Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-20 03:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Basic changes

Browse source 
Add selection of random subnet
This commit is contained in:
Adrian Hyncica 2018-01-25 20:17:36 +00:00
parent abdce6c333
commit e10c4e2900
1 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
auto_install/install.sh
View file

@ -58,6 +58,12 @@ IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
availableInterfaces=$(ip -o link | grep "state UP" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1) availableInterfaces=$(ip -o link | grep "state UP" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1)
dhcpcdFile=/etc/dhcpcd.conf dhcpcdFile=/etc/dhcpcd.conf
#set address for subnet
IPDIG1=$(( $RANDOM % 201 + 29))
IPDIG2=$(( $RANDOM % 201 + 29))
IPv4SubNet="10.$IPDIG1.$IPDIG2"
echo $IPv4SubNet > /etc/pivpn/vpnSubNet.txt
# Next see if we are on a tested and supported OS # Next see if we are on a tested and supported OS
function noOS_Support() { function noOS_Support() {
whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS. whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS.
@ -912,6 +918,9 @@ EOF
# write out server certs to conf file # write out server certs to conf file
$SUDO sed -i "s/\(key \/etc\/openvpn\/easy-rsa\/pki\/private\/\).*/\1${SERVER_NAME}.key/" /etc/openvpn/server.conf $SUDO sed -i "s/\(key \/etc\/openvpn\/easy-rsa\/pki\/private\/\).*/\1${SERVER_NAME}.key/" /etc/openvpn/server.conf
$SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/pki\/issued\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf $SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/pki\/issued\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf
#change the subnet to the random generated
$SUDO sed -i "s/10\.8\.0/${IPv4SubNet}/g" /etc/openvpn/server.conf
} }
confUnattendedUpgrades() { confUnattendedUpgrades() {
@ -958,8 +967,8 @@ confNetwork() {
$SUDO sed -i 's/IPv4dev/'"$IPv4dev"'/' /tmp/ufw_add.txt $SUDO sed -i 's/IPv4dev/'"$IPv4dev"'/' /tmp/ufw_add.txt
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw $SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
$SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules $SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules
$SUDO ufw allow "${PORT}/${PROTO}" $SUDO ufw allow "${PORT}/${PROTO}"
$SUDO ufw allow from 10.8.0.0/24 $SUDO ufw allow from "$IPv4SubNet.0/24"
$SUDO ufw reload $SUDO ufw reload
echo "::: UFW configuration completed." echo "::: UFW configuration completed."
fi fi
@ -969,7 +978,8 @@ confNetwork() {
# else configure iptables # else configure iptables
if [[ $noUFW -eq 1 ]]; then if [[ $noUFW -eq 1 ]]; then
echo 1 > /tmp/noUFW echo 1 > /tmp/noUFW
$SUDO iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "$IPv4dev" -j MASQUERADE $SUDO iptables -t nat -F
$SUDO iptables -t nat -A POSTROUTING -s "$IPv4SubNet.0/24" -o "$IPv4dev" -j MASQUERADE
case ${PLAT} in case ${PLAT} in
Ubuntu|Debian|Devuan) Ubuntu|Debian|Devuan)
$SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null $SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null