Commit graph

132 commits

Author SHA1 Message Date
Orazio
b823737b5a Hide client IPs in the debug log 2019-07-01 15:44:00 +02:00
Orazio
bcc780546c Get variable value before the file is deleted 2019-07-01 11:39:42 +02:00
Orazio
7a34dd3704 Improve iptables detection 2019-07-01 11:12:46 +02:00
IcedComputer
1d7ebd9d2f
added support to remove .ovpn12 files
the makeOVPN.sh now generates .ovpn12 files in the /home/${INSTALL_USER}/ovpns/ directory.
The remove script was updated to remove both the .ovpn and .ovpn12 files
2019-06-27 14:53:23 -07:00
IcedComputer
97bb319795
Updated .ovpn12 configuration
Incorporated feedback on how to properly implement .ovpn12 files.
2019-06-27 14:43:30 -07:00
IcedComputer
dae6276d37
Made updates based on comments
added changes related to chown and chmod of .ovpn12 file.  Also removed sudo.
2019-06-27 11:47:24 -07:00
IcedComputer
bda0d58b81
.ovpn12 files
Added new step to create an .ovpn12 file that can be stored on iOS keychain
This step is more secure method and does not require the end-user to keep entering passwords, or storing the client private cert where it can be easily tampered based on documentation located:
 https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/

Someone can improve upon this by adding a parameter (possibly -i|--iOS) and then generating the original .ovpn file to not contain the client private certificate.
2019-06-20 16:53:29 -07:00
TheDen
0cf7f21d3d
ensure -n check retuned value 2019-05-30 22:09:23 +10:00
Orazio
e70cb32caa Fixed logic 2019-05-10 12:53:52 +02:00
Orazio
e26cef1863 Custom certificate duration and more flexible names 2019-05-08 13:01:56 +02:00
Orazio
63d3335f33 Resolved merge conflict 2019-05-03 10:26:56 +02:00
Orazio
e3f729f260 General fixes and improvements 2019-03-03 10:18:45 +01:00
LMS235
996c5469f3 Telekom Hybrid Check
Small check whether Telekom Hybrid will be used to give helpful tips.
2018-12-24 15:49:44 +01:00
LMS235
d0f85e3429 right adjustment
-read for "other" withdrawn from .ovpn files

- delete also /etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn after remove certificate
2018-12-24 14:24:20 +01:00
redfast00
0b4464b3ee
Merge branch 'master' into test 2018-10-19 22:10:37 +01:00
Orazio
e2cde58cc8 Update makeOVPN.sh 2018-10-19 22:04:30 +01:00
Giraffe1966
f2f248e6ce
Add '--' to prevent 'send' from interpreting passwords beginning with '-' as options.
See #624.
2018-10-11 17:58:29 -04:00
redfast00
b7c28af844
Merge pull request #541 from pivpn/test
Merge test branch into master
2018-05-29 22:38:46 +02:00
redfast00
09a73f9d3f
Merge pull request #514 from orazioedoardo/master
Several changes and some fixes
2018-05-29 22:33:42 +02:00
Zeik0s
fc3691406e
Merge pull request #1 from pivpn/master
Merge commits
2018-05-29 14:47:31 +02:00
johanfagerstroem
23cc58ce3a Changing name validation regex to allow dashes
Great for readable naming conventions.
2018-05-01 16:38:38 +02:00
Piero
33e7ef0c91 Several changes 2018-04-02 12:07:58 +02:00
Zeik0s
b8e5f318b6
makeOVPN.sh change 3DES to AES-128 2018-03-14 21:55:05 +01:00
Piero
4b47b5aa61 2.4 2018-02-15 10:14:03 +01:00
Tuan M. Dang
455b754c41 Issue-171: Error using iOS OpenVPN
As @fyellin There is some chatter on other groups that some
OpenVPN implementations cannot handle client keys that are
encrypted with RSA.

If the client key is encrypted, we might re-encrypting the
current client key using 3DES.

This commit will convert user client key to 3DES in command
`pivpn -a`

P/S: All credits to @fyellin. Many thanks to him.
2017-11-19 21:36:21 +07:00
Carlos Colaço
053c0d9d21 Fix Clients only in one line (#384)
* fixed pivpn clients text display

* #Oops

* clients in only 1 line fixed
2017-10-18 20:58:20 +02:00
redfast00
1a67b505f6 Merge pull request #375 from azlux/master
Add human readable values for bytes received/sent
2017-10-11 17:49:44 +02:00
azlux
b0d2085996 make the humain-readable a function
I forgot the function !
2017-10-10 01:15:03 +02:00
azlux
862cb41d60 Add humain readable values 2017-10-09 16:45:32 +02:00
redfast00
003b27362f Merge pull request #361 from jellemdekker/feature/generate-crl-during-installation
Generate and activate CRL during installation
2017-09-24 01:12:05 +02:00
Jelle Dekker
077996cfb4 Removed an obsolete variable. 2017-09-23 11:21:26 -05:00
Jelle Dekker
7b6a358779 Modified the messages when PiVPN installation completes and client profiles are generated, so the user knows to generate a client profile per each device he/she wants to connect to the VPN with. 2017-09-22 14:11:23 -05:00
Jelle Dekker
30920115b3 Implemented that a Certificate Revocation List is generated during installation after generation of other Public Key Infrastructure. Enabled this CRL in the server config. The added benefit of this is that whenever the user now revokes a client, the change is instant. Whereas before, the first time a client was revoked, the OpenVPN server had to be restarted to enabled the then-newly-generated CRL. This change also makes the file /etc/pivpn/REVOKE_STATUS obsolete.
Documentation: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
2017-09-22 02:46:52 -05:00
EWouters
cb482d6697 added fi to if-statement 2017-03-16 22:28:50 +13:00
EWouters
cd4d13691d fixed check for when both nopass and a password argument are passed to the script 2017-03-16 22:25:17 +13:00
EWouters
56f24aa372 added command line option to (batch) remove certs
::: Revoke a client ovpn profile
:::
::: Usage: pivpn <-r|revoke> [-h|--help] [<client-1>] ... [<client-n>]
...
:::
::: Commands:
:::  [none]               Interactive mode
:::  <client>             Client(s) to to revoke
:::  -h,--help            Show this help dialog
2017-03-15 02:36:12 +13:00
EWouters
7a65f083c4 added -n and -p options to pivpn add
::: Create a client ovpn profile, optional nopass
:::
::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password
<arg>]|[nopass] [-h|--help]
:::
::: Commands:
:::  nopass               Create a client without a password
:::  -n,--name            Name for the Client (default: 'raspberrypi')
:::  -p,--password        Password for the Client (no default)
:::  -h,--help            Show this help dialog
2017-03-15 00:49:25 +13:00
Kaladin Light
752d0cc3af Leave the loop once we match 2017-02-05 14:30:31 -05:00
Kaladin Light
bfd2c43570 Allow reuse of cert name once revoked. 2017-01-27 20:36:53 -05:00
Kaladin Light
d1ad3ec057 Fix new additions 2016-12-24 16:17:16 -05:00
Kaladin Light
8a0f31b7ca Try some iptables fix. (2/2). Needs unit testing. 2016-12-11 22:04:17 -05:00
Kaladin Light
22b5bfef68 Add fix iptables help to debug script (1/2) 2016-12-11 13:36:14 -05:00
Kaladin Light
601ce87df0 Get iptables output, formatting 2016-12-10 23:17:47 -05:00
Kaladin Light
da5facecbc Add 'pivpn clients' command to show list of connected clients 2016-12-08 11:43:30 -05:00
Kaladin Light
43a8a706e2 Fix revoke, Fixes Issue #164 2016-12-08 09:59:19 -05:00
Kaladin Light
9b937d0e6b Fix pivpnDebug after easy-rsa3 changes 2016-12-08 09:53:23 -05:00
Kaladin Light
596e6c8277 Phase 3 (of 3?): pivpn modifications for easy-rsa3
This updates pivpn revoke
2016-12-06 11:44:07 -05:00
Kaladin Light
9b8a883119 pivpn add for easyrsa3, updates to pivpn list for easyrsa3 2016-12-06 10:56:51 -05:00
Kaladin Light
2468c69d9a Fix escaping stuff in for password of client key
Was overzealously escaping... oops
2016-11-11 21:55:47 -05:00
Kaladin Light
7d34c0cae6 Fixes Issue #148 2016-11-11 17:45:48 -05:00
Kaladin Light
67722ca7f4 Once again pi-hole had a more robust stty setup so lets borrow that :) 2016-11-08 12:03:42 -05:00
Kaladin Light
7c64afdc92 Get rows/cols with stty instead of tput 2016-11-07 22:49:00 -05:00
redfast00
1cdd5d1494 Cleanup (#111)
* Tab completion for nopass, no further completion after one argument

* Cleaned up install.sh
2016-10-25 20:11:32 +02:00
redfast00
516b93ee43 Added ISSUE_TEMPLATE.md, wrote debug script (#115) 2016-10-24 19:28:08 +02:00
0-kaladin
4bde296a14 Merge pull request #102 from redfast00/fix-28
fixes expect timeout
2016-10-09 10:44:06 -04:00
0-kaladin
f3a2b3afbe Merge pull request #91 from StephenKinger/feature/add_tcp_option
Feature/add tcp option
2016-10-09 10:43:05 -04:00
redfast00
147192c79b
fixes expect timeout 2016-10-09 13:34:17 +02:00
redfast00
a68435e6c3
cleaned up removeOVPN.sh 2016-10-04 21:02:02 +02:00
redfast00
d8d89c758b
Prevent overwriting files 2016-10-04 20:54:09 +02:00
redfast00
4e0f9ac0ff
Cleaned up listOVPN.sh 2016-10-04 20:22:04 +02:00
redfast00
caee0858cf
Sanitization 'n input validation 2016-10-04 19:46:14 +02:00
Stephen KINGER
e541fd39ac Update the unisntall script, OK. 2016-09-28 17:09:04 +02:00
Kaladin Light
8f09ee9afd Fixes for Debian support 2016-05-25 17:58:08 -04:00
Kaladin Light
3c0d0cb176 Ensure debian and ubuntu get openvpn from the openvpn repo so they don't get an old server version 2016-05-25 17:41:42 -04:00
Kaladin Light
0fbc99e0b7 Fixes for UFW 2016-05-15 23:36:40 -04:00
Kaladin Light
3916acf665 Support reverting UFW changes on uninstall 2016-05-15 16:57:42 -04:00
Kaladin Light
a432e187b9 Don't get CN list by counting columns as it is wholly unreliable.
If user had space in some cert fields, like city was "Fort Worth"
the current way would have fell apart.
This fixes these issues in 'pivpn list' and hence 'pivpn revoke'
2016-05-15 13:20:36 -04:00
Kaladin Light
2f3540b898 Robustize OS Detection.
This is framework needed to support Ubuntu 16.04 which
is coming in a future commit.
2016-05-10 11:49:29 -04:00
Kaladin Light
67e537b7fa Fix revoke, seems i missed some merges from my recent rework 2016-05-07 13:20:09 -04:00
Kaladin Light
0277054de1 Ubuntu uses openvpn repo to get newer version and...
clients get two more security parameters to harden connection further and...
hopefully fix use of testing branch and...
why is there no modern Road Rash game, that was the best.
2016-05-07 12:33:52 -04:00
Kaladin Light
b8e736e94b Fix little '\n' issue when say [n] to uninstall 2016-05-05 21:14:46 -04:00
Kaladin Light
dea112f50f Fixes #23, enhance 'pivpn add', minor bug fixes & other enhancements 2016-05-05 21:04:57 -04:00
Kaladin Light
bf81405d6c Resolves #19 - Implement unattended-upgrade option for users 2016-05-03 10:32:17 -04:00
Kaladin Light
6956fcb99b Implement the "planetahuevo enhancement", IE the ability to
generate a client cert with no password. Run 'pivpn add nopass'
2016-04-30 23:37:27 -04:00
Kaladin Light
2ee04c6c9b Missed dependency for new 'pivpn add' requirements 2016-04-30 14:40:43 -04:00
Kaladin Light
af19eeb55b 'pivpn add' functionality greatly improved!
Now with 2 scoops of raisins!
2016-04-30 13:28:01 -04:00
Kaladin Light
0649c5da66 Closes #17
Cause people cared more than I thought they would.
(and that's a good thing)
2016-04-29 13:18:28 -04:00
Kaladin Light
f3c1072975 Cover unknown in pivpn list.
I believe there is an expired status but can't get it to show up in the index.txt
2016-04-24 11:29:29 -04:00
Kaladin Light
fa60d29aa3 Get install working on ubuntu 2016-04-22 15:16:48 -04:00
Kaladin Light
e364d6d34b Use correct install URL (we are out of beta) 2016-04-19 21:06:12 -04:00
Kaladin Light
192abb1de5 Consistent formatting 2016-04-19 21:03:50 -04:00
Kaladin Light
53565dd4fe First commit of reworked installer 2016-04-19 14:01:55 -04:00