Commit graph

368 commits

Author SHA1 Message Date
Mirko Köster
73eb1c501d
requested change
see comment https://github.com/pivpn/pivpn/pull/1272/files#r595064063
2021-03-16 12:06:15 +01:00
Mirko Köster
12d0efcea6
ufw: add comment
if you have a lot of ufw rules and look at them via `sudo ufw status` it would be beneficial to have comments indicating the purpose of a rule
2021-03-08 17:26:20 +01:00
4s3ti
6406fcfafd
Merge pull request #1254 from DundarGoc/SC2178
Fixed shellcheck warnings SC2178 and SC2128.
2021-02-14 19:10:44 +01:00
Dundar Göc
9cdca47689 Fixed shellcheck warnings SC2178 and SC2128.
SC2178: Variable was used as an array but is now assigned a string.
SC2128: Expanding an array without an index only gives the first element.

It's apparently a known bug that shellcheck can't both declare a
variable local and assign a value to it without raising this issue.
https://github.com/koalaman/shellcheck/wiki/SC2178
2021-02-14 14:23:01 +01:00
Dundar Göc
c0131f2a17 Fixed shellcheck warning SC2034
SC2034: ___ appears unused. Verify use (or export if used externally).

I opted to remove the variables since they didn't seem to be used
anywhere.
2021-02-14 14:07:56 +01:00
Dundar Göc
8aa4607e5e Fixed shellcheck issue SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
Replaced [ $1 -gt 1 ] && shift $1 || shift with shift $1 since
shift 1 is identical to shift.
2021-02-13 22:40:05 +01:00
Dundar Göc
3517f27d5b Fixed shellcheck warning SC2155: "Declare and assign separately to avoid masking return values." 2021-02-13 13:02:10 +01:00
Orazio
342d8dfa2c Default VPN protocols to unsupported (workaround for issue #1239) 2021-02-11 15:27:43 +01:00
Orazio
435c4f39c7
Merge pull request #1243 from MichaIng/patch-1
Skip WireGuard module build on Raspbian if it's built-in
2021-02-08 21:32:38 +01:00
MichaIng
7cc5da39cb Skip WireGuard module build on Raspbian if it's built-in
Meanwhile the Raspberry Pi kernel package with Linux 5.10 and built-in WireGuard module has been released. It hence became effective to make use of the built-in module check on Raspbian as well to skip the overhead of kernel headers install and DKMS module build.

Additionally, when adding Bullseye repositories to make available the WireGuard packages, say so explicitly. "Adding Debian repository" / "Adding Raspbian repository" is confusing when running a Debian / Raspbian system with those repositories added already, only with an distro release.

Signed-off-by: MichaIng <micha@dietpi.com>
2021-02-08 15:52:56 +01:00
Dundar Göc
513c2afc2e Fixed shellcheck warning SC2004, SC2006, SC2129, SC2219. Issue #1233.
SC2004: "$/${} is unnecessary on arithmetic variables."
SC2006: "Use $(...) notation instead of legacy backticked `...`."
SC2129: "Consider using { cmd1; cmd2; } >> file instead of individual redirects."
SC2219: "Instead of 'let expr', prefer (( expr ))."
2021-02-07 21:31:13 +01:00
glitch452
be692a8782 Pass along exit code when running a sub-script, instead of always running exit 0 2021-01-23 15:58:03 -05:00
Carlos Colaço
586c631b9e MR #1194
Added the fix mentioned on #1194 with the correction requsted on the
review
2021-01-17 17:35:01 +01:00
Carlos Colaço
7095357f92 Fix for #1204
Added -y to $UPDATE_PKG_CACHE
updatePackageCache() no longer checks if apt update was run, it will
always update package cache since its a requirement
Replaced all updates using ${UPDATE_PKG_CACHE} with
updatePackageCache()
2021-01-12 17:08:15 +01:00
Orazio
db1fe2ebdd
Merge pull request #1186 from shelleycat485/test
A feature to disable / enable single wireguard client configs
2020-12-24 10:30:25 +01:00
Orazio
b369a02d5b
Merge pull request #1201 from MichaIng/patch-1
Fix WireGuard support detection
2020-12-14 15:17:32 +01:00
Orazio
a52e53d123 'sudo mktemp' creates file with 0600 mode, which means we need root to read it. 2020-12-14 15:15:29 +01:00
MichaIng
5077d70a2f Fix WireGuard support detection
Support was enabled automatically if a WireGuard package was found or could have been made available. But if the WireGuard kernel module is not available, it needs to be compiled. The required kernel headers are only reliably known for Raspberry Pi (Raspbian) and for amd64. This commit resolves the related issue where linux-image-amd64 was attempted to be installed on non-amd64 systems: https://github.com/pivpn/pivpn/issues/1180

Additionally this commit resolves the issue that kernel headers were required and a DKMS build done, even if the module was builtin, when no WireGuard package was found.

The $NEED_WIREGUARD_REPO variable has been replaced with $AVAILABLE_WIREGUARD, which practically serves the same information and allows a simpler support check.

Signed-off-by: MichaIng <micha@dietpi.com>
2020-12-14 14:54:46 +01:00
Roger Haxby
86de3eaa8c corect help on disable and enable 2020-12-10 23:59:54 +00:00
Roger Haxby
a3b7af869c more disabled in brackets 2020-12-09 23:07:28 +00:00
Orazio
dc744a9810 Fix directory and symbolic link creation when reconfiguring (writing over the same files) 2020-12-05 12:35:19 +01:00
Orazio
308affe4e9 Workaround for the following error on Ubuntu 20.04:
- /usr/bin/debconf-apt-progress: can't open /tmp/tmp.0CoNypDEPj: Permission denied at /usr/bin/debconf-apt-progress line 249, <STDIN> line 3.
    Reason: https://askubuntu.com/questions/1250974/user-root-cant-write-to-file-in-tmp-owned-by-someone-else-in-20-04-but-can-in
2020-12-05 12:35:11 +01:00
Orazio
5aac8bca84 Changed WireGuard unit path to /lib/systemd/system/wg-quick@.service
- On Raspbian, /lib is not a symbolic link to /usr/lib, so the WireGuard unit won't be found.
    Therefore changed to /lib/... (which is the default location for units of installed packages).
2020-12-05 12:35:02 +01:00
Roger Haxby
49a9314325 change to on/off for temp enable/disable 2020-11-26 15:36:00 +00:00
Orazio
3ed54bf71d Expose AllowedIPs settings inside setupVars.conf 2020-11-14 09:35:51 +01:00
Orazio
18007bb01e OpenVPN GPG key is static, so we might as well include the key in the PiVPN repo. 2020-10-27 18:40:16 +01:00
Orazio
4f9349b576 Log debconf-apt-progress output to show errors in case of failed package install 2020-10-27 08:52:51 +01:00
Jeffry Suryadharma
1ce55658aa
Update install.sh 2020-10-25 17:54:14 +07:00
Jeffry Suryadharma
f1553985a6
Update install.sh 2020-10-25 17:46:27 +07:00
Jeffry Suryadharma
915563610d
Update install.sh
add -D option because wg-quick@.service.d folder is not yet created
2020-10-25 17:37:59 +07:00
Orazio
43057b3f3b Fixed typos, clarified 'pivpn -l' text. 2020-10-24 16:00:26 +02:00
Orazio
d860f1d402 Add systemd override for wg-quick units that don't yet implement reload
- Discussed on pull request 1164
2020-10-24 13:41:07 +02:00
Orazio
9955f1fc02 Updated WireGuard module detection to accommodate different paths 2020-10-24 13:16:56 +02:00
Orazio
03f5871c71 Fixed WireGuard installation on Ubuntu when module is not built-in
- PIVPN_DEPS array should be assigned before appending to it,
    not after, to avoid overwriting existing items.
2020-09-14 16:19:40 +02:00
Orazio
551af5f351 Improved OpenVPN and WireGuard availability detection 2020-09-14 12:25:31 +02:00
stevoh6
d3992b3ff9
WireGuard on arm with Ubuntu 20.04 Focal Fosa
Allow install WireGuard on arm devices with Ubuntu 20.04 Focal Fosa
2020-09-03 12:39:26 +02:00
stevoh6
6099ea34ca
Add Ubuntu 20.04 (Focal Fossa) into supported OS 2020-08-31 21:24:47 +02:00
Orazio
139f16594d Allowing queries only from the local subnet is enough for the functionality of PiVPN.
From the man page of dnsmasq:
  --local-service
    Accept DNS queries only from hosts whose address is on a local subnet,
    ie a subnet for which an interface exists on the server. This option only
    has effect if there are no --interface, --except-interface, --listen-address
    or --auth-server options. It is intended to be set as a default on installation,
    to allow unconfigured installations to be useful but also safe from being
    used for DNS amplification attacks.
2020-07-24 14:44:59 +02:00
Orazio
0200ce545c When asking the user to upgrade the system, show the kernel package version instead of the kernel version. 2020-07-23 14:08:06 +02:00
Orazio
5b2bc9ba70 Set Pi-hole to "Listen on all interfaces, permit all origins" when using it as DNS for the VPN
- Letting dnsmasq additionally listen on a specific VPN interface when Pi-hole is
    listening on the physical interface only may be more secure than letting dnsmasq
    listen on all interfaces, however, dnsmasq will stop listening on the physical
    interface (breaking LAN resolution) if the user changes the listening behavior
    at a later time.
    For the target audience of PiVPN, it is more likely that users will set the
    listening behavior to all when deciding to use Pi-hole via VPN (which is suggested
    in the Pi-hole guide and most guides on the web), instead of digging into
    configuration file.
    This option is safe if the Raspberry Pi is inside the local network and the user
    has not forwarded port 53 on their router, which is unlikely as they are installing
    PiVPN precisely to avoid doing that.
2020-07-23 11:41:59 +02:00
Orazio
f72a531ce7 Downloading the entire unattended upgrades git release was overkill,
so now we simply copy the Raspbian config from the PiVPN repo and
provide a link to the source in the install script.
2020-07-23 11:07:19 +02:00
Orazio
8e1f53f34e Updated askAboutCustomizing() function
- Tweaked dialog text
  - Don't show dialog if runnning unattended
2020-06-08 09:38:53 +02:00
Orazio
e74ad23e8e Fixed DNS provider dialog formatting 2020-06-07 14:08:48 +02:00
Orazio
71bae41cda Simplified the OpenVPN installation flow by moving some settings behind a "customize" dialog.
Additional features could fall in there without compromising the simplicity of PiVPN.
2020-06-07 13:59:51 +02:00
Orazio
8e514a5f74 Update EasyRSA and unattended upgrades config
- EasyRSA 3.0.6 -> 3.0.7
  - Unattended upgrades config 1.16 -> 2.4
2020-06-06 15:39:37 +02:00
Orazio
ad363b717b Moved package check to relevant preconfigurePackages() function 2020-05-29 17:49:25 +02:00
Orazio
ba7c46aae8 Avoid hardcoding distribution codenames
- Actually check for apt >= 1.5 instead of checking for distributions
    known for having a newer package
2020-05-29 15:56:43 +02:00
Orazio
c8a9e2100a Changed how undocumented flags are managed
- Renamed '--i_do_not_follow_recommendations' to '--skip-space-check', since
    the argument actually skips the space check.
  - Obtain the unattended configuration dynamically, by looking at the argument
    next to '--unattended', instead of looking at the second argument, which
    was a too fragile parsing.
  - Because of the previous one, figuring out when no argument has been passed
    to '--unattended' doesn't seem trivial, because the next argument could be
    an undocumented flag as well, which would be intepreted as a filename.
2020-05-28 15:16:45 +02:00
Orazio
ba4c2c91db Allow (potentially) unsupported network interfaces via the '--show-unsupported-nics' argument 2020-05-28 13:59:18 +02:00
Orazio
61c7151e3b Create directory structure if missing
- /usr/local/src, when cloning the git repository
  - /opt (this one was already taken into account but I had accidentally
    removed the mkdir command in the previous commit).
2020-05-28 12:09:02 +02:00