Merge pull request #1 from EWouters/master

Merging changes into test branch
This commit is contained in:
EWouters 2017-03-13 20:03:05 +13:00 committed by GitHub
commit f050f82519
3 changed files with 398 additions and 169 deletions

View file

@ -133,7 +133,9 @@ welcome any feedback on your experience. If you have problems using it, feel
free to post an issue here on github. I'll classify the issues the best I can free to post an issue here on github. I'll classify the issues the best I can
to keep things sorted. to keep things sorted.
You can also post on the [Google Space](https://goo.gl/spaces/kgp2Mcy5RDfZ5SSf8) I created for PiVPN, especially suited for general questions or discussions. [[DISCONTINUED APRIL 17]] You can also post on the [Google Space](https://goo.gl/spaces/kgp2Mcy5RDfZ5SSf8) I created for PiVPN, especially suited for general questions or discussions.
You can also join #pivpn <ircs://freenode/pivpn> on freenode in IRC for community support or general questions.
Contributions Contributions
------------- -------------

View file

@ -10,11 +10,13 @@
# curl -L https://install.pivpn.io | bash # curl -L https://install.pivpn.io | bash
# Make sure you have `curl` installed # Make sure you have `curl` installed
set -e
######## VARIABLES ######### ######## VARIABLES #########
tmpLog="/tmp/pivpn-install.log" tmpLog="/tmp/pivpn-install.log"
instalLogLoc="/etc/pivpn/install.log" instalLogLoc="/etc/pivpn/install.log"
setupVars=/etc/pivpn/setupVars.conf
useUpdateVars=false
### PKG Vars ### ### PKG Vars ###
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
@ -42,6 +44,11 @@ c=$(( columns / 2 ))
r=$(( r < 20 ? 20 : r )) r=$(( r < 20 ? 20 : r ))
c=$(( c < 70 ? 70 : c )) c=$(( c < 70 ? 70 : c ))
######## Undocumented Flags. Shhh ########
skipSpaceCheck=false
reconfigure=false
runUnattended=false
# Find IP used to route to outside world # Find IP used to route to outside world
IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
@ -51,24 +58,6 @@ IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
availableInterfaces=$(ip -o link | grep "state UP" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1) availableInterfaces=$(ip -o link | grep "state UP" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1)
dhcpcdFile=/etc/dhcpcd.conf dhcpcdFile=/etc/dhcpcd.conf
######## FIRST CHECK ########
# Must be root to install
echo ":::"
if [[ $EUID -eq 0 ]];then
echo "::: You are root."
else
echo "::: sudo will be used for the install."
# Check if it is actually installed
# If it isn't, exit because the install cannot complete
if [[ $(dpkg-query -s sudo) ]];then
export SUDO="sudo"
export SUDOE="sudo -E"
else
echo "::: Please install sudo or run this as root."
exit 1
fi
fi
# Next see if we are on a tested and supported OS # Next see if we are on a tested and supported OS
function noOS_Support() { function noOS_Support() {
whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS. whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS.
@ -79,8 +68,8 @@ If you think you received this message in error, you can post an issue on the Gi
function maybeOS_Support() { function maybeOS_Support() {
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work. if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial). Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial).
Would you like to continue anyway?" ${r} ${c}) then Would you like to continue anyway?" ${r} ${c}) then
echo "::: Did not detect perfectly supported OS but," echo "::: Did not detect perfectly supported OS but,"
echo "::: Continuing installation at user's own risk..." echo "::: Continuing installation at user's own risk..."
else else
@ -89,8 +78,10 @@ function maybeOS_Support() {
fi fi
} }
# if lsb_release command is on their system # Compatibility
if hash lsb_release 2>/dev/null; then distro_check() {
# if lsb_release command is on their system
if hash lsb_release 2>/dev/null; then
PLAT=$(lsb_release -si) PLAT=$(lsb_release -si)
OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie
@ -101,8 +92,8 @@ if hash lsb_release 2>/dev/null; then
else else
noOS_Support noOS_Support
fi fi
# else get info from os-release # else get info from os-release
elif grep -q debian /etc/os-release; then elif grep -q debian /etc/os-release; then
if grep -q jessie /etc/os-release; then if grep -q jessie /etc/os-release; then
PLAT="Raspbian" PLAT="Raspbian"
OSCN="jessie" OSCN="jessie"
@ -111,12 +102,13 @@ elif grep -q debian /etc/os-release; then
OSCN="unknown" OSCN="unknown"
maybeOS_Support maybeOS_Support
fi fi
# else we prob don't want to install # else we prob don't want to install
else else
noOS_Support noOS_Support
fi fi
echo "${PLAT}" > /tmp/DET_PLATFORM echo "${PLAT}" > /tmp/DET_PLATFORM
}
####### FUNCTIONS ########## ####### FUNCTIONS ##########
spinner() spinner()
@ -280,6 +272,7 @@ If you are in Amazon then you can not configure a static IP anyway. Just ensure
} }
getStaticIPv4Settings() { getStaticIPv4Settings() {
local ipSettingsCorrect
# Grab their current DNS Server # Grab their current DNS Server
IPv4dns=$(nslookup 127.0.0.1 | grep Server: | awk '{print $2}') IPv4dns=$(nslookup 127.0.0.1 | grep Server: | awk '{print $2}')
# Ask if the user wants to use DHCP settings as their static IP # Ask if the user wants to use DHCP settings as their static IP
@ -347,7 +340,6 @@ setStaticIPv4() {
if [[ -f /etc/dhcpcd.conf ]]; then if [[ -f /etc/dhcpcd.conf ]]; then
if grep -q "${IPv4addr}" ${dhcpcdFile}; then if grep -q "${IPv4addr}" ${dhcpcdFile}; then
echo "::: Static IP already configured." echo "::: Static IP already configured."
:
else else
setDHCPCD setDHCPCD
$SUDO ip addr replace dev "${pivpnInterface}" "${IPv4addr}" $SUDO ip addr replace dev "${pivpnInterface}" "${IPv4addr}"
@ -488,7 +480,6 @@ unattendedUpgrades() {
if (whiptail --backtitle "Security Updates" --title "Unattended Upgrades" --yesno "Do you want to enable unattended upgrades of security patches to this server?" ${r} ${c}) then if (whiptail --backtitle "Security Updates" --title "Unattended Upgrades" --yesno "Do you want to enable unattended upgrades of security patches to this server?" ${r} ${c}) then
UNATTUPG="unattended-upgrades" UNATTUPG="unattended-upgrades"
$SUDO apt-get --yes --quiet --no-install-recommends install "$UNATTUPG" > /dev/null & spinner $!
else else
UNATTUPG="" UNATTUPG=""
fi fi
@ -604,6 +595,9 @@ make_repo() {
} }
update_repo() { update_repo() {
if [[ "${reconfigure}" == true ]]; then
echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
else
# Pull the latest commits # Pull the latest commits
echo -n "::: Updating repo in $1..." echo -n "::: Updating repo in $1..."
cd "${1}" || exit 1 cd "${1}" || exit 1
@ -615,6 +609,7 @@ update_repo() {
${SUDOE} git checkout test ${SUDOE} git checkout test
fi fi
echo " done!" echo " done!"
fi
} }
setCustomProto() { setCustomProto() {
@ -776,9 +771,7 @@ setClientDNS() {
} }
confOpenVPN() { confOpenVPN() {
# Ask user if want to modify default port if [[ ${useUpdateVars} == false ]]; then
SERVER_NAME="server"
# Ask user for desired level of encryption # Ask user for desired level of encryption
ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "Encryption Strength" --radiolist \ ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "Encryption Strength" --radiolist \
"Choose your desired level of encryption:\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications it is recommended to use 2048 bit. If you are testing or just want to get through it quicker you can use 1024. If you are paranoid about ... things... then grab a cup of joe and pick 4096." ${r} ${c} 3 \ "Choose your desired level of encryption:\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications it is recommended to use 2048 bit. If you are testing or just want to get through it quicker you can use 1024. If you are paranoid about ... things... then grab a cup of joe and pick 4096." ${r} ${c} 3 \
@ -791,6 +784,7 @@ confOpenVPN() {
echo "::: Cancel selected. Exiting..." echo "::: Cancel selected. Exiting..."
exit 1 exit 1
fi fi
fi
# If easy-rsa exists, remove it # If easy-rsa exists, remove it
if [[ -d /etc/openvpn/easy-rsa/ ]]; then if [[ -d /etc/openvpn/easy-rsa/ ]]; then
@ -816,7 +810,7 @@ set_var EASYRSA_ALGO rsa
set_var EASYRSA_CURVE secp384r1 set_var EASYRSA_CURVE secp384r1
EOF EOF
echo "${String}" | $SUDO tee /etc/openvpn/easy-rsa/vars >/dev/null echo "${String}" | $SUDO tee /etc/openvpn/easy-rsa/vars >/dev/null
# Edit the KEY_SIZE variable in the vars file to set user chosen key size # Edit the KEY_SIZE variable in the vars file to set user chosen key size
cd /etc/openvpn/easy-rsa || exit cd /etc/openvpn/easy-rsa || exit
@ -830,21 +824,32 @@ echo "${String}" | $SUDO tee /etc/openvpn/easy-rsa/vars >/dev/null
${SUDOE} ./easyrsa --batch build-ca nopass ${SUDOE} ./easyrsa --batch build-ca nopass
printf "\n::: CA Complete.\n" printf "\n::: CA Complete.\n"
if [[ ${useUpdateVars} == false ]]; then
whiptail --msgbox --backtitle "Setup OpenVPN" --title "Server Information" "The server key, Diffie-Hellman key, and HMAC key will now be generated." ${r} ${c} whiptail --msgbox --backtitle "Setup OpenVPN" --title "Server Information" "The server key, Diffie-Hellman key, and HMAC key will now be generated." ${r} ${c}
fi
# Build the server # Build the server
${SUDOE} ./easyrsa build-server-full server nopass ${SUDOE} ./easyrsa build-server-full server nopass
if [[ ${useUpdateVars} == false ]]; then
if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from a pool of the last 128 generated.\nMore information about this service can be found here: https://2ton.com.au/dhtool/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." ${r} ${c}) if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from a pool of the last 128 generated.\nMore information about this service can be found here: https://2ton.com.au/dhtool/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." ${r} ${c})
then then
DOWNLOAD_DH_PARAM=true
else
DOWNLOAD_DH_PARAM=false
fi
fi
if [ "$ENCRYPT" -ge "4096" ] && [[ ${DOWNLOAD_DH_PARAM} == true ]]
then
# Downloading parameters # Downloading parameters
RANDOM_INDEX=$(( RANDOM % 128 )) RANDOM_INDEX=$(( RANDOM % 128 ))
${SUDOE} curl "https://2ton.com.au/dhparam/${ENCRYPT}/${RANDOM_INDEX}" -o "/etc/openvpn/easy-rsa/pki/dh${ENCRYPT}.pem" ${SUDOE} curl "https://2ton.com.au/dhparam/${ENCRYPT}/${RANDOM_INDEX}" -o "/etc/openvpn/easy-rsa/pki/dh${ENCRYPT}.pem"
else else
# Generate Diffie-Hellman key exchange # Generate Diffie-Hellman key exchange
${SUDOE} ./easyrsa gen-dh ${SUDOE} ./easyrsa gen-dh
${SUDOE} mv pki/dh.pem pki/dh${ENCRYPT}.pem ${SUDOE} mv pki/dh.pem pki/dh${ENCRYPT}.pem
fi fi
# Generate static HMAC key to defend against DDoS # Generate static HMAC key to defend against DDoS
${SUDOE} openvpn --genkey --secret pki/ta.key ${SUDOE} openvpn --genkey --secret pki/ta.key
@ -875,6 +880,7 @@ fi
confUnattendedUpgrades() { confUnattendedUpgrades() {
if [[ $UNATTUPG == "unattended-upgrades" ]]; then if [[ $UNATTUPG == "unattended-upgrades" ]]; then
$SUDO apt-get --yes --quiet --no-install-recommends install "$UNATTUPG" > /dev/null & spinner $!
if [[ $PLAT == "Ubuntu" ]]; then if [[ $PLAT == "Ubuntu" ]]; then
# Ubuntu 50unattended-upgrades should already just have security enabled # Ubuntu 50unattended-upgrades should already just have security enabled
# so we just need to configure the 10periodic file # so we just need to configure the 10periodic file
@ -957,6 +963,9 @@ confOVPN() {
echo 0 > /tmp/REVOKE_STATUS echo 0 > /tmp/REVOKE_STATUS
$SUDO cp /tmp/REVOKE_STATUS /etc/pivpn/REVOKE_STATUS $SUDO cp /tmp/REVOKE_STATUS /etc/pivpn/REVOKE_STATUS
$SUDO cp /etc/.pivpn/Default.txt /etc/openvpn/easy-rsa/pki/Default.txt
if [[ ${useUpdateVars} == false ]]; then
METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" ${r} ${c} 2 \ METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" ${r} ${c} 2 \
"$IPv4pub" "Use this public IP" "ON" \ "$IPv4pub" "Use this public IP" "ON" \
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3) "DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
@ -967,8 +976,6 @@ confOVPN() {
exit 1 exit 1
fi fi
$SUDO cp /etc/.pivpn/Default.txt /etc/openvpn/easy-rsa/pki/Default.txt
if [ "$METH" == "$IPv4pub" ]; then if [ "$METH" == "$IPv4pub" ]; then
$SUDO sed -i 's/IPv4pub/'"$IPv4pub"'/' /etc/openvpn/easy-rsa/pki/Default.txt $SUDO sed -i 's/IPv4pub/'"$IPv4pub"'/' /etc/openvpn/easy-rsa/pki/Default.txt
else else
@ -985,10 +992,12 @@ confOVPN() {
$SUDO sed -i 's/IPv4pub/'"$PUBLICDNS"'/' /etc/openvpn/easy-rsa/pki/Default.txt $SUDO sed -i 's/IPv4pub/'"$PUBLICDNS"'/' /etc/openvpn/easy-rsa/pki/Default.txt
else else
publicDNSCorrect=False publicDNSCorrect=False
fi fi
done done
fi fi
else
$SUDO sed -i 's/IPv4pub/'"$PUBLICDNS"'/' /etc/openvpn/easy-rsa/pki/Default.txt
fi
# if they modified port put value in Default.txt for clients to use # if they modified port put value in Default.txt for clients to use
if [ $PORT != 1194 ]; then if [ $PORT != 1194 ]; then
@ -1007,29 +1016,98 @@ confOVPN() {
$SUDO chmod 0777 -R "/home/$pivpnUser/ovpns" $SUDO chmod 0777 -R "/home/$pivpnUser/ovpns"
} }
finalExports() {
# Update variables in setupVars.conf file
if [ -e "${setupVars}" ]; then
sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;OVPNDNS1/d;OVPNDNS2/d;SERVER_NAME/d;' "${setupVars}"
fi
{
echo "pivpnUser=${pivpnUser}"
echo "UNATTUPG=${UNATTUPG}"
echo "pivpnInterface=${pivpnInterface}"
echo "IPv4dns=${IPv4dns}"
echo "IPv4addr=${IPv4addr}"
echo "IPv4gw=${IPv4gw}"
echo "pivpnProto=${pivpnProto}"
echo "PORT=${PORT}"
echo "ENCRYPT=${ENCRYPT}"
echo "DOWNLOAD_DH_PARAM=${DOWNLOAD_DH_PARAM}"
echo "PUBLICDNS=${PUBLICDNS}"
echo "OVPNDNS1=${OVPNDNS1}"
echo "OVPNDNS2=${OVPNDNS2}"
echo "SERVER_NAME=${SERVER_NAME}"
}>> "${setupVars}"
}
# I suggest replacing some of these names.
#accountForRefactor() {
# # At some point in the future this list can be pruned, for now we'll need it to ensure updates don't break.
#
# # Refactoring of install script has changed the name of a couple of variables. Sort them out here.
# sed -i 's/pivpnUser/PIVPN_USER/g' ${setupVars}
# #sed -i 's/UNATTUPG/UNATTUPG/g' ${setupVars}
# sed -i 's/pivpnInterface/PIVPN_INTERFACE/g' ${setupVars}
# sed -i 's/IPv4dns/IPV4_DNS/g' ${setupVars}
# sed -i 's/IPv4addr/IPV4_ADDRESS/g' ${setupVars}
# sed -i 's/IPv4gw/IPV4_GATEWAY/g' ${setupVars}
# sed -i 's/pivpnProto/TRANSPORT_LAYER/g' ${setupVars}
# #sed -i 's/PORT/PORT/g' ${setupVars}
# #sed -i 's/ENCRYPT/ENCRYPT/g' ${setupVars}
# #sed -i 's/DOWNLOAD_DH_PARAM/DOWNLOAD_DH_PARAM/g' ${setupVars}
# #sed -i 's/PUBLICDNS/PUBLICDNS/g' ${setupVars}
# #sed -i 's/OVPNDNS1/OVPNDNS1/g' ${setupVars}
# #sed -i 's/OVPNDNS2/OVPNDNS2/g' ${setupVars}
# #sed -i 's/SERVER_NAME/SERVER_NAME/g' ${setupVars}
#}
installPiVPN() { installPiVPN() {
stopServices stopServices
confUnattendedUpgrades
$SUDO mkdir -p /etc/pivpn/ $SUDO mkdir -p /etc/pivpn/
getGitFiles ${pivpnFilesDir} ${pivpnGitUrl} confUnattendedUpgrades
installScripts installScripts
setCustomProto setCustomProto
setCustomPort setCustomPort
confOpenVPN confOpenVPN
confNetwork confNetwork
SERVER_NAME="server"
confOVPN confOVPN
setClientDNS setClientDNS
finalExports
} }
updatePiVPN() {
#accountForRefactor
stopServices
confUnattendedUpgrades
installScripts
# setCustomProto
echo "${pivpnProto}" > /tmp/pivpnPROTO
# write out the PROTO
PROTO=$pivpnProto
$SUDO cp /tmp/pivpnPROTO /etc/pivpn/INSTALL_PROTO
#setCustomPort
# write out the port
echo ${PORT} > /tmp/INSTALL_PORT
$SUDO cp /tmp/INSTALL_PORT /etc/pivpn/INSTALL_PORT
confOpenVPN
confNetwork
confOVPN
# ?? Is this always OK? Also if you only select one DNS server ??
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
finalExports #re-export setupVars.conf to account for any new vars added in new versions
}
displayFinalMessage() { displayFinalMessage() {
# Final completion message to user # Final completion message to user
if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then
$SUDO service openvpn start
else
$SUDO systemctl enable openvpn.service
$SUDO systemctl start openvpn.service
fi
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles. whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
Run 'pivpn help' to see what else you can do! Run 'pivpn help' to see what else you can do!
The install log is in /etc/pivpn." ${r} ${c} The install log is in /etc/pivpn." ${r} ${c}
@ -1041,46 +1119,194 @@ The install log is in /etc/pivpn." ${r} ${c}
fi fi
} }
update_dialogs() {
# reconfigure
if [ "${reconfigure}" = true ]; then
opt1a="Repair"
opt1b="This will retain existing settings"
strAdd="You will remain on the same version"
else
opt1a="Update"
opt1b="This will retain existing settings."
strAdd="You will be updated to the latest version."
fi
opt2a="Reconfigure"
opt2b="This will allow you to enter new settings"
UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\n\nWe have detected an existing install.\n\nPlease choose from the following options: \n($strAdd)" ${r} ${c} 2 \
"${opt1a}" "${opt1b}" \
"${opt2a}" "${opt2b}" 3>&2 2>&1 1>&3) || \
{ echo "::: Cancel selected. Exiting"; exit 1; }
case ${UpdateCmd} in
${opt1a})
echo "::: ${opt1a} option selected."
useUpdateVars=true
;;
${opt2a})
echo "::: ${opt2a} option selected"
useUpdateVars=false
;;
esac
}
clone_or_update_repos() {
if [[ "${reconfigure}" == true ]]; then
echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
else
# Get Git files
getGitFiles ${pivpnFilesDir} ${pivpnGitUrl} || \
{ echo "!!! Unable to clone ${pivpnGitUrl} into ${pivpnFilesDir}, unable to continue."; \
exit 1; \
}
fi
}
######## SCRIPT ############ ######## SCRIPT ############
# Verify there is enough disk space for the install
verifyFreeDiskSpace
# Install the packages (we do this first because we need whiptail) main() {
#checkForDependencies
update_package_cache
notify_package_updates_available ######## FIRST CHECK ########
# Must be root to install
echo ":::"
if [[ $EUID -eq 0 ]];then
echo "::: You are root."
else
echo "::: sudo will be used for the install."
# Check if it is actually installed
# If it isn't, exit because the install cannot complete
if [[ $(dpkg-query -s sudo) ]];then
export SUDO="sudo"
export SUDOE="sudo -E"
else
echo "::: Please install sudo or run this as root."
exit 1
fi
fi
install_dependent_packages PIVPN_DEPS[@] # Check for supported distribution
distro_check
# Start the installer # Check arguments for the undocumented flags
welcomeDialogs for var in "$@"; do
case "$var" in
"--reconfigure" ) reconfigure=true;;
"--i_do_not_follow_recommendations" ) skipSpaceCheck=false;;
"--unattended" ) runUnattended=true;;
esac
done
# Find interfaces and let the user choose one if [[ -f ${setupVars} ]]; then
chooseInterface if [[ "${runUnattended}" == true ]]; then
echo "::: --unattended passed to install script, no whiptail dialogs will be displayed"
useUpdateVars=true
else
update_dialogs
fi
fi
# Only try to set static on Raspbian, otherwise let user do it # Start the installer
if [[ $PLAT != "Raspbian" ]]; then # Verify there is enough disk space for the install
if [[ "${skipSpaceCheck}" == true ]]; then
echo "::: --i_do_not_follow_recommendations passed to script, skipping free disk space verification!"
else
verifyFreeDiskSpace
fi
# Install the packages (we do this first because we need whiptail)
#checkForDependencies
update_package_cache
# Notify user of package availability
notify_package_updates_available
# Install packages used by this installation script
install_dependent_packages PIVPN_DEPS[@]
if [[ ${useUpdateVars} == false ]]; then
# Display welcome dialogs
welcomeDialogs
# Find interfaces and let the user choose one
chooseInterface
# Only try to set static on Raspbian, otherwise let user do it
if [[ $PLAT != "Raspbian" ]]; then
avoidStaticIPv4Ubuntu avoidStaticIPv4Ubuntu
else else
getStaticIPv4Settings getStaticIPv4Settings
setStaticIPv4 setStaticIPv4
fi
# Set the Network IP and Mask correctly
setNetwork
# Choose the user for the ovpns
chooseUser
# Ask if unattended-upgrades will be enabled
unattendedUpgrades
# Clone/Update the repos
clone_or_update_repos
# Install and log everything to a file
installPiVPN | tee ${tmpLog}
echo "::: Install Complete..."
else
# Source ${setupVars} for use in the rest of the functions.
source ${setupVars}
# Only try to set static on Raspbian
if [[ $PLAT != "Raspbian" ]]; then
echo "::: IP Information"
echo "::: Since we think you are not using Raspbian, we will not configure a static IP for you."
echo "::: If you are in Amazon then you can not configure a static IP anyway."
echo "::: Just ensure before this installer started you had set an elastic IP on your instance."
else
setStaticIPv4 # This might be a problem if a user tries to modify the ip in the config file and then runs an update because of the way we check for previous configuration in /etc/dhcpcd.conf
fi
# Clone/Update the repos
clone_or_update_repos
updatePiVPN | tee ${tmpLog}
fi
#Move the install log into /etc/pivpn for storage
$SUDO mv ${tmpLog} ${instalLogLoc}
echo "::: Restarting services..."
# Start services
if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then
$SUDO service openvpn start
else
$SUDO systemctl enable openvpn.service
$SUDO systemctl start openvpn.service
fi
echo "::: done."
if [[ "${useUpdateVars}" == false ]]; then
displayFinalMessage
fi
echo ":::"
if [[ "${useUpdateVars}" == false ]]; then
echo "::: Installation Complete!"
echo "::: Now run 'pivpn add' to create the ovpn profiles."
echo "::: Run 'pivpn help' to see what else you can do!"
echo "::: It is strongly recommended you reboot after installation."
else
echo "::: Update complete!"
fi
echo ":::"
echo "::: The install log is located at: ${instalLogLoc}"
}
if [[ "${PVPN_TEST}" != true ]] ; then
main "$@"
fi fi
setNetwork
# Choose the user for the ovpns
chooseUser
# Ask if unattended-upgrades will be enabled
unattendedUpgrades
# Install
installPiVPN | tee ${tmpLog}
#Move the install log into /etc/pivpn for storage
$SUDO mv ${tmpLog} ${instalLogLoc}
displayFinalMessage
echo "::: Install Complete..."

View file

@ -86,10 +86,11 @@ fi
while read -r line || [ -n "${line}" ]; do while read -r line || [ -n "${line}" ]; do
STATUS=$(echo "$line" | awk '{print $1}') STATUS=$(echo "$line" | awk '{print $1}')
if [[ "${STATUS}" = "V" ]]; then if [ "${STATUS}" == "V" ]; then
CERT=$(echo "$line" | sed -e 's:.*/CN=::') CERT=$(echo "$line" | sed -e 's:.*/CN=::')
if [ "${CERT}" == "${NAME}" ]; then if [ "${CERT}" == "${NAME}" ]; then
INUSE="1" INUSE="1"
break
fi fi
fi fi
done <${INDEX} done <${INDEX}