From 36dadc56b1b3092033c806f57164b021fad5a177 Mon Sep 17 00:00:00 2001 From: Stanislas Lange Date: Sun, 7 Dec 2025 23:26:32 +0100 Subject: [PATCH] Fix shfmt case statement indentation --- openvpn-install.sh | 550 ++++++++++++++++++++++----------------------- 1 file changed, 275 insertions(+), 275 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index fbc4c87..92e353d 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -455,19 +455,19 @@ function installQuestions() { read -rp "Port choice [1-3]: " -e -i 1 PORT_CHOICE done case $PORT_CHOICE in - 1) - PORT="1194" - ;; - 2) - until [[ $PORT =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; do - read -rp "Custom port [1-65535]: " -e -i 1194 PORT - done - ;; - 3) - # Generate random number within private ports range - PORT=$(shuf -i49152-65535 -n1) - log_info "Random Port: $PORT" - ;; + 1) + PORT="1194" + ;; + 2) + until [[ $PORT =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; do + read -rp "Custom port [1-65535]: " -e -i 1194 PORT + done + ;; + 3) + # Generate random number within private ports range + PORT=$(shuf -i49152-65535 -n1) + log_info "Random Port: $PORT" + ;; esac log_menu "" log_prompt "What protocol do you want OpenVPN to use?" @@ -478,12 +478,12 @@ function installQuestions() { read -rp "Protocol [1-2]: " -e -i 1 PROTOCOL_CHOICE done case $PROTOCOL_CHOICE in - 1) - PROTOCOL="udp" - ;; - 2) - PROTOCOL="tcp" - ;; + 1) + PROTOCOL="udp" + ;; + 2) + PROTOCOL="tcp" + ;; esac log_menu "" log_prompt "What DNS resolvers do you want to use with the VPN?" @@ -544,15 +544,15 @@ function installQuestions() { read -rp"Compression algorithm [1-3]: " -e -i 1 COMPRESSION_CHOICE done case $COMPRESSION_CHOICE in - 1) - COMPRESSION_ALG="lz4-v2" - ;; - 2) - COMPRESSION_ALG="lz4" - ;; - 3) - COMPRESSION_ALG="lzo" - ;; + 1) + COMPRESSION_ALG="lz4-v2" + ;; + 2) + COMPRESSION_ALG="lz4" + ;; + 3) + COMPRESSION_ALG="lzo" + ;; esac fi log_menu "" @@ -587,24 +587,24 @@ function installQuestions() { read -rp "Cipher [1-6]: " -e -i 1 CIPHER_CHOICE done case $CIPHER_CHOICE in - 1) - CIPHER="AES-128-GCM" - ;; - 2) - CIPHER="AES-192-GCM" - ;; - 3) - CIPHER="AES-256-GCM" - ;; - 4) - CIPHER="AES-128-CBC" - ;; - 5) - CIPHER="AES-192-CBC" - ;; - 6) - CIPHER="AES-256-CBC" - ;; + 1) + CIPHER="AES-128-GCM" + ;; + 2) + CIPHER="AES-192-GCM" + ;; + 3) + CIPHER="AES-256-GCM" + ;; + 4) + CIPHER="AES-128-CBC" + ;; + 5) + CIPHER="AES-192-CBC" + ;; + 6) + CIPHER="AES-256-CBC" + ;; esac log_menu "" log_prompt "Choose what kind of certificate you want to use:" @@ -614,82 +614,82 @@ function installQuestions() { read -rp"Certificate key type [1-2]: " -e -i 1 CERT_TYPE done case $CERT_TYPE in + 1) + log_menu "" + log_prompt "Choose which curve you want to use for the certificate's key:" + log_menu " 1) prime256v1 (recommended)" + log_menu " 2) secp384r1" + log_menu " 3) secp521r1" + until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do + read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE + done + case $CERT_CURVE_CHOICE in 1) - log_menu "" - log_prompt "Choose which curve you want to use for the certificate's key:" - log_menu " 1) prime256v1 (recommended)" - log_menu " 2) secp384r1" - log_menu " 3) secp521r1" - until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do - read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE - done - case $CERT_CURVE_CHOICE in - 1) - CERT_CURVE="prime256v1" - ;; - 2) - CERT_CURVE="secp384r1" - ;; - 3) - CERT_CURVE="secp521r1" - ;; - esac + CERT_CURVE="prime256v1" ;; 2) - log_menu "" - log_prompt "Choose which size you want to use for the certificate's RSA key:" - log_menu " 1) 2048 bits (recommended)" - log_menu " 2) 3072 bits" - log_menu " 3) 4096 bits" - until [[ $RSA_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do - read -rp "RSA key size [1-3]: " -e -i 1 RSA_KEY_SIZE_CHOICE - done - case $RSA_KEY_SIZE_CHOICE in - 1) - RSA_KEY_SIZE="2048" - ;; - 2) - RSA_KEY_SIZE="3072" - ;; - 3) - RSA_KEY_SIZE="4096" - ;; - esac + CERT_CURVE="secp384r1" ;; + 3) + CERT_CURVE="secp521r1" + ;; + esac + ;; + 2) + log_menu "" + log_prompt "Choose which size you want to use for the certificate's RSA key:" + log_menu " 1) 2048 bits (recommended)" + log_menu " 2) 3072 bits" + log_menu " 3) 4096 bits" + until [[ $RSA_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do + read -rp "RSA key size [1-3]: " -e -i 1 RSA_KEY_SIZE_CHOICE + done + case $RSA_KEY_SIZE_CHOICE in + 1) + RSA_KEY_SIZE="2048" + ;; + 2) + RSA_KEY_SIZE="3072" + ;; + 3) + RSA_KEY_SIZE="4096" + ;; + esac + ;; esac log_menu "" log_prompt "Choose which cipher you want to use for the control channel:" case $CERT_TYPE in + 1) + log_menu " 1) ECDHE-ECDSA-AES-128-GCM-SHA256 (recommended)" + log_menu " 2) ECDHE-ECDSA-AES-256-GCM-SHA384" + until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do + read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE + done + case $CC_CIPHER_CHOICE in 1) - log_menu " 1) ECDHE-ECDSA-AES-128-GCM-SHA256 (recommended)" - log_menu " 2) ECDHE-ECDSA-AES-256-GCM-SHA384" - until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do - read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE - done - case $CC_CIPHER_CHOICE in - 1) - CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" - ;; - 2) - CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" - ;; - esac + CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" ;; 2) - log_menu " 1) ECDHE-RSA-AES-128-GCM-SHA256 (recommended)" - log_menu " 2) ECDHE-RSA-AES-256-GCM-SHA384" - until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do - read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE - done - case $CC_CIPHER_CHOICE in - 1) - CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" - ;; - 2) - CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - ;; - esac + CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" ;; + esac + ;; + 2) + log_menu " 1) ECDHE-RSA-AES-128-GCM-SHA256 (recommended)" + log_menu " 2) ECDHE-RSA-AES-256-GCM-SHA384" + until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do + read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE + done + case $CC_CIPHER_CHOICE in + 1) + CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" + ;; + 2) + CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + ;; + esac + ;; esac log_menu "" log_prompt "Choose what kind of Diffie-Hellman key you want to use:" @@ -699,48 +699,48 @@ function installQuestions() { read -rp"DH key type [1-2]: " -e -i 1 DH_TYPE done case $DH_TYPE in + 1) + log_menu "" + log_prompt "Choose which curve you want to use for the ECDH key:" + log_menu " 1) prime256v1 (recommended)" + log_menu " 2) secp384r1" + log_menu " 3) secp521r1" + while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do + read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE + done + case $DH_CURVE_CHOICE in 1) - log_menu "" - log_prompt "Choose which curve you want to use for the ECDH key:" - log_menu " 1) prime256v1 (recommended)" - log_menu " 2) secp384r1" - log_menu " 3) secp521r1" - while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do - read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE - done - case $DH_CURVE_CHOICE in - 1) - DH_CURVE="prime256v1" - ;; - 2) - DH_CURVE="secp384r1" - ;; - 3) - DH_CURVE="secp521r1" - ;; - esac + DH_CURVE="prime256v1" ;; 2) - log_menu "" - log_prompt "Choose what size of Diffie-Hellman key you want to use:" - log_menu " 1) 2048 bits (recommended)" - log_menu " 2) 3072 bits" - log_menu " 3) 4096 bits" - until [[ $DH_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do - read -rp "DH key size [1-3]: " -e -i 1 DH_KEY_SIZE_CHOICE - done - case $DH_KEY_SIZE_CHOICE in - 1) - DH_KEY_SIZE="2048" - ;; - 2) - DH_KEY_SIZE="3072" - ;; - 3) - DH_KEY_SIZE="4096" - ;; - esac + DH_CURVE="secp384r1" ;; + 3) + DH_CURVE="secp521r1" + ;; + esac + ;; + 2) + log_menu "" + log_prompt "Choose what size of Diffie-Hellman key you want to use:" + log_menu " 1) 2048 bits (recommended)" + log_menu " 2) 3072 bits" + log_menu " 3) 4096 bits" + until [[ $DH_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do + read -rp "DH key size [1-3]: " -e -i 1 DH_KEY_SIZE_CHOICE + done + case $DH_KEY_SIZE_CHOICE in + 1) + DH_KEY_SIZE="2048" + ;; + 2) + DH_KEY_SIZE="3072" + ;; + 3) + DH_KEY_SIZE="4096" + ;; + esac + ;; esac log_menu "" # The "auth" options behaves differently with AEAD ciphers @@ -757,15 +757,15 @@ function installQuestions() { read -rp "Digest algorithm [1-3]: " -e -i 1 HMAC_ALG_CHOICE done case $HMAC_ALG_CHOICE in - 1) - HMAC_ALG="SHA256" - ;; - 2) - HMAC_ALG="SHA384" - ;; - 3) - HMAC_ALG="SHA512" - ;; + 1) + HMAC_ALG="SHA256" + ;; + 2) + HMAC_ALG="SHA384" + ;; + 3) + HMAC_ALG="SHA512" + ;; esac log_menu "" log_prompt "You can add an additional layer of security to the control channel with tls-auth and tls-crypt" @@ -910,13 +910,13 @@ function installOpenVPN() { cd /etc/openvpn/easy-rsa/ || return case $CERT_TYPE in - 1) - echo "set_var EASYRSA_ALGO ec" >vars - echo "set_var EASYRSA_CURVE $CERT_CURVE" >>vars - ;; - 2) - echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" >vars - ;; + 1) + echo "set_var EASYRSA_ALGO ec" >vars + echo "set_var EASYRSA_CURVE $CERT_CURVE" >>vars + ;; + 2) + echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" >vars + ;; esac # Generate a random, alphanumeric identifier of 16 characters for CN and one for server name @@ -945,14 +945,14 @@ function installOpenVPN() { log_info "Generating TLS key..." case $TLS_SIG in - 1) - # Generate tls-crypt key - run_cmd "Generating tls-crypt key" openvpn --genkey --secret /etc/openvpn/tls-crypt.key - ;; - 2) - # Generate tls-auth key - run_cmd "Generating tls-auth key" openvpn --genkey --secret /etc/openvpn/tls-auth.key - ;; + 1) + # Generate tls-crypt key + run_cmd "Generating tls-crypt key" openvpn --genkey --secret /etc/openvpn/tls-crypt.key + ;; + 2) + # Generate tls-auth key + run_cmd "Generating tls-auth key" openvpn --genkey --secret /etc/openvpn/tls-auth.key + ;; esac else # If easy-rsa is already installed, grab the generated SERVER_NAME @@ -992,74 +992,74 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf # DNS resolvers case $DNS in - 1) # Current system resolvers - # Locate the proper resolv.conf - # Needed for systems running systemd-resolved - if grep -q "127.0.0.53" "/etc/resolv.conf"; then - RESOLVCONF='/run/systemd/resolve/resolv.conf' - else - RESOLVCONF='/etc/resolv.conf' + 1) # Current system resolvers + # Locate the proper resolv.conf + # Needed for systems running systemd-resolved + if grep -q "127.0.0.53" "/etc/resolv.conf"; then + RESOLVCONF='/run/systemd/resolve/resolv.conf' + else + RESOLVCONF='/etc/resolv.conf' + fi + # Obtain the resolvers from resolv.conf and use them for OpenVPN + sed -ne 's/^nameserver[[:space:]]\+\([^[:space:]]\+\).*$/\1/p' $RESOLVCONF | while read -r line; do + # Copy, if it's a IPv4 |or| if IPv6 is enabled, IPv4/IPv6 does not matter + if [[ $line =~ ^[0-9.]*$ ]] || [[ $IPV6_SUPPORT == 'y' ]]; then + echo "push \"dhcp-option DNS $line\"" >>/etc/openvpn/server.conf fi - # Obtain the resolvers from resolv.conf and use them for OpenVPN - sed -ne 's/^nameserver[[:space:]]\+\([^[:space:]]\+\).*$/\1/p' $RESOLVCONF | while read -r line; do - # Copy, if it's a IPv4 |or| if IPv6 is enabled, IPv4/IPv6 does not matter - if [[ $line =~ ^[0-9.]*$ ]] || [[ $IPV6_SUPPORT == 'y' ]]; then - echo "push \"dhcp-option DNS $line\"" >>/etc/openvpn/server.conf - fi - done - ;; - 2) # Self-hosted DNS resolver (Unbound) - echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf - if [[ $IPV6_SUPPORT == 'y' ]]; then - echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf - fi - ;; - 3) # Cloudflare - echo 'push "dhcp-option DNS 1.0.0.1"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 1.1.1.1"' >>/etc/openvpn/server.conf - ;; - 4) # Quad9 - echo 'push "dhcp-option DNS 9.9.9.9"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 149.112.112.112"' >>/etc/openvpn/server.conf - ;; - 5) # Quad9 uncensored - echo 'push "dhcp-option DNS 9.9.9.10"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 149.112.112.10"' >>/etc/openvpn/server.conf - ;; - 6) # FDN - echo 'push "dhcp-option DNS 80.67.169.40"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 80.67.169.12"' >>/etc/openvpn/server.conf - ;; - 7) # DNS.WATCH - echo 'push "dhcp-option DNS 84.200.69.80"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 84.200.70.40"' >>/etc/openvpn/server.conf - ;; - 8) # OpenDNS - echo 'push "dhcp-option DNS 208.67.222.222"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 208.67.220.220"' >>/etc/openvpn/server.conf - ;; - 9) # Google - echo 'push "dhcp-option DNS 8.8.8.8"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 8.8.4.4"' >>/etc/openvpn/server.conf - ;; - 10) # Yandex Basic - echo 'push "dhcp-option DNS 77.88.8.8"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 77.88.8.1"' >>/etc/openvpn/server.conf - ;; - 11) # AdGuard DNS - echo 'push "dhcp-option DNS 94.140.14.14"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 94.140.15.15"' >>/etc/openvpn/server.conf - ;; - 12) # NextDNS - echo 'push "dhcp-option DNS 45.90.28.167"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 45.90.30.167"' >>/etc/openvpn/server.conf - ;; - 13) # Custom DNS - echo "push \"dhcp-option DNS $DNS1\"" >>/etc/openvpn/server.conf - if [[ $DNS2 != "" ]]; then - echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf - fi - ;; + done + ;; + 2) # Self-hosted DNS resolver (Unbound) + echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf + if [[ $IPV6_SUPPORT == 'y' ]]; then + echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf + fi + ;; + 3) # Cloudflare + echo 'push "dhcp-option DNS 1.0.0.1"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 1.1.1.1"' >>/etc/openvpn/server.conf + ;; + 4) # Quad9 + echo 'push "dhcp-option DNS 9.9.9.9"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 149.112.112.112"' >>/etc/openvpn/server.conf + ;; + 5) # Quad9 uncensored + echo 'push "dhcp-option DNS 9.9.9.10"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 149.112.112.10"' >>/etc/openvpn/server.conf + ;; + 6) # FDN + echo 'push "dhcp-option DNS 80.67.169.40"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 80.67.169.12"' >>/etc/openvpn/server.conf + ;; + 7) # DNS.WATCH + echo 'push "dhcp-option DNS 84.200.69.80"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 84.200.70.40"' >>/etc/openvpn/server.conf + ;; + 8) # OpenDNS + echo 'push "dhcp-option DNS 208.67.222.222"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 208.67.220.220"' >>/etc/openvpn/server.conf + ;; + 9) # Google + echo 'push "dhcp-option DNS 8.8.8.8"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 8.8.4.4"' >>/etc/openvpn/server.conf + ;; + 10) # Yandex Basic + echo 'push "dhcp-option DNS 77.88.8.8"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 77.88.8.1"' >>/etc/openvpn/server.conf + ;; + 11) # AdGuard DNS + echo 'push "dhcp-option DNS 94.140.14.14"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 94.140.15.15"' >>/etc/openvpn/server.conf + ;; + 12) # NextDNS + echo 'push "dhcp-option DNS 45.90.28.167"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 45.90.30.167"' >>/etc/openvpn/server.conf + ;; + 13) # Custom DNS + echo "push \"dhcp-option DNS $DNS1\"" >>/etc/openvpn/server.conf + if [[ $DNS2 != "" ]]; then + echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf + fi + ;; esac echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf @@ -1084,12 +1084,12 @@ push "redirect-gateway ipv6"' >>/etc/openvpn/server.conf fi case $TLS_SIG in - 1) - echo "tls-crypt tls-crypt.key" >>/etc/openvpn/server.conf - ;; - 2) - echo "tls-auth tls-auth.key 0" >>/etc/openvpn/server.conf - ;; + 1) + echo "tls-crypt tls-crypt.key" >>/etc/openvpn/server.conf + ;; + 2) + echo "tls-auth tls-auth.key 0" >>/etc/openvpn/server.conf + ;; esac echo "crl-verify crl.pem @@ -1291,13 +1291,13 @@ function newClient() { log_info "Generating client certificate..." export EASYRSA_CERT_EXPIRE=$CERT_VALIDITY_DAYS case $PASS in - 1) - run_cmd "Building client certificate" ./easyrsa --batch build-client-full "$CLIENT" nopass - ;; - 2) - log_warn "You will be asked for the client password below" - ./easyrsa --batch build-client-full "$CLIENT" - ;; + 1) + run_cmd "Building client certificate" ./easyrsa --batch build-client-full "$CLIENT" nopass + ;; + 2) + log_warn "You will be asked for the client password below" + ./easyrsa --batch build-client-full "$CLIENT" + ;; esac log_success "Client $CLIENT added." fi @@ -1342,17 +1342,17 @@ function newClient() { echo "" case $TLS_SIG in - 1) - echo "" - cat /etc/openvpn/tls-crypt.key - echo "" - ;; - 2) - echo "key-direction 1" - echo "" - cat /etc/openvpn/tls-auth.key - echo "" - ;; + 1) + echo "" + cat /etc/openvpn/tls-crypt.key + echo "" + ;; + 2) + echo "key-direction 1" + echo "" + cat /etc/openvpn/tls-auth.key + echo "" + ;; esac } >>"$homeDir/$CLIENT.ovpn" @@ -1519,18 +1519,18 @@ function manageMenu() { done case $MENU_OPTION in - 1) - newClient - ;; - 2) - revokeClient - ;; - 3) - removeOpenVPN - ;; - 4) - exit 0 - ;; + 1) + newClient + ;; + 2) + revokeClient + ;; + 3) + removeOpenVPN + ;; + 4) + exit 0 + ;; esac }