Commit graph

184 commits

Author SHA1 Message Date
Orazio
2913f2701f Fix issue #1037 2020-05-23 11:08:51 +02:00
Orazio
35f07b2147
Merge pull request #1048 from shelleycat485/master
Both wireguard and openvpn can be installed together (Issue #968)
2020-05-19 14:06:58 +02:00
shelleycat485
4e3a57b9aa better uninstall.sh 2020-05-13 00:51:45 +01:00
Ubuntu
56adbca52e more uninstall 2020-05-10 21:48:38 +00:00
Ubuntu
ff77077d56 more uninstall 2020-05-10 21:46:54 +00:00
Ubuntu
b230bade61 uninstall fixes 2020-05-10 21:13:03 +00:00
shelleycat485
9b04391629 uninstall change 2020-05-06 23:29:04 +01:00
shelleycat485
f6463b8849 uninstall to detect one prot remaining, wg_update removed 2020-05-06 23:00:13 +01:00
shelleycat485
e09bbda1e9 update to backup 2020-05-05 23:13:59 +01:00
shelleycat485
081bf912c2 still debugging dual 2020-05-05 23:12:32 +01:00
shelleycat485
21d954167c typo in openvpn 2020-05-05 21:43:20 +01:00
shelleycat485
9351016db5 extra D in scriptdir 2020-05-05 09:24:20 +01:00
shelleycat485
4e3a58702f more dual 2020-05-05 00:05:10 +01:00
shelleycat485
5330454f2b added generic pivpn for 2 protocols 2020-05-03 17:55:48 +01:00
shelleycat485
3ed9ec5724 install and uninstall 2020-05-02 00:06:09 +01:00
root
f379ca2e10 initial dual install try 2020-04-28 23:44:56 +01:00
Orazio
1f506f50a6
Merge pull request #1023 from jellemdekker/feature/unique_client_psk
Generate unique pre-shared key for each client
2020-04-23 11:15:48 +02:00
jellemdekker
bdfb8f4a64 Save pre-shared key to file instead of variable. 2020-04-22 14:12:09 +02:00
Casey Liss
bac5c22653
fix spelling & grammar in backup script. 2020-04-21 08:08:20 -04:00
jellemdekker
e643acce17 Generate a unique pre-shared key for each client as per WireGuard protocol to improve post-quantum resistance. 2020-04-21 10:52:35 +02:00
psgoundar
4039a0d173
Update scripts/openvpn/listOVPN.sh
Co-Authored-By: Orazio <orazioedoardo@users.noreply.github.com>
2020-04-05 14:35:33 -07:00
psgoundar
fb1cd97c28
Update scripts/openvpn/listOVPN.sh
Co-Authored-By: Orazio <orazioedoardo@users.noreply.github.com>
2020-04-05 14:34:53 -07:00
psgoundar
ec6880eb99
Apply suggestions from code review
Format Changes Reviewed.

Co-Authored-By: Orazio <orazioedoardo@users.noreply.github.com>
2020-04-01 19:44:37 -07:00
Swamy Goundar
289e85e306 Fixed issue with Name when OU is defined in CA 2020-03-28 20:48:44 -07:00
Swamy Goundar
c28448b94a Updated listOVPN to Include Expiration Dates 2020-03-28 19:36:55 -07:00
Orazio
6653d4caa3 Show connected clients data rates with dotted decimal notation 2020-03-13 12:03:41 +01:00
Orazio
1352ccf9a3 Avoid IPv6 leak by routing IPv6 through WireGuard
- Since the server is IPv4 only, routing IPv6 through it prevents IPv6
    packets from going outside the tunnel (if the client supports IPv6).
2020-03-10 14:16:23 +01:00
Orazio
0a30365d65 Some changes from pull request 963
- Make sure to install WireGuard only if platform is Raspbian or an x86 Debian/Ubuntu
  - Install WireGuard from bullseye repository instead of unstable
  - Reduced WireGuard package priority to the minimum that allows upgrades
2020-03-04 12:48:14 +01:00
Orazio
9846d3787a Use variables to define VPN ranges instead of hard coding IPs 2020-02-16 09:09:09 +01:00
Orazio
0cb5546608 Get $STATIC_IP before ccd folder is deleted (otherwhise $STATIC_IP will be empty) 2020-02-10 17:36:39 +01:00
Orazio
2c6ba65288 Implemented feature request from issue #942 (OpenVPN) 2020-02-09 18:55:30 +01:00
Orazio
ead280e60f Set static IPs when using OpenVPN
- Preparation for feature request from issue #942
2020-02-09 18:51:30 +01:00
Orazio
3f616d9254 Implemented feature request from issue #942 (WireGuard) 2020-02-07 18:07:15 +01:00
4s3ti
5b8494c57c Going back to pivpn.io
replaced pivpn.dev with pivpn.io
2020-02-05 20:29:14 +01:00
Orazio
5fd5b6e584 Suggest the user to take a look at the FAQ 2020-02-01 21:04:32 +01:00
Orazio
d691321b3e
Merge test (#929)
* added link to server status dashboard

* Replaced Header with bold instead

* More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code

  - Add curl as a dependency for those who run the script without 'curl URL | bash'.
  - Use POSIX 'command -v' instead of 'hash'.
  - Check if packages have actually been installed and abort execution if they have not.
  - Fixed issue with getStaticIPv4Settings() that prevented existing network settings
    to be used as static IP settings when running the script unattended with empty
    $IPv4addr and $IPv4gw variables.
  - Exit if processing wireguard-linux-compat fails.
  - Exit if 50unattended-upgrades fails to extract.
  - Exit clientSTAT.sh if the wg0 interface is not available.
  - Moved the Self Check to a single script since dedicated versions were very similar.
  - Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel.

* Fixed cosmetic issue with spinner, added missing spinner to some APT commands

* Detect current netmask, validate user input when configuring a static IP

* Inform the user when updating the package cache, which can be slow on some RPis

* Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct

* Restart pihole in the more appropriate restartServices() function

* Improve static IP selection, validate public DNS name of the server
  - Default to 'No' when asking if the RPi has DHCP reservation, considered
    that the user may not be fully aware, furthermore, setting a static IP
    anyways doesn't do harm.
  - Validate existing IPv4 settings (address, gateway, DNS) to avoid filling
    '/etc/dhcpcd.conf' with invalid data.
  - Validate public DNS name of the server inside askPublicIPOrDNS() function

* Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories
  - Added a basic sanity check to downloaded DH paramenters, which doubles as a
    check for missing .pem file.
  - Fix 'pivpn -c' showing the month number instead of the day of the month when
    using WireGuard.
  - Removing APT keys is risky, it would break APT update/upgrade if the user
    already was already using the unstable repo.
  - Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for
    $i... already installed'.
  - Check whether the OpenVPN repo and the Debian unstable repo are already used.

* Improvements to getStaticIPv4Settings()

  - Use a regular expression to extract IPs from the 'ip' command. With this,
    there is a little need to validate output. Even though the regex will match
    invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did,
    the script would not have reached this function due to previous functions
    using the network with broken routes and addresses.

  - Get the IP address from the selected interface rather then from the 'ip route'
    command as it's not guaranteed that such IP is the same of the interface the
    user decided to use (though on a Raspberry Pi inside a home LAN, most likely
    it is, but it also maskes easier to get the IP in the CIDR notation with a
    single 'ip | grep' pipe).

* Moved command substitution to specific functions to avoid unnecessary execution

  - Moved $availableInterfaces and $CurrentIPv4gw from the script header to
    their relevant function, considered that if the OS is not Raspbian a static
    IP is not set, so those variables are not used.

* Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919

  - Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can
    still generate his own if he wishes).
    https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups
2020-01-31 16:40:09 +01:00
Orazio
4a49787b28 Changed variable name, corrected rm typo 2020-01-21 15:54:20 +01:00
Orazio
44feb0b853 Added back ECDSA and tls-crypt 2020-01-21 13:51:25 +01:00
Orazio
7841e76d89 Use a fake key as the example, just in case... 2020-01-21 08:29:10 +01:00
Orazio
30b374054c Enable cloneandupdate() function, fixed detecting existing iptables rules.
- Uncommented lines inside the cloneandupdate() function in the update script, so pivpn -up can pull scripts from the master branch
  - The script was checking for the existence of PiVPN rules in the INPUT and FORWARD chain by passing 'iptables -t nat -S' to grep, but it couldn't find them as they belong to the filer table and not the nat table. The correct command is 'iptables -S'
2020-01-20 21:51:36 +01:00
Orazio
affad0a7b0 Resolved merge conflicts 2020-01-20 10:55:29 +01:00
Orazio
dba3e6ad3e - Prepend 'pivpn-' to unstable repo files to limit naming conflicts
- Update variables inside unattended examples
- Remove openvpn logging setting when uninstalling the package
- Run 'apt-get update' after removing the WireGuard PPA
2020-01-20 09:56:07 +01:00
4s3ti
047eccc19d Update script: Removed IF statement
Removed if statement from update script,
was making no sense to have it there.
2020-01-08 20:02:34 +01:00
4s3ti
0c79cc9e42 Missing backup on bash-completion
Added backup option on openvpn bash-completion
2020-01-08 19:56:40 +01:00
4s3ti
dd6bb069f0 Updates and improvements
install.sh
  installScripts function:
    update script not being copied over to /opt therefore update funcion was probably broken.
    changed script to copy all .sh scripts from .pivpn/scripts directory.

Issue #871: fix backup script
  I was probably very drunk when i first wrote this backup script.
  fixed it, now works with new code refactoring,
  loads vars from setupVars
  Added backup for wireguard
  Moved script to global pivpnscripts.
  Added backup script to bash-completion
  Added backup script to pivpn script

update.sh
  Commented the update from master branch to avoid users trying to update test from master.

Updated LatestChages.md
2020-01-08 19:38:38 +01:00
4s3ti
8096af7ad0 Updates and improvements
install.sh
  installScripts function:
    update script not being copied over to /opt therefore update funcion was probably broken.
    changed script to copy all .sh scripts from .pivpn/scripts directory.

Issue #871: fix backup script
  I was probably very drunk when i first wrote this backup script.
  fixed it, now works with new code refactoring,
  loads vars from setupVars
  Added backup for wireguard
  Moved script to global pivpnscripts.
  Added backup script to bash-completion
  Added backup script to pivpn script

update.sh
  Commented the update from master branch to avoid users trying to update test from master.

Updated LatestChages.md
2020-01-08 19:37:46 +01:00
Orazio
41984e5f40 Fix update scripts from test branch 2019-12-30 11:44:33 +01:00
Orazio
a561607272 Mostly changes to the install script, see below
Handle running the install script over an existing installation (as the script already did before branching to test-wireguard), providing:
    - Update, downloads latest scripts from git repo
    - Repair, reinstall PiVPN while keeping existing settings
    - Reconfigure, start over overwriting the existing settings
  Tag iptables rules as an attempt to make sure that the uninstall script only removes PiVPN rules
  Change the armv6l installation to reflect the split of WireGuard snapshots into wireguard-linux-compat and wireguard-tools
2019-12-29 18:25:35 +01:00
Orazio
d17d381049 - When suggesting to use Pi-hole, use the VPN server IP instead of the LAN IP to allow
DNS resolution even if the user does not route the local network through the tunnel.

- Format listCONF in a similar way as listOVPN

- Specifically look for a free octet in the last word of clients.txt and not just any word.
  Necessary otherwhise public keys starting with a number will match against an octet.
  Example: if line is 'name 5abcdefgh 4', then looking for ' 5' will match but '5$' will
  not (correctly).

- 'pivpn -c' will show the Connected Clients List for WireGuard too
2019-12-27 15:48:42 +01:00
4s3ti
33b2b2468d pivpn.io to pivpn.dev, http to https
Changed all appearances of pivpn.io to pivpn.dev
Changed all appearances of http to https
2019-12-20 23:30:00 +01:00