Merge branch 'angristan:master' into master

.github/FUNDING.yml

@@ -1,5 +1,2 @@
-patreon: stanislas
-liberapay: stanislas
 ko_fi: stanislas
-github: angristan
 custom: https://coindrop.to/stanislas

.github/ISSUE_TEMPLATE/bug-report-or-suport-request.md

@@ -1,35 +0,0 @@
----
-name: Bug report / Support request
-about: Create a report to help us improve
-title: ''
-labels: ''
-assignees: ''
-
----
-
-**⚠️ Unless you are sure you find a bug with the script, please open a [discussion](https://github.com/angristan/openvpn-install/discussions) instead of an issue!**
-
-**Checklist**
-
-- [ ] I read the [README](https://github.com/angristan/openvpn-install/blob/master/README.md)
-- [ ] I read the [FAQ](https://github.com/angristan/openvpn-install/blob/master/FAQ.md)
-- [ ] I searched the [issues](https://github.com/angristan/openvpn-install/issues?q=is%3Aissue+)
-- [ ] I searched the [discussion](https://github.com/angristan/openvpn-install/discussions)
-- [ ] My issue is about the script, and not OpenVPN itself
-
-<!---
-If you need help with OpenVPN itself, please us the [community forums](https://forums.openvpn.net/) or [Stack Overflow](https://stackoverflow.com/questions/tagged/openvpn)
---->
-
-Pease include as much details as possible in your issue:
-
-- Description of the issue
-- How to reproduce the issue
-- What did you expected should happen
-- Logs
-- Server/Client versions (OS, OpenVPN, etc)
-- Any context or information that could help
-
----
-
-<!-- Write your report below this line -->

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,74 @@
+name: Bug Report
+description: File a bug report
+title: "[Bug]: "
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+        **PLEASE** prioritise these communities before opening an issue.
+        - https://forums.openvpn.net
+        - https://stackoverflow.com/questions/tagged/openvpn
+        - https://github.com/angristan/openvpn-install/discussions
+
+        ⚠️ **ANY ISSUE THAT IS NOT CLEARLY A BUG REPORT WILL BE CLOSED AND/OR CONVERTED TO A DISCUSSION.**
+
+  - type: checkboxes
+    id: pre
+    attributes:
+      label: Make sure your check these beforehand!
+      description: Search before opening an issue.
+      options:
+        - label: Issues - https://github.com/angristan/openvpn-install/issues
+          required: true
+        - label: README and FAQ - https://github.com/angristan/openvpn-install
+          required: true
+        - label: Wiki - https://github.com/angristan/openvpn-install/wiki
+          required: true
+        - label: Discussions - https://github.com/angristan/openvpn-install/discussions
+          required: true
+
+  - type: input
+    id: server
+    attributes:
+      label: Server OS
+      description: What OS is the OpenVPN server running on?
+      placeholder: Debian 10
+    validations:
+      required: false
+
+  - type: input
+    id: openvpn
+    attributes:
+      label: OpenVPN version
+      description: What OpenVPN version is running on your server?
+      placeholder: 2.5.0
+    validations:
+      required: false
+
+  - type: input
+    id: client
+    attributes:
+      label: Client
+      description: What OS and client are you using? Please specify the versions.
+      placeholder: Viscosity 1.10.1 on macOS 12.1
+    validations:
+      required: false
+
+  - type: textarea
+    id: issue
+    attributes:
+      label: What is the bug?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+      value: "A bug happened!"
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,10 +1,9 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
-title: ''
+title: ""
-labels: ''
+labels: ""
-assignees: ''
+assignees: ""
-
 ---
 
 **Checklist**
@@ -15,17 +14,8 @@ assignees: ''
 - [ ] My issue is about the script, and not OpenVPN itself
 
 <!---
+⚠️
 If you need help with OpenVPN itself, please us the [community forums](https://forums.openvpn.net/) or [Stack Overflow](https://stackoverflow.com/questions/tagged/openvpn)
+PLEASE OPEN A DISCUSSION INSTEAD: https://github.com/angristan/openvpn-install/discussions
+⚠️
 --->
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.

.github/linters/.markdown-lint.yml

@@ -1 +1 @@
-{ 'MD013': null, 'MD045': null, 'MD040': null, 'MD036': null }
+{ "MD013": null, "MD045": null, "MD040": null, "MD036": null }

.github/workflows/lint.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Lint Code Base
         uses: github/super-linter@v4.1.0
         env:

.github/workflows/test.yml

@@ -13,16 +13,15 @@ jobs:
         os-image:
           - debian-9-x64
           - debian-10-x64
+          - debian-11-x64
           - ubuntu-18-04-x64
           - ubuntu-20-04-x64
-          - ubuntu-20-10-x64
+          - ubuntu-21-10-x64
-          - ubuntu-21-04-x64
+          - fedora-35-x64
-          - fedora-33-x64
-          - fedora-34-x64
           - centos-7-x64
-          - centos-8-x64
+          - centos-stream-8-x64
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
 
       - name: Setup doctl
         uses: digitalocean/action-doctl@v2

README.md

@@ -3,6 +3,7 @@
 ![Test](https://github.com/angristan/openvpn-install/workflows/Test/badge.svg)
 ![Lint](https://github.com/angristan/openvpn-install/workflows/Lint/badge.svg)
 ![visitors](https://visitor-badge.glitch.me/badge?page_id=angristan.openvpn-install)
+[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/angristan)
 
 OpenVPN installer for Debian, Ubuntu, Fedora, CentOS, Arch Linux, Oracle Linux, Rocky Linux and AlmaLinux.
 
@@ -187,6 +188,7 @@ More Q&A in [FAQ.md](FAQ.md).
 Solutions that provision a ready to use OpenVPN server based on this script in one go are available for:
 
 - AWS using Terraform at [`openvpn-terraform-install`](https://github.com/dumrauf/openvpn-terraform-install)
+- Terraform AWS module [`openvpn-ephemeral`](https://registry.terraform.io/modules/paulmarsicloud/openvpn-ephemeral/aws/latest)
 
 ## Contributing
 
@@ -337,7 +339,7 @@ The script supports both and uses `tls-crypt` by default.
 
 ## Say thanks
 
-You can [say thanks](https://saythanks.io/to/angristan%40pm.me) if you want!
+You can [say thanks](https://saythanks.io/to/angristan) if you want!
 
 ## Credits & Licence
 

openvpn-install.sh

@@ -356,7 +356,7 @@ function installQuestions() {
 		fi
 	done
 	echo ""
-	echo "Do you want to use compression? It is not recommended since the VORACLE attack make use of it."
+	echo "Do you want to use compression? It is not recommended since the VORACLE attack makes use of it."
 	until [[ $COMPRESSION_ENABLED =~ (y|n) ]]; do
 		read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED
 	done
@@ -627,14 +627,14 @@ function installOpenVPN() {
 
 		# Behind NAT, we'll default to the publicly reachable IPv4/IPv6.
 		if [[ $IPV6_SUPPORT == "y" ]]; then
-			PUBLIC_IP=$(curl https://ifconfig.co)
+			PUBLIC_IP=$(curl --retry 5 --retry-connrefused https://ifconfig.co)
 		else
-			PUBLIC_IP=$(curl -4 https://ifconfig.co)
+			PUBLIC_IP=$(curl --retry 5 --retry-connrefused -4 https://ifconfig.co)
 		fi
 		ENDPOINT=${ENDPOINT:-$PUBLIC_IP}
 	fi
 
-	# Run setup questions first, and set other variales if auto-install
+	# Run setup questions first, and set other variables if auto-install
 	installQuestions
 
 	# Get the "public" interface from the default route
@@ -675,8 +675,9 @@ function installOpenVPN() {
 			yum install -y epel-release
 			yum install -y openvpn iptables openssl wget ca-certificates curl tar 'policycoreutils-python*'
 		elif [[ $OS == 'oracle' ]]; then
-			yum install -y 'oracle-epel-release-*'
+			yum install -y oracle-epel-release-el8
-			yum install -y openvpn iptables openssl wget ca-certificates curl tar 'policycoreutils-python*'
+			yum-config-manager --enable ol8_developer_EPEL
+			yum install -y openvpn iptables openssl wget ca-certificates curl tar policycoreutils-python-utils
 		elif [[ $OS == 'amzn' ]]; then
 			amazon-linux-extras install -y epel
 			yum install -y openvpn iptables openssl wget ca-certificates curl
@@ -929,10 +930,6 @@ verb 3" >>/etc/openvpn/server.conf
 		sed -i 's|LimitNPROC|#LimitNPROC|' /etc/systemd/system/openvpn-server@.service
 		# Another workaround to keep using /etc/openvpn/
 		sed -i 's|/etc/openvpn/server|/etc/openvpn|' /etc/systemd/system/openvpn-server@.service
-		# On fedora, the service hardcodes the ciphers. We want to manage the cipher ourselves, so we remove it from the service
-		if [[ $OS == "fedora" ]]; then
-			sed -i 's|--cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC||' /etc/systemd/system/openvpn-server@.service
-		fi
 
 		systemctl daemon-reload
 		systemctl enable openvpn-server@server
@@ -1188,6 +1185,7 @@ function revokeClient() {
 	find /home/ -maxdepth 2 -name "$CLIENT.ovpn" -delete
 	rm -f "/root/$CLIENT.ovpn"
 	sed -i "/^$CLIENT,.*/d" /etc/openvpn/ipp.txt
+	cp /etc/openvpn/easy-rsa/pki/index.txt{,.bk}
 
 	echo ""
 	echo "Certificate for client $CLIENT revoked."