Commit graph

713 commits

Author SHA1 Message Date
Orazio
a52e53d123 'sudo mktemp' creates file with 0600 mode, which means we need root to read it. 2020-12-14 15:15:29 +01:00
4s3ti
13e10cfe35 Merge branch 'test' of ssh://github.com/pivpn/pivpn into test 2020-12-09 19:23:38 +01:00
4s3ti
ff0ac0304c ProBot Stale
Added probot integration to marke topics as inactives and automatically
close them.
read .github/stale.yml for more details.
2020-12-09 19:22:29 +01:00
Orazio
418a857921 Merge branch 'test' of https://github.com/pivpn/pivpn into test 2020-12-05 12:38:25 +01:00
Orazio
dc744a9810 Fix directory and symbolic link creation when reconfiguring (writing over the same files) 2020-12-05 12:35:19 +01:00
Orazio
308affe4e9 Workaround for the following error on Ubuntu 20.04:
- /usr/bin/debconf-apt-progress: can't open /tmp/tmp.0CoNypDEPj: Permission denied at /usr/bin/debconf-apt-progress line 249, <STDIN> line 3.
    Reason: https://askubuntu.com/questions/1250974/user-root-cant-write-to-file-in-tmp-owned-by-someone-else-in-20-04-but-can-in
2020-12-05 12:35:11 +01:00
Orazio
5aac8bca84 Changed WireGuard unit path to /lib/systemd/system/wg-quick@.service
- On Raspbian, /lib is not a symbolic link to /usr/lib, so the WireGuard unit won't be found.
    Therefore changed to /lib/... (which is the default location for units of installed packages).
2020-12-05 12:35:02 +01:00
4s3ti
df10cdded3 New pivpn status page
Changed status page on README.md,
new status page at https://status.pivpn.io
2020-12-02 23:25:34 +01:00
Orazio
3ed54bf71d Expose AllowedIPs settings inside setupVars.conf 2020-11-14 09:35:51 +01:00
Orazio
443ef51e29
Update LatestUpdate.md 2020-11-04 11:45:36 +01:00
Orazio
18007bb01e OpenVPN GPG key is static, so we might as well include the key in the PiVPN repo. 2020-10-27 18:40:16 +01:00
Orazio
7f1c5ba33c Save debug to /tmp/debug.log for WireGuard too, do not use temporary file to redact IPs in the OpenVPN log. 2020-10-27 12:19:46 +01:00
Orazio
8b69904b69 Moved Telekom Hybrid help to the wiki:
-  https://github.com/pivpn/pivpn/wiki/OpenVPN#trouble-with-telekom-hybrid
2020-10-27 09:03:34 +01:00
Orazio
4f9349b576 Log debconf-apt-progress output to show errors in case of failed package install 2020-10-27 08:52:51 +01:00
Orazio
bfe611dbf1
Merge pull request #1168 from jeffrysurya/test
add -D to create the folder
2020-10-25 19:07:13 +01:00
Jeffry Suryadharma
1ce55658aa
Update install.sh 2020-10-25 17:54:14 +07:00
Jeffry Suryadharma
f1553985a6
Update install.sh 2020-10-25 17:46:27 +07:00
Jeffry Suryadharma
915563610d
Update install.sh
add -D option because wg-quick@.service.d folder is not yet created
2020-10-25 17:37:59 +07:00
Orazio
43057b3f3b Fixed typos, clarified 'pivpn -l' text. 2020-10-24 16:00:26 +02:00
Orazio
9f057df25f
Merge pull request #1165 from xptsp/test
Handles special characters better
2020-10-24 13:51:20 +02:00
Orazio
d860f1d402 Add systemd override for wg-quick units that don't yet implement reload
- Discussed on pull request 1164
2020-10-24 13:41:07 +02:00
Orazio
9955f1fc02 Updated WireGuard module detection to accommodate different paths 2020-10-24 13:16:56 +02:00
Douglas Orend
22cb5ee0ef
Update removeOVPN.sh
This commit allows PiVPN scripts to revoke certificates with common names like "José" better. Prior to this commit, names like "José" could not be revoked using PiVPN tools.
2020-10-20 11:00:35 -05:00
Douglas Orend
5d2761b94b
Update listOVPN.sh
This commit allows PiVPN scripts to display certificates with common names like "José" better. Prior to this commit, names like "José" would be shown as "Jos\xC3\xA9".
2020-10-20 10:57:28 -05:00
Orazio
63733b44a5 Reload WireGuard instead of restarting so it doesn't kick existing clients 2020-10-03 10:20:40 +02:00
Orazio
77e75829ea
Merge pull request #1139 from LLautenbacher/feature/show_expired_cert
Showing expired certificates as such.
2020-10-01 13:46:26 +02:00
Ludwig Lautenbacher
1cc66efba6 fixed formatting 2020-10-01 13:40:49 +02:00
Ludwig Lautenbacher
66536272be clean up formattting of Expired certificates 2020-10-01 13:24:02 +02:00
Ludwig Lautenbacher
0fb22bd15f dump easyrsa output to /dev/null 2020-10-01 13:23:31 +02:00
Orazio
0a65da1184
Moved several paragraphs to the wiki 2020-09-14 17:00:35 +02:00
Orazio
03f5871c71 Fixed WireGuard installation on Ubuntu when module is not built-in
- PIVPN_DEPS array should be assigned before appending to it,
    not after, to avoid overwriting existing items.
2020-09-14 16:19:40 +02:00
Orazio
551af5f351 Improved OpenVPN and WireGuard availability detection 2020-09-14 12:25:31 +02:00
Ludwig Lautenbacher
5c26782925 Showing expired certificates as such. 2020-09-10 14:55:35 +02:00
Orazio
e64f14271e
Merge pull request #1132 from stevoh6/master
Add Ubuntu 20.04 (Focal Fossa) into supported OS
2020-09-03 15:15:53 +02:00
stevoh6
d3992b3ff9
WireGuard on arm with Ubuntu 20.04 Focal Fosa
Allow install WireGuard on arm devices with Ubuntu 20.04 Focal Fosa
2020-09-03 12:39:26 +02:00
stevoh6
6099ea34ca
Add Ubuntu 20.04 (Focal Fossa) into supported OS 2020-08-31 21:24:47 +02:00
Orazio
32bd1c628a
Update LatestUpdate.md 2020-07-24 18:52:57 +02:00
Orazio
139f16594d Allowing queries only from the local subnet is enough for the functionality of PiVPN.
From the man page of dnsmasq:
  --local-service
    Accept DNS queries only from hosts whose address is on a local subnet,
    ie a subnet for which an interface exists on the server. This option only
    has effect if there are no --interface, --except-interface, --listen-address
    or --auth-server options. It is intended to be set as a default on installation,
    to allow unconfigured installations to be useful but also safe from being
    used for DNS amplification attacks.
2020-07-24 14:44:59 +02:00
Orazio
4fc2fbf0ef
Redirect is not required when using direct link 2020-07-23 16:38:58 +02:00
Orazio
5602922c24
Update README.md 2020-07-23 16:05:14 +02:00
Orazio
85478aaea0 Disallow integers as client names to avoid ambiguity when removing a client by index. 2020-07-23 14:50:59 +02:00
Orazio
0200ce545c When asking the user to upgrade the system, show the kernel package version instead of the kernel version. 2020-07-23 14:08:06 +02:00
Orazio
5b2bc9ba70 Set Pi-hole to "Listen on all interfaces, permit all origins" when using it as DNS for the VPN
- Letting dnsmasq additionally listen on a specific VPN interface when Pi-hole is
    listening on the physical interface only may be more secure than letting dnsmasq
    listen on all interfaces, however, dnsmasq will stop listening on the physical
    interface (breaking LAN resolution) if the user changes the listening behavior
    at a later time.
    For the target audience of PiVPN, it is more likely that users will set the
    listening behavior to all when deciding to use Pi-hole via VPN (which is suggested
    in the Pi-hole guide and most guides on the web), instead of digging into
    configuration file.
    This option is safe if the Raspberry Pi is inside the local network and the user
    has not forwarded port 53 on their router, which is unlikely as they are installing
    PiVPN precisely to avoid doing that.
2020-07-23 11:41:59 +02:00
Orazio
f72a531ce7 Downloading the entire unattended upgrades git release was overkill,
so now we simply copy the Raspbian config from the PiVPN repo and
provide a link to the source in the install script.
2020-07-23 11:07:19 +02:00
Orazio
4b239cfdc6
Merge pull request #1087 from gizmocuz/ft-index
Feature: Add Index based option for remove/qr commands
2020-07-23 10:44:15 +02:00
Orazio
ed12e5f14c
Merge pull request #1091 from gi8lino/master
add parameter to force remove profile
2020-07-21 15:15:22 +02:00
giotto
689b77b73e
lgtm
Co-authored-by: Orazio <orazioedoardo@users.noreply.github.com>
2020-07-19 21:46:18 +02:00
gi8
aa297e5296 add parameter to force remove profile 2020-07-16 15:01:27 +02:00
gi8
92f900637e rename param -f|--force to -y|--yes 2020-07-16 15:00:35 +02:00
Rob Peters
960a084866 Better list presentation 2020-07-14 13:27:40 +02:00