Merge pull request #983 from pivpn/test

Merge test into master
This commit is contained in:
Orazio 2020-03-17 09:51:14 +01:00 committed by GitHub
commit fcf05d75df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 361 additions and 429 deletions

View file

@ -5,6 +5,16 @@ patch release notes.
Everytime Test branch is merged into master, a new entry should be created with the date and changes being merged. Everytime Test branch is merged into master, a new entry should be created with the date and changes being merged.
## Mar 17th 2020
- Switch to Bullseye repository on Debian/Raspbian. The bullseye repository is less likely to offer broken packages and it's also supported by Raspbian, meaning there is no need to manually compile WireGuard on older Raspberry Pis.
- Adding a PPA on Ubuntu requires 'software-properties-common' with may not be installed on servers.
- Avoid IPv6 leak by routing IPv6 through WireGuard.
- Download OpenVPN key via HTTPS if retrieving via keyserver fails.
- Show connected clients data rates with dotted decimal notation using 'pivpn -c -b'. It's useful because the human readable format does not offer enough precision to tell if a client is sending very little data.
- Use 'apt-cache policy' to decide whether we need a repository or not.
- Use lowest APT pin priority that allows package upgrades (more information on pull request [#963](https://github.com/pivpn/pivpn/pull/963) and [#983](https://github.com/pivpn/pivpn/pull/983)).
## Feb 17th 2020 ## Feb 17th 2020
- When offering to use Pi-hole, identify VPN clients via clientname.pivpn using a dedicated hosts file. Clients can now be resolved by their names and also show up in the Pi-hole dashboard. - When offering to use Pi-hole, identify VPN clients via clientname.pivpn using a dedicated hosts file. Clients can now be resolved by their names and also show up in the Pi-hole dashboard.

View file

@ -14,10 +14,18 @@
pivpnGitUrl="https://github.com/pivpn/pivpn.git" pivpnGitUrl="https://github.com/pivpn/pivpn.git"
setupVars="/etc/pivpn/setupVars.conf" setupVars="/etc/pivpn/setupVars.conf"
pivpnFilesDir="/etc/.pivpn" pivpnFilesDir="/etc/.pivpn"
piholeSetupVars="/etc/pihole/setupVars.conf" piholeSetupVars="/etc/pihole/setupVars.conf"
dnsmasqConfig="/etc/dnsmasq.d/02-pivpn.conf" dnsmasqConfig="/etc/dnsmasq.d/02-pivpn.conf"
### PKG Vars ### dhcpcdFile="/etc/dhcpcd.conf"
subnetClass="24"
debianOvpnUserGroup="openvpn:openvpn"
# OpenVPN GPG fingerprint, you can look it up at https://keyserver.ubuntu.com (prepend '0x' before it)
OPENVPN_KEY_ID="30EBF4E73CCE63EEE124DD278E6DA8B4E158C569"
######## PKG Vars ########
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
PKG_CACHE="/var/lib/apt/lists/" PKG_CACHE="/var/lib/apt/lists/"
### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086 ### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086
@ -33,32 +41,29 @@ BASE_DEPS=(git tar wget curl grep dnsutils whiptail net-tools bsdmainutils)
# PiVPN we won't prompt to remove packages that may have been installed by the user for other reasons # PiVPN we won't prompt to remove packages that may have been installed by the user for other reasons
INSTALLED_PACKAGES=() INSTALLED_PACKAGES=()
######## URLs ########
easyrsaVer="3.0.6" easyrsaVer="3.0.6"
easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-unix-v${easyrsaVer}.tgz" easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-unix-v${easyrsaVer}.tgz"
subnetClass="24"
dhcpcdFile="/etc/dhcpcd.conf"
debianOvpnUserGroup="openvpn:openvpn"
# Raspbian's unattended-upgrades package downloads Debian's config, so this is the link for the proper config # Raspbian's unattended-upgrades package downloads Debian's config, so this is the link for the proper config
UNATTUPG_RELEASE="1.16" UNATTUPG_RELEASE="1.16"
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz" UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz"
# GPG fingerprints (you can look them up at https://keyserver.ubuntu.com) # Fallback url for the OpenVPN key
OPENVPN_REPO_KEY="0x30ebf4e73cce63eee124dd278e6da8b4e158c569" OPENVPN_KEY_URL="https://swupdate.openvpn.net/repos/repo-public.gpg"
DEBIAN_STRETCH_KEY="0xe1cf20ddffe4b89e802658f1e0b11894f66aec98"
DEBIAN_BUSTER_KEY="0x80d15823b7fd1561f9f7bcdddc30d7c23cbbabee"
# Find the rows and columns. Will default to 80x24 if it can not be detected.
screen_size=$(stty size 2>/dev/null || echo 24 80)
rows=$(echo "$screen_size" | awk '{print $1}')
columns=$(echo "$screen_size" | awk '{print $2}')
######## Undocumented Flags. Shhh ######## ######## Undocumented Flags. Shhh ########
runUnattended=false runUnattended=false
skipSpaceCheck=false skipSpaceCheck=false
reconfigure=false reconfigure=false
######## SCRIPT ########
# Find the rows and columns. Will default to 80x24 if it can not be detected.
screen_size=$(stty size 2>/dev/null || echo 24 80)
rows=$(echo "$screen_size" | awk '{print $1}')
columns=$(echo "$screen_size" | awk '{print $2}')
# Divide by two so the dialogs take up half of the screen, which looks nice. # Divide by two so the dialogs take up half of the screen, which looks nice.
r=$(( rows / 2 )) r=$(( rows / 2 ))
c=$(( columns / 2 )) c=$(( columns / 2 ))
@ -66,7 +71,8 @@ c=$(( columns / 2 ))
r=$(( r < 20 ? 20 : r )) r=$(( r < 20 ? 20 : r ))
c=$(( c < 70 ? 70 : c )) c=$(( c < 70 ? 70 : c ))
######## SCRIPT ############ # Override localization settings so the output is in English language.
export LC_ALL=C
main(){ main(){
@ -252,6 +258,15 @@ distroCheck(){
OSCN=${VER_MAP["${VER}"]} OSCN=${VER_MAP["${VER}"]}
fi fi
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then
DPKG_ARCH="$(dpkg --print-architecture)"
if [ "$DPKG_ARCH" = "amd64" ] || [ "$DPKG_ARCH" = "i386" ]; then
X86_SYSTEM=1
else
X86_SYSTEM=0
fi
fi
case ${PLAT} in case ${PLAT} in
Debian|Raspbian|Ubuntu) Debian|Raspbian|Ubuntu)
case ${OSCN} in case ${OSCN} in
@ -440,7 +455,7 @@ preconfigurePackages(){
# if ufw is enabled, configure that. # if ufw is enabled, configure that.
# running as root because sometimes the executable is not in the user's $PATH # running as root because sometimes the executable is not in the user's $PATH
if $SUDO bash -c 'command -v ufw' > /dev/null; then if $SUDO bash -c 'command -v ufw' > /dev/null; then
if LC_ALL=C $SUDO ufw status | grep -q inactive; then if $SUDO ufw status | grep -q inactive; then
USING_UFW=0 USING_UFW=0
else else
USING_UFW=1 USING_UFW=1
@ -986,6 +1001,11 @@ installPiVPN(){
askWhichVPN askWhichVPN
if [ "$VPN" = "openvpn" ]; then if [ "$VPN" = "openvpn" ]; then
pivpnDEV="tun0"
pivpnNET="10.8.0.0"
vpnGw="${pivpnNET/.0.0/.0.1}"
installOpenVPN installOpenVPN
askCustomProto askCustomProto
askCustomPort askCustomPort
@ -997,64 +1017,109 @@ installPiVPN(){
confOVPN confOVPN
confNetwork confNetwork
confLogging confLogging
elif [ "$VPN" = "wireguard" ]; then elif [ "$VPN" = "wireguard" ]; then
# Since WireGuard only uses UDP, askCustomProto() is never called so we
# set the protocol here.
pivpnPROTO="udp"
pivpnDEV="wg0"
pivpnNET="10.6.0.0"
vpnGw="${pivpnNET/.0.0/.0.1}"
installWireGuard installWireGuard
askCustomPort askCustomPort
askClientDNS askClientDNS
askPublicIPOrDNS askPublicIPOrDNS
confWireGuard confWireGuard
confNetwork confNetwork
echo "pivpnPROTO=${pivpnPROTO}" >> /tmp/setupVars.conf
fi fi
echo "pivpnDEV=${pivpnDEV}" >> /tmp/setupVars.conf
echo "pivpnNET=${pivpnNET}" >> /tmp/setupVars.conf
echo "subnetClass=${subnetClass}" >> /tmp/setupVars.conf
} }
askWhichVPN(){ askWhichVPN(){
if [ "${runUnattended}" = 'true' ]; then if [ "${runUnattended}" = 'true' ]; then
if [ -z "$VPN" ]; then if [ "$PLAT" = "Raspbian" ] || [ "$X86_SYSTEM" -eq 1 ]; then
echo ":: No VPN protocol specified, using WireGuard" if [ -z "$VPN" ]; then
VPN="wireguard" echo ":: No VPN protocol specified, using WireGuard"
else VPN="wireguard"
VPN="${VPN,,}"
if [ "$VPN" = "wireguard" ]; then
echo "::: WireGuard will be installed"
elif [ "$VPN" = "openvpn" ]; then
echo "::: OpenVPN will be installed"
else else
echo ":: $VPN is not a supported VPN protocol, please specify 'wireguard' or 'openvpn'" VPN="${VPN,,}"
exit 1 if [ "$VPN" = "wireguard" ]; then
echo "::: WireGuard will be installed"
elif [ "$VPN" = "openvpn" ]; then
echo "::: OpenVPN will be installed"
else
echo ":: $VPN is not a supported VPN protocol, please specify 'wireguard' or 'openvpn'"
exit 1
fi
fi
elif [ "$X86_SYSTEM" -eq 0 ]; then
if [ -z "$VPN" ]; then
echo ":: No VPN protocol specified, using OpenVPN"
VPN="openvpn"
else
VPN="${VPN,,}"
if [ "$VPN" = "openvpn" ]; then
echo "::: OpenVPN will be installed"
else
echo ":: $VPN is not a supported VPN protocol on $DPKG_ARCH $PLAT, only 'openvpn' is"
exit 1
fi
fi fi
fi fi
else else
chooseVPNCmd=(whiptail --backtitle "Setup PiVPN" --title "Installation mode" --separate-output --radiolist "WireGuard is a new kind of VPN that provides near-istantaneous connection speed, high performance, modern cryptography.\\n\\nIt's the recommended choice expecially if you use mobile devices where WireGuard is easier on battery than OpenVPN.\\n\\nOpenVPN is still available if you need the traditional, flexible, trusted VPN protocol. Or if you need features like TCP and custom search domain.\\n\\nChoose a VPN (press space to select):" "${r}" "${c}" 2) if [ "$PLAT" = "Raspbian" ] || [ "$X86_SYSTEM" -eq 1 ]; then
VPNChooseOptions=(WireGuard "" on chooseVPNCmd=(whiptail --backtitle "Setup PiVPN" --title "Installation mode" --separate-output --radiolist "WireGuard is a new kind of VPN that provides near-istantaneous connection speed, high performance, modern cryptography.\\n\\nIt's the recommended choice expecially if you use mobile devices where WireGuard is easier on battery than OpenVPN.\\n\\nOpenVPN is still available if you need the traditional, flexible, trusted VPN protocol. Or if you need features like TCP and custom search domain.\\n\\nChoose a VPN (press space to select):" "${r}" "${c}" 2)
OpenVPN "" off) VPNChooseOptions=(WireGuard "" on
OpenVPN "" off)
if VPN=$("${chooseVPNCmd[@]}" "${VPNChooseOptions[@]}" 2>&1 >/dev/tty) ; then if VPN=$("${chooseVPNCmd[@]}" "${VPNChooseOptions[@]}" 2>&1 >/dev/tty) ; then
echo "::: Using VPN: $VPN" echo "::: Using VPN: $VPN"
VPN="${VPN,,}" VPN="${VPN,,}"
else else
echo "::: Cancel selected, exiting...." echo "::: Cancel selected, exiting...."
exit 1 exit 1
fi
elif [ "$X86_SYSTEM" -eq 0 ]; then
echo "::: Using VPN: OpenVPN"
VPN="openvpn"
fi fi
fi fi
if [ "$VPN" = "wireguard" ]; then
# Since WireGuard only uses UDP, askCustomProto() is never called so we
# set the protocol here (it's not actually required to save the value, but
# it might be useful for the user when port forwarding).
pivpnPROTO="udp"
echo "pivpnPROTO=${pivpnPROTO}" >> /tmp/setupVars.conf
pivpnDEV="wg0"
pivpnNET="10.6.0.0"
elif [ "$VPN" = "openvpn" ]; then
pivpnDEV="tun0"
pivpnNET="10.8.0.0"
fi
vpnGw="${pivpnNET/.0.0/.0.1}"
echo "VPN=${VPN}" >> /tmp/setupVars.conf echo "VPN=${VPN}" >> /tmp/setupVars.conf
echo "pivpnDEV=${pivpnDEV}" >> /tmp/setupVars.conf }
echo "pivpnNET=${pivpnNET}" >> /tmp/setupVars.conf
echo "subnetClass=${subnetClass}" >> /tmp/setupVars.conf downloadVerifyKey(){
local KEY_URL="$1"
local EXPECTED_KEY_ID="$2"
local KEY_CONTENT
local KEY_INFO
local DOWNLOADED_KEY_ID
if ! KEY_CONTENT="$(wget -qO- "$KEY_URL")"; then
return 1
fi
if ! KEY_INFO="$(gpg --show-key --with-colons <<< "$KEY_CONTENT")"; then
return 1
fi
DOWNLOADED_KEY_ID="$(sed -n '/^pub:/,/^fpr:/p' <<< "$KEY_INFO" | grep '^fpr' | cut -d ':' -f 10)"
if [ "$DOWNLOADED_KEY_ID" != "$EXPECTED_KEY_ID" ]; then
return 1
fi
echo "$KEY_CONTENT"
return 0
} }
installOpenVPN(){ installOpenVPN(){
@ -1062,29 +1127,41 @@ installOpenVPN(){
echo "::: Installing OpenVPN from Debian package... " echo "::: Installing OpenVPN from Debian package... "
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then # Use x86-only OpenVPN APT repo on x86 Debian/Ubuntu systems
# gnupg is used by apt-key to import the openvpn GPG key into the if [ "$PLAT" != "Raspbian" ] && [ "$X86_SYSTEM" -eq 1 ]; then
# APT keyring
PIVPN_DEPS=(gnupg)
installDependentPackages PIVPN_DEPS[@]
# We will download the repository key regardless of whether the user AVAILABLE_OPENVPN="$(apt-cache policy openvpn | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
# has already enabled the openvpn repository or not, just to make sure
# we have the right key # If there is an available openvpn package and its version is at least 2.4
echo "::: Adding repository key..." # (required for ECC support), do not add the repository
if ! $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$OPENVPN_REPO_KEY"; then if [ -n "$AVAILABLE_OPENVPN" ] && dpkg --compare-versions "$AVAILABLE_OPENVPN" ge 2.4; then
echo "::: Failed to import OpenVPN GPG key" echo "::: OpenVPN is already available in the repositories"
exit 1 else
fi # gnupg is used by apt-key to import the openvpn GPG key into the
# APT keyring
PIVPN_DEPS=(gnupg)
installDependentPackages PIVPN_DEPS[@]
# We will download the repository key for the official repository from a
# keyserver. If we fail, we will attempt to download the key via HTTPS
echo "::: Adding repository key..."
if ! $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$OPENVPN_KEY_ID"; then
echo "::: Import via keyserver failed, now trying wget"
if ! downloadVerifyKey "$OPENVPN_KEY_URL" "$OPENVPN_KEY_ID" | $SUDO apt-key add -; then
echo "::: Can't import OpenVPN GPG key"
exit 1
else
echo "::: Acquired key $OPENVPN_KEY_ID"
fi
fi
if ! grep -qR "deb http.\?://build.openvpn.net/debian/openvpn/stable.\? $OSCN main" /etc/apt/sources.list*; then
echo "::: Adding OpenVPN repository... " echo "::: Adding OpenVPN repository... "
echo "deb https://build.openvpn.net/debian/openvpn/stable $OSCN main" | $SUDO tee /etc/apt/sources.list.d/pivpn-openvpn-repo.list > /dev/null echo "deb https://build.openvpn.net/debian/openvpn/stable $OSCN main" | $SUDO tee /etc/apt/sources.list.d/pivpn-openvpn-repo.list > /dev/null
fi
echo "::: Updating package cache..." echo "::: Updating package cache..."
# shellcheck disable=SC2086 # shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! $SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
fi
fi fi
# grepcidr is used to redact IPs in the debug log whereas expect is used # grepcidr is used to redact IPs in the debug log whereas expect is used
@ -1107,8 +1184,8 @@ installWireGuard(){
# straight, so it's also a good suggestion in such case because they will have # straight, so it's also a good suggestion in such case because they will have
# a lot of outdated packages. # a lot of outdated packages.
INSTALLED_KERNEL="$(apt-cache policy raspberrypi-kernel | grep 'Installed:' | awk '{print $2}')" INSTALLED_KERNEL="$(apt-cache policy raspberrypi-kernel | grep -m1 'Installed: ' | grep -v '(none)' | awk '{print $2}')"
CANDIDATE_KERNEL="$(apt-cache policy raspberrypi-kernel | grep 'Candidate:' | awk '{print $2}')" CANDIDATE_KERNEL="$(apt-cache policy raspberrypi-kernel | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
if dpkg --compare-versions "${CANDIDATE_KERNEL}" gt "${INSTALLED_KERNEL}"; then if dpkg --compare-versions "${CANDIDATE_KERNEL}" gt "${INSTALLED_KERNEL}"; then
if [ "${runUnattended}" = 'true' ]; then if [ "${runUnattended}" = 'true' ]; then
@ -1141,159 +1218,64 @@ installWireGuard(){
fi fi
fi fi
# If this Raspberry Pi uses armv7l we can use the package from the repo echo "::: Installing WireGuard from Debian package... "
# https://lists.zx2c4.com/pipermail/wireguard/2017-November/001885.html
# Otherwhise compile and build the kernel module via DKMS (so it will
# be recompiled on kernel upgrades)
if [ "$(uname -m)" = "armv7l" ]; then if apt-cache policy wireguard 2> /dev/null | grep -m1 'Candidate: ' | grep -vq '(none)'; then
echo "::: WireGuard is already available in the repositories"
else
echo "::: Adding Raspbian repository... "
echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye.list > /dev/null
echo "::: Installing WireGuard from Debian package... " # Do not upgrade packages from the bullseye repository except for wireguard
# dirmngr is used by apt-key to import the debian GPG keys for the unstable printf 'Package: *\nPin: release n=bullseye\nPin-Priority: -1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release n=bullseye\nPin-Priority: 100\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-bullseye > /dev/null
# repo into the APT keyring.
PIVPN_DEPS=(dirmngr)
installDependentPackages PIVPN_DEPS[@]
echo "::: Adding repository keys..."
if ! $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$DEBIAN_STRETCH_KEY" "$DEBIAN_BUSTER_KEY"; then
echo "::: Failed to import Debian GPG keys"
exit 1
fi
# This regular expression should match combinations like http[s]://mirror.example.com/debian[/] unstable main
if ! grep -qR 'deb http.\?://.*/debian.\? unstable main' /etc/apt/sources.list*; then
echo "::: Adding Debian repository... "
echo "deb https://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/pivpn-unstable.list > /dev/null
fi
# Do not upgrade packages from the unstable repository except for wireguard
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release a=unstable\nPin-Priority: 500\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-unstable > /dev/null
echo "::: Updating package cache..." echo "::: Updating package cache..."
# shellcheck disable=SC2086 # shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! $SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
# qrencode is used to generate qrcodes from config file, for use with mobile clients
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms qrencode)
installDependentPackages PIVPN_DEPS[@]
elif [ "$(uname -m)" = "armv6l" ]; then
echo "::: Installing WireGuard from source... "
PIVPN_DEPS=(checkinstall dkms libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode jq)
installDependentPackages PIVPN_DEPS[@]
# Delete any leftover code
$SUDO rm -rf /usr/src/wireguard-*
WG_TOOLS_SNAPSHOT="$(curl -s https://build.wireguard.com/distros.json | jq -r '."upstream-tools"."version"')"
WG_TOOLS_SOURCE="https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-${WG_TOOLS_SNAPSHOT}.tar.xz"
echo "::: Downloading wireguard-tools source code... "
wget -qO- "${WG_TOOLS_SOURCE}" | $SUDO tar xJ --directory /usr/src
echo "done!"
## || exits if cd fails.
cd /usr/src/wireguard-tools-"${WG_TOOLS_SNAPSHOT}/src" || exit 1
# We install the userspace tools manually since DKMS only compiles and
# installs the kernel module
echo "::: Compiling WireGuard tools... "
if $SUDO make; then
echo "done!"
else
echo "failed!"
exit 1
fi
# Use checkinstall to install userspace tools so if the user wants to uninstall
# PiVPN we can just do apt remove wireguard-tools, instead of manually removing
# files from the file system
echo "::: Installing WireGuard tools... "
if $SUDO checkinstall --pkgname wireguard-tools --pkgversion "${WG_TOOLS_SNAPSHOT}" -y; then
INSTALLED_PACKAGES+=("wireguard-tools")
echo "done!"
else
echo "failed!"
exit 1
fi
echo "WG_TOOLS_SNAPSHOT=${WG_TOOLS_SNAPSHOT}" >> /tmp/setupVars.conf
WG_MODULE_SNAPSHOT="$(curl -s https://build.wireguard.com/distros.json | jq -r '."upstream-linuxcompat"."version"')"
WG_MODULE_SOURCE="https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${WG_MODULE_SNAPSHOT}.tar.xz"
echo "::: Downloading wireguard-linux-compat source code... "
wget -qO- "${WG_MODULE_SOURCE}" | $SUDO tar xJ --directory /usr/src
echo "done!"
# Rename wireguard-linux-compat folder and move the source code to the parent folder
# such that dkms picks up the module when referencing wireguard/"${WG_MODULE_SNAPSHOT}"
cd /usr/src && \
$SUDO mv wireguard-linux-compat-"${WG_MODULE_SNAPSHOT}" wireguard-"${WG_MODULE_SNAPSHOT}" && \
cd wireguard-"${WG_MODULE_SNAPSHOT}" && \
$SUDO mv src/* . && \
$SUDO rmdir src || exit 1
echo "::: Adding WireGuard modules via DKMS... "
if $SUDO dkms add wireguard/"${WG_MODULE_SNAPSHOT}"; then
echo "done!"
else
echo "failed!"
$SUDO dkms remove wireguard/"${WG_MODULE_SNAPSHOT}" --all
exit 1
fi
echo "::: Compiling WireGuard modules via DKMS... "
if $SUDO dkms build wireguard/"${WG_MODULE_SNAPSHOT}"; then
echo "done!"
else
echo "failed!"
$SUDO dkms remove wireguard/"${WG_MODULE_SNAPSHOT}" --all
exit 1
fi
echo "::: Installing WireGuard modules via DKMS... "
if $SUDO dkms install wireguard/"${WG_MODULE_SNAPSHOT}"; then
INSTALLED_PACKAGES+=("wireguard-dkms")
echo "done!"
else
echo "failed!"
$SUDO dkms remove wireguard/"${WG_MODULE_SNAPSHOT}" --all
exit 1
fi
echo "WG_MODULE_SNAPSHOT=${WG_MODULE_SNAPSHOT}" >> /tmp/setupVars.conf
fi fi
# qrencode is used to generate qrcodes from config file, for use with mobile clients
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms qrencode)
installDependentPackages PIVPN_DEPS[@]
elif [ "$PLAT" = "Debian" ]; then elif [ "$PLAT" = "Debian" ]; then
echo "::: Installing WireGuard from Debian package... " echo "::: Installing WireGuard from Debian package... "
if ! grep -qR 'deb http.\?://.*/debian.\? unstable main' /etc/apt/sources.list*; then
if apt-cache policy wireguard 2> /dev/null | grep -m1 'Candidate: ' | grep -vq '(none)'; then
echo "::: WireGuard is already available in the repositories"
else
echo "::: Adding Debian repository... " echo "::: Adding Debian repository... "
echo "deb https://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/pivpn-unstable.list > /dev/null echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye.list > /dev/null
printf 'Package: *\nPin: release n=bullseye\nPin-Priority: -1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release n=bullseye\nPin-Priority: 100\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-bullseye > /dev/null
echo "::: Updating package cache..."
# shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
fi fi
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' | $SUDO tee /etc/apt/preferences.d/pivpn-limit-unstable > /dev/null PIVPN_DEPS=(linux-headers-amd64 wireguard wireguard-tools wireguard-dkms qrencode)
echo "::: Updating package cache..."
# shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
elif [ "$PLAT" = "Ubuntu" ]; then elif [ "$PLAT" = "Ubuntu" ]; then
echo "::: Installing WireGuard from PPA... " echo "::: Installing WireGuard... "
$SUDO add-apt-repository ppa:wireguard/wireguard -y
echo "::: Updating package cache..." if apt-cache policy wireguard 2> /dev/null | grep -m1 'Candidate: ' | grep -vq '(none)'; then
# shellcheck disable=SC2086 echo "::: WireGuard is already available in the repositories"
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! else
echo "::: Adding WireGuard PPA... "
PIVPN_DEPS=(software-properties-common)
installDependentPackages PIVPN_DEPS[@]
$SUDO add-apt-repository ppa:wireguard/wireguard -y
PIVPN_DEPS=(qrencode wireguard wireguard-tools wireguard-dkms linux-headers-generic) echo "::: Updating package cache..."
# shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
fi
PIVPN_DEPS=(linux-headers-generic wireguard wireguard-tools wireguard-dkms qrencode)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
fi fi
@ -2227,10 +2209,12 @@ confUnattendedUpgrades(){
fi fi
# Enable automatic updates via the unstable repository when installing from debian package # Enable automatic updates via the bullseye repository when installing from debian package
if [ "$VPN" = "wireguard" ] && [ "$PLAT" != "Ubuntu" ] && [ "$(uname -m)" != "armv6l" ]; then if [ "$VPN" = "wireguard" ]; then
if ! grep -q '"o=Debian,a=unstable";' "${aptConfDir}/50unattended-upgrades"; then if [ -f /etc/apt/sources.list.d/pivpn-bullseye.list ]; then
$SUDO sed -i '/Unattended-Upgrade::Origins-Pattern {/a"o=Debian,a=unstable";' "${aptConfDir}/50unattended-upgrades" if ! grep -q "\"o=$PLAT,n=bullseye\";" "${aptConfDir}/50unattended-upgrades"; then
$SUDO sed -i "/Unattended-Upgrade::Origins-Pattern {/a\"o=$PLAT,n=bullseye\";" "${aptConfDir}/50unattended-upgrades"
fi
fi fi
fi fi
} }

View file

@ -3,36 +3,82 @@
STATUS_LOG="/var/log/openvpn-status.log" STATUS_LOG="/var/log/openvpn-status.log"
function hr() { if [ ! -f "${STATUS_LOG}" ]; then
numfmt --to=iec-i --suffix=B "$1" echo "The file: $STATUS_LOG was not found!"
exit 1
fi
scriptusage(){
echo "::: List any connected clients to the server"
echo ":::"
echo "::: Usage: pivpn <-c|clients> [-b|bytes]"
echo ":::"
echo "::: Commands:"
echo "::: [none] List clients with human readable format"
echo "::: -b, bytes List clients with dotted decimal notation"
echo "::: -h, help Show this usage dialog"
} }
printf "\n" hr(){
if [ ! -f "${STATUS_LOG}" ]; then numfmt --to=iec-i --suffix=B "$1"
echo "The file: $STATUS_LOG was not found!" }
exit 1
fi
printf ": NOTE : The output below is NOT real-time!\n"
printf ": : It may be off by a few minutes.\n"
printf "\n"
printf "\e[1m::: Client Status List :::\e[0m\n"
{ listClients(){
printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mConnected Since\e[0m\n" printf ": NOTE : The output below is NOT real-time!\n"
printf ": : It may be off by a few minutes.\n"
printf "\n"
printf "\e[1m::: Client Status List :::\e[0m\n"
if grep -q "^CLIENT_LIST" "${STATUS_LOG}"; then {
if [ -n "$(type -t numfmt)" ]; then printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mConnected Since\e[0m\n"
while read -r line; do
if grep -q "^CLIENT_LIST" "${STATUS_LOG}"; then
if [ -n "$(type -t numfmt)" ]; then
if [ "$HR" = 1 ]; then
while read -r line; do
read -r -a array <<< $line read -r -a array <<< $line
[[ ${array[0]} = CLIENT_LIST ]] || continue [[ ${array[0]} = CLIENT_LIST ]] || continue
printf "%s \t %s \t %s \t %s \t %s \t %s %s %s - %s\n" ${array[1]} ${array[2]} ${array[3]} $(hr ${array[4]}) $(hr ${array[5]}) ${array[7]} ${array[8]} ${array[10]} ${array[9]} printf "%s \t %s \t %s \t %s \t %s \t %s %s %s - %s\n" ${array[1]} ${array[2]} ${array[3]} $(hr ${array[4]}) $(hr ${array[5]}) ${array[7]} ${array[8]} ${array[10]} ${array[9]}
done <$STATUS_LOG done <$STATUS_LOG
else else
while read -r line; do
read -r -a array <<< $line
[[ ${array[0]} = CLIENT_LIST ]] || continue
printf "%s \t %s \t %s \t %'d \t %'d \t %s %s %s - %s\n" ${array[1]} ${array[2]} ${array[3]} ${array[4]} ${array[5]} ${array[7]} ${array[8]} ${array[10]} ${array[9]}
done <$STATUS_LOG
fi
else
awk -F' ' -v s='CLIENT_LIST' '$1 == s {print $2"\t\t"$3"\t"$4"\t"$5"\t\t"$6"\t\t"$8" "$9" "$11" - "$10"\n"}' ${STATUS_LOG} awk -F' ' -v s='CLIENT_LIST' '$1 == s {print $2"\t\t"$3"\t"$4"\t"$5"\t\t"$6"\t\t"$8" "$9" "$11" - "$10"\n"}' ${STATUS_LOG}
fi fi
else
printf "\nNo Clients Connected!\n"
fi
printf "\n"
} | column -t -s $'\t'
}
if [[ $# -eq 0 ]]; then
HR=1
listClients
else else
printf "\nNo Clients Connected!\n" while true; do
case "$1" in
-b|bytes)
HR=0
listClients
exit 0
;;
-h|help)
scriptusage
exit 0
;;
*)
HR=0
listClients
exit 0
;;
esac
done
fi fi
printf "\n"
} | column -t -s $'\t'

View file

@ -17,7 +17,8 @@ function makeOVPNFunc {
} }
function listClientsFunc { function listClientsFunc {
$SUDO /opt/pivpn/clientStat.sh shift
$SUDO /opt/pivpn/clientStat.sh "$@"
exit 0 exit 0
} }
@ -93,7 +94,7 @@ fi
# Handle redirecting to specific functions based on arguments # Handle redirecting to specific functions based on arguments
case "$1" in case "$1" in
"-a" | "add" ) makeOVPNFunc "$@";; "-a" | "add" ) makeOVPNFunc "$@";;
"-c" | "clients" ) listClientsFunc;; "-c" | "clients" ) listClientsFunc "$@";;
"-d" | "debug" ) debugFunc;; "-d" | "debug" ) debugFunc;;
"-l" | "list" ) listOVPNFunc;; "-l" | "list" ) listOVPNFunc;;
"-r" | "revoke" ) removeOVPNFunc "$@";; "-r" | "revoke" ) removeOVPNFunc "$@";;

View file

@ -98,37 +98,18 @@ removeAll(){
case $yn in case $yn in
[Yy]* ) if [ "${i}" = "wireguard" ]; then [Yy]* ) if [ "${i}" = "wireguard" ]; then
# On Debian and armv7l Raspbian, remove the unstable repo (on armv6l Raspbian # On Debian and Raspbian, remove the bullseye repo. On Ubuntu, remove the PPA.
# there is no wireguard package). On Ubuntu, remove the PPA. if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Raspbian" ]; then
### FIXME: unconditionally rm'ing unstable.list isn't a good idea, it appears. What if someone else put it there manually? rm -f /etc/apt/sources.list.d/pivpn-bullseye.list
if [ "$PLAT" = "Debian" ] || { [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv7l" ]; }; then rm -f /etc/apt/preferences.d/pivpn-limit-bullseye
rm -f /etc/apt/sources.list.d/pivpn-unstable.list
rm -f /etc/apt/preferences.d/pivpn-limit-unstable
elif [ "$PLAT" = "Ubuntu" ]; then elif [ "$PLAT" = "Ubuntu" ]; then
add-apt-repository ppa:wireguard/wireguard -r -y add-apt-repository ppa:wireguard/wireguard -r -y
fi fi
echo "::: Updating package cache..." echo "::: Updating package cache..."
${UPDATE_PKG_CACHE} &> /dev/null & spinner $! ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
elif [ "${i}" = "wireguard-dkms" ]; then
# On armv6l Raspbian we manually remove the kernel module and skip the apt
# uninstallation (since it's not an actual package).
if [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv6l" ]; then
dkms remove wireguard/"${WG_MODULE_SNAPSHOT}" --all
rm -rf /usr/src/wireguard-"${WG_MODULE_SNAPSHOT}"
break
fi
elif [ "${i}" = "wireguard-tools" ]; then
if [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv6l" ]; then
rm -rf /usr/src/wireguard-tools-"${WG_TOOLS_SNAPSHOT}"
fi
elif [ "${i}" = "unattended-upgrades" ]; then elif [ "${i}" = "unattended-upgrades" ]; then
### REALLY???
rm -rf /var/log/unattended-upgrades rm -rf /var/log/unattended-upgrades
rm -rf /etc/apt/apt.conf.d/*periodic rm -rf /etc/apt/apt.conf.d/*periodic
rm -rf /etc/apt/apt.conf.d/*unattended-upgrades rm -rf /etc/apt/apt.conf.d/*unattended-upgrades

View file

@ -1,43 +1,90 @@
#!/bin/bash #!/usr/bin/env bash
# PiVPN: client status script
cd /etc/wireguard/configs CLIENTS_FILE="/etc/wireguard/configs/clients.txt"
if [ ! -s clients.txt ]; then
if [ ! -s "$CLIENTS_FILE" ]; then
echo "::: There are no clients to list" echo "::: There are no clients to list"
exit 1 exit 1
fi fi
scriptusage(){
echo "::: List any connected clients to the server"
echo ":::"
echo "::: Usage: pivpn <-c|clients> [-b|bytes]"
echo ":::"
echo "::: Commands:"
echo "::: [none] List clients with human readable format"
echo "::: -b, bytes List clients with dotted decimal notation"
echo "::: -h, help Show this usage dialog"
}
hr(){ hr(){
numfmt --to=iec-i --suffix=B "$1" numfmt --to=iec-i --suffix=B "$1"
} }
if DUMP="$(wg show wg0 dump)"; then listClients(){
DUMP="$(tail -n +2 <<< "$DUMP")" if DUMP="$(wg show wg0 dump)"; then
else DUMP="$(tail -n +2 <<< "$DUMP")"
exit 1
fi
printf "\e[1m::: Connected Clients List :::\e[0m\n"
{
printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mLast Seen\e[0m\n"
while IFS= read -r LINE; do
PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")"
REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")"
VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")"
BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")"
BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")"
LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")"
CLIENT_NAME="$(grep "$PUBLIC_KEY" clients.txt | awk '{ print $1 }')"
if [ "$LAST_SEEN" -ne 0 ]; then
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
else else
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)" exit 1
fi fi
done <<< "$DUMP" printf "\e[1m::: Connected Clients List :::\e[0m\n"
printf "\n" {
} | column -t -s $'\t' printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mLast Seen\e[0m\n"
while IFS= read -r LINE; do
PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")"
REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")"
VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")"
BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")"
BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")"
LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")"
CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')"
if [ "$HR" = 1 ]; then
if [ "$LAST_SEEN" -ne 0 ]; then
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
else
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)"
fi
else
if [ "$LAST_SEEN" -ne 0 ]; then
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
else
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)"
fi
fi
done <<< "$DUMP"
printf "\n"
} | column -t -s $'\t'
}
if [[ $# -eq 0 ]]; then
HR=1
listClients
else
while true; do
case "$1" in
-b|bytes)
HR=0
listClients
exit 0
;;
-h|help)
scriptusage
exit 0
;;
*)
HR=0
listClients
exit 0
;;
esac
done
fi

View file

@ -104,7 +104,7 @@ echo "[Peer]
PublicKey = $(cat keys/server_pub) PublicKey = $(cat keys/server_pub)
PresharedKey = $(cat keys/psk) PresharedKey = $(cat keys/psk)
Endpoint = ${pivpnHOST}:${pivpnPORT} Endpoint = ${pivpnHOST}:${pivpnPORT}
AllowedIPs = 0.0.0.0/0" >> "configs/${CLIENT_NAME}.conf" AllowedIPs = 0.0.0.0/0, ::0/0" >> "configs/${CLIENT_NAME}.conf"
echo "::: Client config generated" echo "::: Client config generated"
echo "# begin ${CLIENT_NAME} echo "# begin ${CLIENT_NAME}

View file

@ -17,7 +17,8 @@ makeConf(){
} }
listConnected(){ listConnected(){
$SUDO /opt/pivpn/clientSTAT.sh shift
$SUDO /opt/pivpn/clientSTAT.sh "$@"
exit 0 exit 0
} }
@ -54,11 +55,6 @@ updateScripts(){
exit 0 exit 0
} }
updateWireGuard(){
$SUDO /opt/pivpn/wgUPDATE.sh
exit 0
}
backup(){ backup(){
$SUDO /opt/pivpn/backup.sh $SUDO /opt/pivpn/backup.sh
} }
@ -78,7 +74,6 @@ showHelp(){
echo "::: -h, help Show this help dialog" echo "::: -h, help Show this help dialog"
echo "::: -u, uninstall Uninstall pivpn from your system!" echo "::: -u, uninstall Uninstall pivpn from your system!"
echo "::: -up, update Updates PiVPN Scripts" echo "::: -up, update Updates PiVPN Scripts"
echo "::: -wg, wgupdate Updates WireGuard"
echo "::: -bk, backup Backup VPN configs and user profiles" echo "::: -bk, backup Backup VPN configs and user profiles"
exit 0 exit 0
} }
@ -90,7 +85,7 @@ fi
# Handle redirecting to specific functions based on arguments # Handle redirecting to specific functions based on arguments
case "$1" in case "$1" in
"-a" | "add" ) makeConf "$@";; "-a" | "add" ) makeConf "$@";;
"-c" | "clients" ) listConnected;; "-c" | "clients" ) listConnected "$@";;
"-d" | "debug" ) debug;; "-d" | "debug" ) debug;;
"-l" | "list" ) listClients;; "-l" | "list" ) listClients;;
"-qr" | "qrcode" ) showQrcode "$@";; "-qr" | "qrcode" ) showQrcode "$@";;

View file

@ -1,132 +0,0 @@
#!/bin/bash
setupVars="/etc/pivpn/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
fi
source "${setupVars}"
if [ "$(uname -m)" != "armv6l" ]; then
echo "On your system, WireGuard updates via the package manager"
exit 0
fi
CURRENT_WG_TOOLS_SNAPSHOT="${WG_TOOLS_SNAPSHOT}"
WG_TOOLS_SNAPSHOT="$(curl -s https://build.wireguard.com/distros.json | jq -r '."upstream-tools"."version"')"
if dpkg --compare-versions "${WG_TOOLS_SNAPSHOT}" gt "${CURRENT_WG_TOOLS_SNAPSHOT}"; then
read -r -p "A new wireguard-tools update is available (${WG_TOOLS_SNAPSHOT}), install? [Y/n]: "
if [[ ${REPLY} =~ ^[Yy]$ ]]; then
echo "::: Upgrading wireguard-tools from ${CURRENT_WG_TOOLS_SNAPSHOT} to ${WG_TOOLS_SNAPSHOT}..."
WG_TOOLS_SOURCE="https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-${WG_TOOLS_SNAPSHOT}.tar.xz"
echo "::: Downloading wireguard-tools source code... "
wget -qO- "${WG_TOOLS_SOURCE}" | tar xJ --directory /usr/src
echo "done!"
## || exits if cd fails.
cd /usr/src/wireguard-tools-"${WG_TOOLS_SNAPSHOT}/src" || exit 1
# We install the userspace tools manually since DKMS only compiles and
# installs the kernel module
echo "::: Compiling WireGuard tools... "
if make; then
echo "done!"
else
echo "failed!"
exit 1
fi
# Use checkinstall to install userspace tools so if the user wants to uninstall
# PiVPN we can just do apt remove wireguard-tools, instead of manually removing
# files from the file system
echo "::: Installing WireGuard tools... "
if checkinstall --pkgname wireguard-tools --pkgversion "${WG_TOOLS_SNAPSHOT}" -y; then
echo "done!"
else
echo "failed!"
exit 1
fi
echo "::: Removing old source code ..."
rm -rf /usr/src/wireguard-tools-"${CURRENT_WG_TOOLS_SNAPSHOT}"
sed "s/WG_TOOLS_SNAPSHOT=${CURRENT_WG_TOOLS_SNAPSHOT}/WG_TOOLS_SNAPSHOT=${WG_TOOLS_SNAPSHOT}/" -i "${setupVars}"
echo "::: Upgrade completed!"
fi
else
echo "::: You are running the lastest version of wireguard-tools (${CURRENT_WG_TOOLS_SNAPSHOT})"
fi
CURRENT_WG_MODULE_SNAPSHOT="${WG_MODULE_SNAPSHOT}"
WG_MODULE_SNAPSHOT="$(curl -s https://build.wireguard.com/distros.json | jq -r '."upstream-linuxcompat"."version"')"
if dpkg --compare-versions "${WG_MODULE_SNAPSHOT}" gt "${CURRENT_WG_MODULE_SNAPSHOT}"; then
read -r -p "A new wireguard-dkms update is available (${WG_MODULE_SNAPSHOT}), install? [Y/n]: "
if [[ ${REPLY} =~ ^[Yy]$ ]]; then
echo "::: Upgrading wireguard-dkms from ${CURRENT_WG_MODULE_SNAPSHOT} to ${WG_MODULE_SNAPSHOT}..."
WG_MODULE_SOURCE="https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${WG_MODULE_SNAPSHOT}.tar.xz"
echo "::: Downloading wireguard-linux-compat source code... "
wget -qO- "${WG_MODULE_SOURCE}" | tar xJ --directory /usr/src
echo "done!"
# Rename wireguard-linux-compat folder and move the source code to the parent folder
# such that dkms picks up the module when referencing wireguard/"${WG_MODULE_SNAPSHOT}"
cd /usr/src && \
mv wireguard-linux-compat-"${WG_MODULE_SNAPSHOT}" wireguard-"${WG_MODULE_SNAPSHOT}" && \
cd wireguard-"${WG_MODULE_SNAPSHOT}" && \
mv src/* . && \
rmdir src || exit 1
echo "::: Adding WireGuard module via DKMS... "
if dkms add wireguard/"${WG_MODULE_SNAPSHOT}"; then
echo "done!"
else
echo "failed!"
dkms remove wireguard/"${WG_MODULE_SNAPSHOT}" --all
exit 1
fi
echo "::: Compiling WireGuard module via DKMS... "
if dkms build wireguard/"${WG_MODULE_SNAPSHOT}"; then
echo "done!"
else
echo "failed!"
dkms remove wireguard/"${WG_MODULE_SNAPSHOT}" --all
exit 1
fi
echo "::: Installing WireGuard module via DKMS... "
if dkms install wireguard/"${WG_MODULE_SNAPSHOT}"; then
echo "done!"
else
echo "failed!"
dkms remove wireguard/"${WG_MODULE_SNAPSHOT}" --all
exit 1
fi
echo "::: Removing old kernel module and source code..."
if dkms remove wireguard/"${CURRENT_WG_MODULE_SNAPSHOT}" --all; then
rm -rf /usr/src/wireguard-"${CURRENT_WG_MODULE_SNAPSHOT}"
echo "done!"
else
echo "failed!"
exit 1
fi
sed "s/WG_TOOLS_SNAPSHOT=${CURRENT_WG_MODULE_SNAPSHOT}/WG_TOOLS_SNAPSHOT=${WG_MODULE_SNAPSHOT}/" -i "${setupVars}"
echo "::: Upgrade completed!"
fi
else
echo "::: You are running the lastest version of wireguard-dkms (${CURRENT_WG_MODULE_SNAPSHOT})"
fi