diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 42b3ecb..cda9719 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,5 +1,2 @@ -patreon: stanislas -liberapay: stanislas ko_fi: stanislas -github: angristan custom: https://coindrop.to/stanislas diff --git a/.github/ISSUE_TEMPLATE/bug-report-or-suport-request.md b/.github/ISSUE_TEMPLATE/bug-report-or-suport-request.md deleted file mode 100644 index 93b6be9..0000000 --- a/.github/ISSUE_TEMPLATE/bug-report-or-suport-request.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -name: Bug report / Support request -about: Create a report to help us improve -title: '' -labels: '' -assignees: '' - ---- - -**⚠️ Unless you are sure you find a bug with the script, please open a [discussion](https://github.com/angristan/openvpn-install/discussions) instead of an issue!** - -**Checklist** - -- [ ] I read the [README](https://github.com/angristan/openvpn-install/blob/master/README.md) -- [ ] I read the [FAQ](https://github.com/angristan/openvpn-install/blob/master/FAQ.md) -- [ ] I searched the [issues](https://github.com/angristan/openvpn-install/issues?q=is%3Aissue+) -- [ ] I searched the [discussion](https://github.com/angristan/openvpn-install/discussions) -- [ ] My issue is about the script, and not OpenVPN itself - - - -Pease include as much details as possible in your issue: - -- Description of the issue -- How to reproduce the issue -- What did you expected should happen -- Logs -- Server/Client versions (OS, OpenVPN, etc) -- Any context or information that could help - ---- - - diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml new file mode 100644 index 0000000..0eacdc9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug.yml @@ -0,0 +1,74 @@ +name: Bug Report +description: File a bug report +title: "[Bug]: " +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + **PLEASE** prioritise these communities before opening an issue. + - https://forums.openvpn.net + - https://stackoverflow.com/questions/tagged/openvpn + - https://github.com/angristan/openvpn-install/discussions + + ⚠️ **ANY ISSUE THAT IS NOT CLEARLY A BUG REPORT WILL BE CLOSED AND/OR CONVERTED TO A DISCUSSION.** + + - type: checkboxes + id: pre + attributes: + label: Make sure your check these beforehand! + description: Search before opening an issue. + options: + - label: Issues - https://github.com/angristan/openvpn-install/issues + required: true + - label: README and FAQ - https://github.com/angristan/openvpn-install + required: true + - label: Wiki - https://github.com/angristan/openvpn-install/wiki + required: true + - label: Discussions - https://github.com/angristan/openvpn-install/discussions + required: true + + - type: input + id: server + attributes: + label: Server OS + description: What OS is the OpenVPN server running on? + placeholder: Debian 10 + validations: + required: false + + - type: input + id: openvpn + attributes: + label: OpenVPN version + description: What OpenVPN version is running on your server? + placeholder: 2.5.0 + validations: + required: false + + - type: input + id: client + attributes: + label: Client + description: What OS and client are you using? Please specify the versions. + placeholder: Viscosity 1.10.1 on macOS 12.1 + validations: + required: false + + - type: textarea + id: issue + attributes: + label: What is the bug? + description: Also tell us, what did you expect to happen? + placeholder: Tell us what you see! + value: "A bug happened!" + validations: + required: true + + - type: textarea + id: logs + attributes: + label: Relevant log output + description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks. + render: shell diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md index e5dd037..dcc367d 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.md +++ b/.github/ISSUE_TEMPLATE/feature-request.md @@ -1,10 +1,9 @@ --- name: Feature request about: Suggest an idea for this project -title: '' -labels: '' -assignees: '' - +title: "" +labels: "" +assignees: "" --- **Checklist** @@ -15,17 +14,8 @@ assignees: '' - [ ] My issue is about the script, and not OpenVPN itself - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.github/linters/.markdown-lint.yml b/.github/linters/.markdown-lint.yml index 68d1fdf..962acbc 100644 --- a/.github/linters/.markdown-lint.yml +++ b/.github/linters/.markdown-lint.yml @@ -1 +1 @@ -{ 'MD013': null, 'MD045': null, 'MD040': null, 'MD036': null } +{ "MD013": null, "MD045": null, "MD040": null, "MD036": null } diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index fa26b23..ea69759 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v2.3.4 + uses: actions/checkout@v3.0.2 - name: Lint Code Base uses: github/super-linter@v4.1.0 env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2036848..e5a478b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,16 +13,15 @@ jobs: os-image: - debian-9-x64 - debian-10-x64 + - debian-11-x64 - ubuntu-18-04-x64 - ubuntu-20-04-x64 - - ubuntu-20-10-x64 - - ubuntu-21-04-x64 - - fedora-33-x64 - - fedora-34-x64 + - ubuntu-21-10-x64 + - fedora-35-x64 - centos-7-x64 - - centos-8-x64 + - centos-stream-8-x64 steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.0.2 - name: Setup doctl uses: digitalocean/action-doctl@v2 diff --git a/README.md b/README.md index 307a9a8..c769172 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ ![Test](https://github.com/angristan/openvpn-install/workflows/Test/badge.svg) ![Lint](https://github.com/angristan/openvpn-install/workflows/Lint/badge.svg) ![visitors](https://visitor-badge.glitch.me/badge?page_id=angristan.openvpn-install) +[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/angristan) OpenVPN installer for Debian, Ubuntu, Fedora, CentOS, Arch Linux, Oracle Linux, Rocky Linux and AlmaLinux. @@ -187,6 +188,7 @@ More Q&A in [FAQ.md](FAQ.md). Solutions that provision a ready to use OpenVPN server based on this script in one go are available for: - AWS using Terraform at [`openvpn-terraform-install`](https://github.com/dumrauf/openvpn-terraform-install) +- Terraform AWS module [`openvpn-ephemeral`](https://registry.terraform.io/modules/paulmarsicloud/openvpn-ephemeral/aws/latest) ## Contributing @@ -337,7 +339,7 @@ The script supports both and uses `tls-crypt` by default. ## Say thanks -You can [say thanks](https://saythanks.io/to/angristan%40pm.me) if you want! +You can [say thanks](https://saythanks.io/to/angristan) if you want! ## Credits & Licence diff --git a/openvpn-install.sh b/openvpn-install.sh index 5260077..c418d29 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -356,7 +356,7 @@ function installQuestions() { fi done echo "" - echo "Do you want to use compression? It is not recommended since the VORACLE attack make use of it." + echo "Do you want to use compression? It is not recommended since the VORACLE attack makes use of it." until [[ $COMPRESSION_ENABLED =~ (y|n) ]]; do read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED done @@ -627,14 +627,14 @@ function installOpenVPN() { # Behind NAT, we'll default to the publicly reachable IPv4/IPv6. if [[ $IPV6_SUPPORT == "y" ]]; then - PUBLIC_IP=$(curl https://ifconfig.co) + PUBLIC_IP=$(curl --retry 5 --retry-connrefused https://ifconfig.co) else - PUBLIC_IP=$(curl -4 https://ifconfig.co) + PUBLIC_IP=$(curl --retry 5 --retry-connrefused -4 https://ifconfig.co) fi ENDPOINT=${ENDPOINT:-$PUBLIC_IP} fi - # Run setup questions first, and set other variales if auto-install + # Run setup questions first, and set other variables if auto-install installQuestions # Get the "public" interface from the default route @@ -675,8 +675,9 @@ function installOpenVPN() { yum install -y epel-release yum install -y openvpn iptables openssl wget ca-certificates curl tar 'policycoreutils-python*' elif [[ $OS == 'oracle' ]]; then - yum install -y 'oracle-epel-release-*' - yum install -y openvpn iptables openssl wget ca-certificates curl tar 'policycoreutils-python*' + yum install -y oracle-epel-release-el8 + yum-config-manager --enable ol8_developer_EPEL + yum install -y openvpn iptables openssl wget ca-certificates curl tar policycoreutils-python-utils elif [[ $OS == 'amzn' ]]; then amazon-linux-extras install -y epel yum install -y openvpn iptables openssl wget ca-certificates curl @@ -929,10 +930,6 @@ verb 3" >>/etc/openvpn/server.conf sed -i 's|LimitNPROC|#LimitNPROC|' /etc/systemd/system/openvpn-server@.service # Another workaround to keep using /etc/openvpn/ sed -i 's|/etc/openvpn/server|/etc/openvpn|' /etc/systemd/system/openvpn-server@.service - # On fedora, the service hardcodes the ciphers. We want to manage the cipher ourselves, so we remove it from the service - if [[ $OS == "fedora" ]]; then - sed -i 's|--cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC||' /etc/systemd/system/openvpn-server@.service - fi systemctl daemon-reload systemctl enable openvpn-server@server @@ -1188,6 +1185,7 @@ function revokeClient() { find /home/ -maxdepth 2 -name "$CLIENT.ovpn" -delete rm -f "/root/$CLIENT.ovpn" sed -i "/^$CLIENT,.*/d" /etc/openvpn/ipp.txt + cp /etc/openvpn/easy-rsa/pki/index.txt{,.bk} echo "" echo "Certificate for client $CLIENT revoked."