Commit graph

31 commits

Author SHA1 Message Date
Orazio
a85d3752ef
fix(scripts): disallow using server's name as client name (#1791) 2023-12-13 18:09:55 +01:00
rwall
c25e82fc0f
fix(dev-infra): move source to before var ref
move file sourcing above first references to the variables it loads
2022-10-19 16:48:51 -05:00
4s3ti
71f7ca9b3b
refactor(scripts): Structure code as per codestyle
Fix #1636
Refactor code according to code style
Constants, Functions, Script
2022-10-08 01:11:10 +02:00
4s3ti
79f7caf4d3
fix(scripts): Evaluate client names correctly
Fix issue #1639
Add extra check for empty spaces
Fix client names not being checked when using pivpn add -n
2022-10-07 23:59:57 +02:00
Rob Wall
0e78a1148c fix(dev-infra): move function before use
move err function above where it is first called
2022-10-01 01:55:06 -05:00
Giulio Coa
e09f3a04bd fix(installer): fix some code style errors
Fix some code style error about the pipelines
2022-08-05 23:11:22 +02:00
Giulio Coa
af20461590 Reformatted the code 2022-08-01 22:38:19 +02:00
Giulio Coa
edb36c08f7
Added Alpine Linux support (#1567) 2022-07-26 15:20:35 +02:00
DerDanilo
4dfcfd0d17 add IPv6 support, exclude from testing since travis doesn't have proper ipv6 support 2022-03-09 20:13:50 +01:00
4s3ti
f823b2bd4c Shellcheck compliance
scripts/wireguard/makeCONF.sh
  * SC1090: ShellCheck can't follow non-constant source. Use a directive to specify location.
    * Disabled warning
  * SC2154: <VariableName> is referenced but not assigned.
    * Disabled warning
  * SC2086: Double quote to prevent globbing and word splitting.
    * Added double quotes
2021-11-03 17:56:42 +01:00
Orazio
50798ccd42 Important change to custom MTU handling (mainly to fix issue #1357)
- When NOT providing a custom MTU, 1420 is used for both clients and server.
    Using such value for clients can break WireGuard connections on some networks,
    so iOS and Android clients have logic in place to select a proper MTU value
    when not specified. Now "pivpnMTU" with only be used to set the MTU value for
    the PiVPN installation but not for profile creation.
2021-09-15 17:52:17 +02:00
DerDanilo
88a701c16a add PERSISTENTKEEPALIVE support 2021-06-06 01:10:43 +02:00
4s3ti
4a5804a24c Multiple fixes and Shellcheck complaiance
fixes for Issue #1306, qrcode now defaults to ansiutf8,
added flag -a256 or --ansi256 if their fonts are having trouble

Shellcheck compliance #1233 for qrcodeCONF.sh,
LIST array is now created with mapfile instead
quoted multiple variables.

fixes for Issue #1307, User creation won't allow user creation with name
starting with "-", qrcodeCONF.sh won't accept wrong options or users starting with "-"
and exit with error code 1
2021-05-08 15:51:27 +02:00
4s3ti
dcd852e02e
Merge pull request #1278 from DerDanilo/add_mtu_support
add Wireguard MTU support via setupVARS.conf
2021-03-29 11:46:21 +02:00
DerDanilo
94744c77a9 add Wireguard MTU support via setupVARS.conf 2021-03-15 18:03:05 +01:00
Dundar Göc
fe636e3f43 Fixed shellcheck warning SC2164: "Use 'cd ... || exit' or 'cd ... || return' in case cd fails." 2021-02-13 12:11:49 +01:00
Orazio
3ed54bf71d Expose AllowedIPs settings inside setupVars.conf 2020-11-14 09:35:51 +01:00
Orazio
63733b44a5 Reload WireGuard instead of restarting so it doesn't kick existing clients 2020-10-03 10:20:40 +02:00
Orazio
85478aaea0 Disallow integers as client names to avoid ambiguity when removing a client by index. 2020-07-23 14:50:59 +02:00
Orazio
de127173dd Less fragile way to add and remove clients (issue #1050) 2020-06-09 12:25:41 +02:00
Orazio
35f07b2147
Merge pull request #1048 from shelleycat485/master
Both wireguard and openvpn can be installed together (Issue #968)
2020-05-19 14:06:58 +02:00
root
f379ca2e10 initial dual install try 2020-04-28 23:44:56 +01:00
jellemdekker
bdfb8f4a64 Save pre-shared key to file instead of variable. 2020-04-22 14:12:09 +02:00
jellemdekker
e643acce17 Generate a unique pre-shared key for each client as per WireGuard protocol to improve post-quantum resistance. 2020-04-21 10:52:35 +02:00
Orazio
1352ccf9a3 Avoid IPv6 leak by routing IPv6 through WireGuard
- Since the server is IPv4 only, routing IPv6 through it prevents IPv6
    packets from going outside the tunnel (if the client supports IPv6).
2020-03-10 14:16:23 +01:00
Orazio
9846d3787a Use variables to define VPN ranges instead of hard coding IPs 2020-02-16 09:09:09 +01:00
Orazio
3f616d9254 Implemented feature request from issue #942 (WireGuard) 2020-02-07 18:07:15 +01:00
Orazio
d691321b3e
Merge test (#929)
* added link to server status dashboard

* Replaced Header with bold instead

* More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code

  - Add curl as a dependency for those who run the script without 'curl URL | bash'.
  - Use POSIX 'command -v' instead of 'hash'.
  - Check if packages have actually been installed and abort execution if they have not.
  - Fixed issue with getStaticIPv4Settings() that prevented existing network settings
    to be used as static IP settings when running the script unattended with empty
    $IPv4addr and $IPv4gw variables.
  - Exit if processing wireguard-linux-compat fails.
  - Exit if 50unattended-upgrades fails to extract.
  - Exit clientSTAT.sh if the wg0 interface is not available.
  - Moved the Self Check to a single script since dedicated versions were very similar.
  - Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel.

* Fixed cosmetic issue with spinner, added missing spinner to some APT commands

* Detect current netmask, validate user input when configuring a static IP

* Inform the user when updating the package cache, which can be slow on some RPis

* Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct

* Restart pihole in the more appropriate restartServices() function

* Improve static IP selection, validate public DNS name of the server
  - Default to 'No' when asking if the RPi has DHCP reservation, considered
    that the user may not be fully aware, furthermore, setting a static IP
    anyways doesn't do harm.
  - Validate existing IPv4 settings (address, gateway, DNS) to avoid filling
    '/etc/dhcpcd.conf' with invalid data.
  - Validate public DNS name of the server inside askPublicIPOrDNS() function

* Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories
  - Added a basic sanity check to downloaded DH paramenters, which doubles as a
    check for missing .pem file.
  - Fix 'pivpn -c' showing the month number instead of the day of the month when
    using WireGuard.
  - Removing APT keys is risky, it would break APT update/upgrade if the user
    already was already using the unstable repo.
  - Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for
    $i... already installed'.
  - Check whether the OpenVPN repo and the Debian unstable repo are already used.

* Improvements to getStaticIPv4Settings()

  - Use a regular expression to extract IPs from the 'ip' command. With this,
    there is a little need to validate output. Even though the regex will match
    invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did,
    the script would not have reached this function due to previous functions
    using the network with broken routes and addresses.

  - Get the IP address from the selected interface rather then from the 'ip route'
    command as it's not guaranteed that such IP is the same of the interface the
    user decided to use (though on a Raspberry Pi inside a home LAN, most likely
    it is, but it also maskes easier to get the IP in the CIDR notation with a
    single 'ip | grep' pipe).

* Moved command substitution to specific functions to avoid unnecessary execution

  - Moved $availableInterfaces and $CurrentIPv4gw from the script header to
    their relevant function, considered that if the OS is not Raspbian a static
    IP is not set, so those variables are not used.

* Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919

  - Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can
    still generate his own if he wishes).
    https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups
2020-01-31 16:40:09 +01:00
Orazio
d17d381049 - When suggesting to use Pi-hole, use the VPN server IP instead of the LAN IP to allow
DNS resolution even if the user does not route the local network through the tunnel.

- Format listCONF in a similar way as listOVPN

- Specifically look for a free octet in the last word of clients.txt and not just any word.
  Necessary otherwhise public keys starting with a number will match against an octet.
  Example: if line is 'name 5abcdefgh 4', then looking for ' 5' will match but '5$' will
  not (correctly).

- 'pivpn -c' will show the Connected Clients List for WireGuard too
2019-12-27 15:48:42 +01:00
Orazio
3c973e2a48 Bugfixes 2019-10-14 16:51:43 +02:00
Orazio
5e16322f9e Added missing script folder 2019-10-14 12:27:28 +02:00