Revert some minor changes

auto_install/install.sh

@@ -227,7 +227,7 @@ updatePackageCache(){
 		#update package lists
 		echo ":::"
 		echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n"
-		$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null
+		$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
 		echo " done!"
 	fi
 }
@@ -282,16 +282,7 @@ installDependentPackages(){
 	done
 
 	if command -v debconf-apt-progress &> /dev/null; then
-		set +e
-		$SUDO debconf-apt-progress -- "${PKG_INSTALL}" "${argArray1[@]}"
-		res="$?";
-		set -e
-		### apt-get install above returns 100 after an otherwise successfull installation of iptables-persistent,
-		### everything else was aready installed.
-		### Prevent from exiting the installation script in this case, exit for any other error code.
-		if [[ "$res" -ne 100 ]]; then
-			exit "$res";
-		fi;
+		$SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
 	else
 		${PKG_INSTALL} "${argArray1[@]}"
 	fi
@@ -710,7 +701,7 @@ askWhichVPN(){
 		pivpnDEV="tun0"
 		pivpnNET="10.8.0.0"
 	fi
-	vpnGw="${pivpnNET/.0/.1}"
+	vpnGw="${pivpnNET/.0.0/.0.1}"
 
 	echo "VPN=${VPN}" >> /tmp/setupVars.conf
 }
@@ -745,7 +736,7 @@ installWireGuard(){
 			printf 'Package: *\nPin: release a=unstable\nPin-Priority: 1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release a=unstable\nPin-Priority: 500\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
 
 			$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
-			$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null
+			$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
 			PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
 			installDependentPackages PIVPN_DEPS[@]
 
@@ -831,7 +822,7 @@ installWireGuard(){
 		echo "::: Adding Debian repository... "
 		echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
 		printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
-		$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null
+		$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
 		PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
 		installDependentPackages PIVPN_DEPS[@]
 
@@ -1317,6 +1308,7 @@ set_var EASYRSA_KEY_SIZE   ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
 	${SUDOE} ./easyrsa gen-crl
 	${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
   if ! getent passwd openvpn; then
+    mkdir -p /var/lib/openvpn
     ${SUDOE} adduser --system --home /var/lib/openvpn/ --no-create-home --group --disabled-login ${debianOvpnUserGroup%:*}
   fi
   ${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem
@@ -1439,7 +1431,7 @@ confNetwork(){
 				exit 1;
 			fi
 			### If there is already a "*nat" section just add our POSTROUTING MASQUERADE
-			if grep -q "*nat" /etc/ufw/before.rules; then
+			if $SUDO grep -q "*nat" /etc/ufw/before.rules; then
 				$SUDO sed "/^*nat/{n;s/\(:POSTROUTING ACCEPT .*\)/\1\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE/}" -i /etc/ufw/before.rules
 			else
         $SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules

scripts/openvpn/pivpnDebug.sh

@@ -133,30 +133,15 @@ else
         fi
     fi
 
-    if [ "$OLD_UFW" -eq 1 ]; then
-        FORWARD_POLICY="$(iptables -S FORWARD | grep '^-P' | awk '{print $3}')"
-        if [ "$FORWARD_POLICY" = "ACCEPT" ]; then
-            echo ":: [OK] Ufw forwarding policy is accept"
-        else
-            ERR=1
-            read -r -p ":: [ERR] Ufw forwarding policy is not 'ACCEPT', attempt fix now? [Y/n] " REPLY
-            if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
-                sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
-                ufw reload > /dev/null
-                echo "Done"
-            fi
-        fi
+    if iptables -C ufw-user-forward -i tun0 -o "${IPv4dev}" -s 10.8.0.0/24 -j ACCEPT &> /dev/null; then
+        echo ":: [OK] Ufw forwarding rule set"
     else
-        if iptables -C ufw-user-forward -i tun0 -o "${IPv4dev}" -s 10.8.0.0/24 -j ACCEPT &> /dev/null; then
-            echo ":: [OK] Ufw forwarding rule set"
-        else
-            ERR=1
-            read -r -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " REPLY
-            if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
-                ufw route insert 1 allow in on tun0 from 10.8.0.0/24 out on "$IPv4dev" to any
-                ufw reload
-                echo "Done"
-            fi
+        ERR=1
+        read -r -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " REPLY
+        if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
+            ufw route insert 1 allow in on tun0 from 10.8.0.0/24 out on "$IPv4dev" to any
+            ufw reload
+            echo "Done"
         fi
     fi
 

scripts/uninstall.sh

@@ -181,16 +181,16 @@ removeAll(){
 
 	if [ "$VPN" = "wireguard" ]; then
 		rm -f /etc/wireguard/wg0.conf
-		rm -f /etc/wireguard/configs
-		rm -f /etc/wireguard/keys
+		rm -rf /etc/wireguard/configs
+		rm -rf /etc/wireguard/keys
     ### FIXME SC2154
-		rm -f "$install_home/configs"
+		rm -rf "$install_home/configs"
 	elif [ "$VPN" = "openvpn" ]; then
 		rm -f /var/log/*openvpn*
 		rm -f /etc/openvpn/server.conf
 		rm -f /etc/openvpn/crl.pem
-		rm -f /etc/openvpn/easy-rsa
-		rm -f "$install_home/ovpns"
+		rm -rf /etc/openvpn/easy-rsa
+		rm -rf "$install_home/ovpns"
 	fi
 
 	echo ":::"

server_config.txt

@@ -23,8 +23,8 @@ tls-version-min 1.2
 tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
 cipher AES-256-CBC
 auth SHA256
-user nobody
-group nogroup
+user openvpn
+group openvpn
 persist-key
 persist-tun
 crl-verify /etc/openvpn/crl.pem