} adduser --system --home /var/lib/openvpn/ --no-create-home --group --disabled-login ${debianOvpnUserGroup%:*}
fi
${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem
@ -1439,7 +1431,7 @@ confNetwork(){
exit 1;
fi
### If there is already a "*nat" section just add our POSTROUTING MASQUERADE
if grep -q "*nat" /etc/ufw/before.rules; then
if $SUDO grep -q "*nat" /etc/ufw/before.rules; then
$SUDO sed "/^*nat/{n;s/\(:POSTROUTING ACCEPT .*\)/\1\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE/}" -i /etc/ufw/before.rules
else
$SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules

View file

@ -133,30 +133,15 @@ else
fi
fi
if [ "$OLD_UFW" -eq 1 ]; then
FORWARD_POLICY="$(iptables -S FORWARD | grep '^-P' | awk '{print $3}')"
if [ "$FORWARD_POLICY" = "ACCEPT" ]; then
echo ":: [OK] Ufw forwarding policy is accept"
else
ERR=1
read -r -p ":: [ERR] Ufw forwarding policy is not 'ACCEPT', attempt fix now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
ufw reload > /dev/null
echo "Done"
fi
fi
if iptables -C ufw-user-forward -i tun0 -o "${IPv4dev}" -s 10.8.0.0/24 -j ACCEPT &> /dev/null; then
echo ":: [OK] Ufw forwarding rule set"
else
if iptables -C ufw-user-forward -i tun0 -o "${IPv4dev}" -s 10.8.0.0/24 -j ACCEPT &> /dev/null; then
echo ":: [OK] Ufw forwarding rule set"
else
ERR=1
read -r -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
ufw route insert 1 allow in on tun0 from 10.8.0.0/24 out on "$IPv4dev" to any
ufw reload
echo "Done"
fi
ERR=1
read -r -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
ufw route insert 1 allow in on tun0 from 10.8.0.0/24 out on "$IPv4dev" to any
ufw reload
echo "Done"
fi
fi

View file

@ -181,16 +181,16 @@ removeAll(){
if [ "$VPN" = "wireguard" ]; then
rm -f /etc/wireguard/wg0.conf
rm -f /etc/wireguard/configs
rm -f /etc/wireguard/keys
rm -rf /etc/wireguard/configs
rm -rf /etc/wireguard/keys
### FIXME SC2154
rm -f "$install_home/configs"
rm -rf "$install_home/configs"
elif [ "$VPN" = "openvpn" ]; then
rm -f /var/log/*openvpn*
rm -f /etc/openvpn/server.conf
rm -f /etc/openvpn/crl.pem
rm -f /etc/openvpn/easy-rsa
rm -f "$install_home/ovpns"
rm -rf /etc/openvpn/easy-rsa
rm -rf "$install_home/ovpns"
fi
echo ":::"

View file

@ -23,8 +23,8 @@ tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem