Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #91 from StephenKinger/feature/add_tcp_option

Browse source 
Feature/add tcp option
This commit is contained in:
0-kaladin 2016-10-09 10:43:05 -04:00 committed by GitHub
commit f3a2b3afbe
2 changed files with 64 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
auto_install/install.sh Normal file → Executable file
View file

@ -65,7 +65,7 @@ If you think you received this message in error, you can post an issue on the Gi
} }
function maybeOS_Support() { function maybeOS_Support() {
if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work. if (whiptail --backtitle "Not Supported OS" --title "Not Supported OS" --yesno "You are on an OS that we have not tested but MAY work.
Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial). Currently this installer supports Raspbian jessie, Ubuntu 14.04 (trusty), and Ubuntu 16.04 (xenial).
Would you like to continue anyway?" $r $c) then Would you like to continue anyway?" $r $c) then
echo "::: Did not detect perfectly supported OS but," echo "::: Did not detect perfectly supported OS but,"
@ -97,7 +97,7 @@ elif [[ "$(cat /etc/os-release | grep raspbian)" ]]; then
PLAT="Ubuntu" PLAT="Ubuntu"
OSCN="unknown" OSCN="unknown"
maybeOS_Support maybeOS_Support
fi fi
# else we prob don't want to install # else we prob don't want to install
else else
noOS_Support noOS_Support
@ -127,7 +127,7 @@ welcomeDialogs() {
# Explain the need for a static address # Explain the need for a static address
whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly. whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "The PiVPN is a SERVER so it needs a STATIC IP ADDRESS to function properly.
In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c
} }
@ -372,7 +372,7 @@ checkForDependencies() {
timestamp=$(stat -c %Y /var/cache/apt/) timestamp=$(stat -c %Y /var/cache/apt/)
timestampAsDate=$(date -d @"$timestamp" "+%b %e") timestampAsDate=$(date -d @"$timestamp" "+%b %e")
today=$(date "+%b %e") today=$(date "+%b %e")
if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then
if [[ $OSCN == "trusty" || $OSCN == "jessie" || $OSCN == "wheezy" ]]; then if [[ $OSCN == "trusty" || $OSCN == "jessie" || $OSCN == "wheezy" ]]; then
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add - wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg| $SUDO apt-key add -
@ -475,12 +475,40 @@ update_repo() {
echo " done!" echo " done!"
} }
setCustomProto() {
# Set the available protocols into an array so it can be used with a whiptail dialog
protocol=$(whiptail --title "Protocol" --radiolist \
"Choose a protocol. Please only choose TCP if you know why you need TCP." $r $c 2 \
"UDP" "" ON \
"TCP" "" OFF 3>&1 1>&2 2>&3)
if [ $? -eq 0 ]; then
# Convert option into lowercase (UDP->udp)
pivpnProto="${protocol,,}"
echo "::: Using protocol: $pivpnProto"
echo "${pivpnProto}" > /tmp/pivpnPROTO
else
echo "::: Cancel selected, exiting...."
exit 1
fi
# write out the PROTO
PROTO=$pivpnProto
$SUDO cp /tmp/pivpnPROTO /etc/pivpn/INSTALL_PROTO
}
setCustomPort() { setCustomPort() {
until [[ $PORTNumCorrect = True ]] until [[ $PORTNumCorrect = True ]]
do do
portInvalid="Invalid" portInvalid="Invalid"
PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c 1194 3>&1 1>&2 2>&3) PROTO=`cat /etc/pivpn/INSTALL_PROTO`
if [ "$PROTO" = "udp" ]; then
DEFAULT_PORT=1194
else
DEFAULT_PORT=443
fi
PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c $DEFAULT_PORT 3>&1 1>&2 2>&3)
if [[ $? = 0 ]]; then if [[ $? = 0 ]]; then
if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 -a "$PORT" -le 65535 ]; then if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 -a "$PORT" -le 65535 ]; then
: :
@ -617,7 +645,7 @@ confOpenVPN() {
cd /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa
$SUDO sed -i 's:"`pwd`":"/etc/openvpn/easy-rsa":' vars $SUDO sed -i 's:"`pwd`":"/etc/openvpn/easy-rsa":' vars
$SUDO sed -i "s/\(KEY_SIZE=\).*/\1${ENCRYPT}/" vars $SUDO sed -i "s/\(KEY_SIZE=\).*/\1${ENCRYPT}/" vars
# Init Cert Values # Init Cert Values
COUNTRY="US" COUNTRY="US"
STATE="CA" STATE="CA"
@ -698,7 +726,7 @@ confOpenVPN() {
# It seems you have to set this if you mess with key_cn, lets not. # It seems you have to set this if you mess with key_cn, lets not.
# grep -q 'KEY_ALTNAMES=' vars || printf '\nexport KEY_ALTNAMES="PiVPN_KEYALT"\n' >> vars # grep -q 'KEY_ALTNAMES=' vars || printf '\nexport KEY_ALTNAMES="PiVPN_KEYALT"\n' >> vars
# source the vars file just edited # source the vars file just edited
source ./vars source ./vars
@ -724,17 +752,22 @@ confOpenVPN() {
# Write config file for server using the template .txt file # Write config file for server using the template .txt file
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*') LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf $SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf $SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
# Set the user encryption key size # Set the user encryption key size
$SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/keys\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf $SUDO sed -i "s/\(dh \/etc\/openvpn\/easy-rsa\/keys\/dh\).*/\1${ENCRYPT}.pem/" /etc/openvpn/server.conf
# if they modified port put value in server.conf # if they modified port put value in server.conf
if [ $PORT != 1194 ]; then if [ $PORT != 1194 ]; then
$SUDO sed -i "s/1194/${PORT}/g" /etc/openvpn/server.conf $SUDO sed -i "s/1194/${PORT}/g" /etc/openvpn/server.conf
fi fi
# if they modified protocol put value in server.conf
if [ $PROTO != "udp" ]; then
$SUDO sed -i "s/proto udp/proto tcp/g" /etc/openvpn/server.conf
fi
# write out server certs to conf file # write out server certs to conf file
$SUDO sed -i "s/\(key \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.key/" /etc/openvpn/server.conf $SUDO sed -i "s/\(key \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.key/" /etc/openvpn/server.conf
$SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf $SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf
@ -783,7 +816,7 @@ confNetwork() {
$SUDO sed -i 's/IPv4dev/'$IPv4dev'/' /tmp/ufw_add.txt $SUDO sed -i 's/IPv4dev/'$IPv4dev'/' /tmp/ufw_add.txt
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw $SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
$SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules $SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules
$SUDO ufw allow ${PORT}/udp $SUDO ufw allow ${PORT}/${PROTO}
$SUDO ufw allow from 10.8.0.0/24 $SUDO ufw allow from 10.8.0.0/24
$SUDO ufw reload $SUDO ufw reload
echo "::: UFW configuration completed." echo "::: UFW configuration completed."
@ -803,7 +836,7 @@ confNetwork() {
else else
echo 0 > /tmp/noUFW echo 0 > /tmp/noUFW
fi fi
$SUDO cp /tmp/noUFW /etc/pivpn/NO_UFW $SUDO cp /tmp/noUFW /etc/pivpn/NO_UFW
} }
@ -818,8 +851,8 @@ confOVPN() {
METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" $r $c 2 \ METH=$(whiptail --title "Public IP or DNS" --radiolist "Will clients use a Public IP or DNS Name to connect to your server?" $r $c 2 \
"$IPv4pub" "Use this public IP" "ON" \ "$IPv4pub" "Use this public IP" "ON" \
"DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3) "DNS Entry" "Use a public DNS" "OFF" 3>&1 1>&2 2>&3)
exitstatus=$? exitstatus=$?
if [ $exitstatus != 0 ]; then if [ $exitstatus != 0 ]; then
echo "::: Cancel selected. Exiting..." echo "::: Cancel selected. Exiting..."
@ -830,7 +863,7 @@ confOVPN() {
if [ "$METH" == "$IPv4pub" ]; then if [ "$METH" == "$IPv4pub" ]; then
$SUDO sed -i 's/IPv4pub/'$IPv4pub'/' /etc/openvpn/easy-rsa/keys/Default.txt $SUDO sed -i 's/IPv4pub/'$IPv4pub'/' /etc/openvpn/easy-rsa/keys/Default.txt
else else
until [[ $publicDNSCorrect = True ]] until [[ $publicDNSCorrect = True ]]
do do
PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" $r $c 3>&1 1>&2 2>&3) PUBLICDNS=$(whiptail --title "PiVPN Setup" --inputbox "What is the public DNS name of this Server?" $r $c 3>&1 1>&2 2>&3)
@ -844,16 +877,21 @@ confOVPN() {
$SUDO sed -i 's/IPv4pub/'$PUBLICDNS'/' /etc/openvpn/easy-rsa/keys/Default.txt $SUDO sed -i 's/IPv4pub/'$PUBLICDNS'/' /etc/openvpn/easy-rsa/keys/Default.txt
else else
publicDNSCorrect=False publicDNSCorrect=False
fi fi
done done
fi fi
# if they modified port put value in Default.txt for clients to use # if they modified port put value in Default.txt for clients to use
if [ $PORT != 1194 ]; then if [ $PORT != 1194 ]; then
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt $SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi fi
# if they modified protocol put value in Default.txt for clients to use
if [ $PROTO != "udp" ]; then
$SUDO sed -i -e "s/proto udp/proto tcp/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi
# verify server name to strengthen security # verify server name to strengthen security
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt $SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
@ -868,6 +906,7 @@ installPiVPN() {
$SUDO mkdir -p /etc/pivpn/ $SUDO mkdir -p /etc/pivpn/
getGitFiles getGitFiles
installScripts installScripts
setCustomProto
setCustomPort setCustomPort
confOpenVPN confOpenVPN
confNetwork confNetwork
@ -884,7 +923,7 @@ displayFinalMessage() {
$SUDO systemctl start openvpn.service $SUDO systemctl start openvpn.service
fi fi
whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles. whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Now run 'pivpn add' to create the ovpn profiles.
Run 'pivpn help' to see what else you can do! Run 'pivpn help' to see what else you can do!
The install log is in /etc/pivpn." $r $c The install log is in /etc/pivpn." $r $c
if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" $r $c); then if (whiptail --title "Reboot" --yesno --defaultno "It is strongly recommended you reboot after installation. Would you like to reboot now?" $r $c); then

13
scripts/uninstall.sh
View file

@ -20,6 +20,7 @@ INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
PLAT=$(cat /etc/pivpn/DET_PLATFORM) PLAT=$(cat /etc/pivpn/DET_PLATFORM)
NO_UFW=$(cat /etc/pivpn/NO_UFW) NO_UFW=$(cat /etc/pivpn/NO_UFW)
PORT=$(cat /etc/pivpn/INSTALL_PORT) PORT=$(cat /etc/pivpn/INSTALL_PORT)
PROTO=$(cat /etc/pivpn/INSTALL_PROTO)
# Find the rows and columns # Find the rows and columns
rows=$(tput lines) rows=$(tput lines)
@ -53,7 +54,7 @@ echo ":::"
while true; do while true; do
read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn
case $yn in case $yn in
[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n";
if [ "$i" == "openvpn" ]; then UINST_OVPN=1 ; fi if [ "$i" == "openvpn" ]; then UINST_OVPN=1 ; fi
if [ "$i" == "unattended-upgrades" ]; then UINST_UNATTUPG=1 ; fi if [ "$i" == "unattended-upgrades" ]; then UINST_UNATTUPG=1 ; fi
break;; break;;
@ -100,15 +101,15 @@ echo ":::"
# Disable IPv4 forwarding # Disable IPv4 forwarding
sed -i '/net.ipv4.ip_forward=1/c\#net.ipv4.ip_forward=1' /etc/sysctl.conf sed -i '/net.ipv4.ip_forward=1/c\#net.ipv4.ip_forward=1' /etc/sysctl.conf
sysctl -p sysctl -p
if [[ $NO_UFW -eq 0 ]]; then if [[ $NO_UFW -eq 0 ]]; then
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"DROP\"/" /etc/default/ufw $SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"DROP\"/" /etc/default/ufw
$SUDO sed -i '/START OPENVPN RULES/,/END OPENVPN RULES/ d' /etc/ufw/before.rules $SUDO sed -i '/START OPENVPN RULES/,/END OPENVPN RULES/ d' /etc/ufw/before.rules
$SUDO ufw delete allow from 10.8.0.0/24 >/dev/null $SUDO ufw delete allow from 10.8.0.0/24 >/dev/null
$SUDO ufw delete allow ${PORT}/udp >/dev/null $SUDO ufw delete allow ${PORT}/${PROTO} >/dev/null
$SUDO ufw reload $SUDO ufw reload
fi fi
echo ":::" echo ":::"
printf "::: Finished removing PiVPN from your system.\n" printf "::: Finished removing PiVPN from your system.\n"
printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n" printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n"
@ -132,7 +133,7 @@ while true; do
read -rp "::: Do you wish to completely remove PiVPN configuration and installed packages from your system? (You will be prompted for each package) [y/n]: " yn read -rp "::: Do you wish to completely remove PiVPN configuration and installed packages from your system? (You will be prompted for each package) [y/n]: " yn
case $yn in case $yn in
[Yy]* ) removeAll; askreboot; break;; [Yy]* ) removeAll; askreboot; break;;
[Nn]* ) printf "::: Not removing anything, exiting...\n"; break;; [Nn]* ) printf "::: Not removing anything, exiting...\n"; break;;
esac esac
done done