Merge branch 'angristan:master' into own_ip

2024-11-14 21:09:03 +01:00 · 2022-08-21 07:50:32 +02:00 · 2022-08-21 07:50:32 +02:00 · 9b3bb634ea
commit 9b3bb634ea
parent a4ca71aee9 4553dd9c21
9 changed files with 98 additions and 74 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,5 +1,2 @@
-patreon: stanislas
-liberapay: stanislas
 ko_fi: stanislas
-github: angristan
 custom: https://coindrop.to/stanislas
--- a/.github/ISSUE_TEMPLATE/bug-report-or-suport-request.md
+++ b/.github/ISSUE_TEMPLATE/bug-report-or-suport-request.md
@ -1,35 +0,0 @@
---
-name: Bug report / Support request
-about: Create a report to help us improve
-title: ''
-labels: ''
-assignees: ''
-
---
-
-**⚠️ Unless you are sure you find a bug with the script, please open a [discussion](https://github.com/angristan/openvpn-install/discussions) instead of an issue!**
-
-**Checklist**
-
- [ ] I read the [README](https://github.com/angristan/openvpn-install/blob/master/README.md)
- [ ] I read the [FAQ](https://github.com/angristan/openvpn-install/blob/master/FAQ.md)
- [ ] I searched the [issues](https://github.com/angristan/openvpn-install/issues?q=is%3Aissue+)
- [ ] I searched the [discussion](https://github.com/angristan/openvpn-install/discussions)
- [ ] My issue is about the script, and not OpenVPN itself
-
-<!---
-If you need help with OpenVPN itself, please us the [community forums](https://forums.openvpn.net/) or [Stack Overflow](https://stackoverflow.com/questions/tagged/openvpn)
--->
-
-Pease include as much details as possible in your issue:
-
- Description of the issue
- How to reproduce the issue
- What did you expected should happen
- Logs
- Server/Client versions (OS, OpenVPN, etc)
- Any context or information that could help
-
---
-
-<!-- Write your report below this line -->
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@ -0,0 +1,74 @@
+name: Bug Report
+description: File a bug report
+title: "[Bug]: "
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+        **PLEASE** prioritise these communities before opening an issue.
+        - https://forums.openvpn.net
+        - https://stackoverflow.com/questions/tagged/openvpn
+        - https://github.com/angristan/openvpn-install/discussions
+
+        ⚠️ **ANY ISSUE THAT IS NOT CLEARLY A BUG REPORT WILL BE CLOSED AND/OR CONVERTED TO A DISCUSSION.**
+
+  - type: checkboxes
+    id: pre
+    attributes:
+      label: Make sure your check these beforehand!
+      description: Search before opening an issue.
+      options:
+        - label: Issues - https://github.com/angristan/openvpn-install/issues
+          required: true
+        - label: README and FAQ - https://github.com/angristan/openvpn-install
+          required: true
+        - label: Wiki - https://github.com/angristan/openvpn-install/wiki
+          required: true
+        - label: Discussions - https://github.com/angristan/openvpn-install/discussions
+          required: true
+
+  - type: input
+    id: server
+    attributes:
+      label: Server OS
+      description: What OS is the OpenVPN server running on?
+      placeholder: Debian 10
+    validations:
+      required: false
+
+  - type: input
+    id: openvpn
+    attributes:
+      label: OpenVPN version
+      description: What OpenVPN version is running on your server?
+      placeholder: 2.5.0
+    validations:
+      required: false
+
+  - type: input
+    id: client
+    attributes:
+      label: Client
+      description: What OS and client are you using? Please specify the versions.
+      placeholder: Viscosity 1.10.1 on macOS 12.1
+    validations:
+      required: false
+
+  - type: textarea
+    id: issue
+    attributes:
+      label: What is the bug?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+      value: "A bug happened!"
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell
--- a/.github/ISSUE_TEMPLATE/feature-request.md
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@ -1,10 +1,9 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
-title: ''
-labels: ''
-assignees: ''
-
+title: ""
+labels: ""
+assignees: ""
 ---

 **Checklist**
@ -15,17 +14,8 @@ assignees: ''
 - [ ] My issue is about the script, and not OpenVPN itself

 <!---
+⚠️
 If you need help with OpenVPN itself, please us the [community forums](https://forums.openvpn.net/) or [Stack Overflow](https://stackoverflow.com/questions/tagged/openvpn)
+PLEASE OPEN A DISCUSSION INSTEAD: https://github.com/angristan/openvpn-install/discussions
+⚠️
 --->
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
--- a/.github/linters/.markdown-lint.yml
+++ b/.github/linters/.markdown-lint.yml
@ -1 +1 @@
-{ 'MD013': null, 'MD045': null, 'MD040': null, 'MD036': null }
+{ "MD013": null, "MD045": null, "MD040": null, "MD036": null }
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -7,7 +7,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
      - name: Lint Code Base
        uses: github/super-linter@v4.1.0
        env:
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -13,16 +13,14 @@ jobs:
        os-image:
          - debian-9-x64
          - debian-10-x64
+          - debian-11-x64
          - ubuntu-18-04-x64
          - ubuntu-20-04-x64
-          - ubuntu-20-10-x64
-          - ubuntu-21-04-x64
-          - fedora-33-x64
-          - fedora-34-x64
+          - fedora-35-x64
          - centos-7-x64
-          - centos-8-x64
+          - centos-stream-8-x64
    steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2

      - name: Setup doctl
        uses: digitalocean/action-doctl@v2
--- a/README.md
+++ b/README.md
@ -3,6 +3,7 @@
 ![Test](https://github.com/angristan/openvpn-install/workflows/Test/badge.svg)
 ![Lint](https://github.com/angristan/openvpn-install/workflows/Lint/badge.svg)
 ![visitors](https://visitor-badge.glitch.me/badge?page_id=angristan.openvpn-install)
+[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/angristan)

 OpenVPN installer for Debian, Ubuntu, Fedora, CentOS, Arch Linux, Oracle Linux, Rocky Linux and AlmaLinux.

@ -162,7 +163,7 @@ More Q&A in [FAQ.md](FAQ.md).

 - Windows: [The official OpenVPN community client](https://openvpn.net/index.php/download/community-downloads.html).
 - Linux: The `openvpn` package from your distribution. There is an [official APT repository](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) for Debian/Ubuntu based distributions.
- macOS: [Tunnelblick](https://tunnelblick.net/), [Viscosity](https://www.sparklabs.com/viscosity/).
+- macOS: [Tunnelblick](https://tunnelblick.net/), [Viscosity](https://www.sparklabs.com/viscosity/), [OpenVPN for Mac](https://openvpn.net/client-connect-vpn-for-mac-os/).
 - Android: [OpenVPN for Android](https://play.google.com/store/apps/details?id=de.blinkt.openvpn).
 - iOS: [The official OpenVPN Connect client](https://itunes.apple.com/us/app/openvpn-connect/id590379981).

@ -187,6 +188,7 @@ More Q&A in [FAQ.md](FAQ.md).
 Solutions that provision a ready to use OpenVPN server based on this script in one go are available for:

 - AWS using Terraform at [`openvpn-terraform-install`](https://github.com/dumrauf/openvpn-terraform-install)
+- Terraform AWS module [`openvpn-ephemeral`](https://registry.terraform.io/modules/paulmarsicloud/openvpn-ephemeral/aws/latest)

 ## Contributing

@ -337,7 +339,7 @@ The script supports both and uses `tls-crypt` by default.

 ## Say thanks

-You can [say thanks](https://saythanks.io/to/angristan%40pm.me) if you want!
+You can [say thanks](https://saythanks.io/to/angristan) if you want!

 ## Credits & Licence

--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -369,7 +369,7 @@ function installQuestions() {
 		fi
 	done
 	echo ""
-	echo "Do you want to use compression? It is not recommended since the VORACLE attack make use of it."
+	echo "Do you want to use compression? It is not recommended since the VORACLE attack makes use of it."
 	until [[ $COMPRESSION_ENABLED =~ (y|n) ]]; do
 		read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED
 	done
@ -640,14 +640,14 @@ function installOpenVPN() {

 		# Behind NAT, we'll default to the publicly reachable IPv4/IPv6.
 		if [[ $IPV6_SUPPORT == "y" ]]; then
-			PUBLIC_IP=$(curl https://ifconfig.co)
+			PUBLIC_IP=$(curl --retry 5 --retry-connrefused https://ifconfig.co)
 		else
-			PUBLIC_IP=$(curl -4 https://ifconfig.co)
+			PUBLIC_IP=$(curl --retry 5 --retry-connrefused -4 https://ifconfig.co)
 		fi
 		ENDPOINT=${ENDPOINT:-$PUBLIC_IP}
 	fi

-	# Run setup questions first, and set other variales if auto-install
+	# Run setup questions first, and set other variables if auto-install
 	installQuestions

 	# Get the "public" interface from the default route
@ -688,8 +688,9 @@ function installOpenVPN() {
 			yum install -y epel-release
 			yum install -y openvpn iptables openssl wget ca-certificates curl tar 'policycoreutils-python*'
 		elif [[ $OS == 'oracle' ]]; then
-			yum install -y 'oracle-epel-release-*'
-			yum install -y openvpn iptables openssl wget ca-certificates curl tar 'policycoreutils-python*'
+			yum install -y oracle-epel-release-el8
+			yum-config-manager --enable ol8_developer_EPEL
+			yum install -y openvpn iptables openssl wget ca-certificates curl tar policycoreutils-python-utils
 		elif [[ $OS == 'amzn' ]]; then
 			amazon-linux-extras install -y epel
 			yum install -y openvpn iptables openssl wget ca-certificates curl
@ -942,10 +943,6 @@ verb 3" >>/etc/openvpn/server.conf
 		sed -i 's|LimitNPROC|#LimitNPROC|' /etc/systemd/system/openvpn-server@.service
 		# Another workaround to keep using /etc/openvpn/
 		sed -i 's|/etc/openvpn/server|/etc/openvpn|' /etc/systemd/system/openvpn-server@.service
-		# On fedora, the service hardcodes the ciphers. We want to manage the cipher ourselves, so we remove it from the service
-		if [[ $OS == "fedora" ]]; then
-			sed -i 's|--cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC||' /etc/systemd/system/openvpn-server@.service
-		fi

 		systemctl daemon-reload
 		systemctl enable openvpn-server@server
@ -1198,6 +1195,7 @@ function revokeClient() {
 	find /home/ -maxdepth 2 -name "$CLIENT.ovpn" -delete
 	rm -f "/root/$CLIENT.ovpn"
 	sed -i "/^$CLIENT,.*/d" /etc/openvpn/ipp.txt
+	cp /etc/openvpn/easy-rsa/pki/index.txt{,.bk}

 	echo ""
 	echo "Certificate for client $CLIENT revoked."