Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-03-14 14:43:13 +01:00
Code Issues Projects Releases Wiki Activity

add TCP_NODELAY option

Browse Source 
Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com>
This commit is contained in:
Mohammad Shehar Yaar Tausif 2022-11-18 23:26:15 +05:30
parent 4553dd9c21
commit 759d8f08f2
No known key found for this signature in database
GPG Key ID: EAD64D1E29D480B8
1 changed files with 1201 additions and 1192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
openvpn-install.sh
View File

@ -117,7 +117,7 @@ access-control: 10.8.0.1/24 allow
hide-identity: yes hide-identity: yes
hide-version: yes hide-version: yes
use-caps-for-id: yes use-caps-for-id: yes
prefetch: yes' >>/etc/unbound/unbound.conf prefetch: yes' >>/etc/unbound/unbound.conf
elif [[ $OS =~ (centos|amzn|oracle) ]]; then elif [[ $OS =~ (centos|amzn|oracle) ]]; then
yum install -y unbound yum install -y unbound
@ -171,7 +171,7 @@ prefetch: yes' >>/etc/unbound/unbound.conf
# IPv6 DNS for all OS # IPv6 DNS for all OS
if [[ $IPV6_SUPPORT == 'y' ]]; then if [[ $IPV6_SUPPORT == 'y' ]]; then
echo 'interface: fd42:42:42:42::1 echo 'interface: fd42:42:42:42::1
access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/unbound.conf access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/unbound.conf
fi fi
if [[ ! $OS =~ (fedora|centos|amzn|oracle) ]]; then if [[ ! $OS =~ (fedora|centos|amzn|oracle) ]]; then
@ -184,7 +184,7 @@ private-address: 169.254.0.0/16
private-address: fd00::/8 private-address: fd00::/8
private-address: fe80::/10 private-address: fe80::/10
private-address: 127.0.0.0/8 private-address: 127.0.0.0/8
private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf
fi fi
else # Unbound is already installed else # Unbound is already installed
echo 'include: /etc/unbound/openvpn.conf' >>/etc/unbound/unbound.conf echo 'include: /etc/unbound/openvpn.conf' >>/etc/unbound/unbound.conf
@ -205,10 +205,10 @@ private-address: 169.254.0.0/16
private-address: fd00::/8 private-address: fd00::/8
private-address: fe80::/10 private-address: fe80::/10
private-address: 127.0.0.0/8 private-address: 127.0.0.0/8
private-address: ::ffff:0:0/96' >/etc/unbound/openvpn.conf private-address: ::ffff:0:0/96' >/etc/unbound/openvpn.conf
if [[ $IPV6_SUPPORT == 'y' ]]; then if [[ $IPV6_SUPPORT == 'y' ]]; then
echo 'interface: fd42:42:42:42::1 echo 'interface: fd42:42:42:42::1
access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf
fi fi
fi fi
@ -308,6 +308,14 @@ function installQuestions() {
;; ;;
2) 2)
PROTOCOL="tcp" PROTOCOL="tcp"
until [[ $TCP_NODELAY =~ (y|n) ]]; do
read -rp "Do you want to enable TCP_NODELAY (improves latency)? [y/n]: " -e TCP_NODELAY
done
if [[ $TCP_NODELAY == "y" ]]; then
TCP_NODELAY="tcp-nodelay"
else
TCP_NODELAY=""
fi
;; ;;
esac esac
echo "" echo ""
@ -781,7 +789,7 @@ persist-tun
keepalive 10 120 keepalive 10 120
topology subnet topology subnet
server 10.8.0.0 255.255.255.0 server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
# DNS resolvers # DNS resolvers
case $DNS in case $DNS in
@ -862,7 +870,7 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
tun-ipv6 tun-ipv6
push tun-ipv6 push tun-ipv6
push "route-ipv6 2000::/3" push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"' >>/etc/openvpn/server.conf push "redirect-gateway ipv6"' >>/etc/openvpn/server.conf
fi fi
if [[ $COMPRESSION_ENABLED == "y" ]]; then if [[ $COMPRESSION_ENABLED == "y" ]]; then
@ -897,7 +905,8 @@ tls-version-min 1.2
tls-cipher $CC_CIPHER tls-cipher $CC_CIPHER
client-config-dir /etc/openvpn/ccd client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log status /var/log/openvpn/status.log
verb 3" >>/etc/openvpn/server.conf verb 3
$TCP_NODELAY" >>/etc/openvpn/server.conf
# Create client-config-dir dir # Create client-config-dir dir
mkdir -p /etc/openvpn/ccd mkdir -p /etc/openvpn/ccd
@ -966,14 +975,14 @@ iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o $NIC -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT
iptables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/add-openvpn-rules.sh iptables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/add-openvpn-rules.sh
if [[ $IPV6_SUPPORT == 'y' ]]; then if [[ $IPV6_SUPPORT == 'y' ]]; then
echo "ip6tables -t nat -I POSTROUTING 1 -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE echo "ip6tables -t nat -I POSTROUTING 1 -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
ip6tables -I INPUT 1 -i tun0 -j ACCEPT ip6tables -I INPUT 1 -i tun0 -j ACCEPT
ip6tables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT ip6tables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT
ip6tables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT ip6tables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT
ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/add-openvpn-rules.sh ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/add-openvpn-rules.sh
fi fi
# Script to remove rules # Script to remove rules
@ -982,14 +991,14 @@ iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE
iptables -D INPUT -i tun0 -j ACCEPT iptables -D INPUT -i tun0 -j ACCEPT
iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT
iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT
iptables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/rm-openvpn-rules.sh iptables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/rm-openvpn-rules.sh
if [[ $IPV6_SUPPORT == 'y' ]]; then if [[ $IPV6_SUPPORT == 'y' ]]; then
echo "ip6tables -t nat -D POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE echo "ip6tables -t nat -D POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
ip6tables -D INPUT -i tun0 -j ACCEPT ip6tables -D INPUT -i tun0 -j ACCEPT
ip6tables -D FORWARD -i $NIC -o tun0 -j ACCEPT ip6tables -D FORWARD -i $NIC -o tun0 -j ACCEPT
ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT
ip6tables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/rm-openvpn-rules.sh ip6tables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/rm-openvpn-rules.sh
fi fi
chmod +x /etc/iptables/add-openvpn-rules.sh chmod +x /etc/iptables/add-openvpn-rules.sh
@ -1008,7 +1017,7 @@ ExecStop=/etc/iptables/rm-openvpn-rules.sh
RemainAfterExit=yes RemainAfterExit=yes
[Install] [Install]
WantedBy=multi-user.target" >/etc/systemd/system/iptables-openvpn.service WantedBy=multi-user.target" >/etc/systemd/system/iptables-openvpn.service
# Enable service and apply rules # Enable service and apply rules
systemctl daemon-reload systemctl daemon-reload
@ -1044,7 +1053,7 @@ tls-version-min 1.2
tls-cipher $CC_CIPHER tls-cipher $CC_CIPHER
ignore-unknown-option block-outside-dns ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3" >>/etc/openvpn/client-template.txt verb 3" >>/etc/openvpn/client-template.txt
if [[ $COMPRESSION_ENABLED == "y" ]]; then if [[ $COMPRESSION_ENABLED == "y" ]]; then
echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt