Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2025-03-11 19:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

Revert some minor changes

Browse source
This commit is contained in:
Orazio 2019-12-10 16:06:28 +01:00
parent ca11f79629
commit d022cafa25
4 changed files with 22 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
auto_install/install.sh
View file

@ -227,7 +227,7 @@ updatePackageCache(){
#update package lists #update package lists
echo ":::" echo ":::"
echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n" echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n"
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null $SUDO ${UPDATE_PKG_CACHE} &> /dev/null
echo " done!" echo " done!"
fi fi
} }
@ -282,16 +282,7 @@ installDependentPackages(){
done done
if command -v debconf-apt-progress &> /dev/null; then if command -v debconf-apt-progress &> /dev/null; then
set +e $SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
$SUDO debconf-apt-progress -- "${PKG_INSTALL}" "${argArray1[@]}"
res="$?";
set -e
### apt-get install above returns 100 after an otherwise successfull installation of iptables-persistent,
### everything else was aready installed.
### Prevent from exiting the installation script in this case, exit for any other error code.
if [[ "$res" -ne 100 ]]; then
exit "$res";
fi;
else else
${PKG_INSTALL} "${argArray1[@]}" ${PKG_INSTALL} "${argArray1[@]}"
fi fi
@ -710,7 +701,7 @@ askWhichVPN(){
pivpnDEV="tun0" pivpnDEV="tun0"
pivpnNET="10.8.0.0" pivpnNET="10.8.0.0"
fi fi
vpnGw="${pivpnNET/.0/.1}" vpnGw="${pivpnNET/.0.0/.0.1}"
echo "VPN=${VPN}" >> /tmp/setupVars.conf echo "VPN=${VPN}" >> /tmp/setupVars.conf
} }
@ -745,7 +736,7 @@ installWireGuard(){
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release a=unstable\nPin-Priority: 500\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null printf 'Package: *\nPin: release a=unstable\nPin-Priority: 1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release a=unstable\nPin-Priority: 500\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138 $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null $SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms) PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
@ -831,7 +822,7 @@ installWireGuard(){
echo "::: Adding Debian repository... " echo "::: Adding Debian repository... "
echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO "${UPDATE_PKG_CACHE}" &> /dev/null $SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms) PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
@ -1317,6 +1308,7 @@ set_var EASYRSA_KEY_SIZE ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
${SUDOE} ./easyrsa gen-crl ${SUDOE} ./easyrsa gen-crl
${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem ${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
if ! getent passwd openvpn; then if ! getent passwd openvpn; then
mkdir -p /var/lib/openvpn
${SUDOE} adduser --system --home /var/lib/openvpn/ --no-create-home --group --disabled-login ${debianOvpnUserGroup%:*} ${SUDOE} adduser --system --home /var/lib/openvpn/ --no-create-home --group --disabled-login ${debianOvpnUserGroup%:*}
fi fi
${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem ${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem
@ -1439,7 +1431,7 @@ confNetwork(){
exit 1; exit 1;
fi fi
### If there is already a "*nat" section just add our POSTROUTING MASQUERADE ### If there is already a "*nat" section just add our POSTROUTING MASQUERADE
if grep -q "*nat" /etc/ufw/before.rules; then if $SUDO grep -q "*nat" /etc/ufw/before.rules; then
$SUDO sed "/^*nat/{n;s/\(:POSTROUTING ACCEPT .*\)/\1\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE/}" -i /etc/ufw/before.rules $SUDO sed "/^*nat/{n;s/\(:POSTROUTING ACCEPT .*\)/\1\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE/}" -i /etc/ufw/before.rules
else else
$SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules $SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules

31
scripts/openvpn/pivpnDebug.sh
View file

@ -133,30 +133,15 @@ else
fi fi
fi fi
if [ "$OLD_UFW" -eq 1 ]; then if iptables -C ufw-user-forward -i tun0 -o "${IPv4dev}" -s 10.8.0.0/24 -j ACCEPT &> /dev/null; then
FORWARD_POLICY="$(iptables -S FORWARD | grep '^-P' | awk '{print $3}')" echo ":: [OK] Ufw forwarding rule set"
if [ "$FORWARD_POLICY" = "ACCEPT" ]; then
echo ":: [OK] Ufw forwarding policy is accept"
else
ERR=1
read -r -p ":: [ERR] Ufw forwarding policy is not 'ACCEPT', attempt fix now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
ufw reload > /dev/null
echo "Done"
fi
fi
else else
if iptables -C ufw-user-forward -i tun0 -o "${IPv4dev}" -s 10.8.0.0/24 -j ACCEPT &> /dev/null; then ERR=1
echo ":: [OK] Ufw forwarding rule set" read -r -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " REPLY
else if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
ERR=1 ufw route insert 1 allow in on tun0 from 10.8.0.0/24 out on "$IPv4dev" to any
read -r -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " REPLY ufw reload
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then echo "Done"
ufw route insert 1 allow in on tun0 from 10.8.0.0/24 out on "$IPv4dev" to any
ufw reload
echo "Done"
fi
fi fi
fi fi

10
scripts/uninstall.sh
View file

@ -181,16 +181,16 @@ removeAll(){
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
rm -f /etc/wireguard/wg0.conf rm -f /etc/wireguard/wg0.conf
rm -f /etc/wireguard/configs rm -rf /etc/wireguard/configs
rm -f /etc/wireguard/keys rm -rf /etc/wireguard/keys
### FIXME SC2154 ### FIXME SC2154
rm -f "$install_home/configs" rm -rf "$install_home/configs"
elif [ "$VPN" = "openvpn" ]; then elif [ "$VPN" = "openvpn" ]; then
rm -f /var/log/*openvpn* rm -f /var/log/*openvpn*
rm -f /etc/openvpn/server.conf rm -f /etc/openvpn/server.conf
rm -f /etc/openvpn/crl.pem rm -f /etc/openvpn/crl.pem
rm -f /etc/openvpn/easy-rsa rm -rf /etc/openvpn/easy-rsa
rm -f "$install_home/ovpns" rm -rf "$install_home/ovpns"
fi fi
echo ":::" echo ":::"

4
server_config.txt
View file

@ -23,8 +23,8 @@ tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0 tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC cipher AES-256-CBC
auth SHA256 auth SHA256
user nobody user openvpn
group nogroup group openvpn
persist-key persist-key
persist-tun persist-tun
crl-verify /etc/openvpn/crl.pem crl-verify /etc/openvpn/crl.pem