Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-10 22:42:41 +01:00
Code Issues Projects Releases Wiki Activity

Fix shfmt case statement indentation

Browse Source
This commit is contained in:
Stanislas Lange
2025-12-07 23:26:32 +01:00
parent d8cadb1760
commit 36dadc56b1
1 changed files with 275 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

550
openvpn-install.sh
View File

@@ -455,19 +455,19 @@ function installQuestions() {
read -rp "Port choice [1-3]: " -e -i 1 PORT_CHOICE
done
case $PORT_CHOICE in
1)
PORT="1194"
;;
2)
until [[ $PORT =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; do
read -rp "Custom port [1-65535]: " -e -i 1194 PORT
done
;;
3)
# Generate random number within private ports range
PORT=$(shuf -i49152-65535 -n1)
log_info "Random Port: $PORT"
;;
1)
PORT="1194"
;;
2)
until [[ $PORT =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; do
read -rp "Custom port [1-65535]: " -e -i 1194 PORT
done
;;
3)
# Generate random number within private ports range
PORT=$(shuf -i49152-65535 -n1)
log_info "Random Port: $PORT"
;;
esac
log_menu ""
log_prompt "What protocol do you want OpenVPN to use?"
@@ -478,12 +478,12 @@ function installQuestions() {
read -rp "Protocol [1-2]: " -e -i 1 PROTOCOL_CHOICE
done
case $PROTOCOL_CHOICE in
1)
PROTOCOL="udp"
;;
2)
PROTOCOL="tcp"
;;
1)
PROTOCOL="udp"
;;
2)
PROTOCOL="tcp"
;;
esac
log_menu ""
log_prompt "What DNS resolvers do you want to use with the VPN?"
@@ -544,15 +544,15 @@ function installQuestions() {
read -rp"Compression algorithm [1-3]: " -e -i 1 COMPRESSION_CHOICE
done
case $COMPRESSION_CHOICE in
1)
COMPRESSION_ALG="lz4-v2"
;;
2)
COMPRESSION_ALG="lz4"
;;
3)
COMPRESSION_ALG="lzo"
;;
1)
COMPRESSION_ALG="lz4-v2"
;;
2)
COMPRESSION_ALG="lz4"
;;
3)
COMPRESSION_ALG="lzo"
;;
esac
fi
log_menu ""
@@ -587,24 +587,24 @@ function installQuestions() {
read -rp "Cipher [1-6]: " -e -i 1 CIPHER_CHOICE
done
case $CIPHER_CHOICE in
1)
CIPHER="AES-128-GCM"
;;
2)
CIPHER="AES-192-GCM"
;;
3)
CIPHER="AES-256-GCM"
;;
4)
CIPHER="AES-128-CBC"
;;
5)
CIPHER="AES-192-CBC"
;;
6)
CIPHER="AES-256-CBC"
;;
1)
CIPHER="AES-128-GCM"
;;
2)
CIPHER="AES-192-GCM"
;;
3)
CIPHER="AES-256-GCM"
;;
4)
CIPHER="AES-128-CBC"
;;
5)
CIPHER="AES-192-CBC"
;;
6)
CIPHER="AES-256-CBC"
;;
esac
log_menu ""
log_prompt "Choose what kind of certificate you want to use:"
@@ -614,82 +614,82 @@ function installQuestions() {
read -rp"Certificate key type [1-2]: " -e -i 1 CERT_TYPE
done
case $CERT_TYPE in
1)
log_menu ""
log_prompt "Choose which curve you want to use for the certificate's key:"
log_menu " 1) prime256v1 (recommended)"
log_menu " 2) secp384r1"
log_menu " 3) secp521r1"
until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do
read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE
done
case $CERT_CURVE_CHOICE in
1)
log_menu ""
log_prompt "Choose which curve you want to use for the certificate's key:"
log_menu " 1) prime256v1 (recommended)"
log_menu " 2) secp384r1"
log_menu " 3) secp521r1"
until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do
read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE
done
case $CERT_CURVE_CHOICE in
1)
CERT_CURVE="prime256v1"
;;
2)
CERT_CURVE="secp384r1"
;;
3)
CERT_CURVE="secp521r1"
;;
esac
CERT_CURVE="prime256v1"
;;
2)
log_menu ""
log_prompt "Choose which size you want to use for the certificate's RSA key:"
log_menu " 1) 2048 bits (recommended)"
log_menu " 2) 3072 bits"
log_menu " 3) 4096 bits"
until [[ $RSA_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do
read -rp "RSA key size [1-3]: " -e -i 1 RSA_KEY_SIZE_CHOICE
done
case $RSA_KEY_SIZE_CHOICE in
1)
RSA_KEY_SIZE="2048"
;;
2)
RSA_KEY_SIZE="3072"
;;
3)
RSA_KEY_SIZE="4096"
;;
esac
CERT_CURVE="secp384r1"
;;
3)
CERT_CURVE="secp521r1"
;;
esac
;;
2)
log_menu ""
log_prompt "Choose which size you want to use for the certificate's RSA key:"
log_menu " 1) 2048 bits (recommended)"
log_menu " 2) 3072 bits"
log_menu " 3) 4096 bits"
until [[ $RSA_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do
read -rp "RSA key size [1-3]: " -e -i 1 RSA_KEY_SIZE_CHOICE
done
case $RSA_KEY_SIZE_CHOICE in
1)
RSA_KEY_SIZE="2048"
;;
2)
RSA_KEY_SIZE="3072"
;;
3)
RSA_KEY_SIZE="4096"
;;
esac
;;
esac
log_menu ""
log_prompt "Choose which cipher you want to use for the control channel:"
case $CERT_TYPE in
1)
log_menu " 1) ECDHE-ECDSA-AES-128-GCM-SHA256 (recommended)"
log_menu " 2) ECDHE-ECDSA-AES-256-GCM-SHA384"
until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do
read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE
done
case $CC_CIPHER_CHOICE in
1)
log_menu " 1) ECDHE-ECDSA-AES-128-GCM-SHA256 (recommended)"
log_menu " 2) ECDHE-ECDSA-AES-256-GCM-SHA384"
until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do
read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE
done
case $CC_CIPHER_CHOICE in
1)
CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"
;;
2)
CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
;;
esac
CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"
;;
2)
log_menu " 1) ECDHE-RSA-AES-128-GCM-SHA256 (recommended)"
log_menu " 2) ECDHE-RSA-AES-256-GCM-SHA384"
until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do
read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE
done
case $CC_CIPHER_CHOICE in
1)
CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"
;;
2)
CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
;;
esac
CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
;;
esac
;;
2)
log_menu " 1) ECDHE-RSA-AES-128-GCM-SHA256 (recommended)"
log_menu " 2) ECDHE-RSA-AES-256-GCM-SHA384"
until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do
read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE
done
case $CC_CIPHER_CHOICE in
1)
CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"
;;
2)
CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
;;
esac
;;
esac
log_menu ""
log_prompt "Choose what kind of Diffie-Hellman key you want to use:"
@@ -699,48 +699,48 @@ function installQuestions() {
read -rp"DH key type [1-2]: " -e -i 1 DH_TYPE
done
case $DH_TYPE in
1)
log_menu ""
log_prompt "Choose which curve you want to use for the ECDH key:"
log_menu " 1) prime256v1 (recommended)"
log_menu " 2) secp384r1"
log_menu " 3) secp521r1"
while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do
read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE
done
case $DH_CURVE_CHOICE in
1)
log_menu ""
log_prompt "Choose which curve you want to use for the ECDH key:"
log_menu " 1) prime256v1 (recommended)"
log_menu " 2) secp384r1"
log_menu " 3) secp521r1"
while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do
read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE
done
case $DH_CURVE_CHOICE in
1)
DH_CURVE="prime256v1"
;;
2)
DH_CURVE="secp384r1"
;;
3)
DH_CURVE="secp521r1"
;;
esac
DH_CURVE="prime256v1"
;;
2)
log_menu ""
log_prompt "Choose what size of Diffie-Hellman key you want to use:"
log_menu " 1) 2048 bits (recommended)"
log_menu " 2) 3072 bits"
log_menu " 3) 4096 bits"
until [[ $DH_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do
read -rp "DH key size [1-3]: " -e -i 1 DH_KEY_SIZE_CHOICE
done
case $DH_KEY_SIZE_CHOICE in
1)
DH_KEY_SIZE="2048"
;;
2)
DH_KEY_SIZE="3072"
;;
3)
DH_KEY_SIZE="4096"
;;
esac
DH_CURVE="secp384r1"
;;
3)
DH_CURVE="secp521r1"
;;
esac
;;
2)
log_menu ""
log_prompt "Choose what size of Diffie-Hellman key you want to use:"
log_menu " 1) 2048 bits (recommended)"
log_menu " 2) 3072 bits"
log_menu " 3) 4096 bits"
until [[ $DH_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do
read -rp "DH key size [1-3]: " -e -i 1 DH_KEY_SIZE_CHOICE
done
case $DH_KEY_SIZE_CHOICE in
1)
DH_KEY_SIZE="2048"
;;
2)
DH_KEY_SIZE="3072"
;;
3)
DH_KEY_SIZE="4096"
;;
esac
;;
esac
log_menu ""
# The "auth" options behaves differently with AEAD ciphers
@@ -757,15 +757,15 @@ function installQuestions() {
read -rp "Digest algorithm [1-3]: " -e -i 1 HMAC_ALG_CHOICE
done
case $HMAC_ALG_CHOICE in
1)
HMAC_ALG="SHA256"
;;
2)
HMAC_ALG="SHA384"
;;
3)
HMAC_ALG="SHA512"
;;
1)
HMAC_ALG="SHA256"
;;
2)
HMAC_ALG="SHA384"
;;
3)
HMAC_ALG="SHA512"
;;
esac
log_menu ""
log_prompt "You can add an additional layer of security to the control channel with tls-auth and tls-crypt"
@@ -910,13 +910,13 @@ function installOpenVPN() {
cd /etc/openvpn/easy-rsa/ || return
case $CERT_TYPE in
1)
echo "set_var EASYRSA_ALGO ec" >vars
echo "set_var EASYRSA_CURVE $CERT_CURVE" >>vars
;;
2)
echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" >vars
;;
1)
echo "set_var EASYRSA_ALGO ec" >vars
echo "set_var EASYRSA_CURVE $CERT_CURVE" >>vars
;;
2)
echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" >vars
;;
esac
# Generate a random, alphanumeric identifier of 16 characters for CN and one for server name
@@ -945,14 +945,14 @@ function installOpenVPN() {
log_info "Generating TLS key..."
case $TLS_SIG in
1)
# Generate tls-crypt key
run_cmd "Generating tls-crypt key" openvpn --genkey --secret /etc/openvpn/tls-crypt.key
;;
2)
# Generate tls-auth key
run_cmd "Generating tls-auth key" openvpn --genkey --secret /etc/openvpn/tls-auth.key
;;
1)
# Generate tls-crypt key
run_cmd "Generating tls-crypt key" openvpn --genkey --secret /etc/openvpn/tls-crypt.key
;;
2)
# Generate tls-auth key
run_cmd "Generating tls-auth key" openvpn --genkey --secret /etc/openvpn/tls-auth.key
;;
esac
else
# If easy-rsa is already installed, grab the generated SERVER_NAME
@@ -992,74 +992,74 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
# DNS resolvers
case $DNS in
1) # Current system resolvers
# Locate the proper resolv.conf
# Needed for systems running systemd-resolved
if grep -q "127.0.0.53" "/etc/resolv.conf"; then
RESOLVCONF='/run/systemd/resolve/resolv.conf'
else
RESOLVCONF='/etc/resolv.conf'
1) # Current system resolvers
# Locate the proper resolv.conf
# Needed for systems running systemd-resolved
if grep -q "127.0.0.53" "/etc/resolv.conf"; then
RESOLVCONF='/run/systemd/resolve/resolv.conf'
else
RESOLVCONF='/etc/resolv.conf'
fi
# Obtain the resolvers from resolv.conf and use them for OpenVPN
sed -ne 's/^nameserver[[:space:]]\+\([^[:space:]]\+\).*$/\1/p' $RESOLVCONF | while read -r line; do
# Copy, if it's a IPv4 |or| if IPv6 is enabled, IPv4/IPv6 does not matter
if [[ $line =~ ^[0-9.]*$ ]] || [[ $IPV6_SUPPORT == 'y' ]]; then
echo "push \"dhcp-option DNS $line\"" >>/etc/openvpn/server.conf
fi
# Obtain the resolvers from resolv.conf and use them for OpenVPN
sed -ne 's/^nameserver[[:space:]]\+\([^[:space:]]\+\).*$/\1/p' $RESOLVCONF | while read -r line; do
# Copy, if it's a IPv4 |or| if IPv6 is enabled, IPv4/IPv6 does not matter
if [[ $line =~ ^[0-9.]*$ ]] || [[ $IPV6_SUPPORT == 'y' ]]; then
echo "push \"dhcp-option DNS $line\"" >>/etc/openvpn/server.conf
fi
done
;;
2) # Self-hosted DNS resolver (Unbound)
echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf
if [[ $IPV6_SUPPORT == 'y' ]]; then
echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf
fi
;;
3) # Cloudflare
echo 'push "dhcp-option DNS 1.0.0.1"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 1.1.1.1"' >>/etc/openvpn/server.conf
;;
4) # Quad9
echo 'push "dhcp-option DNS 9.9.9.9"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 149.112.112.112"' >>/etc/openvpn/server.conf
;;
5) # Quad9 uncensored
echo 'push "dhcp-option DNS 9.9.9.10"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 149.112.112.10"' >>/etc/openvpn/server.conf
;;
6) # FDN
echo 'push "dhcp-option DNS 80.67.169.40"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 80.67.169.12"' >>/etc/openvpn/server.conf
;;
7) # DNS.WATCH
echo 'push "dhcp-option DNS 84.200.69.80"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 84.200.70.40"' >>/etc/openvpn/server.conf
;;
8) # OpenDNS
echo 'push "dhcp-option DNS 208.67.222.222"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 208.67.220.220"' >>/etc/openvpn/server.conf
;;
9) # Google
echo 'push "dhcp-option DNS 8.8.8.8"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 8.8.4.4"' >>/etc/openvpn/server.conf
;;
10) # Yandex Basic
echo 'push "dhcp-option DNS 77.88.8.8"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 77.88.8.1"' >>/etc/openvpn/server.conf
;;
11) # AdGuard DNS
echo 'push "dhcp-option DNS 94.140.14.14"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 94.140.15.15"' >>/etc/openvpn/server.conf
;;
12) # NextDNS
echo 'push "dhcp-option DNS 45.90.28.167"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 45.90.30.167"' >>/etc/openvpn/server.conf
;;
13) # Custom DNS
echo "push \"dhcp-option DNS $DNS1\"" >>/etc/openvpn/server.conf
if [[ $DNS2 != "" ]]; then
echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf
fi
;;
done
;;
2) # Self-hosted DNS resolver (Unbound)
echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf
if [[ $IPV6_SUPPORT == 'y' ]]; then
echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf
fi
;;
3) # Cloudflare
echo 'push "dhcp-option DNS 1.0.0.1"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 1.1.1.1"' >>/etc/openvpn/server.conf
;;
4) # Quad9
echo 'push "dhcp-option DNS 9.9.9.9"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 149.112.112.112"' >>/etc/openvpn/server.conf
;;
5) # Quad9 uncensored
echo 'push "dhcp-option DNS 9.9.9.10"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 149.112.112.10"' >>/etc/openvpn/server.conf
;;
6) # FDN
echo 'push "dhcp-option DNS 80.67.169.40"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 80.67.169.12"' >>/etc/openvpn/server.conf
;;
7) # DNS.WATCH
echo 'push "dhcp-option DNS 84.200.69.80"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 84.200.70.40"' >>/etc/openvpn/server.conf
;;
8) # OpenDNS
echo 'push "dhcp-option DNS 208.67.222.222"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 208.67.220.220"' >>/etc/openvpn/server.conf
;;
9) # Google
echo 'push "dhcp-option DNS 8.8.8.8"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 8.8.4.4"' >>/etc/openvpn/server.conf
;;
10) # Yandex Basic
echo 'push "dhcp-option DNS 77.88.8.8"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 77.88.8.1"' >>/etc/openvpn/server.conf
;;
11) # AdGuard DNS
echo 'push "dhcp-option DNS 94.140.14.14"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 94.140.15.15"' >>/etc/openvpn/server.conf
;;
12) # NextDNS
echo 'push "dhcp-option DNS 45.90.28.167"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS 45.90.30.167"' >>/etc/openvpn/server.conf
;;
13) # Custom DNS
echo "push \"dhcp-option DNS $DNS1\"" >>/etc/openvpn/server.conf
if [[ $DNS2 != "" ]]; then
echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf
fi
;;
esac
echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf
@@ -1084,12 +1084,12 @@ push "redirect-gateway ipv6"' >>/etc/openvpn/server.conf
fi
case $TLS_SIG in
1)
echo "tls-crypt tls-crypt.key" >>/etc/openvpn/server.conf
;;
2)
echo "tls-auth tls-auth.key 0" >>/etc/openvpn/server.conf
;;
1)
echo "tls-crypt tls-crypt.key" >>/etc/openvpn/server.conf
;;
2)
echo "tls-auth tls-auth.key 0" >>/etc/openvpn/server.conf
;;
esac
echo "crl-verify crl.pem
@@ -1291,13 +1291,13 @@ function newClient() {
log_info "Generating client certificate..."
export EASYRSA_CERT_EXPIRE=$CERT_VALIDITY_DAYS
case $PASS in
1)
run_cmd "Building client certificate" ./easyrsa --batch build-client-full "$CLIENT" nopass
;;
2)
log_warn "You will be asked for the client password below"
./easyrsa --batch build-client-full "$CLIENT"
;;
1)
run_cmd "Building client certificate" ./easyrsa --batch build-client-full "$CLIENT" nopass
;;
2)
log_warn "You will be asked for the client password below"
./easyrsa --batch build-client-full "$CLIENT"
;;
esac
log_success "Client $CLIENT added."
fi
@@ -1342,17 +1342,17 @@ function newClient() {
echo "</key>"
case $TLS_SIG in
1)
echo "<tls-crypt>"
cat /etc/openvpn/tls-crypt.key
echo "</tls-crypt>"
;;
2)
echo "key-direction 1"
echo "<tls-auth>"
cat /etc/openvpn/tls-auth.key
echo "</tls-auth>"
;;
1)
echo "<tls-crypt>"
cat /etc/openvpn/tls-crypt.key
echo "</tls-crypt>"
;;
2)
echo "key-direction 1"
echo "<tls-auth>"
cat /etc/openvpn/tls-auth.key
echo "</tls-auth>"
;;
esac
} >>"$homeDir/$CLIENT.ovpn"
@@ -1519,18 +1519,18 @@ function manageMenu() {
done
case $MENU_OPTION in
1)
newClient
;;
2)
revokeClient
;;
3)
removeOpenVPN
;;
4)
exit 0
;;
1)
newClient
;;
2)
revokeClient
;;
3)
removeOpenVPN
;;
4)
exit 0
;;
esac
}