diff --git a/auto_install/install.sh b/auto_install/install.sh old mode 100644 new mode 100755 index 662b90f..32f30da --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -65,7 +65,7 @@ If you think you received this message in error, you can post an issue on the Gi } function maybeOS_Support() { - if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work. + if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work. Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial). Would you like to continue anyway?" $r $c) then echo "::: Did not detect perfectly supported OS but," @@ -97,7 +97,7 @@ elif [[ "$(cat /etc/os-release | grep raspbian)" ]]; then PLAT="Ubuntu" OSCN="unknown" maybeOS_Support - fi + fi # else we prob don't want to install else noOS_Support @@ -127,7 +127,7 @@ welcomeDialogs() { # Explain the need for a static address whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly. - + In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c } @@ -372,7 +372,7 @@ checkForDependencies() { timestamp=$(stat -c %Y /var/cache/apt/) timestampAsDate=$(date -d @"$timestamp" "+%b %e") today=$(date "+%b %e") - + if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then if [[ $OSCN == "trusty" || $OSCN == "jessie" || $OSCN == "wheezy" ]]; then wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add - @@ -475,12 +475,40 @@ update_repo() { echo " done!" } +setCustomProto() { + # Set the available protocols into an array so it can be used with a whiptail dialog + protocol=$(whiptail --title "Protocol" --radiolist \ + "Choose a protocol. Please only choose TCP if you know why you need TCP." $r $c 2 \ + "UDP" "" ON \ + "TCP" "" OFF 3>&1 1>&2 2>&3) + if [ $? -eq 0 ]; then + # Convert option into lowercase (UDP->udp) + pivpnProto="${protocol,,}" + echo "::: Using protocol: $pivpnProto" + echo "${pivpnProto}" > /tmp/pivpnPROTO + else + echo "::: Cancel selected, exiting...." + exit 1 + fi + # write out the PROTO + PROTO=$pivpnProto + $SUDO cp /tmp/pivpnPROTO /etc/pivpn/INSTALL_PROTO +} + + setCustomPort() { until [[ $PORTNumCorrect = True ]] do portInvalid="Invalid" - PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c 1194 3>&1 1>&2 2>&3) + PROTO=`cat /etc/pivpn/INSTALL_PROTO` + if [ "$PROTO" = "udp" ]; then + DEFAULT_PORT=1194 + else + DEFAULT_PORT=443 + fi + + PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c $DEFAULT_PORT 3>&1 1>&2 2>&3) if [[ $? = 0 ]]; then if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 -a "$PORT" -le 65535 ]; then : @@ -617,7 +645,7 @@ confOpenVPN() { cd /etc/openvpn/easy-rsa $SUDO sed -i 's:"`pwd`":"/etc/openvpn/easy-rsa":' vars $SUDO sed -i "s/\(KEY_SIZE=\).*/\1${ENCRYPT}/" vars - + # Init Cert Values COUNTRY="US" STATE="CA" @@ -698,7 +726,7 @@ confOpenVPN() { # It seems you have to set this if you mess with key_cn, lets not. # grep -q 'KEY_ALTNAMES=' vars || printf '\nexport KEY_ALTNAMES="PiVPN_KEYALT"\n' >> vars - + # source the vars file just edited source ./vars @@ -724,17 +752,22 @@ confOpenVPN() { # Write config file for server using the template .txt file LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*') $SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf - + $SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf # Set the user encryption key size $SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/keys\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf - + # if they modified port put value in server.conf if [ $PORT != 1194 ]; then $SUDO sed -i "s/1194/${PORT}/g" /etc/openvpn/server.conf fi + # if they modified protocol put value in server.conf + if [ $PROTO != "udp" ]; then + $SUDO sed -i "s/proto udp/proto tcp/g" /etc/openvpn/server.conf + fi + # write out server certs to conf file $SUDO sed -i "s/\(key \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.key/" /etc/openvpn/server.conf $SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf @@ -783,7 +816,7 @@ confNetwork() { $SUDO sed -i 's/IPv4dev/'$IPv4dev'/' /tmp/ufw_add.txt $SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw $SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules - $SUDO ufw allow ${PORT}/udp + $SUDO ufw allow ${PORT}/${PROTO} $SUDO ufw allow from 10.8.0.0/24 $SUDO ufw reload echo "::: UFW configuration completed." @@ -803,7 +836,7 @@ confNetwork() { else echo 0 > /tmp/noUFW fi - + $SUDO cp /tmp/noUFW /etc/pivpn/NO_UFW } @@ -818,8 +851,8 @@ confOVPN() { METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" $r $c 2 \ "$IPv4pub" "Use this public IP" "ON" \ - "DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3) - + "DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3) + exitstatus=$? if [ $exitstatus != 0 ]; then echo "::: Cancel selected. Exiting..." @@ -830,7 +863,7 @@ confOVPN() { if [ "$METH" == "$IPv4pub" ]; then $SUDO sed -i 's/IPv4pub/'$IPv4pub'/' /etc/openvpn/easy-rsa/keys/Default.txt - else + else until [[ $publicDNSCorrect = True ]] do PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" $r $c 3>&1 1>&2 2>&3) @@ -844,16 +877,21 @@ confOVPN() { $SUDO sed -i 's/IPv4pub/'$PUBLICDNS'/' /etc/openvpn/easy-rsa/keys/Default.txt else publicDNSCorrect=False - + fi done fi - + # if they modified port put value in Default.txt for clients to use if [ $PORT != 1194 ]; then $SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt fi - + + # if they modified protocol put value in Default.txt for clients to use + if [ $PROTO != "udp" ]; then + $SUDO sed -i -e "s/proto udp/proto tcp/g" /etc/openvpn/easy-rsa/keys/Default.txt + fi + # verify server name to strengthen security $SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt @@ -868,6 +906,7 @@ installPiVPN() { $SUDO mkdir -p /etc/pivpn/ getGitFiles installScripts + setCustomProto setCustomPort confOpenVPN confNetwork @@ -884,7 +923,7 @@ displayFinalMessage() { $SUDO systemctl start openvpn.service fi - whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles. + whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles. Run 'pivpn help' to see what else you can do! The install log is in /etc/pivpn." $r $c if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" $r $c); then diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 902faf9..f4c9b33 100644 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -20,6 +20,7 @@ INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER) PLAT=$(cat /etc/pivpn/DET_PLATFORM) NO_UFW=$(cat /etc/pivpn/NO_UFW) PORT=$(cat /etc/pivpn/INSTALL_PORT) +PROTO=$(cat /etc/pivpn/INSTALL_PROTO) # Find the rows and columns rows=$(tput lines) @@ -53,7 +54,7 @@ echo ":::" while true; do read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn case $yn in - [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; + [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; if [ "$i" == "openvpn" ]; then UINST_OVPN=1 ; fi if [ "$i" == "unattended-upgrades" ]; then UINST_UNATTUPG=1 ; fi break;; @@ -100,15 +101,15 @@ echo ":::" # Disable IPv4 forwarding sed -i '/net.ipv4.ip_forward=1/c\#net.ipv4.ip_forward=1' /etc/sysctl.conf sysctl -p - + if [[ $NO_UFW -eq 0 ]]; then $SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"DROP\"/" /etc/default/ufw - $SUDO sed -i '/START OPENVPN RULES/,/END OPENVPN RULES/ d' /etc/ufw/before.rules + $SUDO sed -i '/START OPENVPN RULES/,/END OPENVPN RULES/ d' /etc/ufw/before.rules $SUDO ufw delete allow from 10.8.0.0/24 >/dev/null - $SUDO ufw delete allow ${PORT}/udp >/dev/null + $SUDO ufw delete allow ${PORT}/${PROTO} >/dev/null $SUDO ufw reload fi - + echo ":::" printf "::: Finished removing PiVPN from your system.\n" printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n" @@ -132,7 +133,7 @@ while true; do read -rp "::: Do you wish to completely remove PiVPN configuration and installed packages from your system? (You will be prompted for each package) [y/n]: " yn case $yn in [Yy]* ) removeAll; askreboot; break;; - + [Nn]* ) printf "::: Not removing anything, exiting...\n"; break;; esac done