mirror of
https://github.com/pivpn/pivpn.git
synced 2025-04-22 07:10:11 +00:00
Unattended installation
This commit is contained in:
Orazio
parent
5cb8a05317
commit
d7ebb4cca9
7 changed files with 108 additions and 67 deletions
|
|
@ -213,6 +213,7 @@ EOF
|
|||
#make sure ovpns dir exists
|
||||
if [ ! -d "$install_home/ovpns" ]; then
|
||||
mkdir "$install_home/ovpns"
|
||||
chown "$install_user":"$install_user" "$install_home/ovpns"
|
||||
chmod 0750 "$install_home/ovpns"
|
||||
fi
|
||||
|
||||
|
|
@ -339,16 +340,10 @@ if [ "$iOS" = "1" ]; then
|
|||
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "issued/${NAME}${CRT}"
|
||||
echo "</cert>"
|
||||
|
||||
#Finally, append the TA Private Key
|
||||
if [ -f /etc/pivpn/TWO_POINT_FOUR ]; then
|
||||
echo "<tls-crypt>"
|
||||
cat "${TA}"
|
||||
echo "</tls-crypt>"
|
||||
else
|
||||
echo "<tls-auth>"
|
||||
cat "${TA}"
|
||||
echo "</tls-auth>"
|
||||
fi
|
||||
#Finally, append the tls Private Key
|
||||
echo "<tls-auth>"
|
||||
cat "${TA}"
|
||||
echo "</tls-auth>"
|
||||
|
||||
} > "${NAME}${FILEEXT}"
|
||||
|
||||
|
|
@ -401,7 +396,7 @@ fi
|
|||
|
||||
# Copy the .ovpn profile to the home directory for convenient remote access
|
||||
cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$install_home/ovpns/$NAME$FILEEXT"
|
||||
chown "$install_user" "$install_home/ovpns/$NAME$FILEEXT"
|
||||
chown "$install_user":"$install_user" "$install_home/ovpns/$NAME$FILEEXT"
|
||||
chmod 640 "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT"
|
||||
chmod 640 "$install_home/ovpns/$NAME$FILEEXT"
|
||||
printf "\n\n"
|
||||
|
|
|
|||
|
|
@ -205,7 +205,7 @@ echo -e ":::: \e[4mSnippet of the server log\e[0m ::::"
|
|||
tail -20 /var/log/openvpn.log > /tmp/snippet
|
||||
|
||||
# Regular expession taken from https://superuser.com/a/202835, it will match invalid IPs
|
||||
# like 123.456.789.012 but it's fine because the log only contains valid ones.
|
||||
# like 123.456.789.012 but it's fine since the log only contains valid ones.
|
||||
declare -a IPS_TO_HIDE=($(grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 /tmp/snippet | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | uniq))
|
||||
for IP in "${IPS_TO_HIDE[@]}"; do
|
||||
sed -i "s/$IP/REDACTED/g" /tmp/snippet
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@ removeAll(){
|
|||
ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null
|
||||
ufw route delete allow in on "${pivpnDEV}" from "${pivpnNET}/24" out on "${IPv4dev}" to any > /dev/null
|
||||
sed -z "s/*nat\n:POSTROUTING ACCEPT \[0:0\]\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n\n//" -i /etc/ufw/before.rules
|
||||
iptables -t nat -D POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE
|
||||
ufw reload &> /dev/null
|
||||
|
||||
elif [ "$USING_UFW" -eq 0 ]; then
|
||||
|
|
@ -77,7 +78,7 @@ removeAll(){
|
|||
|
||||
if [ "$FORWARD_CHAIN_EDITED" -eq 1 ]; then
|
||||
iptables -D FORWARD -d "${pivpnNET}/24" -i "${IPv4dev}" -o "${pivpnDEV}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -D FORWARD -s "${pivpnNET}/24" -i "${pivpnDEV}/24" -o "${IPv4dev}" -j ACCEPT
|
||||
iptables -D FORWARD -s "${pivpnNET}/24" -i "${pivpnDEV}" -o "${IPv4dev}" -j ACCEPT
|
||||
fi
|
||||
|
||||
iptables -t nat -D POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE
|
||||
|
|
@ -103,8 +104,6 @@ removeAll(){
|
|||
rm /etc/apt/preferences.d/limit-unstable
|
||||
$PKG_MANAGER update &> /dev/null
|
||||
fi
|
||||
rm -rf /etc/wireguard
|
||||
rm -rf $install_home/configs
|
||||
|
||||
elif [ "${i}" = "wireguard-dkms" ]; then
|
||||
|
||||
|
|
@ -123,12 +122,6 @@ removeAll(){
|
|||
# so we remove the repository keys
|
||||
apt-key remove E1CF20DDFFE4B89E802658F1E0B11894F66AEC98 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE &> /dev/null
|
||||
|
||||
elif [ "${i}" = "openvpn" ]; then
|
||||
|
||||
rm -rf /var/log/*openvpn*
|
||||
rm -rf /etc/openvpn
|
||||
rm -rf $install_home/ovpns
|
||||
|
||||
elif [ "${i}" = "unattended-upgrades" ]; then
|
||||
|
||||
rm -rf /var/log/unattended-upgrades
|
||||
|
|
@ -158,7 +151,7 @@ removeAll(){
|
|||
echo "::: Removing pivpn system files..."
|
||||
|
||||
if [ -f /etc/dnsmasq.d/02-pivpn.conf ]; then
|
||||
rm /etc/dnsmasq.d/02-pivpn.conf
|
||||
rm -f /etc/dnsmasq.d/02-pivpn.conf
|
||||
pihole restartdns
|
||||
fi
|
||||
|
||||
|
|
@ -166,8 +159,24 @@ removeAll(){
|
|||
rm -rf /etc/.pivpn
|
||||
rm -rf /etc/pivpn
|
||||
rm -rf /var/log/*pivpn*
|
||||
rm /usr/local/bin/pivpn
|
||||
rm /etc/bash_completion.d/pivpn
|
||||
rm -f /usr/local/bin/pivpn
|
||||
rm -f /etc/bash_completion.d/pivpn
|
||||
|
||||
echo ":::"
|
||||
echo "::: Removing VPN configuration files..."
|
||||
|
||||
if [ "$VPN" = "wireguard" ]; then
|
||||
rm -f /etc/wireguard/wg0.conf
|
||||
rm -rf /etc/wireguard/configs
|
||||
rm -rf /etc/wireguard/keys
|
||||
rm -rf $install_home/configs
|
||||
elif [ "$VPN" = "openvpn" ]; then
|
||||
rm -rf /var/log/*openvpn*
|
||||
rm -f /etc/openvpn/server.conf
|
||||
rm -f /etc/openvpn/crl.pem
|
||||
rm -rf /etc/openvpn/easy-rsa
|
||||
rm -rf $install_home/ovpns
|
||||
fi
|
||||
|
||||
echo ":::"
|
||||
printf "::: Finished removing PiVPN from your system.\n"
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ printf "=============================================\n"
|
|||
echo -e ":::: \e[4mServer configuration shown below\e[0m ::::"
|
||||
cd /etc/wireguard/keys
|
||||
cp ../wg0.conf ../wg0.tmp
|
||||
# Replace every key in the server configuration with just it's file name
|
||||
# Replace every key in the server configuration with just its file name
|
||||
for k in *; do
|
||||
sed "s#$(cat "$k")#$k#" -i ../wg0.tmp
|
||||
done
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue