Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-03-13 22:23:14 +01:00
Code Issues Projects Releases Wiki Activity

Update openvpn-install.sh

Browse Source
This commit is contained in:
BornToBeRoot 2020-06-28 22:54:38 +02:00
parent 34d5de382e
commit 705c40f0df
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
openvpn-install.sh
View File

@ -201,7 +201,7 @@ function installQuestions () {
if [[ $APPROVE_IP =~ n ]]; then if [[ $APPROVE_IP =~ n ]]; then
read -rp "IP address: " -e -i "$IP" IP read -rp "IP address: " -e -i "$IP" IP
fi fi
# If $IP is a private IP address, the server must be behind NAT # If $IP is a private IP address, the server must be behind NAT
if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
echo "" echo ""
echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?" echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?"
@ -855,13 +855,13 @@ verb 3" >> /etc/openvpn/server.conf
# Add firewall rules --> firewalld / iptable (systemd scripts) # Add firewall rules --> firewalld / iptable (systemd scripts)
if pgrep firewalld; then if pgrep firewalld; then
# Allow incoming traffic # Allow incoming traffic
# Define new openvpn service if [[ "$PORT" == '1194' ]] && [[ "$PROTOCOL" == "udp" ]]; then
cp /usr/lib/firewalld/services/openvpn.xml /etc/firewalld/services firewall-cmd --zone=public --add-service=openvpn
sed -i "s|udp|${PROTOCOL}|" /etc/firewalld/services/openvpn.xml
sed -i "s|1194|${PORT}|" /etc/firewalld/services/openvpn.xml
firewall-cmd --zone=public --add-service=openvpn
firewall-cmd --permanent --zone=public --add-service=openvpn firewall-cmd --permanent --zone=public --add-service=openvpn
else
firewall-cmd --zone=public --add-port="$PORT/$PROTOCOL"
firewall-cmd --permanent --zone=public --add-port="$PORT/$PROTOCOL"
fi
# Add trusted zone # Add trusted zone
firewall-cmd --zone=trusted --add-source=10.8.0.0/24 firewall-cmd --zone=trusted --add-source=10.8.0.0/24
@ -1151,11 +1151,13 @@ function removeOpenVPN () {
# Get OpenVPN protocol from the configuration # Get OpenVPN protocol from the configuration
PROTOCOL=$(grep '^proto ' /etc/openvpn/server.conf | cut -d " " -f 2) PROTOCOL=$(grep '^proto ' /etc/openvpn/server.conf | cut -d " " -f 2)
firewall-cmd --zone=public --remove-service=openvpn if [[ "$PORT" == '1194' ]] && [[ "$PROTOCOL" == "udp" ]]; then
firewall-cmd --permanent --zone=public --remove-service=openvpn firewall-cmd --zone=public --remove-service=openvpn
firewall-cmd --permanent --zone=public --remove-service=openvpn
# Remove defined openvpn service else
rm /etc/firewalld/services/openvpn.xml firewall-cmd --zone=public --remove-port="$PORT/$PROTOCOL"
firewall-cmd --permanent --zone=public --remove-port="$PORT/$PROTOCOL"
fi
firewall-cmd --zone=trusted --remove-source=10.8.0.0/24 firewall-cmd --zone=trusted --remove-source=10.8.0.0/24
firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24 firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24
@ -1257,4 +1259,4 @@ if [[ -e /etc/openvpn/server.conf ]]; then
manageMenu manageMenu
else else
installOpenVPN installOpenVPN
fi fi