From 8e2f3e11d255f3a317a51bbd1afd545a4b4c0730 Mon Sep 17 00:00:00 2001 From: joaduo Date: Fri, 9 Aug 2019 11:39:26 -0300 Subject: [PATCH 1/7] Update README.md --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 615e8fb..b679759 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,6 @@ OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux. This script will let you setup your own secure VPN server in just a few seconds. -You can also check out [wireguard-install](https://github.com/angristan/wireguard-install), a simple installer for a simpler, safer, faster and more modern VPN protocol. - ## Usage First, get the script and make it executable : From 091e1f443142e096a887fe7e7d5f037066a6777e Mon Sep 17 00:00:00 2001 From: joaduo Date: Fri, 9 Aug 2019 11:40:19 -0300 Subject: [PATCH 2/7] Fix link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b679759..485fcfa 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This script will let you setup your own secure VPN server in just a few seconds. First, get the script and make it executable : ```bash -curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh +curl -O https://raw.githubusercontent.com/joaduo/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh ``` From abc0676b4c5f62d366d77267c9fb2171c97b2da3 Mon Sep 17 00:00:00 2001 From: jduo Date: Thu, 10 Sep 2020 05:31:48 -0300 Subject: [PATCH 3/7] Sync with upstream. Add new environment variables usage --- openvpn-install.sh | 67 +++++++++++++++++++++++++++++----------------- 1 file changed, 42 insertions(+), 25 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 685f607..6b2f42c 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -102,19 +102,19 @@ function installUnbound() { apt-get install -y unbound # Configuration - echo 'interface: 10.8.0.1 -access-control: 10.8.0.1/24 allow + echo "interface: $VPN_NETWORK.1 +access-control: $VPN_NETWORK.1/24 allow hide-identity: yes hide-version: yes use-caps-for-id: yes -prefetch: yes' >>/etc/unbound/unbound.conf +prefetch: yes" >>/etc/unbound/unbound.conf elif [[ $OS =~ (centos|amzn) ]]; then yum install -y unbound # Configuration - sed -i 's|# interface: 0.0.0.0$|interface: 10.8.0.1|' /etc/unbound/unbound.conf - sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow|' /etc/unbound/unbound.conf + sed -i "s|# interface: 0.0.0.0$|interface: $VPN_NETWORK.1|" /etc/unbound/unbound.conf + sed -i "s|# access-control: 127.0.0.0/8 allow|access-control: $VPN_NETWORK.1/24 allow|" /etc/unbound/unbound.conf sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf @@ -123,8 +123,8 @@ prefetch: yes' >>/etc/unbound/unbound.conf dnf install -y unbound # Configuration - sed -i 's|# interface: 0.0.0.0$|interface: 10.8.0.1|' /etc/unbound/unbound.conf - sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow|' /etc/unbound/unbound.conf + sed -i "s|# interface: 0.0.0.0$|interface: $VPN_NETWORK.1|" /etc/unbound/unbound.conf + sed -i "s|# access-control: 127.0.0.0/8 allow|access-control: $VPN_NETWORK.1/24 allow|" /etc/unbound/unbound.conf sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf @@ -139,15 +139,15 @@ prefetch: yes' >>/etc/unbound/unbound.conf mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old fi - echo 'server: + echo "server: use-syslog: yes do-daemonize: no username: "unbound" directory: "/etc/unbound" trust-anchor-file: trusted-key.key root-hints: root.hints - interface: 10.8.0.1 - access-control: 10.8.0.1/24 allow + interface: $VPN_NETWORK.1 + access-control: $VPN_NETWORK.1/24 allow port: 53 num-threads: 2 use-caps-for-id: yes @@ -155,7 +155,7 @@ prefetch: yes' >>/etc/unbound/unbound.conf hide-identity: yes hide-version: yes qname-minimisation: yes - prefetch: yes' >/etc/unbound/unbound.conf + prefetch: yes" >/etc/unbound/unbound.conf fi # IPv6 DNS for all OS @@ -180,9 +180,9 @@ private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf echo 'include: /etc/unbound/openvpn.conf' >>/etc/unbound/unbound.conf # Add Unbound 'server' for the OpenVPN subnet - echo 'server: -interface: 10.8.0.1 -access-control: 10.8.0.1/24 allow + echo "server: +interface: $VPN_NETWORK.1 +access-control: $VPN_NETWORK.1/24 allow hide-identity: yes hide-version: yes use-caps-for-id: yes @@ -195,7 +195,7 @@ private-address: 169.254.0.0/16 private-address: fd00::/8 private-address: fe80::/10 private-address: 127.0.0.0/8 -private-address: ::ffff:0:0/96' >/etc/unbound/openvpn.conf +private-address: ::ffff:0:0/96" >/etc/unbound/openvpn.conf if [[ $IPV6_SUPPORT == 'y' ]]; then echo 'interface: fd42:42:42:42::1 access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf @@ -214,9 +214,16 @@ function installQuestions() { echo "I need to ask you a few questions before starting the setup." echo "You can leave the default options and just press enter if you are ok with them." echo "" + + echo "Please provide the VPN network prefix. If you are going to use 10.8.0.0/24, then type prefix 10.8.0" + until [[ $VPN_NETWORK =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do + echo "Format bust be like XXX.XXX.XXX" + VPN_NETWORK=${VPN_NETWORK:-10.8.0} + read -rp "VPN_NETWORK: " -e -i "$VPN_NETWORK" VPN_NETWORK + done + echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to." echo "Unless your server is behind NAT, it should be your public IPv4 address." - # Detect public IPv4 address and pre-fill for the user IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1) if [[ -z $IP ]]; then @@ -312,8 +319,9 @@ function installQuestions() { echo " 11) AdGuard DNS (Anycast: worldwide)" echo " 12) NextDNS (Anycast: worldwide)" echo " 13) Custom" - until [[ $DNS =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 13 ]; do - read -rp "DNS [1-12]: " -e -i 11 DNS + echo " 14) None" + until [[ $DNS =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 14 ]; do + read -rp "DNS [1-14]: " -e -i 11 DNS if [[ $DNS == 2 ]] && [[ -e /etc/unbound/unbound.conf ]]; then echo "" echo "Unbound is already installed." @@ -763,7 +771,7 @@ persist-key persist-tun keepalive 10 120 topology subnet -server 10.8.0.0 255.255.255.0 +server $VPN_NETWORK.0 255.255.255.0 ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf # DNS resolvers @@ -785,7 +793,7 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf done ;; 2) # Self-hosted DNS resolver (Unbound) - echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS $VPN_NETWORK.1"' >>/etc/openvpn/server.conf if [[ $IPV6_SUPPORT == 'y' ]]; then echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf fi @@ -836,8 +844,13 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf fi ;; + 14) # No DNS + echo "No DNS push config" + ;; esac - echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf + if (($DNS != 14)); then + echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf + fi # IPv6 network settings if needed if [[ $IPV6_SUPPORT == 'y' ]]; then @@ -949,7 +962,7 @@ verb 3" >>/etc/openvpn/server.conf # Script to add rules echo "#!/bin/sh -iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o $NIC -j MASQUERADE +iptables -t nat -I POSTROUTING 1 -s $VPN_NETWORK.0/24 -o $NIC -j MASQUERADE iptables -I INPUT 1 -i tun0 -j ACCEPT iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT @@ -965,7 +978,7 @@ ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptabl # Script to remove rules echo "#!/bin/sh -iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE +iptables -t nat -D POSTROUTING -s $VPN_NETWORK.0/24 -o $NIC -j MASQUERADE iptables -D INPUT -i tun0 -j ACCEPT iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT @@ -1032,10 +1045,14 @@ tls-cipher $CC_CIPHER ignore-unknown-option block-outside-dns setenv opt block-outside-dns # Prevent Windows 10 DNS leak verb 3" >>/etc/openvpn/client-template.txt - if [[ $COMPRESSION_ENABLED == "y" ]]; then echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt fi + if [[ "$CLIENT_TEMPLATE_APPEND" != "" ]]; then + echo "appending costum config CLIENT_TEMPLATE_APPEND to /etc/openvpn/client-template.txt ..." + echo "" >> /etc/openvpn/client-template.txt + echo "$CLIENT_TEMPLATE_APPEND" >> /etc/openvpn/client-template.txt + fi # Generate the custom client.ovpn newClient @@ -1280,7 +1297,7 @@ function removeOpenVPN() { function manageMenu() { echo "Welcome to OpenVPN-install!" - echo "The git repository is available at: https://github.com/angristan/openvpn-install" + echo "The git repository is available at: https://github.com/joaduo/openvpn-install" echo "" echo "It looks like OpenVPN is already installed." echo "" From b222fa01d5a508daf4d76b6f9372b143f0ac37fc Mon Sep 17 00:00:00 2001 From: jduo Date: Thu, 10 Sep 2020 05:45:00 -0300 Subject: [PATCH 4/7] Undo original references --- README.md | 4 +++- openvpn-install.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 59e884f..23a3957 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,14 @@ OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux. This script will let you setup your own secure VPN server in just a few seconds. +You can also check out [wireguard-install](https://github.com/angristan/wireguard-install), a simple installer for a simpler, safer, faster and more modern VPN protocol. + ## Usage First, get the script and make it executable: ```bash -curl -O https://raw.githubusercontent.com/joaduo/openvpn-install/master/openvpn-install.sh +curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh ``` diff --git a/openvpn-install.sh b/openvpn-install.sh index 6b2f42c..6f8829e 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1297,7 +1297,7 @@ function removeOpenVPN() { function manageMenu() { echo "Welcome to OpenVPN-install!" - echo "The git repository is available at: https://github.com/joaduo/openvpn-install" + echo "The git repository is available at: https://github.com/angristan/openvpn-install" echo "" echo "It looks like OpenVPN is already installed." echo "" From 1704b18a1e0efbf5d4f0179ebdd9e66864e89b2e Mon Sep 17 00:00:00 2001 From: jduo Date: Thu, 10 Sep 2020 06:08:06 -0300 Subject: [PATCH 5/7] Fix pipeline errors --- openvpn-install.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 6f8829e..c48f2a3 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -142,8 +142,8 @@ prefetch: yes" >>/etc/unbound/unbound.conf echo "server: use-syslog: yes do-daemonize: no - username: "unbound" - directory: "/etc/unbound" + username: \"unbound\" + directory: \"/etc/unbound\" trust-anchor-file: trusted-key.key root-hints: root.hints interface: $VPN_NETWORK.1 @@ -219,7 +219,7 @@ function installQuestions() { until [[ $VPN_NETWORK =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do echo "Format bust be like XXX.XXX.XXX" VPN_NETWORK=${VPN_NETWORK:-10.8.0} - read -rp "VPN_NETWORK: " -e -i "$VPN_NETWORK" VPN_NETWORK + read -rp "VPN_NETWORK: " -e -i "$VPN_NETWORK" VPN_NETWORK done echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to." @@ -793,7 +793,7 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf done ;; 2) # Self-hosted DNS resolver (Unbound) - echo 'push "dhcp-option DNS $VPN_NETWORK.1"' >>/etc/openvpn/server.conf + echo "push \"dhcp-option DNS $VPN_NETWORK.1\"" >>/etc/openvpn/server.conf if [[ $IPV6_SUPPORT == 'y' ]]; then echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf fi @@ -848,7 +848,7 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf echo "No DNS push config" ;; esac - if (($DNS != 14)); then + if [[ $DNS != 14 ]]; then echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf fi @@ -1048,10 +1048,10 @@ verb 3" >>/etc/openvpn/client-template.txt if [[ $COMPRESSION_ENABLED == "y" ]]; then echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt fi - if [[ "$CLIENT_TEMPLATE_APPEND" != "" ]]; then + if [[ $CLIENT_TEMPLATE_APPEND != "" ]]; then echo "appending costum config CLIENT_TEMPLATE_APPEND to /etc/openvpn/client-template.txt ..." - echo "" >> /etc/openvpn/client-template.txt - echo "$CLIENT_TEMPLATE_APPEND" >> /etc/openvpn/client-template.txt + echo "" >>/etc/openvpn/client-template.txt + echo "$CLIENT_TEMPLATE_APPEND" >>/etc/openvpn/client-template.txt fi # Generate the custom client.ovpn From 41f19ac95dbf87917ea71c1570e0870107ecdcff Mon Sep 17 00:00:00 2001 From: jduo Date: Fri, 11 Sep 2020 20:52:41 -0300 Subject: [PATCH 6/7] Move line to installOpenVPN ==y --- openvpn-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index c48f2a3..3f4db14 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -217,8 +217,7 @@ function installQuestions() { echo "Please provide the VPN network prefix. If you are going to use 10.8.0.0/24, then type prefix 10.8.0" until [[ $VPN_NETWORK =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do - echo "Format bust be like XXX.XXX.XXX" - VPN_NETWORK=${VPN_NETWORK:-10.8.0} + echo "Format must be like XXX.XXX.XXX" read -rp "VPN_NETWORK: " -e -i "$VPN_NETWORK" VPN_NETWORK done @@ -611,6 +610,7 @@ function installOpenVPN() { APPROVE_INSTALL=${APPROVE_INSTALL:-y} APPROVE_IP=${APPROVE_IP:-y} IPV6_SUPPORT=${IPV6_SUPPORT:-n} + VPN_NETWORK=${VPN_NETWORK:-10.8.0} PORT_CHOICE=${PORT_CHOICE:-1} PROTOCOL_CHOICE=${PROTOCOL_CHOICE:-1} DNS=${DNS:-1} From 3478c773f0938e777167297a0555ce4d8edccb33 Mon Sep 17 00:00:00 2001 From: jduo Date: Fri, 11 Sep 2020 21:01:13 -0300 Subject: [PATCH 7/7] Clarify 14) DNS option --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 3f4db14..60a8ee8 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -318,7 +318,7 @@ function installQuestions() { echo " 11) AdGuard DNS (Anycast: worldwide)" echo " 12) NextDNS (Anycast: worldwide)" echo " 13) Custom" - echo " 14) None" + echo " 14) No DNS server and No traffic redirection to VPN" until [[ $DNS =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 14 ]; do read -rp "DNS [1-14]: " -e -i 11 DNS if [[ $DNS == 2 ]] && [[ -e /etc/unbound/unbound.conf ]]; then