Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #91 from StephenKinger/feature/add_tcp_option

Browse source 
Feature/add tcp option
This commit is contained in:
0-kaladin 2016-10-09 10:43:05 -04:00 committed by GitHub
commit f3a2b3afbe
2 changed files with 64 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
auto_install/install.sh Normal file → Executable file
View file

@ -475,12 +475,40 @@ update_repo() {
echo " done!"
}
setCustomProto() {
# Set the available protocols into an array so it can be used with a whiptail dialog
protocol=$(whiptail --title "Protocol" --radiolist \
"Choose a protocol. Please only choose TCP if you know why you need TCP." $r $c 2 \
"UDP" "" ON \
"TCP" "" OFF 3>&1 1>&2 2>&3)
if [ $? -eq 0 ]; then
# Convert option into lowercase (UDP->udp)
pivpnProto="${protocol,,}"
echo "::: Using protocol: $pivpnProto"
echo "${pivpnProto}" > /tmp/pivpnPROTO
else
echo "::: Cancel selected, exiting...."
exit 1
fi
# write out the PROTO
PROTO=$pivpnProto
$SUDO cp /tmp/pivpnPROTO /etc/pivpn/INSTALL_PROTO
}
setCustomPort() {
until [[ $PORTNumCorrect = True ]]
do
portInvalid="Invalid"
PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c 1194 3>&1 1>&2 2>&3)
PROTO=`cat /etc/pivpn/INSTALL_PROTO`
if [ "$PROTO" = "udp" ]; then
DEFAULT_PORT=1194
else
DEFAULT_PORT=443
fi
PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c $DEFAULT_PORT 3>&1 1>&2 2>&3)
if [[ $? = 0 ]]; then
if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 -a "$PORT" -le 65535 ]; then
:
@ -735,6 +763,11 @@ confOpenVPN() {
$SUDO sed -i "s/1194/${PORT}/g" /etc/openvpn/server.conf
fi
# if they modified protocol put value in server.conf
if [ $PROTO != "udp" ]; then
$SUDO sed -i "s/proto udp/proto tcp/g" /etc/openvpn/server.conf
fi
# write out server certs to conf file
$SUDO sed -i "s/\(key \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.key/" /etc/openvpn/server.conf
$SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf
@ -783,7 +816,7 @@ confNetwork() {
$SUDO sed -i 's/IPv4dev/'$IPv4dev'/' /tmp/ufw_add.txt
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
$SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules
$SUDO ufw allow ${PORT}/udp
$SUDO ufw allow ${PORT}/${PROTO}
$SUDO ufw allow from 10.8.0.0/24
$SUDO ufw reload
echo "::: UFW configuration completed."
@ -854,6 +887,11 @@ confOVPN() {
$SUDO sed -i -e "s/1194/${PORT}/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi
# if they modified protocol put value in Default.txt for clients to use
if [ $PROTO != "udp" ]; then
$SUDO sed -i -e "s/proto udp/proto tcp/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi
# verify server name to strengthen security
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
@ -868,6 +906,7 @@ installPiVPN() {
$SUDO mkdir -p /etc/pivpn/
getGitFiles
installScripts
setCustomProto
setCustomPort
confOpenVPN
confNetwork

3
scripts/uninstall.sh
View file

@ -20,6 +20,7 @@ INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
PLAT=$(cat /etc/pivpn/DET_PLATFORM)
NO_UFW=$(cat /etc/pivpn/NO_UFW)
PORT=$(cat /etc/pivpn/INSTALL_PORT)
PROTO=$(cat /etc/pivpn/INSTALL_PROTO)
# Find the rows and columns
rows=$(tput lines)
@ -105,7 +106,7 @@ echo ":::"
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"DROP\"/" /etc/default/ufw
$SUDO sed -i '/START OPENVPN RULES/,/END OPENVPN RULES/ d' /etc/ufw/before.rules
$SUDO ufw delete allow from 10.8.0.0/24 >/dev/null
$SUDO ufw delete allow ${PORT}/udp >/dev/null
$SUDO ufw delete allow ${PORT}/${PROTO} >/dev/null
$SUDO ufw reload
fi