Commit graph

191 commits

Author SHA1 Message Date
redfast00
009e4b3023 Merge pull request #362 from jellemdekker/feature/randomize-server-name
Randomize server Common Name for added security
2017-09-24 01:13:34 +02:00
redfast00
003b27362f Merge pull request #361 from jellemdekker/feature/generate-crl-during-installation
Generate and activate CRL during installation
2017-09-24 01:12:05 +02:00
Jelle Dekker
f5c05715de Added sudo -E. 2017-09-23 14:35:46 -05:00
Jelle Dekker
077996cfb4 Removed an obsolete variable. 2017-09-23 11:21:26 -05:00
redfast00
dcd34b3f01 Merge pull request #359 from jellemdekker/fix/remove-duplicate-cn
Removed the duplicate-cn option so every device/connection must use a unique certificate
2017-09-22 22:58:03 +02:00
Jelle Dekker
7b6a358779 Modified the messages when PiVPN installation completes and client profiles are generated, so the user knows to generate a client profile per each device he/she wants to connect to the VPN with. 2017-09-22 14:11:23 -05:00
Jelle Dekker
a6058a1d14 The client config contains the remote-cert-tls option to check for appropriate key usage, let's do this for the server config too. 2017-09-22 03:30:14 -05:00
Jelle Dekker
30920115b3 Implemented that a Certificate Revocation List is generated during installation after generation of other Public Key Infrastructure. Enabled this CRL in the server config. The added benefit of this is that whenever the user now revokes a client, the change is instant. Whereas before, the first time a client was revoked, the OpenVPN server had to be restarted to enabled the then-newly-generated CRL. This change also makes the file /etc/pivpn/REVOKE_STATUS obsolete.
Documentation: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
2017-09-22 02:46:52 -05:00
Jelle Dekker
05c6a37152 Removed the duplicate-cn option so every device/connection must use a unique certificate. 2017-09-21 23:06:02 -05:00
Jelle Dekker
d1652a03b1 The SERVER_NAME variable is used in a 'verify-x509-name' check to allow the client to verify it is talking to the correct server. However, its value was always equal to 'server'. This wasn't unique for each installation and therefore provided no additional safety check. So I've modified it to be random for each installation of PiVPN. Additionally, the variable is now actually being used when specifying the server name in the build-server-full command.
Source for obtaining a random UUID (thank you): Earthgecko (https://gist.github.com/earthgecko/3089509)
2017-09-21 14:39:16 -05:00
redfast00
c7f82d0116 Merge pull request #312 from Ellsworth/test
Fixed links in README.md on lines 156 and 158
2017-07-23 10:00:34 +02:00
Erich Ellsworth
5ff6f23153 Fixed links in README.md on lines 156 and 158 2017-07-22 19:25:18 -05:00
redfast00
e7def9f81c Merge pull request #263 from drq883/test
Support for Devuan
2017-06-07 08:10:00 +02:00
David Quattlebaum
5c4a51b695 Final testing passed
Changes:
- Document that Devuan is supported.
- Use special PLAT name, Raspvuan for Pi version
- Use service command for any *vuan PLAT, systemd is no on any
Devuan.
- add net-tools to PIVPN_DEPS
2017-06-06 18:27:23 -04:00
David Quattlebaum
2eb11cad0c changes for devuan
- To simplify further additions to PLAT or OSCN, use
the case command for checking

- Treat Devuan as Debian

- Add /sbin:/usr/sbin to PATH before calling ifconfig

- Ensure net-tools is installed so we have ifconfig
2017-06-04 16:18:26 -04:00
0-kaladin
a4cff2b65f Merge pull request #243 from jellemdekker/test
Clearly and consistently indicate that a user selects a list item with the space bar.
2017-05-10 11:54:05 -04:00
Jelle Dekker
d5f0a81f80 Clearly indicate that a user selects a list item with the space bar. 2017-04-17 15:49:52 +02:00
0-kaladin
c907a4bff8 Merge pull request #224 from EWouters/test
Implemented "--unattended" option (Issue #223)
2017-04-05 10:43:45 -04:00
EWouters
ff97f40ecf Fix: mkdir: cannot create directory ‘/home/$pivpnUser/ovpns’: File exists 2017-03-22 13:47:55 +13:00
EWouters
cb482d6697 added fi to if-statement 2017-03-16 22:28:50 +13:00
EWouters
cd4d13691d fixed check for when both nopass and a password argument are passed to the script 2017-03-16 22:25:17 +13:00
EWouters
27c34aa297 Removed -p flag to create home dir
As described in #165 ( fc14664) it is not desirable.
2017-03-15 17:24:42 +13:00
EWouters
75b7995a87 Removed SERVER_NAME parameter
because it is hardcoded as "server" in other scripts
2017-03-15 02:40:39 +13:00
EWouters
56f24aa372 added command line option to (batch) remove certs
::: Revoke a client ovpn profile
:::
::: Usage: pivpn <-r|revoke> [-h|--help] [<client-1>] ... [<client-n>]
...
:::
::: Commands:
:::  [none]               Interactive mode
:::  <client>             Client(s) to to revoke
:::  -h,--help            Show this help dialog
2017-03-15 02:36:12 +13:00
EWouters
7a65f083c4 added -n and -p options to pivpn add
::: Create a client ovpn profile, optional nopass
:::
::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password
<arg>]|[nopass] [-h|--help]
:::
::: Commands:
:::  nopass               Create a client without a password
:::  -n,--name            Name for the Client (default: 'raspberrypi')
:::  -p,--password        Password for the Client (no default)
:::  -h,--help            Show this help dialog
2017-03-15 00:49:25 +13:00
EWouters
277a212a8f tabs to spaces 2017-03-14 15:39:53 +13:00
EWouters
097145392c set -e and set +e around line 800 to 815
I am not sure why this statement does not work with -e. We can also
remove the set -e statement altogether.
2017-03-14 15:39:07 +13:00
EWouters
7315353179 Moved echo to file statements to front, add missing
fixed a typo
replaced tabs with spaces
2017-03-14 15:25:39 +13:00
EWouters
5b5129f1bc fix: cp: cannot stat ‘/tmp/pivpnINT’: No such file 2017-03-14 14:26:22 +13:00
EWouters
f48225a8ee Merge remote-tracking branch 'refs/remotes/origin/master' into test 2017-03-14 10:48:56 +13:00
EWouters
2a639e753e Fixed sed command and mkdir if folder exists 2017-03-14 10:48:16 +13:00
EWouters
f050f82519 Merge pull request #1 from EWouters/master
Merging changes into test branch
2017-03-13 20:03:05 +13:00
EWouters
71021d6ffa Added all parameters, initial testing done 2017-03-13 19:44:29 +13:00
EWouters
5db23185fd Added pi-hole's undocumented flags
UNTESTED!
2017-03-13 17:00:28 +13:00
0-kaladin
6ce39bfec3 Update README for IRC channel
Due to discontinuation of Google Spaces
2017-02-27 21:01:23 -05:00
Kaladin Light
752d0cc3af Leave the loop once we match 2017-02-05 14:30:31 -05:00
Kaladin Light
faaabe4c0e Fixes Issue #195 2017-01-28 13:58:10 -05:00
Kaladin Light
bfd2c43570 Allow reuse of cert name once revoked. 2017-01-27 20:36:53 -05:00
Kaladin Light
dc9924f147 Have debug work without being root 2017-01-27 17:46:34 -05:00
Kaladin Light
5ce48cbaaf Trying to ensure interface is set, maybe related to iptables issues.
If not, we at least will see in pivpnDebug output now.
2017-01-27 15:42:42 -05:00
redfast00
b727fa3970
Fix-189 2017-01-22 12:44:36 +01:00
0-kaladin
a4256f3887 Update and rename LICENSE.md to LICENSE 2017-01-03 10:25:35 -05:00
Kaladin Light
df16e8dd59 Fixes Issue #173 and #174 2016-12-25 18:06:32 -05:00
Kaladin Light
b7be654915 Version 1.9 2016-12-24 17:24:21 -05:00
Kaladin Light
d1ad3ec057 Fix new additions 2016-12-24 16:17:16 -05:00
Kaladin Light
371f339fed Rework things 2016-12-24 00:20:45 -05:00
Kaladin Light
8a0f31b7ca Try some iptables fix. (2/2). Needs unit testing. 2016-12-11 22:04:17 -05:00
Kaladin Light
22b5bfef68 Add fix iptables help to debug script (1/2) 2016-12-11 13:36:14 -05:00
Kaladin Light
6b406ffb27 Fix type for moving client script 2016-12-11 10:04:33 -05:00
Kaladin Light
601ce87df0 Get iptables output, formatting 2016-12-10 23:17:47 -05:00