Commit graph

396 commits

Author SHA1 Message Date
DerDanilo
642aa383a4
Merge branch 'test' into wg_ipv6_client_config 2022-03-10 10:56:50 +01:00
DerDanilo
4dfcfd0d17 add IPv6 support, exclude from testing since travis doesn't have proper ipv6 support 2022-03-09 20:13:50 +01:00
DerDanilo
619ce02474 Add support for Ubuntu focal and arm64 as it's working fine by now 2022-03-09 20:12:44 +01:00
Orazio
28485fc696
Too many empty lines 2021-12-25 16:42:23 +01:00
Orazio
b9c6078ec3
Exclude subnets for which there is a route 2021-12-25 15:44:08 +01:00
Orazio
ba2527d67b Fix vpnGW variable creation when pivpnNET was 10.X.0.0 or 10.0.0.0
Bash built-in substitution doesn't work in those cases, example:

$ pivpnNET=10.34.0.0
$ vpnGw="${pivpnNET/.0/.1}"
$ echo $vpnGw
10.34.1.0
2021-12-25 14:51:56 +01:00
Orazio
85b3e82274 Generate random virtual subnet, avoiding common subnets and those already used by the system 2021-12-25 14:40:37 +01:00
4s3ti
e42c339baa Debian 11 Bullseye
Added Debian 11 bullseye to list of supported OS
2021-11-24 22:21:10 +01:00
4s3ti
e458cba36a Main Funcion cleanup
General code cleanup
Moved loose code into funcions
Removed unecessary coments
Moved some comments to their funcions
2021-11-24 22:04:33 +01:00
Orazio
65ffa9afd2
Spelling 2021-11-18 14:28:35 +01:00
4s3ti
88a3df99ca
Merge pull request #1410 from EWouters/master
Allow DNS incoming requests through UFW
2021-11-18 12:19:13 +01:00
EWouters
45f0ad5d37
Allow DNS incoming requests through UFW
Fixes https://github.com/pivpn/pivpn/issues/1282
2021-11-18 12:00:18 +01:00
4s3ti
1fa467d9fd Shellcheck compliance
Fixes Shell check SC2086 errors, missing ""
2021-11-02 16:38:10 +01:00
MichaIng
f9d86cba40
Remove debconf-apt-progress usage
debconf-apt-progress is a tool to show a whiptail based dialog with progress bar for apt package installs, but it is some downsides:
- It aborts whenever apt or debconf halt for an interactive input, hence this would need to be prevented carefully, e.g. via "DEBIAN_FRONTEND=noninteractive" and "--force-confdef/old/new/miss", while it is questionable whether PiVPN should mute such configuration inputs for users.
- It even aborts when such interactive input is not actually required in some cases, but triggered by some other debconf load internals: pivpn#1360

Most importantly, aside of the visually probably appealing progress bar, debconf-apt-progress has not any upsides but reduces transparency of what is actually done, and the installer has a fallback already.

This commit removes the debconf-apt-progress usage in favour of the fallback: direct apt-get usage.

Signed-off-by: MichaIng <micha@dietpi.com>
2021-10-24 17:53:32 +02:00
MichaIng
7e64b27590
Remove wget usage and dependency
There is only a single wget call in the installer, at the beginning of a pipe where curl may be the more natural choice. Since curl is a dependency already, this commit replaces the only wget call with curl and hence removes wget from installer dependencies.

Additionally, all curl calls get additional flags:
-s: The "silent" flag is now consequently used to suppress all processing output. It is not necessarily required when the STDOUT is a pipe or command substitution, but it does not hurt.
-S: Even when the curl output is piped, it may be helpful to have errors visible via STDERR, for debugging and being transparent about actual connection/download errors. This flag preserves error messages but does not send them to STDOUT, hence the data processed in the pipe or command substitution is not affected.
-f: There are cases where webservers return a 40x HTML document which is then printed to STDOUT by curl, like a 20x document, and hence unintentionally processed by the end of the pipe or command substitution. Usually this just cases a syntax error, but in theory it can have any unintended or even dangerous effect. The "fail" flag assures that 40x responses are printed as shortened error messages to STDERR and nothing is output to STDOUT. It should be hence seen as mandatory flag whenever curl is called to not print something to console but the output is processed.
-L: wget follows redirects automatically, curl requires the "-L" flag for this. For the wget => curl migration it is hence added to not change the behaviour.

Signed-off-by: MichaIng <micha@dietpi.com>
2021-10-24 17:34:51 +02:00
MichaIng
8797b60374
Add missing leading slash
Introduced with: https://github.com/pivpn/pivpn/pull/1362

Signed-off-by: MichaIng <micha@dietpi.com>
2021-10-11 16:27:07 +02:00
MichaIng
2848a6baea
Fix errors on logging configuration
rsyslog and/or logrotate may not be installed on the system, in which case creating the configurations may fail. As rsyslog and logrotate may be installed later on, it makes sense to pre-create those directories so that then OpenVPN logs are handled as expected.

Also, if the rsyslog service is not installed or not active, it should not and does not need to be restarted. Since there is not `-e` flag, ` || true` has not effect, but also, when using that flag it makes sense to exit if for some reason the running service couldn't be restarted, which may then be caused by the added configuration.

Signed-off-by: MichaIng <micha@dietpi.com>
2021-10-11 15:29:48 +02:00
Orazio
c002031ce3
Merge pull request #1321 from DerDanilo/add_wireguard_persistentkeepalive
Add wireguard persistentkeepalive
2021-06-23 10:17:47 +02:00
DerDanilo
88a701c16a add PERSISTENTKEEPALIVE support 2021-06-06 01:10:43 +02:00
Orazio
82677135f8 Remove kernel version check on Raspbian
- Raspbian images have been shipping with kernel 5.10.17 since March 4.
    This kernel version has the WireGuard module built in which means we
    don't need to check if the user has updated, neither to install the
    module via DKMS.
2021-05-11 13:38:55 +02:00
DerDanilo
70ebefdb78
Merge branch 'test' into support_setupvars_for_wg_net_and_allowed_ips 2021-04-16 21:37:07 +02:00
4s3ti
8a17b55ff7
Merge pull request #1272 from mkoester/patch-2
ufw: add comment
2021-03-29 11:47:49 +02:00
4s3ti
dcd852e02e
Merge pull request #1278 from DerDanilo/add_mtu_support
add Wireguard MTU support via setupVARS.conf
2021-03-29 11:46:21 +02:00
Mirko Köster
73eb1c501d
requested change
see comment https://github.com/pivpn/pivpn/pull/1272/files#r595064063
2021-03-16 12:06:15 +01:00
DerDanilo
a3d652755c support ALLOWED_IPS from setupVARs.conf 2021-03-15 18:33:47 +01:00
DerDanilo
d3e009d171 support pivpnNET from setupVARs.conf 2021-03-15 18:33:21 +01:00
DerDanilo
805de5f77f support subnetClass from setupVARs.conf 2021-03-15 18:32:40 +01:00
DerDanilo
94744c77a9 add Wireguard MTU support via setupVARS.conf 2021-03-15 18:03:05 +01:00
Orazio
931b742862 Disable progress bar when running unattended 2021-03-15 13:54:56 +01:00
Mirko Köster
12d0efcea6
ufw: add comment
if you have a lot of ufw rules and look at them via `sudo ufw status` it would be beneficial to have comments indicating the purpose of a rule
2021-03-08 17:26:20 +01:00
4s3ti
6406fcfafd
Merge pull request #1254 from DundarGoc/SC2178
Fixed shellcheck warnings SC2178 and SC2128.
2021-02-14 19:10:44 +01:00
Dundar Göc
9cdca47689 Fixed shellcheck warnings SC2178 and SC2128.
SC2178: Variable was used as an array but is now assigned a string.
SC2128: Expanding an array without an index only gives the first element.

It's apparently a known bug that shellcheck can't both declare a
variable local and assign a value to it without raising this issue.
https://github.com/koalaman/shellcheck/wiki/SC2178
2021-02-14 14:23:01 +01:00
Dundar Göc
c0131f2a17 Fixed shellcheck warning SC2034
SC2034: ___ appears unused. Verify use (or export if used externally).

I opted to remove the variables since they didn't seem to be used
anywhere.
2021-02-14 14:07:56 +01:00
Dundar Göc
8aa4607e5e Fixed shellcheck issue SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
Replaced [ $1 -gt 1 ] && shift $1 || shift with shift $1 since
shift 1 is identical to shift.
2021-02-13 22:40:05 +01:00
Dundar Göc
3517f27d5b Fixed shellcheck warning SC2155: "Declare and assign separately to avoid masking return values." 2021-02-13 13:02:10 +01:00
Orazio
342d8dfa2c Default VPN protocols to unsupported (workaround for issue #1239) 2021-02-11 15:27:43 +01:00
Orazio
435c4f39c7
Merge pull request #1243 from MichaIng/patch-1
Skip WireGuard module build on Raspbian if it's built-in
2021-02-08 21:32:38 +01:00
MichaIng
7cc5da39cb Skip WireGuard module build on Raspbian if it's built-in
Meanwhile the Raspberry Pi kernel package with Linux 5.10 and built-in WireGuard module has been released. It hence became effective to make use of the built-in module check on Raspbian as well to skip the overhead of kernel headers install and DKMS module build.

Additionally, when adding Bullseye repositories to make available the WireGuard packages, say so explicitly. "Adding Debian repository" / "Adding Raspbian repository" is confusing when running a Debian / Raspbian system with those repositories added already, only with an distro release.

Signed-off-by: MichaIng <micha@dietpi.com>
2021-02-08 15:52:56 +01:00
Dundar Göc
513c2afc2e Fixed shellcheck warning SC2004, SC2006, SC2129, SC2219. Issue #1233.
SC2004: "$/${} is unnecessary on arithmetic variables."
SC2006: "Use $(...) notation instead of legacy backticked `...`."
SC2129: "Consider using { cmd1; cmd2; } >> file instead of individual redirects."
SC2219: "Instead of 'let expr', prefer (( expr ))."
2021-02-07 21:31:13 +01:00
glitch452
be692a8782 Pass along exit code when running a sub-script, instead of always running exit 0 2021-01-23 15:58:03 -05:00
Carlos Colaço
586c631b9e MR #1194
Added the fix mentioned on #1194 with the correction requsted on the
review
2021-01-17 17:35:01 +01:00
Carlos Colaço
7095357f92 Fix for #1204
Added -y to $UPDATE_PKG_CACHE
updatePackageCache() no longer checks if apt update was run, it will
always update package cache since its a requirement
Replaced all updates using ${UPDATE_PKG_CACHE} with
updatePackageCache()
2021-01-12 17:08:15 +01:00
Orazio
db1fe2ebdd
Merge pull request #1186 from shelleycat485/test
A feature to disable / enable single wireguard client configs
2020-12-24 10:30:25 +01:00
Orazio
b369a02d5b
Merge pull request #1201 from MichaIng/patch-1
Fix WireGuard support detection
2020-12-14 15:17:32 +01:00
Orazio
a52e53d123 'sudo mktemp' creates file with 0600 mode, which means we need root to read it. 2020-12-14 15:15:29 +01:00
MichaIng
5077d70a2f Fix WireGuard support detection
Support was enabled automatically if a WireGuard package was found or could have been made available. But if the WireGuard kernel module is not available, it needs to be compiled. The required kernel headers are only reliably known for Raspberry Pi (Raspbian) and for amd64. This commit resolves the related issue where linux-image-amd64 was attempted to be installed on non-amd64 systems: https://github.com/pivpn/pivpn/issues/1180

Additionally this commit resolves the issue that kernel headers were required and a DKMS build done, even if the module was builtin, when no WireGuard package was found.

The $NEED_WIREGUARD_REPO variable has been replaced with $AVAILABLE_WIREGUARD, which practically serves the same information and allows a simpler support check.

Signed-off-by: MichaIng <micha@dietpi.com>
2020-12-14 14:54:46 +01:00
Roger Haxby
86de3eaa8c corect help on disable and enable 2020-12-10 23:59:54 +00:00
Roger Haxby
a3b7af869c more disabled in brackets 2020-12-09 23:07:28 +00:00
Orazio
dc744a9810 Fix directory and symbolic link creation when reconfiguring (writing over the same files) 2020-12-05 12:35:19 +01:00
Orazio
308affe4e9 Workaround for the following error on Ubuntu 20.04:
- /usr/bin/debconf-apt-progress: can't open /tmp/tmp.0CoNypDEPj: Permission denied at /usr/bin/debconf-apt-progress line 249, <STDIN> line 3.
    Reason: https://askubuntu.com/questions/1250974/user-root-cant-write-to-file-in-tmp-owned-by-someone-else-in-20-04-but-can-in
2020-12-05 12:35:11 +01:00