Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 10:50:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #91 from StephenKinger/feature/add_tcp_option

Browse source 
Feature/add tcp option
This commit is contained in:
0-kaladin 2016-10-09 10:43:05 -04:00 committed by GitHub
commit f3a2b3afbe
2 changed files with 64 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
auto_install/install.sh Normal file → Executable file
View file

@ -65,7 +65,7 @@ If you think you received this message in error, you can post an issue on the Gi
}
function maybeOS_Support() {
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial).
Would you like to continue anyway?" $r $c) then
echo "::: Did not detect perfectly supported OS but,"
@ -97,7 +97,7 @@ elif [[ "$(cat /etc/os-release | grep raspbian)" ]]; then
PLAT="Ubuntu"
OSCN="unknown"
maybeOS_Support
fi
fi
# else we prob don't want to install
else
noOS_Support
@ -127,7 +127,7 @@ welcomeDialogs() {
# Explain the need for a static address
whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly.
In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c
}
@ -372,7 +372,7 @@ checkForDependencies() {
timestamp=$(stat -c %Y /var/cache/apt/)
timestampAsDate=$(date -d @"$timestamp" "+%b %e")
today=$(date "+%b %e")
if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then
if [[ $OSCN == "trusty" || $OSCN == "jessie" || $OSCN == "wheezy" ]]; then
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add -
@ -475,12 +475,40 @@ update_repo() {
echo " done!"
}
setCustomProto() {
# Set the available protocols into an array so it can be used with a whiptail dialog
protocol=$(whiptail --title "Protocol" --radiolist \
"Choose a protocol. Please only choose TCP if you know why you need TCP." $r $c 2 \
"UDP" "" ON \
"TCP" "" OFF 3>&1 1>&2 2>&3)
if [ $? -eq 0 ]; then
# Convert option into lowercase (UDP->udp)
pivpnProto="${protocol,,}"
echo "::: Using protocol: $pivpnProto"
echo "${pivpnProto}" > /tmp/pivpnPROTO
else
echo "::: Cancel selected, exiting...."
exit 1
fi
# write out the PROTO
PROTO=$pivpnProto
$SUDO cp /tmp/pivpnPROTO /etc/pivpn/INSTALL_PROTO
}
setCustomPort() {
until [[ $PORTNumCorrect = True ]]
do
portInvalid="Invalid"
PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c 1194 3>&1 1>&2 2>&3)
PROTO=`cat /etc/pivpn/INSTALL_PROTO`
if [ "$PROTO" = "udp" ]; then
DEFAULT_PORT=1194
else
DEFAULT_PORT=443
fi
PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c $DEFAULT_PORT 3>&1 1>&2 2>&3)
if [[ $? = 0 ]]; then
if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 -a "$PORT" -le 65535 ]; then
:
@ -617,7 +645,7 @@ confOpenVPN() {
cd /etc/openvpn/easy-rsa
$SUDO sed -i 's:"`pwd`":"/etc/openvpn/easy-rsa":' vars
$SUDO sed -i "s/\(KEY_SIZE=\).*/\1${ENCRYPT}/" vars
# Init Cert Values
COUNTRY="US"
STATE="CA"
@ -698,7 +726,7 @@ confOpenVPN() {
# It seems you have to set this if you mess with key_cn, lets not.
# grep -q 'KEY_ALTNAMES=' vars || printf '\nexport KEY_ALTNAMES="PiVPN_KEYALT"\n' >> vars
# source the vars file just edited
source ./vars
@ -724,17 +752,22 @@ confOpenVPN() {
# Write config file for server using the template .txt file
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
# Set the user encryption key size
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/keys\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf
# if they modified port put value in server.conf
if [ $PORT != 1194 ]; then
$SUDO sed -i "s/1194/${PORT}/g" /etc/openvpn/server.conf
fi
# if they modified protocol put value in server.conf
if [ $PROTO != "udp" ]; then
$SUDO sed -i "s/proto udp/proto tcp/g" /etc/openvpn/server.conf
fi
# write out server certs to conf file
$SUDO sed -i "s/\(key \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.key/" /etc/openvpn/server.conf
$SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf
@ -783,7 +816,7 @@ confNetwork() {
$SUDO sed -i 's/IPv4dev/'$IPv4dev'/' /tmp/ufw_add.txt
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
$SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules
$SUDO ufw allow ${PORT}/udp
$SUDO ufw allow ${PORT}/${PROTO}
$SUDO ufw allow from 10.8.0.0/24
$SUDO ufw reload
echo "::: UFW configuration completed."
@ -803,7 +836,7 @@ confNetwork() {
else
echo 0 > /tmp/noUFW
fi
$SUDO cp /tmp/noUFW /etc/pivpn/NO_UFW
}
@ -818,8 +851,8 @@ confOVPN() {
METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" $r $c 2 \
"$IPv4pub" "Use this public IP" "ON" \
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus != 0 ]; then
echo "::: Cancel selected. Exiting..."
@ -830,7 +863,7 @@ confOVPN() {
if [ "$METH" == "$IPv4pub" ]; then
$SUDO sed -i 's/IPv4pub/'$IPv4pub'/' /etc/openvpn/easy-rsa/keys/Default.txt
else
else
until [[ $publicDNSCorrect = True ]]
do
PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" $r $c 3>&1 1>&2 2>&3)
@ -844,16 +877,21 @@ confOVPN() {
$SUDO sed -i 's/IPv4pub/'$PUBLICDNS'/' /etc/openvpn/easy-rsa/keys/Default.txt
else
publicDNSCorrect=False
fi
done
fi
# if they modified port put value in Default.txt for clients to use
if [ $PORT != 1194 ]; then
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi
# if they modified protocol put value in Default.txt for clients to use
if [ $PROTO != "udp" ]; then
$SUDO sed -i -e "s/proto udp/proto tcp/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi
# verify server name to strengthen security
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
@ -868,6 +906,7 @@ installPiVPN() {
$SUDO mkdir -p /etc/pivpn/
getGitFiles
installScripts
setCustomProto
setCustomPort
confOpenVPN
confNetwork
@ -884,7 +923,7 @@ displayFinalMessage() {
$SUDO systemctl start openvpn.service
fi
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
Run 'pivpn help' to see what else you can do!
The install log is in /etc/pivpn." $r $c
if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" $r $c); then

13
scripts/uninstall.sh
View file

@ -20,6 +20,7 @@ INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
PLAT=$(cat /etc/pivpn/DET_PLATFORM)
NO_UFW=$(cat /etc/pivpn/NO_UFW)
PORT=$(cat /etc/pivpn/INSTALL_PORT)
PROTO=$(cat /etc/pivpn/INSTALL_PROTO)
# Find the rows and columns
rows=$(tput lines)
@ -53,7 +54,7 @@ echo ":::"
while true; do
read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn
case $yn in
[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n";
[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n";
if [ "$i" == "openvpn" ]; then UINST_OVPN=1 ; fi
if [ "$i" == "unattended-upgrades" ]; then UINST_UNATTUPG=1 ; fi
break;;
@ -100,15 +101,15 @@ echo ":::"
# Disable IPv4 forwarding
sed -i '/net.ipv4.ip_forward=1/c\#net.ipv4.ip_forward=1' /etc/sysctl.conf
sysctl -p
if [[ $NO_UFW -eq 0 ]]; then
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"DROP\"/" /etc/default/ufw
$SUDO sed -i '/START OPENVPN RULES/,/END OPENVPN RULES/ d' /etc/ufw/before.rules
$SUDO sed -i '/START OPENVPN RULES/,/END OPENVPN RULES/ d' /etc/ufw/before.rules
$SUDO ufw delete allow from 10.8.0.0/24 >/dev/null
$SUDO ufw delete allow ${PORT}/udp >/dev/null
$SUDO ufw delete allow ${PORT}/${PROTO} >/dev/null
$SUDO ufw reload
fi
echo ":::"
printf "::: Finished removing PiVPN from your system.\n"
printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n"
@ -132,7 +133,7 @@ while true; do
read -rp "::: Do you wish to completely remove PiVPN configuration and installed packages from your system? (You will be prompted for each package) [y/n]: " yn
case $yn in
[Yy]* ) removeAll; askreboot; break;;
[Nn]* ) printf "::: Not removing anything, exiting...\n"; break;;
esac
done