Commit graph

977 commits

Author SHA1 Message Date
Orazio
32bd1c628a
Update LatestUpdate.md 2020-07-24 18:52:57 +02:00
Orazio
139f16594d Allowing queries only from the local subnet is enough for the functionality of PiVPN.
From the man page of dnsmasq:
  --local-service
    Accept DNS queries only from hosts whose address is on a local subnet,
    ie a subnet for which an interface exists on the server. This option only
    has effect if there are no --interface, --except-interface, --listen-address
    or --auth-server options. It is intended to be set as a default on installation,
    to allow unconfigured installations to be useful but also safe from being
    used for DNS amplification attacks.
2020-07-24 14:44:59 +02:00
Orazio
4fc2fbf0ef
Redirect is not required when using direct link 2020-07-23 16:38:58 +02:00
Orazio
5602922c24
Update README.md 2020-07-23 16:05:14 +02:00
Orazio
85478aaea0 Disallow integers as client names to avoid ambiguity when removing a client by index. 2020-07-23 14:50:59 +02:00
Orazio
0200ce545c When asking the user to upgrade the system, show the kernel package version instead of the kernel version. 2020-07-23 14:08:06 +02:00
Orazio
5b2bc9ba70 Set Pi-hole to "Listen on all interfaces, permit all origins" when using it as DNS for the VPN
- Letting dnsmasq additionally listen on a specific VPN interface when Pi-hole is
    listening on the physical interface only may be more secure than letting dnsmasq
    listen on all interfaces, however, dnsmasq will stop listening on the physical
    interface (breaking LAN resolution) if the user changes the listening behavior
    at a later time.
    For the target audience of PiVPN, it is more likely that users will set the
    listening behavior to all when deciding to use Pi-hole via VPN (which is suggested
    in the Pi-hole guide and most guides on the web), instead of digging into
    configuration file.
    This option is safe if the Raspberry Pi is inside the local network and the user
    has not forwarded port 53 on their router, which is unlikely as they are installing
    PiVPN precisely to avoid doing that.
2020-07-23 11:41:59 +02:00
Orazio
f72a531ce7 Downloading the entire unattended upgrades git release was overkill,
so now we simply copy the Raspbian config from the PiVPN repo and
provide a link to the source in the install script.
2020-07-23 11:07:19 +02:00
Orazio
4b239cfdc6
Merge pull request #1087 from gizmocuz/ft-index
Feature: Add Index based option for remove/qr commands
2020-07-23 10:44:15 +02:00
Orazio
ed12e5f14c
Merge pull request #1091 from gi8lino/master
add parameter to force remove profile
2020-07-21 15:15:22 +02:00
giotto
689b77b73e
lgtm
Co-authored-by: Orazio <orazioedoardo@users.noreply.github.com>
2020-07-19 21:46:18 +02:00
gi8
aa297e5296 add parameter to force remove profile 2020-07-16 15:01:27 +02:00
gi8
92f900637e rename param -f|--force to -y|--yes 2020-07-16 15:00:35 +02:00
Rob Peters
960a084866 Better list presentation 2020-07-14 13:27:40 +02:00
giotto
c1dc825ace
add parameter to force remove profile 2020-07-11 21:38:11 +02:00
GizMoCuz
e6b081e0f9 Added missing regex 2020-07-08 16:43:32 +02:00
GizMoCuz
7aa91fc67a Removed middle-dot in print function 2020-07-08 16:36:50 +02:00
GizMoCuz
c00e208286 Add Index for OpenVPN remover command 2020-07-08 16:36:23 +02:00
GizMoCuz
934aff8871 Add Index for Wireguard remove/qr commands 2020-07-08 15:32:19 +02:00
Orazio
b2ab7fc862 Fix change from pull request #1000 that prevented 'pivpn -l' to show revoked client names 2020-06-09 15:45:38 +02:00
Orazio
2028f0be3f Update LatestUpdate.md 2020-06-09 13:56:58 +02:00
Orazio
9d0ed1ec00 Remove just the MASQUERADE line, not the whole NAT section of the UFW configuration.
- The sed command would not work if there were other user-defined rules or if
    another VPN was installed.
2020-06-09 13:17:02 +02:00
Orazio
de127173dd Less fragile way to add and remove clients (issue #1050) 2020-06-09 12:25:41 +02:00
Orazio
b829bc09f1
Merge pull request #1065 from Hir0-84/enhancement/issue_no281
Fix issue pivpn#281
2020-06-08 09:42:16 +02:00
Orazio
8e1f53f34e Updated askAboutCustomizing() function
- Tweaked dialog text
  - Don't show dialog if runnning unattended
2020-06-08 09:38:53 +02:00
Hìr0
e7df6752cd #281 CHANGED Minor changes after cross-check 2020-06-07 16:09:55 +02:00
Orazio
e74ad23e8e Fixed DNS provider dialog formatting 2020-06-07 14:08:48 +02:00
Orazio
71bae41cda Simplified the OpenVPN installation flow by moving some settings behind a "customize" dialog.
Additional features could fall in there without compromising the simplicity of PiVPN.
2020-06-07 13:59:51 +02:00
Orazio
8e514a5f74 Update EasyRSA and unattended upgrades config
- EasyRSA 3.0.6 -> 3.0.7
  - Unattended upgrades config 1.16 -> 2.4
2020-06-06 15:39:37 +02:00
Hìr0
46c463d1d5 Fix issue pivpn#281 2020-06-01 00:39:18 +02:00
Orazio
ad363b717b Moved package check to relevant preconfigurePackages() function 2020-05-29 17:49:25 +02:00
Orazio
427c484cac Updated backup scripts for dual VPN 2020-05-29 17:46:04 +02:00
Orazio
ba7c46aae8 Avoid hardcoding distribution codenames
- Actually check for apt >= 1.5 instead of checking for distributions
    known for having a newer package
2020-05-29 15:56:43 +02:00
Orazio
8cf9f108f9 Merge branch 'test' of https://github.com/pivpn/pivpn into test 2020-05-29 15:21:45 +02:00
Orazio
2ba06af03d
Merge pull request #1060 from orazioedoardo/test
Improved dual VPN uninstallation, remove duplicate code/script
2020-05-29 15:21:17 +02:00
Orazio
c8a9e2100a Changed how undocumented flags are managed
- Renamed '--i_do_not_follow_recommendations' to '--skip-space-check', since
    the argument actually skips the space check.
  - Obtain the unattended configuration dynamically, by looking at the argument
    next to '--unattended', instead of looking at the second argument, which
    was a too fragile parsing.
  - Because of the previous one, figuring out when no argument has been passed
    to '--unattended' doesn't seem trivial, because the next argument could be
    an undocumented flag as well, which would be intepreted as a filename.
2020-05-28 15:16:45 +02:00
Orazio
ba4c2c91db Allow (potentially) unsupported network interfaces via the '--show-unsupported-nics' argument 2020-05-28 13:59:18 +02:00
Orazio
61c7151e3b Create directory structure if missing
- /usr/local/src, when cloning the git repository
  - /opt (this one was already taken into account but I had accidentally
    removed the mkdir command in the previous commit).
2020-05-28 12:09:02 +02:00
Orazio
823afa3fbb Improved dual VPN uninstallation, remove duplicate code/script
- Allow using 'pivpn vpn -u' to directly uninstall VPN 'vpn'
  - Also allow using 'pivpn -u' with two VPNs (will present a dialog).
  - During uninstall, ask which VPN to remove only if there are two VPNs
  - PiVPN git repo will be downloaded to '/usr/local/src/pivpn'. All scripts
    in /opt/pivpn, the main pivpn script and the bash completion file,
    are now just symbolic links. Resolves issue #695.
  - Remove unused call to updateWireGuard().
2020-05-27 16:36:26 +02:00
Orazio
1dc10e7d54
Merge pull request #1054 from shelleycat485/test
Tidy dual VPN protocol install
2020-05-26 09:55:22 +02:00
shelleycat485
3f1b2ba576 put repository back to pivpn/pivpn 2020-05-25 15:54:39 +01:00
shelleycat485
6cfe936f55 self_check assign parameter 2020-05-25 15:43:31 +01:00
shelleycat485
15804dff39 selfcheck checks one VPN type again 2020-05-25 15:24:50 +01:00
Orazio
f06f6d7920 Temporarily disable 'pivpn -up' until a proper update strategy is defined
- 'pivpn -up' pulls the latest scripts from github, however, as of now, its usefulness
    is limited since usually a change in those scripts is a result of a change in the
    installation process, and those changes can't be applied to an older installation.
2020-05-25 10:14:15 +02:00
Orazio
5dc7ac2a38 Fix issue #1047 2020-05-23 15:26:03 +02:00
Orazio
3ec566c762 Fix issue #1015 2020-05-23 15:12:14 +02:00
Orazio
2913f2701f Fix issue #1037 2020-05-23 11:08:51 +02:00
shelleycat485
aa959ac9e3
Update README.md
Mention dual protocols less prominently, its not a major use case
2020-05-22 17:51:17 +01:00
shelleycat485
4ac2855990
Update install.sh
remove refs to /etc/pivpn/setupVars in selfcheck and debug scripts
tidy indenting
on install, check if symlink already exists before making one to avoid error
uninstall indicates which vpns are available for uninstall
selfcheck checks both protocols if both present
install - additional text in reconfigure saying 2nd protocol can be added
change to use pivpn ovpn instaed of pivpn opv when dual protocols exist
2020-05-22 17:47:01 +01:00
shelleycat485
b0c473c9cc self check better check of incompatible versions 2020-05-22 15:26:05 +00:00