IcedComputer
2e5a344c82
Fixed issue with grabbing hostname
...
Per comments and recommendations, added the "-s" when grabbing the hostname. This will ensure uniform performance across various platforms.
2019-06-20 17:37:56 -07:00
IcedComputer
ce9b8dfffc
Leverage the Hostname of the Server
...
Historic versions leveraged a format of "server_$UUID" to name of the VPN server certificate for X509 verification. This seems very impersonal. The new code pulls the existing hostname of the machines and appends the 16 character UUID. The new format is $hostname_$UUID.
Example:
A machine named "Martian" with a UUID of 1234567890123456 would change from server_1234567890123456 to Martian_1234567890123456
2019-06-19 15:48:46 -07:00
4s3ti
def92ed83d
Added support info
2019-06-06 16:59:15 +02:00
4s3ti
dafd3da38c
Merge branch 'master' into test
2019-05-14 00:15:34 +01:00
4s3ti
616c2e24c4
Removed /24, fixed issue template
2019-05-13 23:06:14 +01:00
Calvin Loncaric
1af5c26034
Flush disk writes before reboot
...
This commit introduces a `sync` call before the install script exits.
The writes that this script does during setup do not reach persistent
storage until the kernel decides to flush them. The reboot sequence
might drop those pending writes on the floor. To mitigate that
possibility (but not fully eliminate it), the script now calls `sync`,
which waits until the kernel has flushed its write cache.
2019-05-13 10:26:07 -07:00
Orazio
05d7d84809
Remove reference to a deleted file
2019-05-08 15:29:43 +02:00
Orazio
e26cef1863
Custom certificate duration and more flexible names
2019-05-08 13:01:56 +02:00
Orazio
63d3335f33
Resolved merge conflict
2019-05-03 10:26:56 +02:00
Jorge Frade
b75b36f482
Fix Easy-RSA install
...
Renamed from EasyRSA-{version}.tgz to EasyRSA-unix-v{version}.tgz
2019-04-10 17:54:31 +01:00
james-lasersoft
bd6a1e10ac
Merge pull request #711 from shian15810/master
...
Fixed rsyslog deprecated discard from ~ to stop
2019-04-10 00:41:50 -05:00
james-lasersoft
577d662a7c
Merge pull request #704 from Giraffe1966/shallow-clone
...
Use shallow clone for make_repo and update_repo.
2019-04-10 00:30:29 -05:00
Chuah Chee Shian
4f34bd3303
fixed rsyslog deprecated discard from ~ to stop
2019-04-05 00:39:00 +08:00
Giraffe1966
bbb4b1e4f3
Update easy-rsa version.
2019-03-29 23:34:37 -04:00
Giraffe1966
cc80ca16bb
Use shallow clone for make_repo and update_repo.
2019-03-29 23:15:30 -04:00
Heidenreich
ae934253f9
Updated sed insertion to fix line overwrite
2019-03-11 11:22:31 -04:00
Heidenreich
76ae525c1d
updated server.conf path
2019-03-11 10:54:54 -04:00
Alex Heidenreich
9bb82ff372
changed whiptail sizing to use PiVPN variables
2019-03-10 22:35:18 -04:00
Alex Heidenreich
9808234792
Called valid_domain function in SetCustomDomain()
2019-03-10 22:33:20 -04:00
Alex Heidenreich
0cd9e0deb6
Added function valid_domain to check user input of custom domain
2019-03-10 20:06:49 -04:00
Alex Heidenreich
3a0d6b1b47
Fixed server.conf path
2019-03-10 14:02:37 -04:00
Alex Heidenreich
3364f76790
Added procedure to allow users to set custom search domain.
2019-03-10 13:55:14 -04:00
Alex Heidenreich
24db1bc2e2
Initial commit with comment
2019-03-05 11:32:49 -05:00
Orazio
e3f729f260
General fixes and improvements
2019-03-03 10:18:45 +01:00
Orazio
375faa6398
Update install.sh
2018-10-19 22:04:30 +01:00
Orazio
30f8508055
Update install.sh
2018-10-19 22:04:30 +01:00
Orazio
cb169bcb0c
Update install.sh
2018-10-19 22:04:30 +01:00
Orazio
dd26662fdf
Update install.sh
2018-10-12 21:06:11 +02:00
Orazio
66a937f04d
Update install.sh
2018-09-04 14:38:21 +02:00
Orazio
f02f57d721
Update install.sh
2018-09-04 12:06:52 +02:00
redfast00
de76940b65
Merge pull request #554 from Giraffe1966/issue-552
...
Fix issue #552 (remove dead code)
2018-08-15 21:17:33 +02:00
redfast00
18bfa927da
Fix typo, fix #429
2018-08-15 21:15:24 +02:00
redfast00
da33c83ac4
Merge pull request #582 from alexisespinosa/master
...
Create TWO_POINT_FOUR file when running unattended
2018-08-15 20:30:25 +02:00
redfast00
028805211e
Merge pull request #562 from marvinlehmann/master
...
Use latest DH parameter service API
2018-08-15 20:20:53 +02:00
Alexis Espinosa Perez
a8b3428744
Create TWO_POINT_FOUR file when running unattended
2018-08-15 11:06:12 -05:00
Marvin Lehmann
e4067949d5
Use latest DH parameter service API
...
More information at https://2ton.com.au/safeprimes/
2018-07-18 23:01:36 +02:00
Giraffe1966
58fcaafcf1
Fix issue #552 .
2018-07-02 17:34:26 -04:00
pfg
79d4245edb
Fix spacing
2018-05-29 14:19:16 -07:00
pfg
fb604cdc7f
Actually do it right
2018-05-29 14:17:55 -07:00
Piero
33e7ef0c91
Several changes
2018-04-02 12:07:58 +02:00
justinamcafee
9749257e08
Updated install.sh
...
Added support for FamilyShield DNS from OpenDNS/CISCO
2018-03-09 11:32:14 -06:00
Piero
4b47b5aa61
2.4
2018-02-15 10:14:03 +01:00
redfast00
c7dfe6283a
Merge pull request #379 from jellemdekker/fix/remove-excess-code
...
Removed excess code
2017-12-16 22:07:10 +01:00
Jelle Dekker
9f46f1ef91
Removed call to deleted method.
2017-10-11 22:55:58 -05:00
cfcolaco
89a928e7c4
fixed (more) Typos and sentences
2017-10-08 20:10:57 +01:00
cfcolaco
664087bf92
fixed typo
2017-10-08 19:47:30 +01:00
cfcolaco
c1918417d6
added support to Stretch, removed useless code, added info about stretch support
2017-10-08 18:27:43 +01:00
cfcolaco
29a5dbb22b
Revert "Revert "Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes""
...
This reverts commit 6e8d6d24b5
.
2017-10-08 13:19:01 +01:00
cfcolaco
6e8d6d24b5
Revert "Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes"
...
This reverts commit 2626127be1
.
2017-10-08 13:08:57 +01:00
cfcolaco
2626127be1
Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes
2017-10-08 12:54:24 +01:00
cfcolaco
a5258d9f3c
Merging master comits into testing
2017-10-08 11:26:42 +01:00
Jelle Dekker
14b13d3a41
Removed the previously commented-out code.
2017-09-23 19:17:35 -05:00
redfast00
a8deeaf18b
Merge pull request #363 from jellemdekker/fix/improve-dh-selection-menu
...
Improved encryption strength selection menu
2017-09-24 01:16:33 +02:00
redfast00
009e4b3023
Merge pull request #362 from jellemdekker/feature/randomize-server-name
...
Randomize server Common Name for added security
2017-09-24 01:13:34 +02:00
redfast00
003b27362f
Merge pull request #361 from jellemdekker/feature/generate-crl-during-installation
...
Generate and activate CRL during installation
2017-09-24 01:12:05 +02:00
Jelle Dekker
c81e793c6c
Removed punctuation in list items.
2017-09-23 15:16:06 -05:00
Jelle Dekker
f5c05715de
Added sudo -E.
2017-09-23 14:35:46 -05:00
Jelle Dekker
4e77245a97
Commented out code related to adding a route to the remote subnet (e.g. 192.168.0.0).
2017-09-22 16:03:38 -05:00
Jelle Dekker
7b6a358779
Modified the messages when PiVPN installation completes and client profiles are generated, so the user knows to generate a client profile per each device he/she wants to connect to the VPN with.
2017-09-22 14:11:23 -05:00
Jelle Dekker
30920115b3
Implemented that a Certificate Revocation List is generated during installation after generation of other Public Key Infrastructure. Enabled this CRL in the server config. The added benefit of this is that whenever the user now revokes a client, the change is instant. Whereas before, the first time a client was revoked, the OpenVPN server had to be restarted to enabled the then-newly-generated CRL. This change also makes the file /etc/pivpn/REVOKE_STATUS obsolete.
...
Documentation: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
2017-09-22 02:46:52 -05:00
Jelle Dekker
8910545d90
Fixed a couple of typos.
2017-09-22 02:17:53 -05:00
Jelle Dekker
d1652a03b1
The SERVER_NAME variable is used in a 'verify-x509-name' check to allow the client to verify it is talking to the correct server. However, its value was always equal to 'server'. This wasn't unique for each installation and therefore provided no additional safety check. So I've modified it to be random for each installation of PiVPN. Additionally, the variable is now actually being used when specifying the server name in the build-server-full command.
...
Source for obtaining a random UUID (thank you): Earthgecko (https://gist.github.com/earthgecko/3089509 )
2017-09-21 14:39:16 -05:00
Jelle Dekker
7cf5c19789
Changed the display order of the DH options (default value is still 2048 bits) and added a warning for 1024 bits.
2017-09-20 23:24:57 -05:00
cfcolaco
fbec57d1fd
changed to new openvpn repos
2017-06-29 12:03:47 +01:00
David Quattlebaum
5c4a51b695
Final testing passed
...
Changes:
- Document that Devuan is supported.
- Use special PLAT name, Raspvuan for Pi version
- Use service command for any *vuan PLAT, systemd is no on any
Devuan.
- add net-tools to PIVPN_DEPS
2017-06-06 18:27:23 -04:00
David Quattlebaum
2eb11cad0c
changes for devuan
...
- To simplify further additions to PLAT or OSCN, use
the case command for checking
- Treat Devuan as Debian
- Add /sbin:/usr/sbin to PATH before calling ifconfig
- Ensure net-tools is installed so we have ifconfig
2017-06-04 16:18:26 -04:00
Jelle Dekker
d5f0a81f80
Clearly indicate that a user selects a list item with the space bar.
2017-04-17 15:49:52 +02:00
EWouters
ff97f40ecf
Fix: mkdir: cannot create directory ‘/home/$pivpnUser/ovpns’: File exists
2017-03-22 13:47:55 +13:00
EWouters
cd4d13691d
fixed check for when both nopass and a password argument are passed to the script
2017-03-16 22:25:17 +13:00
EWouters
27c34aa297
Removed -p flag to create home dir
...
As described in #165 ( fc14664
) it is not desirable.
2017-03-15 17:24:42 +13:00
EWouters
75b7995a87
Removed SERVER_NAME parameter
...
because it is hardcoded as "server" in other scripts
2017-03-15 02:40:39 +13:00
EWouters
277a212a8f
tabs to spaces
2017-03-14 15:39:53 +13:00
EWouters
097145392c
set -e and set +e around line 800 to 815
...
I am not sure why this statement does not work with -e. We can also
remove the set -e statement altogether.
2017-03-14 15:39:07 +13:00
EWouters
7315353179
Moved echo to file statements to front, add missing
...
fixed a typo
replaced tabs with spaces
2017-03-14 15:25:39 +13:00
EWouters
5b5129f1bc
fix: cp: cannot stat ‘/tmp/pivpnINT’: No such file
2017-03-14 14:26:22 +13:00
EWouters
2a639e753e
Fixed sed command and mkdir if folder exists
2017-03-14 10:48:16 +13:00
EWouters
71021d6ffa
Added all parameters, initial testing done
2017-03-13 19:44:29 +13:00
EWouters
5db23185fd
Added pi-hole's undocumented flags
...
UNTESTED!
2017-03-13 17:00:28 +13:00
Kaladin Light
faaabe4c0e
Fixes Issue #195
2017-01-28 13:58:10 -05:00
Kaladin Light
dc9924f147
Have debug work without being root
2017-01-27 17:46:34 -05:00
Kaladin Light
5ce48cbaaf
Trying to ensure interface is set, maybe related to iptables issues.
...
If not, we at least will see in pivpnDebug output now.
2017-01-27 15:42:42 -05:00
redfast00
b727fa3970
Fix-189
2017-01-22 12:44:36 +01:00
Kaladin Light
df16e8dd59
Fixes Issue #173 and #174
2016-12-25 18:06:32 -05:00
Kaladin Light
371f339fed
Rework things
2016-12-24 00:20:45 -05:00
Kaladin Light
22b5bfef68
Add fix iptables help to debug script (1/2)
2016-12-11 13:36:14 -05:00
Kaladin Light
6b406ffb27
Fix type for moving client script
2016-12-11 10:04:33 -05:00
Kaladin Light
eaf78ab6bb
Try to fix apt errors now. If we can't then exit so the user can address.
2016-12-10 00:58:36 -05:00
Bastiaan Nelissen
6e3ad10a80
fixed download location
...
fixed easy-rsa download location
Conflicts:
auto_install/install.sh
2016-12-08 18:37:22 -05:00
Bastiaan Nelissen
98d63b7bd0
fixed wget command
...
wget was targeted to a directory instead of a file
2016-12-08 18:31:43 -05:00
Kaladin Light
07cdc2771b
Fix new clients command
2016-12-08 12:18:21 -05:00
Kaladin Light
da5facecbc
Add 'pivpn clients' command to show list of connected clients
2016-12-08 11:43:30 -05:00
Kaladin Light
6c456d3b90
Minor fixes for couple issues
2016-12-07 13:03:32 -05:00
Kaladin Light
26152889f6
Testing a failure
2016-12-07 11:55:36 -05:00
Kaladin Light
082200ba7c
More adjustments/fixes for easy-rsa3
2016-12-05 15:54:54 -05:00
Kaladin Light
a503fa7f93
Ensure openvpn doesn't install easy-rsa now
2016-12-05 15:35:47 -05:00
Kaladin Light
ff1ade9e9f
Bug fixes for easyrsa3 modifications
...
Cleanup chooseUser function and fix issue with creating a user
password not being set correctly.
2016-12-05 14:55:30 -05:00
Kaladin Light
27e0fa8bb5
Ensure we don't get prompted for confirmation on init-pki
2016-12-05 12:13:09 -05:00
Kaladin Light
0b96cae1a3
Phase 1 (of 3?): Server modifications for easy-rsa3
2016-12-04 00:20:37 -05:00
Kaladin Light
f61b26f669
Small adj
2016-11-22 23:47:09 -05:00
Kaladin Light
083de9336d
Can't use nslookup if it isn't installed yet...
2016-11-22 23:18:24 -05:00
Kaladin Light
542bcda9a1
Don't assume user's DNS is their gateway. Use what they have.
2016-11-22 13:23:51 -05:00
Kaladin Light
1cada67979
Don't like the install log, get rid of for now
2016-11-19 16:26:40 -05:00
Kaladin Light
5e29fdf3fb
Help debugging with install log
2016-11-19 15:52:13 -05:00
Kaladin Light
7f662ad13d
Hopefully Fixes Issue #153
2016-11-18 17:22:36 -05:00
Kaladin Light
cf9f052445
Update to setStaticIPv4 function
2016-11-10 12:25:31 -05:00
Kaladin Light
d844f874a3
Update to getStaticIPv4Settings function
2016-11-10 12:18:17 -05:00
Kaladin Light
b2362ab591
Update to chooseInterface function
2016-11-10 11:13:31 -05:00
Kaladin Light
4516137dca
Minor updates to some checks.
2016-11-10 10:51:19 -05:00
Kaladin Light
02bf7c0ad8
Fix apt-get switches to not generate unexpected output
2016-11-09 22:33:21 -05:00
Kaladin Light
6997a0b9a7
Fixes Issue #71 :
...
- Uses network address instead of IP in the push route to avoid warnings
- If a second DNS is not entered, remove second occurence of the dhcp-option DNS
2016-11-09 15:02:40 -05:00
Kaladin Light
67722ca7f4
Once again pi-hole had a more robust stty setup so lets borrow that :)
2016-11-08 12:03:42 -05:00
Kaladin Light
7c64afdc92
Get rows/cols with stty instead of tput
2016-11-07 22:49:00 -05:00
redfast00
6d1f6f6f07
Fixes #142
2016-11-05 14:42:37 +01:00
redfast00
460c575dfc
Now prompts user to create new non-root user if no user is found
2016-10-27 15:45:02 +02:00
redfast00
1cdd5d1494
Cleanup ( #111 )
...
* Tab completion for nopass, no further completion after one argument
* Cleaned up install.sh
2016-10-25 20:11:32 +02:00
redfast00
d900efe49b
Fix-110: iptables-save now actually saves the iptables
2016-10-23 11:29:46 +02:00
Shaun Grady
1a4e9cdb66
Explain DH param download in greater detail ( #129 )
...
* Explain DH param download in greater detail
- Change default from "no" to "yes," since it's perfectly safe more 99%
of users
- Be a bit more specific about what "a long time" means
- Provide a bit of information about the service
- Provide a link to read more about the server
* Revert to defaulting no to downloading DH params
2016-10-22 20:33:42 +02:00
Shaun Grady
b03cb8753f
Randomize DH params fetched from 2ton.com.au
...
Fetch random DH params from the last 128 generated by 2ton.com.au. This
will reduce the likelihood that multiple installs in short period of
time will share the same DH params.
2016-10-20 16:21:28 -07:00
Miguel Priede
7ac0a3aada
Update install.sh for #124
...
Parenthesis fault...
2016-10-19 06:51:30 +02:00
redfast00
4681cf29fe
Whoops, fixed now
2016-10-18 19:30:02 +02:00
0-kaladin
eba2d80bf3
Merge pull request #104 from redfast00/feature/download-dh
...
Added option to download DH parameters
2016-10-09 21:53:22 -04:00
redfast00
88e980534e
Added option to download DH parameters
2016-10-09 18:37:28 +02:00
redfast00
bee837790a
Fixes #100
2016-10-09 18:27:45 +02:00
Stephen KINGER
ac28a7c3e4
Set default ports as 1194 for UDP and 443 port for TCP
2016-10-09 13:40:19 +02:00
redfast00
cf5ba27a21
Added message about TCP
2016-10-09 12:30:13 +02:00
Stephen KINGER
e541fd39ac
Update the unisntall script, OK.
2016-09-28 17:09:04 +02:00
Stephen KINGER
a7c9a35352
/feature/add_tcp_option
...
Adding a correct tcp option
2016-09-27 14:24:14 +02:00
Kaladin Light
8f09ee9afd
Fixes for Debian support
2016-05-25 17:58:08 -04:00
Kaladin Light
3c0d0cb176
Ensure debian and ubuntu get openvpn from the openvpn repo so they don't get an old server version
2016-05-25 17:41:42 -04:00
Kaladin Light
0fbc99e0b7
Fixes for UFW
2016-05-15 23:36:40 -04:00
Kaladin Light
f0d92ab8df
Fix raspbian os detection
...
when doesn't it have lsb-release!?
2016-05-15 21:43:32 -04:00
Kaladin Light
2aad7f3c59
fix minor issue on lsb_release
2016-05-15 17:02:03 -04:00
Kaladin Light
3916acf665
Support reverting UFW changes on uninstall
2016-05-15 16:57:42 -04:00
Kaladin Light
d096335d5f
update lsb_release to use hash instead of which
2016-05-15 12:29:05 -04:00
Kaladin Light
5d9580fbdd
Adding support for UFW if enabled over raw iptables
2016-05-14 22:42:39 -04:00
Kaladin Light
2f3540b898
Robustize OS Detection.
...
This is framework needed to support Ubuntu 16.04 which
is coming in a future commit.
2016-05-10 11:49:29 -04:00
Kaladin Light
0277054de1
Ubuntu uses openvpn repo to get newer version and...
...
clients get two more security parameters to harden connection further and...
hopefully fix use of testing branch and...
why is there no modern Road Rash game, that was the best.
2016-05-07 12:33:52 -04:00
Kaladin Light
dea112f50f
Fixes #23 , enhance 'pivpn add', minor bug fixes & other enhancements
2016-05-05 21:04:57 -04:00
Kaladin Light
5b6627eaf8
Minor fixes, one for ubuntu only
2016-05-03 12:34:04 -04:00
Kaladin Light
6f7d8092d5
Add call to confUnattendedUpgrades function
2016-05-03 10:34:57 -04:00
Kaladin Light
bf81405d6c
Resolves #19 - Implement unattended-upgrade option for users
2016-05-03 10:32:17 -04:00
Kaladin Light
6956fcb99b
Implement the "planetahuevo enhancement", IE the ability to
...
generate a client cert with no password. Run 'pivpn add nopass'
2016-04-30 23:37:27 -04:00
Kaladin Light
6032aa7f2e
Give user chance to confirm DNS name. Just in case they fat-fingered.
2016-04-30 16:00:02 -04:00
Kaladin Light
2ee04c6c9b
Missed dependency for new 'pivpn add' requirements
2016-04-30 14:40:43 -04:00
Kaladin Light
582e923bc8
Old QA team was fired. New team found this issue
...
with DNS not being set if you non default and were not root user.
2016-04-29 19:18:05 -04:00
Kaladin Light
c7caf8db35
Init cert values
...
Clean up encryption list
(don't play in the master branch kids, bad things happen)
2016-04-29 16:59:07 -04:00
Kaladin Light
7076c5990a
Minor fix
2016-04-29 16:25:46 -04:00
Kaladin Light
0649c5da66
Closes #17
...
Cause people cared more than I thought they would.
(and that's a good thing)
2016-04-29 13:18:28 -04:00
Kaladin Light
03190d336f
Allow user to pick 4096 key for paranoid mode.
...
Fixes Issue #18
2016-04-29 10:15:43 -04:00
Kaladin Light
c553311efe
Last commit that fixes #10
2016-04-28 21:58:54 -04:00
Kaladin Light
63970e2678
Validate Custom Port input
...
This is part of Issue #10
2016-04-27 22:13:00 -04:00
Kaladin Light
ca42ff9621
Fixes #13
...
ubuntu openvpn is < 2.3.4
2016-04-27 20:54:51 -04:00
Kaladin Light
cad82d6dbf
Fix testing scenario
2016-04-23 20:35:49 -04:00
Kaladin Light
204011ef0a
Give users moar options in client dns.
...
Level up sed skillz
2016-04-23 18:18:48 -04:00
Kaladin Light
fa60d29aa3
Get install working on ubuntu
2016-04-22 15:16:48 -04:00
Kaladin Light
60ab6c057a
More fixes for non-root installs
2016-04-21 12:50:15 -04:00
Kaladin Light
04eb49116f
fix for non sudo user install
2016-04-21 12:28:48 -04:00
Kaladin Light
0b50af3ea2
Minor Adjustments
2016-04-21 11:59:18 -04:00
Kaladin Light
9ca5425c26
need to init OVPNDNS
2016-04-21 11:43:28 -04:00
Kaladin Light
3f3ebc48a0
Get install to work as non-root user
2016-04-21 09:37:27 -04:00
Kaladin Light
a9b230d1cb
Use modified server cert names in the conf file
2016-04-20 22:43:16 -04:00
Kaladin Light
cc94d11d0b
Add some newlines
2016-04-20 20:48:52 -04:00
Kaladin Light
0a06fbd6a8
Fixes
2016-04-20 20:20:52 -04:00
Kaladin Light
3d4a005067
Fix KEY_ALTNAMES
...
(no idea why this is complaining now...)
2016-04-20 18:00:47 -04:00
Kaladin Light
57a8967b62
Fixes during testing
2016-04-20 17:33:54 -04:00
Kaladin Light
ebdb9f9b1f
More certificate name information work
2016-04-20 15:36:27 -04:00
Kaladin Light
719dfef7ae
Allow user to set DNS server clients will use
2016-04-20 12:10:06 -04:00
Kaladin Light
6b6536b779
Allow user to change default OpenVPN port
2016-04-20 11:16:50 -04:00
Kaladin Light
4e56c08140
Fix URLs
2016-04-19 21:49:34 -04:00
Kaladin Light
4cfab547e0
Allow user to input certificate values
2016-04-19 19:06:44 -04:00
Kaladin Light
53565dd4fe
First commit of reworked installer
2016-04-19 14:01:55 -04:00