1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-24 13:50:16 +00:00
Commit graph

301 commits

Author SHA1 Message Date
4s3ti
d0c10db6ec install.sh: apt-get with , uninstall.sh: added var PKG_MANAGER and replaced apt-get with 2019-09-03 10:09:48 +02:00
cfcolaco
510979ae90 removing bitwarden installation from script 2019-09-02 14:27:10 +02:00
cfcolaco
50ad223e83 after merge bugfixes, bitwarden optional, error handling, perm fixes 2019-09-02 13:35:54 +02:00
4s3ti
b1dbe27b2d fixed conflicts between pr and local works 2019-09-01 19:48:50 +02:00
4s3ti
a884d22cbc Issues Introduced with lastest commits:
Install script not creating ovpns dir, and throwing error:

```
cp: cannot stat '/tmp/OLD_UFW': No such file or directory
mkdir: cannot create directory ‘/root\n/usr/sbin\n/bin\n/dev\n/bin\n/usr/games\n/var/cache/man\n/var/spool/lpd\n/var/mail\n/var/spool/news\n/var/spool/uucp\n/bin\n/var/www\n/var/backups\n/var/list\n/var/run/ircd\n/var/lib/gnats\n/nonexistent\n/nonexistent\n/run/systemd\n/run/systemd\n/run/systemd\n/nonexistent\n/run/sshd\n/\n/home/pivpntest/ovpns’: No such file or directory
chmod: cannot access '/root'$'\n''/usr/sbin'$'\n''/bin'$'\n''/dev'$'\n''/bin'$'\n''/usr/games'$'\n''/var/cache/man'$'\n''/var/spool/lpd'$'\n''/var/mail'$'\n''/var/spool/news'$'\n''/var/spool/uucp'$'\n''/bin'$'\n''/var/www'$'\n''/var/backups'$'\n''/var/list'$'\n''/var/run/ircd'$'\n''/var/lib/gnats'$'\n''/nonexistent'$'\n''/nonexistent'$'\n''/run/systemd'$'\n''/run/systemd'$'\n''/run/systemd'$'\n''/nonexistent'$'\n''/run/sshd'$'\n''/'$'\n''/home/pivpntest/ovpns': No such file or directory
```

Found incosistencies in instalation user var/files namings, to have it consistend and easy to understand and considering everyone is more familiar with INSTALL_USER

Changed $pivpnUser to INSTALL_USER
Changed pivpnUSR to INSTALL_USER

Removed PiVPN Secure Notes from PiVPN ADD introduced with PR 
	- Notes not being pushed to BW Vault
	- OVPN files not going to ovpns dir
	- Needs investigation
2019-09-01 19:39:37 +02:00
MichaIng
73b23c525b
Failsafe home dir obtaining
+ When estimating $INSTALL_HOME, assure grep can only match user names, to avoid possible wrong multi-line value
+ Remove possible trailing slash from $INSTALL_HOME, to avoid double slash in "$INSTALL_HOME/ovpns"
+ Avoid "cat <file> | grep <pattern>", since grep can process files directly

Signed-off-by: MichaIng <micha@dietpi.com>
2019-09-01 17:39:38 +02:00
4s3ti
ad466f8728 Permissions hardening and Standardization 2019-09-01 16:10:53 +02:00
4s3ti
1bd8169aa6
Merge branch 'test' into master 2019-09-01 15:32:56 +02:00
IcedComputer
a2f7ef7e34
Update install.sh 2019-08-27 15:46:56 -07:00
IcedComputer
64353e337b
Update install.sh 2019-08-27 15:20:00 -07:00
IcedComputer
6e7819509c
Merge branch 'test' into patch-1 2019-08-27 12:55:55 -07:00
IcedComputer
efb8453651
Update install.sh
added uuidgen dependency and changed method of server name generation.
2019-08-27 12:54:59 -07:00
IcedComputer
09c518408e
Update install.sh 2019-08-27 12:50:34 -07:00
Douglas Orend
8b40035bf5 Properly determine user's home directory
Code assumes that the specified user directory is under /home.  This code parses the /etc/passwd file in order to determine what that user's proper home directory is.
2019-08-13 11:23:08 -05:00
4s3ti
18b7e16694
Merge branch 'test' into bitwarden 2019-08-08 10:34:17 +02:00
Orazio
e6a13cc65e Handle older UFW version from Jessie 2019-08-06 09:53:14 +02:00
Akvile
b60a06791d integrated bitwarden password manager into pivpn 2019-07-23 22:12:35 +02:00
4s3ti
e8883238f5
Merge pull request from revolter/patch-1
Fix typo in a setup message
2019-07-14 00:30:24 +01:00
Iulian Onofrei
2ba8b0c262
Fix typo in a setup message 2019-07-14 01:01:44 +03:00
Orazio
1b54558769 Fix update option 2019-07-13 12:48:53 +02:00
Orazio
241e06f970 Miscellaeous fixes 2019-07-13 10:45:44 +02:00
4s3ti
52bf326d8a
Merge pull request from bgrainger/patch-1
Fix typo in "separated"
2019-07-05 20:21:59 +01:00
Bradley Grainger
0189c6983e
Fix typo in "separated". 2019-07-04 19:47:51 -07:00
Orazio
66dcd69fd5 Only use iptables-legacy if platform is Buster 2019-07-03 10:13:22 +02:00
4s3ti
7aa803720c
Merge pull request from orazioedoardo/debug-privacy
Hide client IPs inside the debug log
2019-07-02 13:10:43 +01:00
4s3ti
d32aafe61f
Merge pull request from orazioedoardo/iptables-detection
Improve iptables detection
2019-07-02 13:08:44 +01:00
Orazio
b823737b5a Hide client IPs in the debug log 2019-07-01 15:44:00 +02:00
Orazio
0ad342e007 Fixed typo 2019-07-01 11:36:01 +02:00
Orazio
7a34dd3704 Improve iptables detection 2019-07-01 11:12:46 +02:00
Orazio
95480f3279 Add support for Raspbian Buster 2019-06-26 10:35:56 +02:00
IcedComputer
2e5a344c82
Fixed issue with grabbing hostname
Per comments and recommendations, added the "-s" when grabbing the hostname.  This will ensure uniform performance across various platforms.
2019-06-20 17:37:56 -07:00
IcedComputer
ce9b8dfffc
Leverage the Hostname of the Server
Historic versions leveraged a format of "server_$UUID" to name of the VPN server certificate for X509 verification.  This seems very impersonal.  The new code pulls the existing hostname of the machines and appends the 16 character UUID.  The new format is $hostname_$UUID.

Example:
A machine named "Martian" with a UUID of 1234567890123456 would change from server_1234567890123456 to Martian_1234567890123456
2019-06-19 15:48:46 -07:00
4s3ti
def92ed83d Added support info 2019-06-06 16:59:15 +02:00
4s3ti
dafd3da38c
Merge branch 'master' into test 2019-05-14 00:15:34 +01:00
4s3ti
616c2e24c4 Removed /24, fixed issue template 2019-05-13 23:06:14 +01:00
Calvin Loncaric
1af5c26034
Flush disk writes before reboot
This commit introduces a `sync` call before the install script exits.

The writes that this script does during setup do not reach persistent
storage until the kernel decides to flush them.  The reboot sequence
might drop those pending writes on the floor.  To mitigate that
possibility (but not fully eliminate it), the script now calls `sync`,
which waits until the kernel has flushed its write cache.
2019-05-13 10:26:07 -07:00
Orazio
05d7d84809 Remove reference to a deleted file 2019-05-08 15:29:43 +02:00
Orazio
e26cef1863 Custom certificate duration and more flexible names 2019-05-08 13:01:56 +02:00
Orazio
63d3335f33 Resolved merge conflict 2019-05-03 10:26:56 +02:00
Jorge Frade
b75b36f482
Fix Easy-RSA install
Renamed from EasyRSA-{version}.tgz to EasyRSA-unix-v{version}.tgz
2019-04-10 17:54:31 +01:00
james-lasersoft
bd6a1e10ac
Merge pull request from shian15810/master
Fixed rsyslog deprecated discard from ~ to stop
2019-04-10 00:41:50 -05:00
james-lasersoft
577d662a7c
Merge pull request from Giraffe1966/shallow-clone
Use shallow clone for make_repo and update_repo.
2019-04-10 00:30:29 -05:00
Chuah Chee Shian
4f34bd3303
fixed rsyslog deprecated discard from ~ to stop 2019-04-05 00:39:00 +08:00
Giraffe1966
bbb4b1e4f3
Update easy-rsa version. 2019-03-29 23:34:37 -04:00
Giraffe1966
cc80ca16bb
Use shallow clone for make_repo and update_repo. 2019-03-29 23:15:30 -04:00
Heidenreich
ae934253f9 Updated sed insertion to fix line overwrite 2019-03-11 11:22:31 -04:00
Heidenreich
76ae525c1d updated server.conf path 2019-03-11 10:54:54 -04:00
Alex Heidenreich
9bb82ff372 changed whiptail sizing to use PiVPN variables 2019-03-10 22:35:18 -04:00
Alex Heidenreich
9808234792 Called valid_domain function in SetCustomDomain() 2019-03-10 22:33:20 -04:00
Alex Heidenreich
0cd9e0deb6 Added function valid_domain to check user input of custom domain 2019-03-10 20:06:49 -04:00
Alex Heidenreich
3a0d6b1b47 Fixed server.conf path 2019-03-10 14:02:37 -04:00
Alex Heidenreich
3364f76790 Added procedure to allow users to set custom search domain. 2019-03-10 13:55:14 -04:00
Alex Heidenreich
24db1bc2e2 Initial commit with comment 2019-03-05 11:32:49 -05:00
Orazio
e3f729f260 General fixes and improvements 2019-03-03 10:18:45 +01:00
Orazio
375faa6398 Update install.sh 2018-10-19 22:04:30 +01:00
Orazio
30f8508055 Update install.sh 2018-10-19 22:04:30 +01:00
Orazio
cb169bcb0c Update install.sh 2018-10-19 22:04:30 +01:00
Orazio
dd26662fdf
Update install.sh 2018-10-12 21:06:11 +02:00
Orazio
66a937f04d
Update install.sh 2018-09-04 14:38:21 +02:00
Orazio
f02f57d721
Update install.sh 2018-09-04 12:06:52 +02:00
redfast00
de76940b65
Merge pull request from Giraffe1966/issue-552
Fix issue  (remove dead code)
2018-08-15 21:17:33 +02:00
redfast00
18bfa927da
Fix typo, fix 2018-08-15 21:15:24 +02:00
redfast00
da33c83ac4
Merge pull request from alexisespinosa/master
Create TWO_POINT_FOUR file when running unattended
2018-08-15 20:30:25 +02:00
redfast00
028805211e
Merge pull request from marvinlehmann/master
Use latest DH parameter service API
2018-08-15 20:20:53 +02:00
Alexis Espinosa Perez
a8b3428744 Create TWO_POINT_FOUR file when running unattended 2018-08-15 11:06:12 -05:00
Marvin Lehmann
e4067949d5
Use latest DH parameter service API
More information at https://2ton.com.au/safeprimes/
2018-07-18 23:01:36 +02:00
Giraffe1966
58fcaafcf1
Fix issue . 2018-07-02 17:34:26 -04:00
pfg
79d4245edb Fix spacing 2018-05-29 14:19:16 -07:00
pfg
fb604cdc7f Actually do it right 2018-05-29 14:17:55 -07:00
Piero
33e7ef0c91 Several changes 2018-04-02 12:07:58 +02:00
justinamcafee
9749257e08
Updated install.sh
Added support for FamilyShield DNS from OpenDNS/CISCO
2018-03-09 11:32:14 -06:00
Piero
4b47b5aa61 2.4 2018-02-15 10:14:03 +01:00
redfast00
c7dfe6283a
Merge pull request from jellemdekker/fix/remove-excess-code
Removed excess code
2017-12-16 22:07:10 +01:00
Jelle Dekker
9f46f1ef91 Removed call to deleted method. 2017-10-11 22:55:58 -05:00
cfcolaco
89a928e7c4 fixed (more) Typos and sentences 2017-10-08 20:10:57 +01:00
cfcolaco
664087bf92 fixed typo 2017-10-08 19:47:30 +01:00
cfcolaco
c1918417d6 added support to Stretch, removed useless code, added info about stretch support 2017-10-08 18:27:43 +01:00
cfcolaco
29a5dbb22b Revert "Revert "Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes""
This reverts commit 6e8d6d24b5.
2017-10-08 13:19:01 +01:00
cfcolaco
6e8d6d24b5 Revert "Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes"
This reverts commit 2626127be1.
2017-10-08 13:08:57 +01:00
cfcolaco
2626127be1 Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes 2017-10-08 12:54:24 +01:00
cfcolaco
a5258d9f3c Merging master comits into testing 2017-10-08 11:26:42 +01:00
Jelle Dekker
14b13d3a41 Removed the previously commented-out code. 2017-09-23 19:17:35 -05:00
redfast00
a8deeaf18b Merge pull request from jellemdekker/fix/improve-dh-selection-menu
Improved encryption strength selection menu
2017-09-24 01:16:33 +02:00
redfast00
009e4b3023 Merge pull request from jellemdekker/feature/randomize-server-name
Randomize server Common Name for added security
2017-09-24 01:13:34 +02:00
redfast00
003b27362f Merge pull request from jellemdekker/feature/generate-crl-during-installation
Generate and activate CRL during installation
2017-09-24 01:12:05 +02:00
Jelle Dekker
c81e793c6c Removed punctuation in list items. 2017-09-23 15:16:06 -05:00
Jelle Dekker
f5c05715de Added sudo -E. 2017-09-23 14:35:46 -05:00
Jelle Dekker
4e77245a97 Commented out code related to adding a route to the remote subnet (e.g. 192.168.0.0). 2017-09-22 16:03:38 -05:00
Jelle Dekker
7b6a358779 Modified the messages when PiVPN installation completes and client profiles are generated, so the user knows to generate a client profile per each device he/she wants to connect to the VPN with. 2017-09-22 14:11:23 -05:00
Jelle Dekker
30920115b3 Implemented that a Certificate Revocation List is generated during installation after generation of other Public Key Infrastructure. Enabled this CRL in the server config. The added benefit of this is that whenever the user now revokes a client, the change is instant. Whereas before, the first time a client was revoked, the OpenVPN server had to be restarted to enabled the then-newly-generated CRL. This change also makes the file /etc/pivpn/REVOKE_STATUS obsolete.
Documentation: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
2017-09-22 02:46:52 -05:00
Jelle Dekker
8910545d90 Fixed a couple of typos. 2017-09-22 02:17:53 -05:00
Jelle Dekker
d1652a03b1 The SERVER_NAME variable is used in a 'verify-x509-name' check to allow the client to verify it is talking to the correct server. However, its value was always equal to 'server'. This wasn't unique for each installation and therefore provided no additional safety check. So I've modified it to be random for each installation of PiVPN. Additionally, the variable is now actually being used when specifying the server name in the build-server-full command.
Source for obtaining a random UUID (thank you): Earthgecko (https://gist.github.com/earthgecko/3089509)
2017-09-21 14:39:16 -05:00
Jelle Dekker
7cf5c19789 Changed the display order of the DH options (default value is still 2048 bits) and added a warning for 1024 bits. 2017-09-20 23:24:57 -05:00
cfcolaco
fbec57d1fd changed to new openvpn repos 2017-06-29 12:03:47 +01:00
David Quattlebaum
5c4a51b695 Final testing passed
Changes:
- Document that Devuan is supported.
- Use special PLAT name, Raspvuan for Pi version
- Use service command for any *vuan PLAT, systemd is no on any
Devuan.
- add net-tools to PIVPN_DEPS
2017-06-06 18:27:23 -04:00
David Quattlebaum
2eb11cad0c changes for devuan
- To simplify further additions to PLAT or OSCN, use
the case command for checking

- Treat Devuan as Debian

- Add /sbin:/usr/sbin to PATH before calling ifconfig

- Ensure net-tools is installed so we have ifconfig
2017-06-04 16:18:26 -04:00
Jelle Dekker
d5f0a81f80 Clearly indicate that a user selects a list item with the space bar. 2017-04-17 15:49:52 +02:00
EWouters
ff97f40ecf Fix: mkdir: cannot create directory ‘/home/$pivpnUser/ovpns’: File exists 2017-03-22 13:47:55 +13:00
EWouters
cd4d13691d fixed check for when both nopass and a password argument are passed to the script 2017-03-16 22:25:17 +13:00
EWouters
27c34aa297 Removed -p flag to create home dir
As described in  ( fc14664) it is not desirable.
2017-03-15 17:24:42 +13:00
EWouters
75b7995a87 Removed SERVER_NAME parameter
because it is hardcoded as "server" in other scripts
2017-03-15 02:40:39 +13:00
EWouters
277a212a8f tabs to spaces 2017-03-14 15:39:53 +13:00
EWouters
097145392c set -e and set +e around line 800 to 815
I am not sure why this statement does not work with -e. We can also
remove the set -e statement altogether.
2017-03-14 15:39:07 +13:00
EWouters
7315353179 Moved echo to file statements to front, add missing
fixed a typo
replaced tabs with spaces
2017-03-14 15:25:39 +13:00
EWouters
5b5129f1bc fix: cp: cannot stat ‘/tmp/pivpnINT’: No such file 2017-03-14 14:26:22 +13:00
EWouters
2a639e753e Fixed sed command and mkdir if folder exists 2017-03-14 10:48:16 +13:00
EWouters
71021d6ffa Added all parameters, initial testing done 2017-03-13 19:44:29 +13:00
EWouters
5db23185fd Added pi-hole's undocumented flags
UNTESTED!
2017-03-13 17:00:28 +13:00
Kaladin Light
faaabe4c0e Fixes Issue 2017-01-28 13:58:10 -05:00
Kaladin Light
dc9924f147 Have debug work without being root 2017-01-27 17:46:34 -05:00
Kaladin Light
5ce48cbaaf Trying to ensure interface is set, maybe related to iptables issues.
If not, we at least will see in pivpnDebug output now.
2017-01-27 15:42:42 -05:00
redfast00
b727fa3970
Fix-189 2017-01-22 12:44:36 +01:00
Kaladin Light
df16e8dd59 Fixes Issue and 2016-12-25 18:06:32 -05:00
Kaladin Light
371f339fed Rework things 2016-12-24 00:20:45 -05:00
Kaladin Light
22b5bfef68 Add fix iptables help to debug script (1/2) 2016-12-11 13:36:14 -05:00
Kaladin Light
6b406ffb27 Fix type for moving client script 2016-12-11 10:04:33 -05:00
Kaladin Light
eaf78ab6bb Try to fix apt errors now. If we can't then exit so the user can address. 2016-12-10 00:58:36 -05:00
Bastiaan Nelissen
6e3ad10a80 fixed download location
fixed easy-rsa download location
Conflicts:
	auto_install/install.sh
2016-12-08 18:37:22 -05:00
Bastiaan Nelissen
98d63b7bd0 fixed wget command
wget was targeted to a directory instead of a file
2016-12-08 18:31:43 -05:00
Kaladin Light
07cdc2771b Fix new clients command 2016-12-08 12:18:21 -05:00
Kaladin Light
da5facecbc Add 'pivpn clients' command to show list of connected clients 2016-12-08 11:43:30 -05:00
Kaladin Light
6c456d3b90 Minor fixes for couple issues 2016-12-07 13:03:32 -05:00
Kaladin Light
26152889f6 Testing a failure 2016-12-07 11:55:36 -05:00
Kaladin Light
082200ba7c More adjustments/fixes for easy-rsa3 2016-12-05 15:54:54 -05:00
Kaladin Light
a503fa7f93 Ensure openvpn doesn't install easy-rsa now 2016-12-05 15:35:47 -05:00
Kaladin Light
ff1ade9e9f Bug fixes for easyrsa3 modifications
Cleanup chooseUser function and fix issue with creating a user
password not being set correctly.
2016-12-05 14:55:30 -05:00
Kaladin Light
27e0fa8bb5 Ensure we don't get prompted for confirmation on init-pki 2016-12-05 12:13:09 -05:00
Kaladin Light
0b96cae1a3 Phase 1 (of 3?): Server modifications for easy-rsa3 2016-12-04 00:20:37 -05:00
Kaladin Light
f61b26f669 Small adj 2016-11-22 23:47:09 -05:00
Kaladin Light
083de9336d Can't use nslookup if it isn't installed yet... 2016-11-22 23:18:24 -05:00
Kaladin Light
542bcda9a1 Don't assume user's DNS is their gateway. Use what they have. 2016-11-22 13:23:51 -05:00
Kaladin Light
1cada67979 Don't like the install log, get rid of for now 2016-11-19 16:26:40 -05:00
Kaladin Light
5e29fdf3fb Help debugging with install log 2016-11-19 15:52:13 -05:00
Kaladin Light
7f662ad13d Hopefully Fixes Issue 2016-11-18 17:22:36 -05:00
Kaladin Light
cf9f052445 Update to setStaticIPv4 function 2016-11-10 12:25:31 -05:00
Kaladin Light
d844f874a3 Update to getStaticIPv4Settings function 2016-11-10 12:18:17 -05:00
Kaladin Light
b2362ab591 Update to chooseInterface function 2016-11-10 11:13:31 -05:00
Kaladin Light
4516137dca Minor updates to some checks. 2016-11-10 10:51:19 -05:00
Kaladin Light
02bf7c0ad8 Fix apt-get switches to not generate unexpected output 2016-11-09 22:33:21 -05:00
Kaladin Light
6997a0b9a7 Fixes Issue :
- Uses network address instead of IP in the push route to avoid warnings
- If a second DNS is not entered, remove second occurence of the dhcp-option DNS
2016-11-09 15:02:40 -05:00
Kaladin Light
67722ca7f4 Once again pi-hole had a more robust stty setup so lets borrow that :) 2016-11-08 12:03:42 -05:00
Kaladin Light
7c64afdc92 Get rows/cols with stty instead of tput 2016-11-07 22:49:00 -05:00
redfast00
6d1f6f6f07
Fixes 2016-11-05 14:42:37 +01:00
redfast00
460c575dfc
Now prompts user to create new non-root user if no user is found 2016-10-27 15:45:02 +02:00
redfast00
1cdd5d1494 Cleanup ()
* Tab completion for nopass, no further completion after one argument

* Cleaned up install.sh
2016-10-25 20:11:32 +02:00
redfast00
d900efe49b Fix-110: iptables-save now actually saves the iptables 2016-10-23 11:29:46 +02:00
Shaun Grady
1a4e9cdb66 Explain DH param download in greater detail ()
* Explain DH param download in greater detail

- Change default from "no" to "yes," since it's perfectly safe more 99%
of users
- Be a bit more specific about what "a long time" means
- Provide a bit of information about the service
- Provide a link to read more about the server

* Revert to defaulting no to downloading DH params
2016-10-22 20:33:42 +02:00
Shaun Grady
b03cb8753f
Randomize DH params fetched from 2ton.com.au
Fetch random DH params from the last 128 generated by 2ton.com.au. This
will reduce the likelihood that multiple installs in short period of
time will share the same DH params.
2016-10-20 16:21:28 -07:00
Miguel Priede
7ac0a3aada Update install.sh for
Parenthesis fault...
2016-10-19 06:51:30 +02:00
redfast00
4681cf29fe Whoops, fixed now 2016-10-18 19:30:02 +02:00