Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix(installer): fix some code style errors

Browse source 
Fix some code style error about the pipelines
This commit is contained in:
Giulio Coa 2022-08-05 23:11:22 +02:00
parent 699f72712d
commit e09f3a04bd
14 changed files with 316 additions and 309 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

451
auto_install/install.sh
View file

@ -139,13 +139,13 @@ main() {
echo "::: Forced IPv6 config, skipping IPv6 uplink check!" echo "::: Forced IPv6 config, skipping IPv6 uplink check!"
pivpnenableipv6=1 pivpnenableipv6=1
else else
if [[ -z "${pivpnenableipv6}" ]] || if [[ -z "${pivpnenableipv6}" ]] \
[[ "${pivpnenableipv6}" -eq 1 ]]; then || [[ "${pivpnenableipv6}" -eq 1 ]]; then
checkipv6uplink checkipv6uplink
fi fi
if [[ "${pivpnenableipv6}" -eq 0 ]] && if [[ "${pivpnenableipv6}" -eq 0 ]] \
[[ "${pivpnforceipv6route}" -eq 1 ]]; then && [[ "${pivpnforceipv6route}" -eq 1 ]]; then
askforcedipv6route askforcedipv6route
fi fi
fi fi
@ -155,8 +155,8 @@ main() {
if checkStaticIpSupported; then if checkStaticIpSupported; then
getStaticIPv4Settings getStaticIPv4Settings
if [[ -z "${dhcpReserv}" ]] || if [[ -z "${dhcpReserv}" ]] \
[[ "${dhcpReserv}" -ne 1 ]]; then || [[ "${dhcpReserv}" -ne 1 ]]; then
setStaticIPv4 setStaticIPv4
fi fi
else else
@ -294,8 +294,8 @@ checkExistingInstall() {
fi fi
fi fi
if [[ -z "${UpdateCmd}" ]] || if [[ -z "${UpdateCmd}" ]] \
[[ "${UpdateCmd}" == "Reconfigure" ]]; then || [[ "${UpdateCmd}" == "Reconfigure" ]]; then
: :
elif [[ "${UpdateCmd}" == "Update" ]]; then elif [[ "${UpdateCmd}" == "Update" ]]; then
${SUDO} "${pivpnScriptDir}/update.sh" "$@" ${SUDO} "${pivpnScriptDir}/update.sh" "$@"
@ -328,8 +328,8 @@ Please choose from the following options \
"${opt1a}" "${opt1b}" \ "${opt1a}" "${opt1b}" \
"${opt2a}" "${opt2b}" \ "${opt2a}" "${opt2b}" \
"${opt3a}" "${opt3b}" \ "${opt3a}" "${opt3b}" \
3>&2 2>&1 1>&3)" || 3>&2 2>&1 1>&3)" \
{ || {
err "::: Cancel selected. Exiting" err "::: Cancel selected. Exiting"
exit 1 exit 1
} }
@ -447,8 +447,8 @@ checkHostname() {
exit 1 exit 1
fi fi
until [[ "${#host_name}" -le 28 ]] && until [[ "${#host_name}" -le 28 ]] \
[[ "${host_name}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$ ]]; do && [[ "${host_name}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$ ]]; do
host_name="$(whiptail \ host_name="$(whiptail \
--title "Hostname too long" \ --title "Hostname too long" \
--inputbox "Your hostname is too long. --inputbox "Your hostname is too long.
@ -457,8 +457,8 @@ No special characters allowed." "${r}" "${c}" \
3>&1 1>&2 2>&3)" 3>&1 1>&2 2>&3)"
${SUDO} hostnamectl set-hostname "${host_name}" ${SUDO} hostnamectl set-hostname "${host_name}"
if [[ "${#host_name}" -le 28 ]] && if [[ "${#host_name}" -le 28 ]] \
[[ "${host_name}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$ ]]; then && [[ "${host_name}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$ ]]; then
echo "::: Hostname valid and length OK, proceeding..." echo "::: Hostname valid and length OK, proceeding..."
fi fi
done done
@ -489,9 +489,9 @@ verifyFreeDiskSpace() {
echo "::: Verifying free disk space..." echo "::: Verifying free disk space..."
local required_free_kilobytes=76800 local required_free_kilobytes=76800
local existing_free_kilobytes local existing_free_kilobytes
existing_free_kilobytes="$(df -Pk | existing_free_kilobytes="$(df -Pk \
grep -m1 '\/$' | | grep -m1 '\/$' \
awk '{print $4}')" | awk '{print $4}')"
# - Unknown free disk space , not a integer # - Unknown free disk space , not a integer
if [[ ! "${existing_free_kilobytes}" =~ ^([0-9])+$ ]]; then if [[ ! "${existing_free_kilobytes}" =~ ^([0-9])+$ ]]; then
@ -563,12 +563,12 @@ preconfigurePackages() {
# Install packages used by this installation script # Install packages used by this installation script
# If apt is older than 1.5 we need to install an additional package to add # If apt is older than 1.5 we need to install an additional package to add
# support for https repositories that will be used later on # support for https repositories that will be used later on
if [[ "${PKG_MANAGER}" == 'apt-get' ]] && if [[ "${PKG_MANAGER}" == 'apt-get' ]] \
[[ -f /etc/apt/sources.list ]]; then && [[ -f /etc/apt/sources.list ]]; then
INSTALLED_APT="$(apt-cache policy apt | INSTALLED_APT="$(apt-cache policy apt \
grep -m1 'Installed: ' | | grep -m1 'Installed: ' \
grep -v '(none)' | | grep -v '(none)' \
awk '{print $2}')" | awk '{print $2}')"
if dpkg --compare-versions "${INSTALLED_APT}" lt 1.5; then if dpkg --compare-versions "${INSTALLED_APT}" lt 1.5; then
BASE_DEPS+=("apt-transport-https") BASE_DEPS+=("apt-transport-https")
@ -587,13 +587,13 @@ preconfigurePackages() {
fi fi
if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then
AVAILABLE_OPENVPN="$(apt-cache policy openvpn | AVAILABLE_OPENVPN="$(apt-cache policy openvpn \
grep -m1 'Candidate: ' | | grep -m1 'Candidate: ' \
grep -v '(none)' | | grep -v '(none)' \
awk '{print $2}')" | awk '{print $2}')"
elif [[ "${PKG_MANAGER}" == 'apk' ]]; then elif [[ "${PKG_MANAGER}" == 'apk' ]]; then
AVAILABLE_OPENVPN="$(apk search -e openvpn | AVAILABLE_OPENVPN="$(apk search -e openvpn \
sed -E -e 's/openvpn\-(.*)/\1/')" | sed -E -e 's/openvpn\-(.*)/\1/')"
fi fi
OPENVPN_SUPPORT=0 OPENVPN_SUPPORT=0
@ -603,14 +603,14 @@ preconfigurePackages() {
# repositories but we are running x86 Debian or Ubuntu, add the official repo # repositories but we are running x86 Debian or Ubuntu, add the official repo
# which provides the updated package. # which provides the updated package.
if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then
if [[ -n "${AVAILABLE_OPENVPN}" ]] && if [[ -n "${AVAILABLE_OPENVPN}" ]] \
dpkg --compare-versions "${AVAILABLE_OPENVPN}" ge 2.4; then && dpkg --compare-versions "${AVAILABLE_OPENVPN}" ge 2.4; then
OPENVPN_SUPPORT=1 OPENVPN_SUPPORT=1
else else
if [[ "${PLAT}" == "Debian" ]] || if [[ "${PLAT}" == "Debian" ]] \
[[ "${PLAT}" == "Ubuntu" ]]; then || [[ "${PLAT}" == "Ubuntu" ]]; then
if [[ "${DPKG_ARCH}" == "amd64" ]] || if [[ "${DPKG_ARCH}" == "amd64" ]] \
[[ "${DPKG_ARCH}" == "i386" ]]; then || [[ "${DPKG_ARCH}" == "i386" ]]; then
NEED_OPENVPN_REPO=1 NEED_OPENVPN_REPO=1
OPENVPN_SUPPORT=1 OPENVPN_SUPPORT=1
else else
@ -621,8 +621,8 @@ preconfigurePackages() {
fi fi
fi fi
elif [[ "${PKG_MANAGER}" == 'apk' ]]; then elif [[ "${PKG_MANAGER}" == 'apk' ]]; then
if [[ -n "${AVAILABLE_OPENVPN}" ]] && if [[ -n "${AVAILABLE_OPENVPN}" ]] \
[[ "$(apk version -t "${AVAILABLE_OPENVPN}" 2.4)" == '>' ]]; then && [[ "$(apk version -t "${AVAILABLE_OPENVPN}" 2.4)" == '>' ]]; then
OPENVPN_SUPPORT=1 OPENVPN_SUPPORT=1
else else
OPENVPN_SUPPORT=0 OPENVPN_SUPPORT=0
@ -630,13 +630,13 @@ preconfigurePackages() {
fi fi
if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then
AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | AVAILABLE_WIREGUARD="$(apt-cache policy wireguard \
grep -m1 'Candidate: ' | | grep -m1 'Candidate: ' \
grep -v '(none)' | | grep -v '(none)' \
awk '{print $2}')" | awk '{print $2}')"
elif [[ "${PKG_MANAGER}" == 'apk' ]]; then elif [[ "${PKG_MANAGER}" == 'apk' ]]; then
AVAILABLE_WIREGUARD="$(apk search -e wireguard-tools | AVAILABLE_WIREGUARD="$(apk search -e wireguard-tools \
sed -E -e 's/wireguard\-tools\-(.*)/\1/')" | sed -E -e 's/wireguard\-tools\-(.*)/\1/')"
fi fi
WIREGUARD_SUPPORT=0 WIREGUARD_SUPPORT=0
@ -649,9 +649,9 @@ preconfigurePackages() {
WIREGUARD_BUILTIN=0 WIREGUARD_BUILTIN=0
if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then
if dpkg-query -S '/lib/modules/*/wireguard.ko*' &> /dev/null || if dpkg-query -S '/lib/modules/*/wireguard.ko*' &> /dev/null \
modinfo wireguard 2> /dev/null | || modinfo wireguard 2> /dev/null \
grep -q '^filename:[[:blank:]]*(builtin)$'; then | grep -q '^filename:[[:blank:]]*(builtin)$'; then
WIREGUARD_BUILTIN=1 WIREGUARD_BUILTIN=1
fi fi
fi fi
@ -659,33 +659,40 @@ preconfigurePackages() {
if if
# If the module is builtin and the package available, we only need # If the module is builtin and the package available, we only need
# to install wireguard-tools. # to install wireguard-tools.
[[ "${WIREGUARD_BUILTIN}" -eq 1 && -n "${AVAILABLE_WIREGUARD}" ]] || [[ "${WIREGUARD_BUILTIN}" -eq 1 && -n "${AVAILABLE_WIREGUARD}" ]] \
||
# If the package is not available, on Debian and Raspbian we can # If the package is not available, on Debian and Raspbian we can
# add it via Bullseye repository. # add it via Bullseye repository.
[[ "${WIREGUARD_BUILTIN}" -eq 1 && ("${PLAT}" == 'Debian' || "${PLAT}" == 'Raspbian') ]] || [[ "${WIREGUARD_BUILTIN}" -eq 1 && ("${PLAT}" == 'Debian' || "${PLAT}" == 'Raspbian') ]] \
||
# If the module is not builtin, on Raspbian we know the headers # If the module is not builtin, on Raspbian we know the headers
# package: raspberrypi-kernel-headers # package: raspberrypi-kernel-headers
[[ "${PLAT}" == 'Raspbian' ]] || [[ "${PLAT}" == 'Raspbian' ]] \
||
# On Alpine, the kernel must be linux-lts or linux-virt if we want to # On Alpine, the kernel must be linux-lts or linux-virt if we want to
# load the kernel module # load the kernel module
[[ "${PLAT}" == 'Alpine' && ! -f /.dockerenv && "$(uname -mrs)" =~ ^Linux\ +[0-9\.\-]+\-((lts)|(virt))\ +.*$ ]] || [[ "${PLAT}" == 'Alpine' && ! -f /.dockerenv && "$(uname -mrs)" =~ ^Linux\ +[0-9\.\-]+\-((lts)|(virt))\ +.*$ ]] \
||
# On Alpine Docker Container, the responsibility to have a WireGuard # On Alpine Docker Container, the responsibility to have a WireGuard
# module on the host system is at user side # module on the host system is at user side
[[ "${PLAT}" == 'Alpine' && -f /.dockerenv ]] || [[ "${PLAT}" == 'Alpine' && -f /.dockerenv ]] \
||
# On Debian (and Ubuntu), we can only reliably assume the headers package # On Debian (and Ubuntu), we can only reliably assume the headers package
# for amd64: linux-image-amd64 # for amd64: linux-image-amd64
[[ "${PLAT}" == 'Debian' && "${DPKG_ARCH}" == 'amd64' ]] || [[ "${PLAT}" == 'Debian' && "${DPKG_ARCH}" == 'amd64' ]] \
||
# On Ubuntu, additionally the WireGuard package needs to be available, # On Ubuntu, additionally the WireGuard package needs to be available,
# since we didn't test mixing Ubuntu repositories. # since we didn't test mixing Ubuntu repositories.
[[ "${PLAT}" == 'Ubuntu' && "${DPKG_ARCH}" == 'amd64' && -n "${AVAILABLE_WIREGUARD}" ]] || [[ "${PLAT}" == 'Ubuntu' && "${DPKG_ARCH}" == 'amd64' && -n "${AVAILABLE_WIREGUARD}" ]] \
||
# Ubuntu focal has wireguard support # Ubuntu focal has wireguard support
[[ "${PLAT}" == 'Ubuntu' && "${DPKG_ARCH}" == 'arm64' && "${OSCN}" == 'focal' && -n "${AVAILABLE_WIREGUARD}" ]] [[ "${PLAT}" == 'Ubuntu' && "${DPKG_ARCH}" == 'arm64' && "${OSCN}" == 'focal' && -n "${AVAILABLE_WIREGUARD}" ]]
then then
WIREGUARD_SUPPORT=1 WIREGUARD_SUPPORT=1
fi fi
if [[ "${OPENVPN_SUPPORT}" -eq 0 ]] && if [[ "${OPENVPN_SUPPORT}" -eq 0 ]] \
[[ "${WIREGUARD_SUPPORT}" -eq 0 ]]; then && [[ "${WIREGUARD_SUPPORT}" -eq 0 ]]; then
err "::: Neither OpenVPN nor WireGuard are available to install by PiVPN, exiting..." err "::: Neither OpenVPN nor WireGuard are available to install by PiVPN, exiting..."
exit 1 exit 1
fi fi
@ -704,14 +711,14 @@ preconfigurePackages() {
if [[ "${PKG_MANAGER}" == 'apt-get' ]] && [[ "${USING_UFW}" -eq 0 ]]; then if [[ "${PKG_MANAGER}" == 'apt-get' ]] && [[ "${USING_UFW}" -eq 0 ]]; then
BASE_DEPS+=(iptables-persistent) BASE_DEPS+=(iptables-persistent)
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | echo iptables-persistent iptables-persistent/autosave_v4 boolean true \
${SUDO} debconf-set-selections | ${SUDO} debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean false | echo iptables-persistent iptables-persistent/autosave_v6 boolean false \
${SUDO} debconf-set-selections | ${SUDO} debconf-set-selections
fi fi
if [[ "${PLAT}" == 'Alpine' ]] && if [[ "${PLAT}" == 'Alpine' ]] \
! command -v grepcidr &> /dev/null; then && ! command -v grepcidr &> /dev/null; then
local down_dir local down_dir
## install dependencies ## install dependencies
# shellcheck disable=SC2086 # shellcheck disable=SC2086
@ -762,8 +769,8 @@ installDependentPackages() {
echo -n "::: Checking for ${i}..." echo -n "::: Checking for ${i}..."
if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then
if dpkg-query -W -f='${Status}' "${i}" 2> /dev/null | if dpkg-query -W -f='${Status}' "${i}" 2> /dev/null \
grep -q "ok installed"; then | grep -q "ok installed"; then
echo " already installed!" echo " already installed!"
else else
echo " not installed!" echo " not installed!"
@ -790,8 +797,8 @@ installDependentPackages() {
for i in "${TO_INSTALL[@]}"; do for i in "${TO_INSTALL[@]}"; do
if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then
if dpkg-query -W -f='${Status}' "${i}" 2> /dev/null | if dpkg-query -W -f='${Status}' "${i}" 2> /dev/null \
grep -q "ok installed"; then | grep -q "ok installed"; then
echo "::: Package ${i} successfully installed!" echo "::: Package ${i} successfully installed!"
# Add this package to the total list of packages that were actually # Add this package to the total list of packages that were actually
# installed by the script # installed by the script
@ -868,20 +875,20 @@ chooseInterface() {
# Show every network interface, could be useful for those who # Show every network interface, could be useful for those who
# install PiVPN inside virtual machines or on Raspberry Pis # install PiVPN inside virtual machines or on Raspberry Pis
# with USB adapters # with USB adapters
availableInterfaces="$(echo "${availableInterfaces}" | availableInterfaces="$(echo "${availableInterfaces}" \
awk '{print $2}')" | awk '{print $2}')"
else else
# Find network interfaces whose state is UP # Find network interfaces whose state is UP
availableInterfaces="$(echo "${availableInterfaces}" | availableInterfaces="$(echo "${availableInterfaces}" \
awk '/state UP/ {print $2}')" | awk '/state UP/ {print $2}')"
fi fi
# Skip virtual, loopback and docker interfaces # Skip virtual, loopback and docker interfaces
availableInterfaces="$(echo "${availableInterfaces}" | availableInterfaces="$(echo "${availableInterfaces}" \
cut -d ':' -f 1 | | cut -d ':' -f 1 \
cut -d '@' -f 1 | | cut -d '@' -f 1 \
grep -v -w 'lo' | | grep -v -w 'lo' \
grep -v '^docker')" | grep -v '^docker')"
if [[ -z "${availableInterfaces}" ]]; then if [[ -z "${availableInterfaces}" ]]; then
err "::: Could not find any active network interface, exiting" err "::: Could not find any active network interface, exiting"
@ -942,8 +949,8 @@ chooseInterface() {
{ {
echo "IPv4dev=${IPv4dev}" echo "IPv4dev=${IPv4dev}"
if [[ "${pivpnenableipv6}" -eq 1 ]] && if [[ "${pivpnenableipv6}" -eq 1 ]] \
[[ -z "${IPv6dev}" ]]; then && [[ -z "${IPv6dev}" ]]; then
echo "IPv6dev=${IPv6dev}" echo "IPv6dev=${IPv6dev}"
fi fi
} >> "${tempsetupVarsFile}" } >> "${tempsetupVarsFile}"
@ -1012,8 +1019,8 @@ checkStaticIpSupported() {
return 0 return 0
# If we are on 'Debian' but the raspi.list file is present, # If we are on 'Debian' but the raspi.list file is present,
# then we actually are on 64-bit Raspberry Pi OS. # then we actually are on 64-bit Raspberry Pi OS.
elif [[ "${PLAT}" == "Debian" ]] && elif [[ "${PLAT}" == "Debian" ]] \
[[ -s /etc/apt/sources.list.d/raspi.list ]]; then && [[ -s /etc/apt/sources.list.d/raspi.list ]]; then
return 0 return 0
else else
return 1 return 1
@ -1132,23 +1139,23 @@ Do you want to force routing IPv6 to block the leakage?" "${r}" "${c}"; then
getStaticIPv4Settings() { getStaticIPv4Settings() {
# Find the gateway IP used to route to outside world # Find the gateway IP used to route to outside world
CurrentIPv4gw="$(ip -o route get 192.0.2.1 | CurrentIPv4gw="$(ip -o route get 192.0.2.1 \
grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' \
awk 'NR==2')" | awk 'NR==2')"
# Find the IP address (and netmask) of the desidered interface # Find the IP address (and netmask) of the desidered interface
CurrentIPv4addr="$(ip -o -f inet address show dev "${IPv4dev}" | CurrentIPv4addr="$(ip -o -f inet address show dev "${IPv4dev}" \
grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')"
# Grab their current DNS servers # Grab their current DNS servers
IPv4dns="$(grep -v "^#" /etc/resolv.conf | IPv4dns="$(grep -v "^#" /etc/resolv.conf \
grep -w nameserver | | grep -w nameserver \
grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' \
xargs)" | xargs)"
if [[ "${runUnattended}" == 'true' ]]; then if [[ "${runUnattended}" == 'true' ]]; then
if [[ -z "${dhcpReserv}" ]] || if [[ -z "${dhcpReserv}" ]] \
[[ "${dhcpReserv}" -ne 1 ]]; then || [[ "${dhcpReserv}" -ne 1 ]]; then
local MISSING_STATIC_IPV4_SETTINGS=0 local MISSING_STATIC_IPV4_SETTINGS=0
if [[ -z "${IPv4addr}" ]]; then if [[ -z "${IPv4addr}" ]]; then
@ -1401,8 +1408,8 @@ chooseUser() {
exit 1 exit 1
fi fi
else else
if awk -F':' '$3>=1000 && $3<=60000 {print $1}' /etc/passwd | if awk -F':' '$3>=1000 && $3<=60000 {print $1}' /etc/passwd \
grep -qw "${install_user}"; then | grep -qw "${install_user}"; then
echo "::: ${install_user} will hold your ovpn configurations." echo "::: ${install_user} will hold your ovpn configurations."
else else
echo "::: User ${install_user} does not exist, creating..." echo "::: User ${install_user} does not exist, creating..."
@ -1419,8 +1426,8 @@ chooseUser() {
fi fi
fi fi
install_home="$(grep -m1 "^${install_user}:" /etc/passwd | install_home="$(grep -m1 "^${install_user}:" /etc/passwd \
cut -d ':' -f 6)" | cut -d ':' -f 6)"
install_home="${install_home%/}" install_home="${install_home%/}"
{ {
@ -1519,8 +1526,8 @@ chooseUser() {
for desiredUser in ${chooseUserOptions}; do for desiredUser in ${chooseUserOptions}; do
install_user=${desiredUser} install_user=${desiredUser}
echo "::: Using User: ${install_user}" echo "::: Using User: ${install_user}"
install_home=$(grep -m1 "^${install_user}:" /etc/passwd | install_home=$(grep -m1 "^${install_user}:" /etc/passwd \
cut -d ':' -f 6) | cut -d ':' -f 6)
install_home=${install_home%/} # remove possible trailing slash install_home=${install_home%/} # remove possible trailing slash
{ {
@ -1562,8 +1569,8 @@ updateRepo() {
# Go back to /usr/local/src otherwise git will complain when the current # Go back to /usr/local/src otherwise git will complain when the current
# working directory has just been deleted (/usr/local/src/pivpn). # working directory has just been deleted (/usr/local/src/pivpn).
cd /usr/local/src && cd /usr/local/src \
${SUDO} git clone \ && ${SUDO} git clone \
-q \ -q \
--depth 1 \ --depth 1 \
--no-single-branch \ --no-single-branch \
@ -1600,8 +1607,8 @@ makeRepo() {
# Go back to /usr/local/src otherwhise git will complain when the current # Go back to /usr/local/src otherwhise git will complain when the current
# working directory has just been deleted (/usr/local/src/pivpn). # working directory has just been deleted (/usr/local/src/pivpn).
cd /usr/local/src && cd /usr/local/src \
${SUDO} git clone \ && ${SUDO} git clone \
-q \ -q \
--depth 1 \ --depth 1 \
--no-single-branch \ --no-single-branch \
@ -1643,8 +1650,8 @@ cloneOrUpdateRepos() {
${SUDO} mkdir -p /usr/local/src ${SUDO} mkdir -p /usr/local/src
# Get Git files # Get Git files
getGitFiles "${pivpnFilesDir}" "${pivpnGitUrl}" || getGitFiles "${pivpnFilesDir}" "${pivpnGitUrl}" \
{ || {
err "!!! Unable to clone ${pivpnGitUrl} into ${pivpnFilesDir}, unable to continue." err "!!! Unable to clone ${pivpnGitUrl} into ${pivpnFilesDir}, unable to continue."
exit 1 exit 1
} }
@ -1721,8 +1728,8 @@ generateRandomSubnet() {
SUBNET_EXCLUDE_LIST+=(10.100.1.0/24) SUBNET_EXCLUDE_LIST+=(10.100.1.0/24)
SUBNET_EXCLUDE_LIST+=(10.255.255.0/24) SUBNET_EXCLUDE_LIST+=(10.255.255.0/24)
readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip route show | readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip route show \
grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')"
SUBNET_EXCLUDE_LIST=("${SUBNET_EXCLUDE_LIST[@]}" SUBNET_EXCLUDE_LIST=("${SUBNET_EXCLUDE_LIST[@]}"
"${CURRENTLY_USED_SUBNETS[@]}") "${CURRENTLY_USED_SUBNETS[@]}")
@ -1769,8 +1776,8 @@ setWireguardDefaultVars() {
pivpnNET="$(generateRandomSubnet)" pivpnNET="$(generateRandomSubnet)"
fi fi
if [[ "${pivpnenableipv6}" -eq 1 ]] && if [[ "${pivpnenableipv6}" -eq 1 ]] \
[[ -z "${pivpnNETv6}" ]]; then && [[ -z "${pivpnNETv6}" ]]; then
pivpnNETv6="fd11:5ee:bad:c0de::" pivpnNETv6="fd11:5ee:bad:c0de::"
fi fi
@ -1787,8 +1794,8 @@ setWireguardDefaultVars() {
# Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by # Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by
# the user after the installation. # the user after the installation.
if [[ "${pivpnenableipv6}" -eq 1 ]] || if [[ "${pivpnenableipv6}" -eq 1 ]] \
[[ "${pivpnforceipv6route}" -eq 1 ]]; then || [[ "${pivpnforceipv6route}" -eq 1 ]]; then
ALLOWED_IPS="${ALLOWED_IPS}, ::0/0" ALLOWED_IPS="${ALLOWED_IPS}, ::0/0"
fi fi
fi fi
@ -1867,8 +1874,8 @@ askWhichVPN() {
fi fi
fi fi
else else
if [[ "${WIREGUARD_SUPPORT}" -eq 1 ]] && if [[ "${WIREGUARD_SUPPORT}" -eq 1 ]] \
[[ "${OPENVPN_SUPPORT}" -eq 1 ]]; then && [[ "${OPENVPN_SUPPORT}" -eq 1 ]]; then
chooseVPNCmd=(whiptail chooseVPNCmd=(whiptail
--backtitle "Setup PiVPN" --backtitle "Setup PiVPN"
--title "Installation mode" --title "Installation mode"
@ -1895,12 +1902,12 @@ Choose a VPN (press space to select):" "${r}" "${c}" 2)
err "::: Cancel selected, exiting...." err "::: Cancel selected, exiting...."
exit 1 exit 1
fi fi
elif [[ "${OPENVPN_SUPPORT}" -eq 1 ]] && elif [[ "${OPENVPN_SUPPORT}" -eq 1 ]] \
[[ "${WIREGUARD_SUPPORT}" -eq 0 ]]; then && [[ "${WIREGUARD_SUPPORT}" -eq 0 ]]; then
echo "::: Using VPN: OpenVPN" echo "::: Using VPN: OpenVPN"
VPN="openvpn" VPN="openvpn"
elif [[ "${OPENVPN_SUPPORT}" -eq 0 ]] && elif [[ "${OPENVPN_SUPPORT}" -eq 0 ]] \
[[ "${WIREGUARD_SUPPORT}" -eq 1 ]]; then && [[ "${WIREGUARD_SUPPORT}" -eq 1 ]]; then
echo "::: Using VPN: WireGuard" echo "::: Using VPN: WireGuard"
VPN="wireguard" VPN="wireguard"
fi fi
@ -1951,8 +1958,8 @@ installOpenVPN() {
fi fi
echo "::: Adding OpenVPN repository... " echo "::: Adding OpenVPN repository... "
echo "deb https://build.openvpn.net/debian/openvpn/stable ${OSCN} main" | echo "deb https://build.openvpn.net/debian/openvpn/stable ${OSCN} main" \
${SUDO} tee /etc/apt/sources.list.d/pivpn-openvpn-repo.list > /dev/null | ${SUDO} tee /etc/apt/sources.list.d/pivpn-openvpn-repo.list > /dev/null
echo "::: Updating package cache..." echo "::: Updating package cache..."
updatePackageCache updatePackageCache
@ -1999,16 +2006,16 @@ installWireGuard() {
PIVPN_DEPS+=(libqrencode) PIVPN_DEPS+=(libqrencode)
fi fi
if [[ "${PLAT}" == "Raspbian" || "${PLAT}" == "Debian" ]] && if [[ "${PLAT}" == "Raspbian" || "${PLAT}" == "Debian" ]] \
[[ -z "${AVAILABLE_WIREGUARD}" ]]; then && [[ -z "${AVAILABLE_WIREGUARD}" ]]; then
if [[ "${PLAT}" == "Debian" ]]; then if [[ "${PLAT}" == "Debian" ]]; then
echo "::: Adding Debian Bullseye repository... " echo "::: Adding Debian Bullseye repository... "
echo "deb https://deb.debian.org/debian/ bullseye main" | echo "deb https://deb.debian.org/debian/ bullseye main" \
${SUDO} tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null | ${SUDO} tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
else else
echo "::: Adding Raspbian Bullseye repository... " echo "::: Adding Raspbian Bullseye repository... "
echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" \
${SUDO} tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null | ${SUDO} tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
fi fi
{ {
@ -2035,8 +2042,8 @@ askCustomProto() {
else else
pivpnPROTO="${pivpnPROTO,,}" pivpnPROTO="${pivpnPROTO,,}"
if [[ "${pivpnPROTO}" == "udp" ]] || if [[ "${pivpnPROTO}" == "udp" ]] \
[[ "${pivpnPROTO}" == "tcp" ]]; then || [[ "${pivpnPROTO}" == "tcp" ]]; then
echo "::: Using the ${pivpnPROTO} protocol" echo "::: Using the ${pivpnPROTO} protocol"
else else
err ":: ${pivpnPROTO} is not a supported TCP/IP protocol, please specify 'udp' or 'tcp'" err ":: ${pivpnPROTO} is not a supported TCP/IP protocol, please specify 'udp' or 'tcp'"
@ -2091,9 +2098,9 @@ askCustomPort() {
fi fi
fi fi
else else
if [[ "${pivpnPORT}" =~ ^[0-9]+$ ]] && if [[ "${pivpnPORT}" =~ ^[0-9]+$ ]] \
[[ "${pivpnPORT}" -ge 1 ]] && && [[ "${pivpnPORT}" -ge 1 ]] \
[[ "${pivpnPORT}" -le 65535 ]]; then && [[ "${pivpnPORT}" -le 65535 ]]; then
echo "::: Using port ${pivpnPORT}" echo "::: Using port ${pivpnPORT}"
else else
err "::: ${pivpnPORT} is not a valid port, use a port within the range [1,65535] (inclusive)" err "::: ${pivpnPORT} is not a valid port, use a port within the range [1,65535] (inclusive)"
@ -2124,9 +2131,9 @@ askCustomPort() {
Enter a new value or hit 'Enter' to retain \ Enter a new value or hit 'Enter' to retain \
the default" "${r}" "${c}" "${DEFAULT_PORT}" \ the default" "${r}" "${c}" "${DEFAULT_PORT}" \
3>&1 1>&2 2>&3)"; then 3>&1 1>&2 2>&3)"; then
if [[ "${pivpnPORT}" =~ ^[0-9]+$ ]] && if [[ "${pivpnPORT}" =~ ^[0-9]+$ ]] \
[[ "${pivpnPORT}" -ge 1 ]] && && [[ "${pivpnPORT}" -ge 1 ]] \
[[ "${pivpnPORT}" -le 65535 ]]; then && [[ "${pivpnPORT}" -le 65535 ]]; then
: :
else else
pivpnPORT="${portInvalid}" pivpnPORT="${portInvalid}"
@ -2164,12 +2171,12 @@ the default" "${r}" "${c}" "${DEFAULT_PORT}" \
askClientDNS() { askClientDNS() {
if [[ "${runUnattended}" == 'true' ]]; then if [[ "${runUnattended}" == 'true' ]]; then
if [[ -z "${pivpnDNS1}" ]] && if [[ -z "${pivpnDNS1}" ]] \
[[ -n "${pivpnDNS2}" ]]; then && [[ -n "${pivpnDNS2}" ]]; then
pivpnDNS1="${pivpnDNS2}" pivpnDNS1="${pivpnDNS2}"
unset pivpnDNS2 unset pivpnDNS2
elif [[ -z "${pivpnDNS1}" ]] && elif [[ -z "${pivpnDNS1}" ]] \
[[ -z "${pivpnDNS2}" ]]; then && [[ -z "${pivpnDNS2}" ]]; then
pivpnDNS1="9.9.9.9" pivpnDNS1="9.9.9.9"
pivpnDNS2="149.112.112.112" pivpnDNS2="149.112.112.112"
echo -n "::: No DNS provider specified, " echo -n "::: No DNS provider specified, "
@ -2183,8 +2190,8 @@ askClientDNS() {
echo "::: Invalid DNS ${pivpnDNS1}" echo "::: Invalid DNS ${pivpnDNS1}"
fi fi
if [[ -n "${pivpnDNS2}" ]] && if [[ -n "${pivpnDNS2}" ]] \
! validIP "${pivpnDNS2}"; then && ! validIP "${pivpnDNS2}"; then
INVALID_DNS_SETTINGS=1 INVALID_DNS_SETTINGS=1
echo "::: Invalid DNS ${pivpnDNS2}" echo "::: Invalid DNS ${pivpnDNS2}"
fi fi
@ -2218,8 +2225,8 @@ get ad blocking on the go?" "${r}" "${c}"; then
# Add a custom hosts file for VPN clients so they appear # Add a custom hosts file for VPN clients so they appear
# as 'name.pivpn' in the Pi-hole dashboard as well as resolve # as 'name.pivpn' in the Pi-hole dashboard as well as resolve
# by their names. # by their names.
echo "addn-hosts=/etc/pivpn/hosts.${VPN}" | echo "addn-hosts=/etc/pivpn/hosts.${VPN}" \
${SUDO} tee "${dnsmasqConfig}" > /dev/null | ${SUDO} tee "${dnsmasqConfig}" > /dev/null
# Then create an empty hosts file or clear if it exists. # Then create an empty hosts file or clear if it exists.
${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}" ${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}"
@ -2299,20 +2306,20 @@ separated by a comma.
For example '1.1.1.1, 9.9.9.9'" "${r}" "${c}" "" \ For example '1.1.1.1, 9.9.9.9'" "${r}" "${c}" "" \
3>&1 1>&2 2>&3)"; then 3>&1 1>&2 2>&3)"; then
pivpnDNS1="$(echo "${pivpnDNS}" | pivpnDNS1="$(echo "${pivpnDNS}" \
sed 's/[, \t]\+/,/g' | | sed 's/[, \t]\+/,/g' \
awk -F, '{print$1}')" | awk -F, '{print$1}')"
pivpnDNS2="$(echo "${pivpnDNS}" | pivpnDNS2="$(echo "${pivpnDNS}" \
sed 's/[, \t]\+/,/g' | | sed 's/[, \t]\+/,/g' \
awk -F, '{print$2}')" | awk -F, '{print$2}')"
if ! validIP "${pivpnDNS1}" || if ! validIP "${pivpnDNS1}" \
[[ ! "${pivpnDNS1}" ]]; then || [[ ! "${pivpnDNS1}" ]]; then
pivpnDNS1="${strInvalid}" pivpnDNS1="${strInvalid}"
fi fi
if ! validIP "${pivpnDNS2}" && if ! validIP "${pivpnDNS2}" \
[[ "${pivpnDNS2}" ]]; then && [[ "${pivpnDNS2}" ]]; then
pivpnDNS2="${strInvalid}" pivpnDNS2="${strInvalid}"
fi fi
else else
@ -2320,8 +2327,8 @@ For example '1.1.1.1, 9.9.9.9'" "${r}" "${c}" "" \
exit 1 exit 1
fi fi
if [[ "${pivpnDNS1}" == "${strInvalid}" ]] || if [[ "${pivpnDNS1}" == "${strInvalid}" ]] \
[[ "${pivpnDNS2}" == "${strInvalid}" ]]; then || [[ "${pivpnDNS2}" == "${strInvalid}" ]]; then
whiptail \ whiptail \
--backtitle "Invalid IP" \ --backtitle "Invalid IP" \
--title "Invalid IP" \ --title "Invalid IP" \
@ -2448,12 +2455,12 @@ Format: mydomain.com" "${r}" "${c}" \
} }
askPublicIPOrDNS() { askPublicIPOrDNS() {
if ! IPv4pub="$(dig +short myip.opendns.com @208.67.222.222)" || if ! IPv4pub="$(dig +short myip.opendns.com @208.67.222.222)" \
! validIP "${IPv4pub}"; then || ! validIP "${IPv4pub}"; then
err "dig failed, now trying to curl checkip.amazonaws.com" err "dig failed, now trying to curl checkip.amazonaws.com"
if ! IPv4pub="$(curl -sSf https://checkip.amazonaws.com)" || if ! IPv4pub="$(curl -sSf https://checkip.amazonaws.com)" \
! validIP "${IPv4pub}"; then || ! validIP "${IPv4pub}"; then
err "checkip.amazonaws.com failed, please check your internet connection/DNS" err "checkip.amazonaws.com failed, please check your internet connection/DNS"
exit 1 exit 1
fi fi
@ -2539,8 +2546,8 @@ Public DNS Name: ${PUBLICDNS}" "${r}" "${c}"; then
askEncryption() { askEncryption() {
if [[ "${runUnattended}" == 'true' ]]; then if [[ "${runUnattended}" == 'true' ]]; then
if [[ -z "${TWO_POINT_FOUR}" ]] || if [[ -z "${TWO_POINT_FOUR}" ]] \
[[ "${TWO_POINT_FOUR}" -eq 1 ]]; then || [[ "${TWO_POINT_FOUR}" -eq 1 ]]; then
TWO_POINT_FOUR=1 TWO_POINT_FOUR=1
echo "::: Using OpenVPN 2.4 features" echo "::: Using OpenVPN 2.4 features"
@ -2548,9 +2555,9 @@ askEncryption() {
pivpnENCRYPT=256 pivpnENCRYPT=256
fi fi
if [[ "${pivpnENCRYPT}" -eq 256 ]] || if [[ "${pivpnENCRYPT}" -eq 256 ]] \
[[ "${pivpnENCRYPT}" -eq 384 ]] || || [[ "${pivpnENCRYPT}" -eq 384 ]] \
[[ "${pivpnENCRYPT}" -eq 521 ]]; then || [[ "${pivpnENCRYPT}" -eq 521 ]]; then
echo "::: Using a ${pivpnENCRYPT}-bit certificate" echo "::: Using a ${pivpnENCRYPT}-bit certificate"
else else
err "::: ${pivpnENCRYPT} is not a valid certificate size, use 256, 384, or 521" err "::: ${pivpnENCRYPT} is not a valid certificate size, use 256, 384, or 521"
@ -2564,9 +2571,9 @@ askEncryption() {
pivpnENCRYPT=2048 pivpnENCRYPT=2048
fi fi
if [[ "${pivpnENCRYPT}" -eq 2048 ]] || if [[ "${pivpnENCRYPT}" -eq 2048 ]] \
[[ "${pivpnENCRYPT}" -eq 3072 ]] || || [[ "${pivpnENCRYPT}" -eq 3072 ]] \
[[ "${pivpnENCRYPT}" -eq 4096 ]]; then || [[ "${pivpnENCRYPT}" -eq 4096 ]]; then
echo "::: Using a ${pivpnENCRYPT}-bit certificate" echo "::: Using a ${pivpnENCRYPT}-bit certificate"
else else
err "::: ${pivpnENCRYPT} is not a valid certificate size, use 2048, 3072, or 4096" err "::: ${pivpnENCRYPT} is not a valid certificate size, use 2048, 3072, or 4096"
@ -2661,8 +2668,8 @@ then grab a cup of joe and pick 4096 bits." "${r}" "${c}" 3 \
exit 1 exit 1
fi fi
if [[ "${pivpnENCRYPT}" -ge 2048 ]] && if [[ "${pivpnENCRYPT}" -ge 2048 ]] \
whiptail \ && whiptail \
--backtitle "Setup OpenVPN" \ --backtitle "Setup OpenVPN" \
--title "Generate Diffie-Hellman Parameters" \ --title "Generate Diffie-Hellman Parameters" \
--yesno "Generating DH parameters can take many hours on a Raspberry Pi. \ --yesno "Generating DH parameters can take many hours on a Raspberry Pi. \
@ -2732,8 +2739,8 @@ confOpenVPN() {
fi fi
# Get easy-rsa # Get easy-rsa
curl -sSfL "${easyrsaRel}" | curl -sSfL "${easyrsaRel}" \
${SUDO} tar -xz --one-top-level=/etc/openvpn/easy-rsa --strip-components 1 | ${SUDO} tar -xz --one-top-level=/etc/openvpn/easy-rsa --strip-components 1
if [[ ! -s /etc/openvpn/easy-rsa/easyrsa ]]; then if [[ ! -s /etc/openvpn/easy-rsa/easyrsa ]]; then
err "${0}: ERR: Failed to download EasyRSA." err "${0}: ERR: Failed to download EasyRSA."
@ -2803,8 +2810,8 @@ confOpenVPN() {
${SUDOE} ./easyrsa --batch build-ca nopass ${SUDOE} ./easyrsa --batch build-ca nopass
printf "\\n::: CA Complete.\\n" printf "\\n::: CA Complete.\\n"
if [[ "${pivpnCERT}" == "rsa" ]] && if [[ "${pivpnCERT}" == "rsa" ]] \
[[ "${USE_PREDEFINED_DH_PARAM}" -ne 1 ]]; then && [[ "${USE_PREDEFINED_DH_PARAM}" -ne 1 ]]; then
if [[ "${runUnattended}" == 'true' ]]; then if [[ "${runUnattended}" == 'true' ]]; then
echo "::: The server key, Diffie-Hellman parameters, \ echo "::: The server key, Diffie-Hellman parameters, \
and HMAC key will now be generated." and HMAC key will now be generated."
@ -2818,8 +2825,8 @@ and HMAC key will now be generated." \
"${r}" \ "${r}" \
"${c}" "${c}"
fi fi
elif [[ "${pivpnCERT}" == "ec" ]] || elif [[ "${pivpnCERT}" == "ec" ]] \
[[ "${pivpnCERT}" == "rsa" && "${USE_PREDEFINED_DH_PARAM}" -eq 1 ]]; then || [[ "${pivpnCERT}" == "rsa" && "${USE_PREDEFINED_DH_PARAM}" -eq 1 ]]; then
if [[ "${runUnattended}" == 'true' ]]; then if [[ "${runUnattended}" == 'true' ]]; then
echo "::: The server key and HMAC key will now be generated." echo "::: The server key and HMAC key will now be generated."
else else
@ -3100,11 +3107,11 @@ confWireGuard() {
${SUDO} mkdir -p /etc/wireguard/keys ${SUDO} mkdir -p /etc/wireguard/keys
# Generate private key and derive public key from it # Generate private key and derive public key from it
wg genkey | wg genkey \
${SUDO} tee /etc/wireguard/keys/server_priv &> /dev/null | ${SUDO} tee /etc/wireguard/keys/server_priv &> /dev/null
${SUDO} cat /etc/wireguard/keys/server_priv | ${SUDO} cat /etc/wireguard/keys/server_priv \
wg pubkey | | wg pubkey \
${SUDO} tee /etc/wireguard/keys/server_pub &> /dev/null | ${SUDO} tee /etc/wireguard/keys/server_pub &> /dev/null
echo "::: Server Keys have been generated." echo "::: Server Keys have been generated."
@ -3128,8 +3135,8 @@ confWireGuard() {
confNetwork() { confNetwork() {
# Enable forwarding of internet traffic # Enable forwarding of internet traffic
echo 'net.ipv4.ip_forward=1' | echo 'net.ipv4.ip_forward=1' \
${SUDO} tee /etc/sysctl.d/99-pivpn.conf > /dev/null | ${SUDO} tee /etc/sysctl.d/99-pivpn.conf > /dev/null
if [[ "${pivpnenableipv6}" -eq 1 ]]; then if [[ "${pivpnenableipv6}" -eq 1 ]]; then
{ {
@ -3249,8 +3256,8 @@ confNetwork() {
# On a newly installed system all policies should be ACCEPT, # On a newly installed system all policies should be ACCEPT,
# so the only required rule would be the MASQUERADE one. # so the only required rule would be the MASQUERADE one.
if ! ${SUDO} iptables -t nat -S | if ! ${SUDO} iptables -t nat -S \
grep -q "${VPN}-nat-rule"; then | grep -q "${VPN}-nat-rule"; then
${SUDO} iptables \ ${SUDO} iptables \
-t nat \ -t nat \
-I POSTROUTING \ -I POSTROUTING \
@ -3262,8 +3269,8 @@ confNetwork() {
fi fi
if [[ "${pivpnenableipv6}" -eq 1 ]]; then if [[ "${pivpnenableipv6}" -eq 1 ]]; then
if ! ${SUDO} ip6tables -t nat -S | if ! ${SUDO} ip6tables -t nat -S \
grep -q "${VPN}-nat-rule"; then | grep -q "${VPN}-nat-rule"; then
${SUDO} ip6tables \ ${SUDO} ip6tables \
-t nat \ -t nat \
-I POSTROUTING \ -I POSTROUTING \
@ -3283,38 +3290,38 @@ confNetwork() {
# Grep returns non 0 exit code where there are no matches, # Grep returns non 0 exit code where there are no matches,
# however that would make the script exit, # however that would make the script exit,
# for this reasons we use '|| true' to force exit code 0 # for this reasons we use '|| true' to force exit code 0
INPUT_RULES_COUNT="$(${SUDO} iptables -S INPUT | INPUT_RULES_COUNT="$(${SUDO} iptables -S INPUT \
grep -vcE '(^-P|ufw-)')" | grep -vcE '(^-P|ufw-)')"
FORWARD_RULES_COUNT="$(${SUDO} iptables -S FORWARD | FORWARD_RULES_COUNT="$(${SUDO} iptables -S FORWARD \
grep -vcE '(^-P|ufw-)')" | grep -vcE '(^-P|ufw-)')"
INPUT_POLICY="$(${SUDO} iptables -S INPUT | INPUT_POLICY="$(${SUDO} iptables -S INPUT \
grep '^-P' | | grep '^-P' \
awk '{print $3}')" | awk '{print $3}')"
FORWARD_POLICY="$(${SUDO} iptables -S FORWARD | FORWARD_POLICY="$(${SUDO} iptables -S FORWARD \
grep '^-P' | | grep '^-P' \
awk '{print $3}')" | awk '{print $3}')"
if [[ "${pivpnenableipv6}" -eq 1 ]]; then if [[ "${pivpnenableipv6}" -eq 1 ]]; then
INPUT_RULES_COUNTv6="$(${SUDO} ip6tables -S INPUT | INPUT_RULES_COUNTv6="$(${SUDO} ip6tables -S INPUT \
grep -vcE '(^-P|ufw-)')" | grep -vcE '(^-P|ufw-)')"
FORWARD_RULES_COUNTv6="$(${SUDO} ip6tables -S FORWARD | FORWARD_RULES_COUNTv6="$(${SUDO} ip6tables -S FORWARD \
grep -vcE '(^-P|ufw-)')" | grep -vcE '(^-P|ufw-)')"
INPUT_POLICYv6="$(${SUDO} ip6tables -S INPUT | INPUT_POLICYv6="$(${SUDO} ip6tables -S INPUT \
grep '^-P' | | grep '^-P' \
awk '{print $3}')" | awk '{print $3}')"
FORWARD_POLICYv6="$(${SUDO} ip6tables -S FORWARD | FORWARD_POLICYv6="$(${SUDO} ip6tables -S FORWARD \
grep '^-P' | | grep '^-P' \
awk '{print $3}')" | awk '{print $3}')"
fi fi
# If rules count is not zero, we assume we need to explicitly allow traffic. # If rules count is not zero, we assume we need to explicitly allow traffic.
# Same conclusion if there are no rules and the policy is not ACCEPT. # Same conclusion if there are no rules and the policy is not ACCEPT.
# Note that rules are being added to the top of the chain (using -I). # Note that rules are being added to the top of the chain (using -I).
if [[ "${INPUT_RULES_COUNT}" -ne 0 ]] || if [[ "${INPUT_RULES_COUNT}" -ne 0 ]] \
[[ "${INPUT_POLICY}" != "ACCEPT" ]]; then || [[ "${INPUT_POLICY}" != "ACCEPT" ]]; then
if ! ${SUDO} iptables -S | if ! ${SUDO} iptables -S \
grep -q "${VPN}-input-rule"; then | grep -q "${VPN}-input-rule"; then
${SUDO} iptables \ ${SUDO} iptables \
-I INPUT 1 \ -I INPUT 1 \
-i "${IPv4dev}" \ -i "${IPv4dev}" \
@ -3331,10 +3338,10 @@ confNetwork() {
fi fi
if [[ "${pivpnenableipv6}" -eq 1 ]]; then if [[ "${pivpnenableipv6}" -eq 1 ]]; then
if [[ "${INPUT_RULES_COUNTv6}" -ne 0 ]] || if [[ "${INPUT_RULES_COUNTv6}" -ne 0 ]] \
[[ "${INPUT_POLICYv6}" != "ACCEPT" ]]; then || [[ "${INPUT_POLICYv6}" != "ACCEPT" ]]; then
if ! ${SUDO} ip6tables -S | if ! ${SUDO} ip6tables -S \
grep -q "${VPN}-input-rule"; then | grep -q "${VPN}-input-rule"; then
${SUDO} ip6tables \ ${SUDO} ip6tables \
-I INPUT 1 \ -I INPUT 1 \
-i "${IPv6dev}" \ -i "${IPv6dev}" \
@ -3351,10 +3358,10 @@ confNetwork() {
fi fi
fi fi
if [[ "${FORWARD_RULES_COUNT}" -ne 0 ]] || if [[ "${FORWARD_RULES_COUNT}" -ne 0 ]] \
[[ "${FORWARD_POLICY}" != "ACCEPT" ]]; then || [[ "${FORWARD_POLICY}" != "ACCEPT" ]]; then
if ! ${SUDO} iptables -S | if ! ${SUDO} iptables -S \
grep -q "${VPN}-forward-rule"; then | grep -q "${VPN}-forward-rule"; then
${SUDO} iptables \ ${SUDO} iptables \
-I FORWARD 1 \ -I FORWARD 1 \
-d "${pivpnNET}/${subnetClass}" \ -d "${pivpnNET}/${subnetClass}" \
@ -3381,10 +3388,10 @@ confNetwork() {
fi fi
if [[ "${pivpnenableipv6}" -eq 1 ]]; then if [[ "${pivpnenableipv6}" -eq 1 ]]; then
if [[ "${FORWARD_RULES_COUNTv6}" -ne 0 ]] || if [[ "${FORWARD_RULES_COUNTv6}" -ne 0 ]] \
[[ "${FORWARD_POLICYv6}" != "ACCEPT" ]]; then || [[ "${FORWARD_POLICYv6}" != "ACCEPT" ]]; then
if ! ${SUDO} ip6tables -S | if ! ${SUDO} ip6tables -S \
grep -q "${VPN}-forward-rule"; then | grep -q "${VPN}-forward-rule"; then
${SUDO} ip6tables \ ${SUDO} ip6tables \
-I FORWARD 1 \ -I FORWARD 1 \
-d "${pivpnNETv6}/${subnetClassv6}" \ -d "${pivpnNETv6}/${subnetClassv6}" \
@ -3413,10 +3420,10 @@ confNetwork() {
case "${PLAT}" in case "${PLAT}" in
Debian | Raspbian | Ubuntu) Debian | Raspbian | Ubuntu)
${SUDO} iptables-save | ${SUDO} iptables-save \
${SUDO} tee /etc/iptables/rules.v4 > /dev/null | ${SUDO} tee /etc/iptables/rules.v4 > /dev/null
${SUDO} ip6tables-save | ${SUDO} ip6tables-save \
${SUDO} tee /etc/iptables/rules.v6 > /dev/null | ${SUDO} tee /etc/iptables/rules.v6 > /dev/null
;; ;;
esac esac
@ -3464,8 +3471,8 @@ confLogging() {
# Restart the logging service # Restart the logging service
case "${PLAT}" in case "${PLAT}" in
Debian | Raspbian | Ubuntu) Debian | Raspbian | Ubuntu)
${SUDO} systemctl -q is-active rsyslog.service && ${SUDO} systemctl -q is-active rsyslog.service \
${SUDO} systemctl restart rsyslog.service && ${SUDO} systemctl restart rsyslog.service
;; ;;
Alpine) Alpine)
${SUDO} rc-service -is rsyslog restart ${SUDO} rc-service -is rsyslog restart

16
ciscripts/startup.sh
View file

@ -1,13 +1,13 @@
#!/bin/bash #!/bin/bash
interface=$(ip -o link | interface=$(ip -o link \
awk '{print $2}' | | awk '{print $2}' \
cut -d ':' -f 1 | | cut -d ':' -f 1 \
cut -d '@' -f 1 | | cut -d '@' -f 1 \
grep -v -w 'lo' | | grep -v -w 'lo' \
head -1) | head -1)
ipaddress=$(ip addr show "${interface}" | ipaddress=$(ip addr show "${interface}" \
grep -o -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}/[0-9]{2}") | grep -o -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}/[0-9]{2}")
gateway=$(ip route show | awk '/default/ {print $3}') gateway=$(ip route show | awk '/default/ {print $3}')
hostname="pivpn.test" hostname="pivpn.test"

4
scripts/backup.sh
View file

@ -20,8 +20,8 @@ setupConfigDir="/etc/pivpn"
CHECK_PKG_INSTALLED='dpkg-query -s' CHECK_PKG_INSTALLED='dpkg-query -s'
if [[ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ]] && if [[ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ]] \
[[ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]]; then && [[ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]]; then
# Two protocols have been installed, check if the script has passed # Two protocols have been installed, check if the script has passed
# an argument, otherwise ask the user which one he wants to remove # an argument, otherwise ask the user which one he wants to remove
if [[ "$#" -ge 1 ]]; then if [[ "$#" -ge 1 ]]; then

4
scripts/openvpn/bash-completion
View file

@ -14,8 +14,8 @@ _pivpn() {
else else
COMPREPLY=("$(compgen -W "${opts}" -- "${cur}")") COMPREPLY=("$(compgen -W "${opts}" -- "${cur}")")
fi fi
elif [[ ("${prev}" == "add" || "${prev}" == "-a") ]] && elif [[ ("${prev}" == "add" || "${prev}" == "-a") ]] \
[[ "${#COMP_WORDS[@]}" -eq 3 ]]; then && [[ "${#COMP_WORDS[@]}" -eq 3 ]]; then
COMPREPLY=("$(compgen -W "nopass" -- "${cur}")") COMPREPLY=("$(compgen -W "nopass" -- "${cur}")")
fi fi

8
scripts/openvpn/listOVPN.sh
View file

@ -35,10 +35,10 @@ printf "\\e[1m::: Certificate Status List :::\\e[0m\\n"
while read -r line || [[ -n "${line}" ]]; do while read -r line || [[ -n "${line}" ]]; do
STATUS="$(echo "${line}" | awk '{print $1}')" STATUS="$(echo "${line}" | awk '{print $1}')"
NAME="$(echo "${line}" | awk -FCN= '{print $2}')" NAME="$(echo "${line}" | awk -FCN= '{print $2}')"
EXPD="$(echo "${line}" | EXPD="$(echo "${line}" \
awk '{if (length($2) == 15) print $2; else print "20"$2}' | | awk '{if (length($2) == 15) print $2; else print "20"$2}' \
cut -b 1-8 | | cut -b 1-8 \
date +"%b %d %Y" -f -)" | date +"%b %d %Y" -f -)"
if [[ "${STATUS}" == "V" ]]; then if [[ "${STATUS}" == "V" ]]; then
printf "Valid" printf "Valid"

54
scripts/openvpn/makeOVPN.sh
View file

@ -61,9 +61,9 @@ while [[ "$#" -gt 0 ]]; do
_val="${_key##--name=}" _val="${_key##--name=}"
if [[ "${_val}" == "${_key}" ]]; then if [[ "${_val}" == "${_key}" ]]; then
[[ "$#" -lt 2 ]] && [[ "$#" -lt 2 ]] \
err "Missing value for the optional argument '${_key}'." && && err "Missing value for the optional argument '${_key}'." \
exit 1 && exit 1
_val="${2}" _val="${2}"
shift shift
@ -75,9 +75,9 @@ while [[ "$#" -gt 0 ]]; do
_val="${_key##--password=}" _val="${_key##--password=}"
if [[ "${_val}" == "${_key}" ]]; then if [[ "${_val}" == "${_key}" ]]; then
[[ "$#" -lt 2 ]] && [[ "$#" -lt 2 ]] \
err "Missing value for the optional argument '${_key}'." && && err "Missing value for the optional argument '${_key}'." \
exit 1 && exit 1
_val="${2}" _val="${2}"
shift shift
@ -89,9 +89,9 @@ while [[ "$#" -gt 0 ]]; do
_val="${_key##--days=}" _val="${_key##--days=}"
if [[ "${_val}" == "${_key}" ]]; then if [[ "${_val}" == "${_key}" ]]; then
[[ "$#" -lt 2 ]] && [[ "$#" -lt 2 ]] \
err "Missing value for the optional argument '${_key}'." && && err "Missing value for the optional argument '${_key}'." \
exit 1 && exit 1
_val="${2}" _val="${2}"
shift shift
@ -180,9 +180,9 @@ useBitwarden() {
read -r NAME read -r NAME
# check name # check name
until [[ "${NAME}" =~ ^[a-zA-Z0-9.@_-]+$ ]] && until [[ "${NAME}" =~ ^[a-zA-Z0-9.@_-]+$ ]] \
[[ "${NAME::1}" != "." ]] && && [[ "${NAME::1}" != "." ]] \
[[ "${NAME::1}" != "-" ]]; do && [[ "${NAME::1}" != "-" ]]; do
echo -n "Name can only contain alphanumeric characters and these " echo -n "Name can only contain alphanumeric characters and these "
echo -n "characters (.-@_). The name also cannot start with a dot (.)" echo -n "characters (.-@_). The name also cannot start with a dot (.)"
echo " or a dash (-). Please try again." echo " or a dash (-). Please try again."
@ -210,13 +210,13 @@ useBitwarden() {
# create a new item for your PiVPN Password # create a new item for your PiVPN Password
PASSWD="$(bw generate -usln --length "${LENGTH}")" PASSWD="$(bw generate -usln --length "${LENGTH}")"
bw get template item | bw get template item \
jq '.login.type = "1"' | | jq '.login.type = "1"' \
jq '.name = "PiVPN"' | | jq '.name = "PiVPN"' \
jq -r --arg NAME "${NAME}" '.login.username = $NAME' | | jq -r --arg NAME "${NAME}" '.login.username = $NAME' \
jq -r --arg PASSWD "${PASSWD}" '.login.password = $PASSWD' | | jq -r --arg PASSWD "${PASSWD}" '.login.password = $PASSWD' \
bw encode | | bw encode \
bw create item | bw create item
bw logout bw logout
} }
@ -357,9 +357,9 @@ else
err "Please choose another name or revoke this certificate first." err "Please choose another name or revoke this certificate first."
exit 1 exit 1
# Check if name is reserved # Check if name is reserved
elif [[ "${NAME}" == "ta" ]] || elif [[ "${NAME}" == "ta" ]] \
[[ "${NAME}" == "server" ]] || || [[ "${NAME}" == "server" ]] \
[[ "${NAME}" == "ca" ]]; then || [[ "${NAME}" == "ca" ]]; then
err "Sorry, this is in use by the server and cannot be used by clients." err "Sorry, this is in use by the server and cannot be used by clients."
exit 1 exit 1
fi fi
@ -370,9 +370,9 @@ else
read -r -e -p "How many days should the certificate last? " -i 1080 DAYS read -r -e -p "How many days should the certificate last? " -i 1080 DAYS
fi fi
if [[ ! "${DAYS}" =~ ^[0-9]+$ ]] || if [[ ! "${DAYS}" =~ ^[0-9]+$ ]] \
[[ "${DAYS}" -lt 1 ]] || || [[ "${DAYS}" -lt 1 ]] \
[[ "${DAYS}" -gt 3650 ]]; then || [[ "${DAYS}" -gt 3650 ]]; then
# The CRL lasts 3650 days so it doesn't make much sense # The CRL lasts 3650 days so it doesn't make much sense
# that certificates would last longer # that certificates would last longer
err "Please input a valid number of days, between 1 and 3650 inclusive." err "Please input a valid number of days, between 1 and 3650 inclusive."
@ -516,8 +516,8 @@ for i in {2..254}; do
# cycle to the end without finding and available octet. # cycle to the end without finding and available octet.
# disabling SC2514, variable sourced externaly # disabling SC2514, variable sourced externaly
# shellcheck disable=SC2154 # shellcheck disable=SC2154
if [[ -z "$(ls -A /etc/openvpn/ccd)" ]] || if [[ -z "$(ls -A /etc/openvpn/ccd)" ]] \
! find /etc/openvpn/ccd \ || ! find /etc/openvpn/ccd \
-type f \ -type f \
-exec grep -q "${NET_REDUCED}.${i}" {} +; then -exec grep -q "${NET_REDUCED}.${i}" {} +; then
COUNT="${i}" COUNT="${i}"

8
scripts/openvpn/pivpnDebug.sh
View file

@ -65,10 +65,10 @@ if [[ "${PLAT}" != 'Alpine' ]]; then
# Regular expession taken from https://superuser.com/a/202835, # Regular expession taken from https://superuser.com/a/202835,
# it will match invalid IPs like 123.456.789.012 but it's fine # it will match invalid IPs like 123.456.789.012 but it's fine
# since the log only contains valid ones. # since the log only contains valid ones.
declare -a IPS_TO_HIDE=("$(echo "${OVPNLOG}" | declare -a IPS_TO_HIDE=("$(echo "${OVPNLOG}" \
grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 | | grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' \
uniq)") | uniq)")
for IP in "${IPS_TO_HIDE[@]}"; do for IP in "${IPS_TO_HIDE[@]}"; do
OVPNLOG="${OVPNLOG//"$IP"/REDACTED}" OVPNLOG="${OVPNLOG//"$IP"/REDACTED}"

6
scripts/openvpn/removeOVPN.sh
View file

@ -166,9 +166,9 @@ for ((ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
# shellcheck disable=SC2154 # shellcheck disable=SC2154
# Grab the client IP address # Grab the client IP address
NET_REDUCED="${pivpnNET::-2}" NET_REDUCED="${pivpnNET::-2}"
STATIC_IP="$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | STATIC_IP="$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" \
grep -w ifconfig-push | | grep -w ifconfig-push \
grep -oE "${NET_REDUCED}\.[0-9]{1,3}")" | grep -oE "${NET_REDUCED}\.[0-9]{1,3}")"
rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}"
# disablung warning SC2154, $install_home sourced externally # disablung warning SC2154, $install_home sourced externally

12
scripts/self_check.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
PLAT="$(grep -sEe '^NAME\=' /etc/os-release | PLAT="$(grep -sEe '^NAME\=' /etc/os-release \
sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")" | sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")"
# dual protocol, VPN type supplied as $1 # dual protocol, VPN type supplied as $1
VPN="${1}" VPN="${1}"
@ -255,8 +255,8 @@ else
fi fi
if [[ "${PLAT}" == 'Alpine' ]]; then if [[ "${PLAT}" == 'Alpine' ]]; then
if [[ "$(rc-service "${VPN_SERVICE}" status | if [[ "$(rc-service "${VPN_SERVICE}" status \
sed -E -e 's/.*status\: (.*)/\1/')" == 'started' ]]; then | sed -E -e 's/.*status\: (.*)/\1/')" == 'started' ]]; then
echo ":: [OK] ${VPN_PRETTY_NAME} is running" echo ":: [OK] ${VPN_PRETTY_NAME} is running"
else else
ERR=1 ERR=1
@ -271,8 +271,8 @@ if [[ "${PLAT}" == 'Alpine' ]]; then
fi fi
fi fi
if rc-update show default | if rc-update show default \
grep -sEe "\s*${VPN_SERVICE} .*" &> /dev/null; then | grep -sEe "\s*${VPN_SERVICE} .*" &> /dev/null; then
echo -n ":: [OK] ${VPN_PRETTY_NAME} is enabled " echo -n ":: [OK] ${VPN_PRETTY_NAME} is enabled "
echo "(it will automatically start on reboot)" echo "(it will automatically start on reboot)"
else else

8
scripts/uninstall.sh
View file

@ -26,8 +26,8 @@ setupConfigDir="/etc/pivpn"
pivpnFilesDir="/usr/local/src/pivpn" pivpnFilesDir="/usr/local/src/pivpn"
pivpnScriptDir="/opt/pivpn" pivpnScriptDir="/opt/pivpn"
PLAT="$(grep -sEe '^NAME\=' /etc/os-release | PLAT="$(grep -sEe '^NAME\=' /etc/os-release \
sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")" | sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")"
if [[ "${PLAT}" == 'Alpine' ]]; then if [[ "${PLAT}" == 'Alpine' ]]; then
PKG_MANAGER='apk' PKG_MANAGER='apk'
@ -36,8 +36,8 @@ fi
UPDATE_PKG_CACHE="${PKG_MANAGER} update" UPDATE_PKG_CACHE="${PKG_MANAGER} update"
if [[ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ]] && if [[ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ]] \
[[ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]]; then && [[ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]]; then
vpnStillExists=1 vpnStillExists=1
# Two protocols have been installed, check if the script has passed # Two protocols have been installed, check if the script has passed

4
scripts/update.sh
View file

@ -90,8 +90,8 @@ updatepivpnscripts() {
echo echo
fi fi
if [[ -d "${pivpnlocalpath}" ]] && if [[ -d "${pivpnlocalpath}" ]] \
[[ -n "${pivpnlocalpath}" ]]; then && [[ -n "${pivpnlocalpath}" ]]; then
rm -rf "${pivpnlocalpath}/../.pivpn" rm -rf "${pivpnlocalpath}/../.pivpn"
fi fi

4
scripts/wireguard/clientSTAT.sh
View file

@ -49,8 +49,8 @@ listClients() {
BYTES_RECEIVED="$(awk '{ print $6 }' <<< "${LINE}")" BYTES_RECEIVED="$(awk '{ print $6 }' <<< "${LINE}")"
BYTES_SENT="$(awk '{ print $7 }' <<< "${LINE}")" BYTES_SENT="$(awk '{ print $7 }' <<< "${LINE}")"
LAST_SEEN="$(awk '{ print $5 }' <<< "${LINE}")" LAST_SEEN="$(awk '{ print $5 }' <<< "${LINE}")"
CLIENT_NAME="$(grep "${PUBLIC_KEY}" "${CLIENTS_FILE}" | CLIENT_NAME="$(grep "${PUBLIC_KEY}" "${CLIENTS_FILE}" \
awk '{ print $1 }')" | awk '{ print $1 }')"
printf "%s \t %s \t %s \t " \ printf "%s \t %s \t %s \t " \
"${CLIENT_NAME}" \ "${CLIENT_NAME}" \
"${REMOTE_IP}" \ "${REMOTE_IP}" \

24
scripts/wireguard/makeCONF.sh
View file

@ -40,9 +40,9 @@ while [[ "$#" -gt 0 ]]; do
_val="${_key##--name=}" _val="${_key##--name=}"
if [[ "${_val}" == "${_key}" ]]; then if [[ "${_val}" == "${_key}" ]]; then
[[ "$#" -lt 2 ]] && [[ "$#" -lt 2 ]] \
err "::: Missing value for the optional argument '${_key}'." && && err "::: Missing value for the optional argument '${_key}'." \
exit 1 && exit 1
_val="${2}" _val="${2}"
shift shift
@ -94,9 +94,9 @@ elif [[ -f "configs/${CLIENT_NAME}.conf" ]]; then
exit 1 exit 1
fi fi
wg genkey | wg genkey \
tee "keys/${CLIENT_NAME}_priv" | | tee "keys/${CLIENT_NAME}_priv" \
wg pubkey > "keys/${CLIENT_NAME}_pub" | wg pubkey > "keys/${CLIENT_NAME}_pub"
wg genpsk | tee "keys/${CLIENT_NAME}_psk" &> /dev/null wg genpsk | tee "keys/${CLIENT_NAME}_psk" &> /dev/null
echo "::: Client Keys generated" echo "::: Client Keys generated"
@ -104,8 +104,8 @@ echo "::: Client Keys generated"
for i in {2..254}; do for i in {2..254}; do
if ! grep -q " ${i}$" configs/clients.txt; then if ! grep -q " ${i}$" configs/clients.txt; then
COUNT="${i}" COUNT="${i}"
echo "${CLIENT_NAME} $(< keys/"${CLIENT_NAME}"_pub) $(date +%s) ${COUNT}" | echo "${CLIENT_NAME} $(< keys/"${CLIENT_NAME}"_pub) $(date +%s) ${COUNT}" \
tee -a configs/clients.txt > /dev/null | tee -a configs/clients.txt > /dev/null
break break
fi fi
done done
@ -167,12 +167,12 @@ echo "::: Client config generated"
echo "::: Updated server config" echo "::: Updated server config"
if [[ -f /etc/pivpn/hosts.wireguard ]]; then if [[ -f /etc/pivpn/hosts.wireguard ]]; then
echo "${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn" | echo "${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn" \
tee -a /etc/pivpn/hosts.wireguard > /dev/null | tee -a /etc/pivpn/hosts.wireguard > /dev/null
if [[ "${pivpnenableipv6}" == 1 ]]; then if [[ "${pivpnenableipv6}" == 1 ]]; then
echo "${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn" | echo "${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn" \
tee -a /etc/pivpn/hosts.wireguard > /dev/null | tee -a /etc/pivpn/hosts.wireguard > /dev/null
fi fi
if killall -SIGHUP pihole-FTL; then if killall -SIGHUP pihole-FTL; then

8
scripts/wireguard/removeCONF.sh
View file

@ -100,11 +100,11 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
# Grab the least significant octed of the client IP address # Grab the least significant octed of the client IP address
COUNT="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $4}')" COUNT="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $4}')"
# The creation date of the client # The creation date of the client
CREATION_DATE="$(grep "^${CLIENT_NAME} " configs/clients.txt | CREATION_DATE="$(grep "^${CLIENT_NAME} " configs/clients.txt \
awk '{print $3}')" | awk '{print $3}')"
# And its public key # And its public key
PUBLIC_KEY="$(grep "^${CLIENT_NAME} " configs/clients.txt | PUBLIC_KEY="$(grep "^${CLIENT_NAME} " configs/clients.txt \
awk '{print $2}')" | awk '{print $2}')"
# Then remove the client matching the variables above # Then remove the client matching the variables above
sed \ sed \