1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-22 21:00:15 +00:00
Commit graph

284 commits

Author SHA1 Message Date
shelleycat485
b90077bd78 remove refs to /etc/pivpn/setupVars in selfcheck and debug scripts
tidy indenting
  on install, check if symlink already exists before making one to avoid error
  uninstall indicates which vpns are available for uninstall
  selfcheck checks both protocols if both present
  install - additional text in reconfigure saying 2nd protocol can be added
  change to use pivpn ovpn instaed of pivpn opv when dual protocols exist
2020-05-22 12:41:02 +01:00
Orazio
35f07b2147
Merge pull request from shelleycat485/master
Both wireguard and openvpn can be installed together (Issue )
2020-05-19 14:06:58 +02:00
shelleycat485
4e3a57b9aa better uninstall.sh 2020-05-13 00:51:45 +01:00
Ubuntu
56adbca52e more uninstall 2020-05-10 21:48:38 +00:00
Ubuntu
ff77077d56 more uninstall 2020-05-10 21:46:54 +00:00
Ubuntu
b230bade61 uninstall fixes 2020-05-10 21:13:03 +00:00
shelleycat485
9b04391629 uninstall change 2020-05-06 23:29:04 +01:00
shelleycat485
f6463b8849 uninstall to detect one prot remaining, wg_update removed 2020-05-06 23:00:13 +01:00
shelleycat485
e09bbda1e9 update to backup 2020-05-05 23:13:59 +01:00
shelleycat485
081bf912c2 still debugging dual 2020-05-05 23:12:32 +01:00
shelleycat485
21d954167c typo in openvpn 2020-05-05 21:43:20 +01:00
shelleycat485
9351016db5 extra D in scriptdir 2020-05-05 09:24:20 +01:00
shelleycat485
4e3a58702f more dual 2020-05-05 00:05:10 +01:00
shelleycat485
5330454f2b added generic pivpn for 2 protocols 2020-05-03 17:55:48 +01:00
shelleycat485
3ed9ec5724 install and uninstall 2020-05-02 00:06:09 +01:00
root
f379ca2e10 initial dual install try 2020-04-28 23:44:56 +01:00
Orazio
1f506f50a6
Merge pull request from jellemdekker/feature/unique_client_psk
Generate unique pre-shared key for each client
2020-04-23 11:15:48 +02:00
jellemdekker
bdfb8f4a64 Save pre-shared key to file instead of variable. 2020-04-22 14:12:09 +02:00
Casey Liss
bac5c22653
fix spelling & grammar in backup script. 2020-04-21 08:08:20 -04:00
jellemdekker
e643acce17 Generate a unique pre-shared key for each client as per WireGuard protocol to improve post-quantum resistance. 2020-04-21 10:52:35 +02:00
psgoundar
4039a0d173
Update scripts/openvpn/listOVPN.sh
Co-Authored-By: Orazio <orazioedoardo@users.noreply.github.com>
2020-04-05 14:35:33 -07:00
psgoundar
fb1cd97c28
Update scripts/openvpn/listOVPN.sh
Co-Authored-By: Orazio <orazioedoardo@users.noreply.github.com>
2020-04-05 14:34:53 -07:00
psgoundar
ec6880eb99
Apply suggestions from code review
Format Changes Reviewed.

Co-Authored-By: Orazio <orazioedoardo@users.noreply.github.com>
2020-04-01 19:44:37 -07:00
Swamy Goundar
289e85e306 Fixed issue with Name when OU is defined in CA 2020-03-28 20:48:44 -07:00
Swamy Goundar
c28448b94a Updated listOVPN to Include Expiration Dates 2020-03-28 19:36:55 -07:00
Orazio
6653d4caa3 Show connected clients data rates with dotted decimal notation 2020-03-13 12:03:41 +01:00
Orazio
1352ccf9a3 Avoid IPv6 leak by routing IPv6 through WireGuard
- Since the server is IPv4 only, routing IPv6 through it prevents IPv6
    packets from going outside the tunnel (if the client supports IPv6).
2020-03-10 14:16:23 +01:00
Orazio
0a30365d65 Some changes from pull request 963
- Make sure to install WireGuard only if platform is Raspbian or an x86 Debian/Ubuntu
  - Install WireGuard from bullseye repository instead of unstable
  - Reduced WireGuard package priority to the minimum that allows upgrades
2020-03-04 12:48:14 +01:00
Orazio
9846d3787a Use variables to define VPN ranges instead of hard coding IPs 2020-02-16 09:09:09 +01:00
Orazio
0cb5546608 Get $STATIC_IP before ccd folder is deleted (otherwhise $STATIC_IP will be empty) 2020-02-10 17:36:39 +01:00
Orazio
2c6ba65288 Implemented feature request from issue (OpenVPN) 2020-02-09 18:55:30 +01:00
Orazio
ead280e60f Set static IPs when using OpenVPN
- Preparation for feature request from issue 
2020-02-09 18:51:30 +01:00
Orazio
3f616d9254 Implemented feature request from issue (WireGuard) 2020-02-07 18:07:15 +01:00
4s3ti
5b8494c57c Going back to pivpn.io
replaced pivpn.dev with pivpn.io
2020-02-05 20:29:14 +01:00
Orazio
5fd5b6e584 Suggest the user to take a look at the FAQ 2020-02-01 21:04:32 +01:00
Orazio
d691321b3e
Merge test ()
* added link to server status dashboard

* Replaced Header with bold instead

* More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code

  - Add curl as a dependency for those who run the script without 'curl URL | bash'.
  - Use POSIX 'command -v' instead of 'hash'.
  - Check if packages have actually been installed and abort execution if they have not.
  - Fixed issue with getStaticIPv4Settings() that prevented existing network settings
    to be used as static IP settings when running the script unattended with empty
    $IPv4addr and $IPv4gw variables.
  - Exit if processing wireguard-linux-compat fails.
  - Exit if 50unattended-upgrades fails to extract.
  - Exit clientSTAT.sh if the wg0 interface is not available.
  - Moved the Self Check to a single script since dedicated versions were very similar.
  - Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel.

* Fixed cosmetic issue with spinner, added missing spinner to some APT commands

* Detect current netmask, validate user input when configuring a static IP

* Inform the user when updating the package cache, which can be slow on some RPis

* Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct

* Restart pihole in the more appropriate restartServices() function

* Improve static IP selection, validate public DNS name of the server
  - Default to 'No' when asking if the RPi has DHCP reservation, considered
    that the user may not be fully aware, furthermore, setting a static IP
    anyways doesn't do harm.
  - Validate existing IPv4 settings (address, gateway, DNS) to avoid filling
    '/etc/dhcpcd.conf' with invalid data.
  - Validate public DNS name of the server inside askPublicIPOrDNS() function

* Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories
  - Added a basic sanity check to downloaded DH paramenters, which doubles as a
    check for missing .pem file.
  - Fix 'pivpn -c' showing the month number instead of the day of the month when
    using WireGuard.
  - Removing APT keys is risky, it would break APT update/upgrade if the user
    already was already using the unstable repo.
  - Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for
    $i... already installed'.
  - Check whether the OpenVPN repo and the Debian unstable repo are already used.

* Improvements to getStaticIPv4Settings()

  - Use a regular expression to extract IPs from the 'ip' command. With this,
    there is a little need to validate output. Even though the regex will match
    invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did,
    the script would not have reached this function due to previous functions
    using the network with broken routes and addresses.

  - Get the IP address from the selected interface rather then from the 'ip route'
    command as it's not guaranteed that such IP is the same of the interface the
    user decided to use (though on a Raspberry Pi inside a home LAN, most likely
    it is, but it also maskes easier to get the IP in the CIDR notation with a
    single 'ip | grep' pipe).

* Moved command substitution to specific functions to avoid unnecessary execution

  - Moved $availableInterfaces and $CurrentIPv4gw from the script header to
    their relevant function, considered that if the OS is not Raspbian a static
    IP is not set, so those variables are not used.

* Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919

  - Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can
    still generate his own if he wishes).
    https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups
2020-01-31 16:40:09 +01:00
Orazio
4a49787b28 Changed variable name, corrected rm typo 2020-01-21 15:54:20 +01:00
Orazio
44feb0b853 Added back ECDSA and tls-crypt 2020-01-21 13:51:25 +01:00
Orazio
7841e76d89 Use a fake key as the example, just in case... 2020-01-21 08:29:10 +01:00
Orazio
30b374054c Enable cloneandupdate() function, fixed detecting existing iptables rules.
- Uncommented lines inside the cloneandupdate() function in the update script, so pivpn -up can pull scripts from the master branch
  - The script was checking for the existence of PiVPN rules in the INPUT and FORWARD chain by passing 'iptables -t nat -S' to grep, but it couldn't find them as they belong to the filer table and not the nat table. The correct command is 'iptables -S'
2020-01-20 21:51:36 +01:00
Orazio
affad0a7b0 Resolved merge conflicts 2020-01-20 10:55:29 +01:00
Orazio
dba3e6ad3e - Prepend 'pivpn-' to unstable repo files to limit naming conflicts
- Update variables inside unattended examples
- Remove openvpn logging setting when uninstalling the package
- Run 'apt-get update' after removing the WireGuard PPA
2020-01-20 09:56:07 +01:00
4s3ti
047eccc19d Update script: Removed IF statement
Removed if statement from update script,
was making no sense to have it there.
2020-01-08 20:02:34 +01:00
4s3ti
0c79cc9e42 Missing backup on bash-completion
Added backup option on openvpn bash-completion
2020-01-08 19:56:40 +01:00
4s3ti
dd6bb069f0 Updates and improvements
install.sh
  installScripts function:
    update script not being copied over to /opt therefore update funcion was probably broken.
    changed script to copy all .sh scripts from .pivpn/scripts directory.

Issue : fix backup script
  I was probably very drunk when i first wrote this backup script.
  fixed it, now works with new code refactoring,
  loads vars from setupVars
  Added backup for wireguard
  Moved script to global pivpnscripts.
  Added backup script to bash-completion
  Added backup script to pivpn script

update.sh
  Commented the update from master branch to avoid users trying to update test from master.

Updated LatestChages.md
2020-01-08 19:38:38 +01:00
4s3ti
8096af7ad0 Updates and improvements
install.sh
  installScripts function:
    update script not being copied over to /opt therefore update funcion was probably broken.
    changed script to copy all .sh scripts from .pivpn/scripts directory.

Issue : fix backup script
  I was probably very drunk when i first wrote this backup script.
  fixed it, now works with new code refactoring,
  loads vars from setupVars
  Added backup for wireguard
  Moved script to global pivpnscripts.
  Added backup script to bash-completion
  Added backup script to pivpn script

update.sh
  Commented the update from master branch to avoid users trying to update test from master.

Updated LatestChages.md
2020-01-08 19:37:46 +01:00
Orazio
41984e5f40 Fix update scripts from test branch 2019-12-30 11:44:33 +01:00
Orazio
a561607272 Mostly changes to the install script, see below
Handle running the install script over an existing installation (as the script already did before branching to test-wireguard), providing:
    - Update, downloads latest scripts from git repo
    - Repair, reinstall PiVPN while keeping existing settings
    - Reconfigure, start over overwriting the existing settings
  Tag iptables rules as an attempt to make sure that the uninstall script only removes PiVPN rules
  Change the armv6l installation to reflect the split of WireGuard snapshots into wireguard-linux-compat and wireguard-tools
2019-12-29 18:25:35 +01:00
Orazio
d17d381049 - When suggesting to use Pi-hole, use the VPN server IP instead of the LAN IP to allow
DNS resolution even if the user does not route the local network through the tunnel.

- Format listCONF in a similar way as listOVPN

- Specifically look for a free octet in the last word of clients.txt and not just any word.
  Necessary otherwhise public keys starting with a number will match against an octet.
  Example: if line is 'name 5abcdefgh 4', then looking for ' 5' will match but '5$' will
  not (correctly).

- 'pivpn -c' will show the Connected Clients List for WireGuard too
2019-12-27 15:48:42 +01:00
4s3ti
33b2b2468d pivpn.io to pivpn.dev, http to https
Changed all appearances of pivpn.io to pivpn.dev
Changed all appearances of http to https
2019-12-20 23:30:00 +01:00
Orazio
5f82a0740e Use variable, create openvpn home, add shellcheck reminder 2019-12-10 19:07:08 +01:00
Orazio
d022cafa25 Revert some minor changes 2019-12-10 16:06:28 +01:00
Orazio
85907f6b80
Merge branch 'test' into shellcheck4test 2019-12-10 14:53:11 +01:00
Orazio
8936dd2b08
Merge pull request from corbolais/debian-ownership
debian openvpn has dedicated user and group, so rather use those than…
2019-12-10 14:49:23 +01:00
Orazio
cd1b8fbf7f Use printf with column in the listCONF.sh script 2019-12-09 17:05:34 +01:00
corbolais
729674595b rm openvpn:openvpn user/group iff openvpn pkg is removed. shellcheck cleanup. preliminary fixes. add (global) FIXMEs.
Signed-off-by: corbolais <corbolais@gmail.com>
2019-12-09 13:34:25 +01:00
corbolais
47c84e6a45 add missing bang to shebang. correct usage of cp. correct wrong copy target dir. safeguard sudo-rm-rf. safeguard against variable expansion into IFS chars. clean up whitespace.
Signed-off-by: corbolais <corbolais@gmail.com>
2019-12-08 17:55:43 +01:00
Orazio
4466f1503c Better client stats formatting 2019-12-03 17:59:27 +01:00
Orazio
580e1b128e Accept debug fixes using just the enter key 2019-12-02 18:58:29 +01:00
Orazio
e2941f8fae Properly avoid pulling unwanted packages from unstable repo
Currently apt pulls all packages from the unstable repo because the
  script intendation created the file 'limit-unstable' with tabs in it.
  Fixed using printf to create a multiline file (which is the way
  wireguard.com/install suggests).
2019-12-02 17:00:39 +01:00
Orazio
e2da52b1a7 Added Ubuntu Bionic support 2019-11-19 17:29:41 +01:00
Orazio
b9c6c0f314 Fix exit codes 2019-11-19 13:28:51 +01:00
Orazio
1ff6f7e9e8 Removed trivial command output 2019-11-18 12:42:04 +01:00
Orazio
8ab71601ff Automatically fetch latest WireGuard snapshot 2019-11-16 17:02:15 +01:00
Orazio
d7ebb4cca9 Unattended installation 2019-11-16 14:58:58 +01:00
Orazio
07abfc97e9 Added unattended installation, fixed some variables 2019-11-14 15:07:01 +01:00
Orazio
6bd0beeb94 Fixed missing protocol variable 2019-11-07 18:12:06 +01:00
Orazio
84f90b00a4 Added uninstall and Pi-hole detection 2019-11-07 17:29:21 +01:00
Orazio
5c97221d3f Revert some variable names and fix iptables rules 2019-10-16 12:01:50 +02:00
Orazio
3c973e2a48 Bugfixes 2019-10-14 16:51:43 +02:00
Orazio
1777d5c239 Added back Debian 10 support 2019-10-14 15:06:34 +02:00
Orazio
5e16322f9e Added missing script folder 2019-10-14 12:27:28 +02:00
Orazio
24a1a00d37 Refactoring + WireGuard support 2019-10-14 12:11:16 +02:00
4s3ti
9f20f50e61 Bugfixes and improvements, check update notes 2019-10-12 18:34:37 +02:00
4s3ti
d5215e2747 * Changed pivpn command exit codes from 1 to 0
- exit code 1 means general error hence should not be used for exiting successfully
* added backup script to backup openvpn and pivpn generated certificates
* added update script to update /opt/pivpn scripts, -t | --test | test update from test branch
* Fixed hostname length issue 
    - the script now checks for hostname length right at the beginning and prompts for a new one.
    - HOST_NAME to host_name, as best practice variables with capitals, should be used by system variables only.
* fixed ubuntu 18.04 being detected as not supported OS, now fully supported and tested.
* changed how scripts are copied to /opt/pivpn, it hat a lot of long repetitive lines, now it copies all *.sh files making it easier to manage when adding new scripts/features
* Changed how supported OS are presented when maybeOS_Support() is called.
2019-10-12 18:32:11 +02:00
4s3ti
d0c10db6ec install.sh: apt-get with , uninstall.sh: added var PKG_MANAGER and replaced apt-get with 2019-09-03 10:09:48 +02:00
cfcolaco
fd46b5ad8a Merge branch 'master' into test 2019-09-02 13:39:38 +02:00
cfcolaco
50ad223e83 after merge bugfixes, bitwarden optional, error handling, perm fixes 2019-09-02 13:35:54 +02:00
Orazio
95f0da4116 Add bitwarden to 'Usage:' text 2019-09-02 11:08:53 +02:00
Orazio
7071bb26dd Fix .ovpn12 file, make pivpn -a options discoverable 2019-09-02 10:23:39 +02:00
4s3ti
b1dbe27b2d fixed conflicts between pr and local works 2019-09-01 19:48:50 +02:00
4s3ti
a884d22cbc Issues Introduced with lastest commits:
Install script not creating ovpns dir, and throwing error:

```
cp: cannot stat '/tmp/OLD_UFW': No such file or directory
mkdir: cannot create directory ‘/root\n/usr/sbin\n/bin\n/dev\n/bin\n/usr/games\n/var/cache/man\n/var/spool/lpd\n/var/mail\n/var/spool/news\n/var/spool/uucp\n/bin\n/var/www\n/var/backups\n/var/list\n/var/run/ircd\n/var/lib/gnats\n/nonexistent\n/nonexistent\n/run/systemd\n/run/systemd\n/run/systemd\n/nonexistent\n/run/sshd\n/\n/home/pivpntest/ovpns’: No such file or directory
chmod: cannot access '/root'$'\n''/usr/sbin'$'\n''/bin'$'\n''/dev'$'\n''/bin'$'\n''/usr/games'$'\n''/var/cache/man'$'\n''/var/spool/lpd'$'\n''/var/mail'$'\n''/var/spool/news'$'\n''/var/spool/uucp'$'\n''/bin'$'\n''/var/www'$'\n''/var/backups'$'\n''/var/list'$'\n''/var/run/ircd'$'\n''/var/lib/gnats'$'\n''/nonexistent'$'\n''/nonexistent'$'\n''/run/systemd'$'\n''/run/systemd'$'\n''/run/systemd'$'\n''/nonexistent'$'\n''/run/sshd'$'\n''/'$'\n''/home/pivpntest/ovpns': No such file or directory
```

Found incosistencies in instalation user var/files namings, to have it consistend and easy to understand and considering everyone is more familiar with INSTALL_USER

Changed $pivpnUser to INSTALL_USER
Changed pivpnUSR to INSTALL_USER

Removed PiVPN Secure Notes from PiVPN ADD introduced with PR 
	- Notes not being pushed to BW Vault
	- OVPN files not going to ovpns dir
	- Needs investigation
2019-09-01 19:39:37 +02:00
MichaIng
04c1c2dae2
Failsafe home dir obtaining
+ When estimating $INSTALL_HOME, assure grep can only match user names, to avoid possible wrong multi-line value
+ Remove possible trailing slash from $INSTALL_HOME, to avoid double slash in "$INSTALL_HOME/ovpns"
+ Avoid "cat <file> | grep <pattern>", since grep can process files directly
+ Avoid "VAR=$(cat file)", since "VAR=$(<file)" has the same result without using a slow external command

Signed-off-by: MichaIng <micha@dietpi.com>
2019-09-01 17:47:38 +02:00
MichaIng
d79dc3db61
Failsafe home dir obtaining
+ When estimating $INSTALL_HOME, assure grep can only match user names, to avoid possible wrong multi-line value
+ Remove possible trailing slash from $INSTALL_HOME, to avoid double slash in "$INSTALL_HOME/ovpns"
+ Avoid "cat <file> | grep <pattern>", since grep can process files directly
+ Avoid "VAR=$(cat file)", since "VAR=$(<file)" has the same result without using a slow external command

Signed-off-by: MichaIng <micha@dietpi.com>
2019-09-01 17:46:07 +02:00
MichaIng
51333a9313
Failsafe home dir obtaining
+ When estimating $INSTALL_HOME, assure grep can only match user names, to avoid possible wrong multi-line value
+ Remove possible trailing slash from $INSTALL_HOME, to avoid double slash in "$INSTALL_HOME/ovpns"
+ Avoid "cat <file> | grep <pattern>", since grep can process files directly

Signed-off-by: MichaIng <micha@dietpi.com>
2019-09-01 17:41:44 +02:00
4s3ti
ad466f8728 Permissions hardening and Standardization 2019-09-01 16:10:53 +02:00
4s3ti
1bd8169aa6
Merge branch 'test' into master 2019-09-01 15:32:56 +02:00
IcedComputer
2da5c512d0
Merge branch 'test' into patch-2 2019-08-27 12:46:18 -07:00
IcedComputer
f6beac87d7
changed password parameter
Removed typo and changed -passin pass:$PASSWD to -passin env:$PASSWD
2019-08-27 12:44:37 -07:00
IcedComputer
5862d15d60
Update scripts/makeOVPN.sh
Co-Authored-By: Giraffe1966 <35208168+Giraffe1966@users.noreply.github.com>
2019-08-27 12:42:53 -07:00
Douglas Orend
371e65444b Update makeOVPN.sh 2019-08-21 19:25:32 -05:00
Akvile
9d66688341 added the functionality to send your OVPN file to your Bitwarden vault 2019-08-20 11:36:05 -05:00
Douglas Orend
44e1f48856 Update makeOVPN.sh
Fixed ownership line to use only username, not install path.
2019-08-20 09:02:31 -05:00
Douglas Orend
8b40035bf5 Properly determine user's home directory
Code assumes that the specified user directory is under /home.  This code parses the /etc/passwd file in order to determine what that user's proper home directory is.
2019-08-13 11:23:08 -05:00
4s3ti
18b7e16694
Merge branch 'test' into bitwarden 2019-08-08 10:34:17 +02:00
4s3ti
c2c3fc4229
Merge pull request from orazioedoardo/recreate-ovpn-folder
Recreate ovpn folder if deleted
2019-08-07 16:45:56 +02:00
Orazio
b71c67c78a Recreate ovpn folder if deleted 2019-08-06 10:02:28 +02:00
Orazio
e6a13cc65e Handle older UFW version from Jessie 2019-08-06 09:53:14 +02:00
Akvile
b60a06791d integrated bitwarden password manager into pivpn 2019-07-23 22:12:35 +02:00
Orazio
8a6d32ced5 Fixed regular expression 2019-07-13 19:59:28 +02:00
Orazio
241e06f970 Miscellaeous fixes 2019-07-13 10:45:44 +02:00
4s3ti
7aa803720c
Merge pull request from orazioedoardo/debug-privacy
Hide client IPs inside the debug log
2019-07-02 13:10:43 +01:00
Orazio
b823737b5a Hide client IPs in the debug log 2019-07-01 15:44:00 +02:00
Orazio
bcc780546c Get variable value before the file is deleted 2019-07-01 11:39:42 +02:00
Orazio
7a34dd3704 Improve iptables detection 2019-07-01 11:12:46 +02:00
IcedComputer
1d7ebd9d2f
added support to remove .ovpn12 files
the makeOVPN.sh now generates .ovpn12 files in the /home/${INSTALL_USER}/ovpns/ directory.
The remove script was updated to remove both the .ovpn and .ovpn12 files
2019-06-27 14:53:23 -07:00
IcedComputer
97bb319795
Updated .ovpn12 configuration
Incorporated feedback on how to properly implement .ovpn12 files.
2019-06-27 14:43:30 -07:00
IcedComputer
dae6276d37
Made updates based on comments
added changes related to chown and chmod of .ovpn12 file.  Also removed sudo.
2019-06-27 11:47:24 -07:00
IcedComputer
bda0d58b81
.ovpn12 files
Added new step to create an .ovpn12 file that can be stored on iOS keychain
This step is more secure method and does not require the end-user to keep entering passwords, or storing the client private cert where it can be easily tampered based on documentation located:
 https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/

Someone can improve upon this by adding a parameter (possibly -i|--iOS) and then generating the original .ovpn file to not contain the client private certificate.
2019-06-20 16:53:29 -07:00
TheDen
0cf7f21d3d
ensure -n check retuned value 2019-05-30 22:09:23 +10:00
Orazio
e70cb32caa Fixed logic 2019-05-10 12:53:52 +02:00
Orazio
e26cef1863 Custom certificate duration and more flexible names 2019-05-08 13:01:56 +02:00
Orazio
63d3335f33 Resolved merge conflict 2019-05-03 10:26:56 +02:00
Orazio
e3f729f260 General fixes and improvements 2019-03-03 10:18:45 +01:00
LMS235
996c5469f3 Telekom Hybrid Check
Small check whether Telekom Hybrid will be used to give helpful tips.
2018-12-24 15:49:44 +01:00
LMS235
d0f85e3429 right adjustment
-read for "other" withdrawn from .ovpn files

- delete also /etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn after remove certificate
2018-12-24 14:24:20 +01:00
redfast00
0b4464b3ee
Merge branch 'master' into test 2018-10-19 22:10:37 +01:00
Orazio
e2cde58cc8 Update makeOVPN.sh 2018-10-19 22:04:30 +01:00
Giraffe1966
f2f248e6ce
Add '--' to prevent 'send' from interpreting passwords beginning with '-' as options.
See .
2018-10-11 17:58:29 -04:00
redfast00
b7c28af844
Merge pull request from pivpn/test
Merge test branch into master
2018-05-29 22:38:46 +02:00
redfast00
09a73f9d3f
Merge pull request from orazioedoardo/master
Several changes and some fixes
2018-05-29 22:33:42 +02:00
Zeik0s
fc3691406e
Merge pull request from pivpn/master
Merge commits
2018-05-29 14:47:31 +02:00
johanfagerstroem
23cc58ce3a Changing name validation regex to allow dashes
Great for readable naming conventions.
2018-05-01 16:38:38 +02:00
Piero
33e7ef0c91 Several changes 2018-04-02 12:07:58 +02:00
Zeik0s
b8e5f318b6
makeOVPN.sh change 3DES to AES-128 2018-03-14 21:55:05 +01:00
Piero
4b47b5aa61 2.4 2018-02-15 10:14:03 +01:00
Tuan M. Dang
455b754c41 Issue-171: Error using iOS OpenVPN
As @fyellin There is some chatter on other groups that some
OpenVPN implementations cannot handle client keys that are
encrypted with RSA.

If the client key is encrypted, we might re-encrypting the
current client key using 3DES.

This commit will convert user client key to 3DES in command
`pivpn -a`

P/S: All credits to @fyellin. Many thanks to him.
2017-11-19 21:36:21 +07:00
Carlos Colaço
053c0d9d21 Fix Clients only in one line ()
* fixed pivpn clients text display

* #Oops

* clients in only 1 line fixed
2017-10-18 20:58:20 +02:00
redfast00
1a67b505f6 Merge pull request from azlux/master
Add human readable values for bytes received/sent
2017-10-11 17:49:44 +02:00
azlux
b0d2085996 make the humain-readable a function
I forgot the function !
2017-10-10 01:15:03 +02:00
azlux
862cb41d60 Add humain readable values 2017-10-09 16:45:32 +02:00
redfast00
003b27362f Merge pull request from jellemdekker/feature/generate-crl-during-installation
Generate and activate CRL during installation
2017-09-24 01:12:05 +02:00
Jelle Dekker
077996cfb4 Removed an obsolete variable. 2017-09-23 11:21:26 -05:00
Jelle Dekker
7b6a358779 Modified the messages when PiVPN installation completes and client profiles are generated, so the user knows to generate a client profile per each device he/she wants to connect to the VPN with. 2017-09-22 14:11:23 -05:00
Jelle Dekker
30920115b3 Implemented that a Certificate Revocation List is generated during installation after generation of other Public Key Infrastructure. Enabled this CRL in the server config. The added benefit of this is that whenever the user now revokes a client, the change is instant. Whereas before, the first time a client was revoked, the OpenVPN server had to be restarted to enabled the then-newly-generated CRL. This change also makes the file /etc/pivpn/REVOKE_STATUS obsolete.
Documentation: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
2017-09-22 02:46:52 -05:00
EWouters
cb482d6697 added fi to if-statement 2017-03-16 22:28:50 +13:00
EWouters
cd4d13691d fixed check for when both nopass and a password argument are passed to the script 2017-03-16 22:25:17 +13:00
EWouters
56f24aa372 added command line option to (batch) remove certs
::: Revoke a client ovpn profile
:::
::: Usage: pivpn <-r|revoke> [-h|--help] [<client-1>] ... [<client-n>]
...
:::
::: Commands:
:::  [none]               Interactive mode
:::  <client>             Client(s) to to revoke
:::  -h,--help            Show this help dialog
2017-03-15 02:36:12 +13:00
EWouters
7a65f083c4 added -n and -p options to pivpn add
::: Create a client ovpn profile, optional nopass
:::
::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password
<arg>]|[nopass] [-h|--help]
:::
::: Commands:
:::  nopass               Create a client without a password
:::  -n,--name            Name for the Client (default: 'raspberrypi')
:::  -p,--password        Password for the Client (no default)
:::  -h,--help            Show this help dialog
2017-03-15 00:49:25 +13:00
Kaladin Light
752d0cc3af Leave the loop once we match 2017-02-05 14:30:31 -05:00
Kaladin Light
bfd2c43570 Allow reuse of cert name once revoked. 2017-01-27 20:36:53 -05:00
Kaladin Light
d1ad3ec057 Fix new additions 2016-12-24 16:17:16 -05:00
Kaladin Light
8a0f31b7ca Try some iptables fix. (2/2). Needs unit testing. 2016-12-11 22:04:17 -05:00
Kaladin Light
22b5bfef68 Add fix iptables help to debug script (1/2) 2016-12-11 13:36:14 -05:00
Kaladin Light
601ce87df0 Get iptables output, formatting 2016-12-10 23:17:47 -05:00
Kaladin Light
da5facecbc Add 'pivpn clients' command to show list of connected clients 2016-12-08 11:43:30 -05:00
Kaladin Light
43a8a706e2 Fix revoke, Fixes Issue 2016-12-08 09:59:19 -05:00
Kaladin Light
9b937d0e6b Fix pivpnDebug after easy-rsa3 changes 2016-12-08 09:53:23 -05:00
Kaladin Light
596e6c8277 Phase 3 (of 3?): pivpn modifications for easy-rsa3
This updates pivpn revoke
2016-12-06 11:44:07 -05:00
Kaladin Light
9b8a883119 pivpn add for easyrsa3, updates to pivpn list for easyrsa3 2016-12-06 10:56:51 -05:00