removed my changes

2025-02-05 13:11:33 +01:00 · 2023-12-25 15:40:25 +03:30 · 2023-12-25 15:40:25 +03:30 · a879503af1
commit a879503af1
parent 8d84eebd79
1 changed files with 17 additions and 24 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -57,7 +57,7 @@ function checkOS() {
 		fi
 		if [[ $ID == "centos" || $ID == "rocky" || $ID == "almalinux" ]]; then
 			OS="centos"
-			if [[ ! $VERSION_ID =~ (7|8) ]]; then
+			if [[ ${VERSION_ID%.*} -lt 7 ]]; then
 				echo "⚠️ Your version of CentOS is not supported."
 				echo ""
 				echo "The script only support CentOS 7 and CentOS 8."
@ -227,14 +227,8 @@ function installQuestions() {
 	echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to."
 	echo "Unless your server is behind NAT, it should be your public IPv4 address."

-	# If detect_from_net is not set detect the IP from the network
-	# Else use this command to detect ip: curl -s https://api.ipify.org
-	if [[ -z $DETECT_FROM_NET ]]; then
-		# Detect public IPv4 address and pre-fill for the user
-		IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1)
-	else
-		IP=$(curl -s https://api.ipify.org)
-	fi
+	# Detect public IPv4 address and pre-fill for the user
+	IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1)

 	if [[ -z $IP ]]; then
 		# Detect public IPv6 address
@ -633,9 +627,13 @@ function installOpenVPN() {

 		# Behind NAT, we'll default to the publicly reachable IPv4/IPv6.
 		if [[ $IPV6_SUPPORT == "y" ]]; then
-			PUBLIC_IP=$(curl --retry 5 --retry-connrefused https://ifconfig.co)
+			if ! PUBLIC_IP=$(curl -f --retry 5 --retry-connrefused https://ip.seeip.org); then
+				PUBLIC_IP=$(dig -6 TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
+			fi
 		else
-			PUBLIC_IP=$(curl --retry 5 --retry-connrefused -4 https://ifconfig.co)
+			if ! PUBLIC_IP=$(curl -f --retry 5 --retry-connrefused -4 https://ip.seeip.org); then
+				PUBLIC_IP=$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
+			fi
 		fi
 		ENDPOINT=${ENDPOINT:-$PUBLIC_IP}
 	fi
@ -708,10 +706,10 @@ function installOpenVPN() {

 	# Install the latest version of easy-rsa from source, if not already installed.
 	if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then
-		local version="3.0.7"
+		local version="3.1.2"
 		wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz
 		mkdir -p /etc/openvpn/easy-rsa
-		tar xzf ~/easy-rsa.tgz --strip-components=1 --directory /etc/openvpn/easy-rsa
+		tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/easy-rsa
 		rm -f ~/easy-rsa.tgz

 		cd /etc/openvpn/easy-rsa/ || return
@ -731,18 +729,16 @@ function installOpenVPN() {
 		SERVER_NAME="server_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"
 		echo "$SERVER_NAME" >SERVER_NAME_GENERATED

-		echo "set_var EASYRSA_REQ_CN $SERVER_CN" >>vars
-
 		# Create the PKI, set up the CA, the DH params and the server certificate
 		./easyrsa init-pki
-		./easyrsa --batch build-ca nopass
+		./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass

 		if [[ $DH_TYPE == "2" ]]; then
 			# ECDH keys are generated on-the-fly so we don't need to generate them beforehand
 			openssl dhparam -out dh.pem $DH_KEY_SIZE
 		fi

-		./easyrsa build-server-full "$SERVER_NAME" nopass
+		./easyrsa --batch build-server-full "$SERVER_NAME" nopass
 		EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl

 		case $TLS_SIG in
@ -1089,14 +1085,11 @@ function newClient() {
 		cd /etc/openvpn/easy-rsa/ || return
 		case $PASS in
 		1)
-			./easyrsa build-client-full "$CLIENT" nopass
+			./easyrsa --batch build-client-full "$CLIENT" nopass
 			;;
 		2)
-			echo -e "\n\n⚠️ You will be asked for the client password below ⚠️"
-			echo "this is a random password generated"
-			echo `openssl rand -base64 $(shuf -i13-17 -n1) || tr -dc A-Za-z0-9 </dev/urandom | head -c $(shuf -i13-17 -n1)`
-			echo "and can use it"
-			./easyrsa build-client-full "$CLIENT"
+			echo "⚠️ You will be asked for the client password below ⚠️"
+			./easyrsa --batch build-client-full "$CLIENT"
 			;;
 		esac
 		echo "Client $CLIENT added."
@ -1134,7 +1127,7 @@ function newClient() {
 		echo "</ca>"

 		echo "<cert>"
-		awk '/BEGIN/,/END/' "/etc/openvpn/easy-rsa/pki/issued/$CLIENT.crt"
+		awk '/BEGIN/,/END CERTIFICATE/' "/etc/openvpn/easy-rsa/pki/issued/$CLIENT.crt"
 		echo "</cert>"

 		echo "<key>"