Sync with upstream. Add new environment variables usage

This commit is contained in:
jduo 2020-09-10 05:31:48 -03:00
parent aa384c6931
commit abc0676b4c

View File

@ -102,19 +102,19 @@ function installUnbound() {
apt-get install -y unbound apt-get install -y unbound
# Configuration # Configuration
echo 'interface: 10.8.0.1 echo "interface: $VPN_NETWORK.1
access-control: 10.8.0.1/24 allow access-control: $VPN_NETWORK.1/24 allow
hide-identity: yes hide-identity: yes
hide-version: yes hide-version: yes
use-caps-for-id: yes use-caps-for-id: yes
prefetch: yes' >>/etc/unbound/unbound.conf prefetch: yes" >>/etc/unbound/unbound.conf
elif [[ $OS =~ (centos|amzn) ]]; then elif [[ $OS =~ (centos|amzn) ]]; then
yum install -y unbound yum install -y unbound
# Configuration # Configuration
sed -i 's|# interface: 0.0.0.0$|interface: 10.8.0.1|' /etc/unbound/unbound.conf sed -i "s|# interface: 0.0.0.0$|interface: $VPN_NETWORK.1|" /etc/unbound/unbound.conf
sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow|' /etc/unbound/unbound.conf sed -i "s|# access-control: 127.0.0.0/8 allow|access-control: $VPN_NETWORK.1/24 allow|" /etc/unbound/unbound.conf
sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
@ -123,8 +123,8 @@ prefetch: yes' >>/etc/unbound/unbound.conf
dnf install -y unbound dnf install -y unbound
# Configuration # Configuration
sed -i 's|# interface: 0.0.0.0$|interface: 10.8.0.1|' /etc/unbound/unbound.conf sed -i "s|# interface: 0.0.0.0$|interface: $VPN_NETWORK.1|" /etc/unbound/unbound.conf
sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow|' /etc/unbound/unbound.conf sed -i "s|# access-control: 127.0.0.0/8 allow|access-control: $VPN_NETWORK.1/24 allow|" /etc/unbound/unbound.conf
sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
@ -139,15 +139,15 @@ prefetch: yes' >>/etc/unbound/unbound.conf
mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
fi fi
echo 'server: echo "server:
use-syslog: yes use-syslog: yes
do-daemonize: no do-daemonize: no
username: "unbound" username: "unbound"
directory: "/etc/unbound" directory: "/etc/unbound"
trust-anchor-file: trusted-key.key trust-anchor-file: trusted-key.key
root-hints: root.hints root-hints: root.hints
interface: 10.8.0.1 interface: $VPN_NETWORK.1
access-control: 10.8.0.1/24 allow access-control: $VPN_NETWORK.1/24 allow
port: 53 port: 53
num-threads: 2 num-threads: 2
use-caps-for-id: yes use-caps-for-id: yes
@ -155,7 +155,7 @@ prefetch: yes' >>/etc/unbound/unbound.conf
hide-identity: yes hide-identity: yes
hide-version: yes hide-version: yes
qname-minimisation: yes qname-minimisation: yes
prefetch: yes' >/etc/unbound/unbound.conf prefetch: yes" >/etc/unbound/unbound.conf
fi fi
# IPv6 DNS for all OS # IPv6 DNS for all OS
@ -180,9 +180,9 @@ private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf
echo 'include: /etc/unbound/openvpn.conf' >>/etc/unbound/unbound.conf echo 'include: /etc/unbound/openvpn.conf' >>/etc/unbound/unbound.conf
# Add Unbound 'server' for the OpenVPN subnet # Add Unbound 'server' for the OpenVPN subnet
echo 'server: echo "server:
interface: 10.8.0.1 interface: $VPN_NETWORK.1
access-control: 10.8.0.1/24 allow access-control: $VPN_NETWORK.1/24 allow
hide-identity: yes hide-identity: yes
hide-version: yes hide-version: yes
use-caps-for-id: yes use-caps-for-id: yes
@ -195,7 +195,7 @@ private-address: 169.254.0.0/16
private-address: fd00::/8 private-address: fd00::/8
private-address: fe80::/10 private-address: fe80::/10
private-address: 127.0.0.0/8 private-address: 127.0.0.0/8
private-address: ::ffff:0:0/96' >/etc/unbound/openvpn.conf private-address: ::ffff:0:0/96" >/etc/unbound/openvpn.conf
if [[ $IPV6_SUPPORT == 'y' ]]; then if [[ $IPV6_SUPPORT == 'y' ]]; then
echo 'interface: fd42:42:42:42::1 echo 'interface: fd42:42:42:42::1
access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf
@ -214,9 +214,16 @@ function installQuestions() {
echo "I need to ask you a few questions before starting the setup." echo "I need to ask you a few questions before starting the setup."
echo "You can leave the default options and just press enter if you are ok with them." echo "You can leave the default options and just press enter if you are ok with them."
echo "" echo ""
echo "Please provide the VPN network prefix. If you are going to use 10.8.0.0/24, then type prefix 10.8.0"
until [[ $VPN_NETWORK =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do
echo "Format bust be like XXX.XXX.XXX"
VPN_NETWORK=${VPN_NETWORK:-10.8.0}
read -rp "VPN_NETWORK: " -e -i "$VPN_NETWORK" VPN_NETWORK
done
echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to." echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to."
echo "Unless your server is behind NAT, it should be your public IPv4 address." echo "Unless your server is behind NAT, it should be your public IPv4 address."
# Detect public IPv4 address and pre-fill for the user # Detect public IPv4 address and pre-fill for the user
IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1) IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1)
if [[ -z $IP ]]; then if [[ -z $IP ]]; then
@ -312,8 +319,9 @@ function installQuestions() {
echo " 11) AdGuard DNS (Anycast: worldwide)" echo " 11) AdGuard DNS (Anycast: worldwide)"
echo " 12) NextDNS (Anycast: worldwide)" echo " 12) NextDNS (Anycast: worldwide)"
echo " 13) Custom" echo " 13) Custom"
until [[ $DNS =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 13 ]; do echo " 14) None"
read -rp "DNS [1-12]: " -e -i 11 DNS until [[ $DNS =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 14 ]; do
read -rp "DNS [1-14]: " -e -i 11 DNS
if [[ $DNS == 2 ]] && [[ -e /etc/unbound/unbound.conf ]]; then if [[ $DNS == 2 ]] && [[ -e /etc/unbound/unbound.conf ]]; then
echo "" echo ""
echo "Unbound is already installed." echo "Unbound is already installed."
@ -763,7 +771,7 @@ persist-key
persist-tun persist-tun
keepalive 10 120 keepalive 10 120
topology subnet topology subnet
server 10.8.0.0 255.255.255.0 server $VPN_NETWORK.0 255.255.255.0
ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
# DNS resolvers # DNS resolvers
@ -785,7 +793,7 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
done done
;; ;;
2) # Self-hosted DNS resolver (Unbound) 2) # Self-hosted DNS resolver (Unbound)
echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf echo 'push "dhcp-option DNS $VPN_NETWORK.1"' >>/etc/openvpn/server.conf
if [[ $IPV6_SUPPORT == 'y' ]]; then if [[ $IPV6_SUPPORT == 'y' ]]; then
echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf
fi fi
@ -836,8 +844,13 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf
fi fi
;; ;;
14) # No DNS
echo "No DNS push config"
;;
esac esac
if (($DNS != 14)); then
echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf
fi
# IPv6 network settings if needed # IPv6 network settings if needed
if [[ $IPV6_SUPPORT == 'y' ]]; then if [[ $IPV6_SUPPORT == 'y' ]]; then
@ -949,7 +962,7 @@ verb 3" >>/etc/openvpn/server.conf
# Script to add rules # Script to add rules
echo "#!/bin/sh echo "#!/bin/sh
iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o $NIC -j MASQUERADE iptables -t nat -I POSTROUTING 1 -s $VPN_NETWORK.0/24 -o $NIC -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT
@ -965,7 +978,7 @@ ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptabl
# Script to remove rules # Script to remove rules
echo "#!/bin/sh echo "#!/bin/sh
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE iptables -t nat -D POSTROUTING -s $VPN_NETWORK.0/24 -o $NIC -j MASQUERADE
iptables -D INPUT -i tun0 -j ACCEPT iptables -D INPUT -i tun0 -j ACCEPT
iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT
iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT
@ -1032,10 +1045,14 @@ tls-cipher $CC_CIPHER
ignore-unknown-option block-outside-dns ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3" >>/etc/openvpn/client-template.txt verb 3" >>/etc/openvpn/client-template.txt
if [[ $COMPRESSION_ENABLED == "y" ]]; then if [[ $COMPRESSION_ENABLED == "y" ]]; then
echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt
fi fi
if [[ "$CLIENT_TEMPLATE_APPEND" != "" ]]; then
echo "appending costum config CLIENT_TEMPLATE_APPEND to /etc/openvpn/client-template.txt ..."
echo "" >> /etc/openvpn/client-template.txt
echo "$CLIENT_TEMPLATE_APPEND" >> /etc/openvpn/client-template.txt
fi
# Generate the custom client.ovpn # Generate the custom client.ovpn
newClient newClient
@ -1280,7 +1297,7 @@ function removeOpenVPN() {
function manageMenu() { function manageMenu() {
echo "Welcome to OpenVPN-install!" echo "Welcome to OpenVPN-install!"
echo "The git repository is available at: https://github.com/angristan/openvpn-install" echo "The git repository is available at: https://github.com/joaduo/openvpn-install"
echo "" echo ""
echo "It looks like OpenVPN is already installed." echo "It looks like OpenVPN is already installed."
echo "" echo ""