Bernhard.Linz/openvpn-install
1
0
Bifurcation 0
miroir de https://github.com/angristan/openvpn-install.git synchronisé 2025-09-18 02:00:46 +02:00
Code Tickets Projets Publications Wiki Activité

Update openvpn-install.sh

Parcourir la source
Cette révision appartient à :
BornToBeRoot 2020-06-28 22:54:38 +02:00
Parent 34d5de382e
révision 705c40f0df
1 fichiers modifiés avec 15 ajouts et 13 suppressions
Voir les Statistiques Télécharger le Fichier Patch Télécharger le Fichier des Différences Développer tous les fichiers Réduire tous les fichiers

28
openvpn-install.sh
Voir le fichier

@ -201,7 +201,7 @@ function installQuestions () {
if [[ $APPROVE_IP =~ n ]]; then if [[ $APPROVE_IP =~ n ]]; then
read -rp "IP address: " -e -i "$IP" IP read -rp "IP address: " -e -i "$IP" IP
fi fi
# If $IP is a private IP address, the server must be behind NAT # If $IP is a private IP address, the server must be behind NAT
if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
echo "" echo ""
echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?" echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?"
@ -855,13 +855,13 @@ verb 3" >> /etc/openvpn/server.conf
# Add firewall rules --> firewalld / iptable (systemd scripts) # Add firewall rules --> firewalld / iptable (systemd scripts)
if pgrep firewalld; then if pgrep firewalld; then
# Allow incoming traffic # Allow incoming traffic
# Define new openvpn service if [[ "$PORT" == '1194' ]] && [[ "$PROTOCOL" == "udp" ]]; then
cp /usr/lib/firewalld/services/openvpn.xml /etc/firewalld/services firewall-cmd --zone=public --add-service=openvpn
sed -i "s|udp|${PROTOCOL}|" /etc/firewalld/services/openvpn.xml
sed -i "s|1194|${PORT}|" /etc/firewalld/services/openvpn.xml
firewall-cmd --zone=public --add-service=openvpn
firewall-cmd --permanent --zone=public --add-service=openvpn firewall-cmd --permanent --zone=public --add-service=openvpn
else
firewall-cmd --zone=public --add-port="$PORT/$PROTOCOL"
firewall-cmd --permanent --zone=public --add-port="$PORT/$PROTOCOL"
fi
# Add trusted zone # Add trusted zone
firewall-cmd --zone=trusted --add-source=10.8.0.0/24 firewall-cmd --zone=trusted --add-source=10.8.0.0/24
@ -1151,11 +1151,13 @@ function removeOpenVPN () {
# Get OpenVPN protocol from the configuration # Get OpenVPN protocol from the configuration
PROTOCOL=$(grep '^proto ' /etc/openvpn/server.conf | cut -d " " -f 2) PROTOCOL=$(grep '^proto ' /etc/openvpn/server.conf | cut -d " " -f 2)
firewall-cmd --zone=public --remove-service=openvpn if [[ "$PORT" == '1194' ]] && [[ "$PROTOCOL" == "udp" ]]; then
firewall-cmd --permanent --zone=public --remove-service=openvpn firewall-cmd --zone=public --remove-service=openvpn
firewall-cmd --permanent --zone=public --remove-service=openvpn
# Remove defined openvpn service else
rm /etc/firewalld/services/openvpn.xml firewall-cmd --zone=public --remove-port="$PORT/$PROTOCOL"
firewall-cmd --permanent --zone=public --remove-port="$PORT/$PROTOCOL"
fi
firewall-cmd --zone=trusted --remove-source=10.8.0.0/24 firewall-cmd --zone=trusted --remove-source=10.8.0.0/24
firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24 firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24
@ -1257,4 +1259,4 @@ if [[ -e /etc/openvpn/server.conf ]]; then
manageMenu manageMenu
else else
installOpenVPN installOpenVPN
fi fi