From 93e4ba5e03ff7efbb2d68cc8fb58dfae0a6d71c0 Mon Sep 17 00:00:00 2001 From: Peter Lewis Date: Wed, 10 Jan 2018 21:57:38 +0000 Subject: [PATCH 1/7] Update README.md to correct 'thier' to 'their' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f63e910..11221e9 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ one for your new phone. Or even if you suspect that a cert may have been compro just revoke it and generate a new one. "pivpn list" -If you add more than a few clients, this gives you a nice list of thier names and whether their certificate +If you add more than a few clients, this gives you a nice list of their names and whether their certificate is still valid or has been revoked. Great way to keep track of what you did with 'pivpn add' and 'pivpn revoke'. You can run just 'pivpn' to see all the options. From 9749257e08fadd4a65908133b33060bb84bf84ac Mon Sep 17 00:00:00 2001 From: justinamcafee Date: Fri, 9 Mar 2018 11:32:14 -0600 Subject: [PATCH 2/7] Updated install.sh Added support for FamilyShield DNS from OpenDNS/CISCO --- auto_install/install.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/auto_install/install.sh b/auto_install/install.sh index 8e94f43..8c78d1d 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -695,6 +695,7 @@ setClientDNS() { Level3 "" off DNS.WATCH "" off Norton "" off + FamilyShield "" off Custom "" off) if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) @@ -734,6 +735,13 @@ setClientDNS() { $SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf $SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf ;; + FamilyShield) + echo "::: Using FamilyShield servers." + OVPNDNS1="208.67.222.123" + OVPNDNS2="208.67.220.123" + $SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf + $SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf + ;; Custom) until [[ $DNSSettingsCorrect = True ]] do From 3e042ef6ef21782712b7e95a7e9c6f2c10c01aa0 Mon Sep 17 00:00:00 2001 From: justinamcafee Date: Fri, 9 Mar 2018 12:18:34 -0600 Subject: [PATCH 3/7] Added OPTIONAL support for duplicate certificates Previous commits removed the duplicate cn option all together, this adds a comment to inform users of their options/choice. --- server_config.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server_config.txt b/server_config.txt index fe909ca..2eb0491 100755 --- a/server_config.txt +++ b/server_config.txt @@ -31,4 +31,7 @@ status /var/log/openvpn-status.log 20 status-version 3 syslog verb 3 +#DuplicateCNs allow access control on a less-granular, per user basis. +#Remove # if you will manage access by user instead of device. +#duplicate-cn # Generated for use by PiVPN.io From b8e5f318b61693667e4af289bd91ef77236c9e6d Mon Sep 17 00:00:00 2001 From: Zeik0s <35345686+Zeik0s@users.noreply.github.com> Date: Wed, 14 Mar 2018 21:55:05 +0100 Subject: [PATCH 4/7] makeOVPN.sh change 3DES to AES-128 --- scripts/makeOVPN.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index 09ef655..fce0adb 100755 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -121,11 +121,11 @@ function keyPASS() { expect eof EOF - #Convert key to des3 + #Convert key to aes128 KEY_FILE="pki/private/${NAME}${KEY}" expect << EOF set timeout -1 - spawn openssl rsa -in ${KEY_FILE} -des3 -out ${KEY_FILE} + spawn openssl rsa -in ${KEY_FILE} -aes128 -out ${KEY_FILE} expect "Enter pass phrase" { send "${PASSWD}\r" } expect "Enter PEM pass phrase" { send "${PASSWD}\r" } expect "Verifying - Enter PEM pass phrase" { send "${PASSWD}\r" } From cb04be301e4f5737d8972185bba934ab9862d1bd Mon Sep 17 00:00:00 2001 From: Cyb0rk Date: Sat, 17 Mar 2018 00:45:15 +0100 Subject: [PATCH 5/7] DNS leak fix in server_config.txt Added fix to prevent DNS leak on Windows 10 --- server_config.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server_config.txt b/server_config.txt index 2eb0491..a5099b2 100755 --- a/server_config.txt +++ b/server_config.txt @@ -10,6 +10,8 @@ server 10.8.0.0 255.255.255.0 # Set your primary domain name server address for clients push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" +# Prevent DNS leaks on Windows +push "block-outside-dns" # Override the Client default gateway by using 0.0.0.0/1 and # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of # overriding but not wiping out the original default gateway. From 30397f2d4c2df8ab25c720d7d22f91e479575cc0 Mon Sep 17 00:00:00 2001 From: Tristan Hill Date: Wed, 21 Mar 2018 12:20:47 +0000 Subject: [PATCH 6/7] shouldn't be executable --- Default.txt | 0 server_config.txt | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 Default.txt mode change 100755 => 100644 server_config.txt diff --git a/Default.txt b/Default.txt old mode 100755 new mode 100644 diff --git a/server_config.txt b/server_config.txt old mode 100755 new mode 100644 From 23cc58ce3abe7b1808baf6425f96f81dfc4e2a5d Mon Sep 17 00:00:00 2001 From: johanfagerstroem Date: Tue, 1 May 2018 16:38:38 +0200 Subject: [PATCH 7/7] Changing name validation regex to allow dashes Great for readable naming conventions. --- scripts/makeOVPN.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index 09ef655..ed29501 100755 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -141,8 +141,8 @@ if [ -z "${NAME}" ]; then read -r NAME fi -if [[ "${NAME}" =~ [^a-zA-Z0-9] ]]; then - echo "Name can only contain alphanumeric characters." +if [[ "${NAME}" =~ [^a-zA-Z0-9\-] ]]; then + echo "Name can only contain alphanumeric characters and dashes (-)." exit 1 fi