Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-01-09 16:20:04 +01:00
Code Issues Projects Releases Wiki Activity

Sync with upstream. Add new environment variables usage

Browse Source
This commit is contained in:
jduo 2020-09-10 05:31:48 -03:00
parent aa384c6931
commit abc0676b4c
1 changed files with 42 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
openvpn-install.sh
View File

@ -102,19 +102,19 @@ function installUnbound() {
apt-get install -y unbound
# Configuration
echo 'interface: 10.8.0.1
access-control: 10.8.0.1/24 allow
echo "interface: $VPN_NETWORK.1
access-control: $VPN_NETWORK.1/24 allow
hide-identity: yes
hide-version: yes
use-caps-for-id: yes
prefetch: yes' >>/etc/unbound/unbound.conf
prefetch: yes" >>/etc/unbound/unbound.conf
elif [[ $OS =~ (centos|amzn) ]]; then
yum install -y unbound
# Configuration
sed -i 's|# interface: 0.0.0.0$|interface: 10.8.0.1|' /etc/unbound/unbound.conf
sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow|' /etc/unbound/unbound.conf
sed -i "s|# interface: 0.0.0.0$|interface: $VPN_NETWORK.1|" /etc/unbound/unbound.conf
sed -i "s|# access-control: 127.0.0.0/8 allow|access-control: $VPN_NETWORK.1/24 allow|" /etc/unbound/unbound.conf
sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
@ -123,8 +123,8 @@ prefetch: yes' >>/etc/unbound/unbound.conf
dnf install -y unbound
# Configuration
sed -i 's|# interface: 0.0.0.0$|interface: 10.8.0.1|' /etc/unbound/unbound.conf
sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow|' /etc/unbound/unbound.conf
sed -i "s|# interface: 0.0.0.0$|interface: $VPN_NETWORK.1|" /etc/unbound/unbound.conf
sed -i "s|# access-control: 127.0.0.0/8 allow|access-control: $VPN_NETWORK.1/24 allow|" /etc/unbound/unbound.conf
sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
@ -139,15 +139,15 @@ prefetch: yes' >>/etc/unbound/unbound.conf
mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
fi
echo 'server:
echo "server:
use-syslog: yes
do-daemonize: no
username: "unbound"
directory: "/etc/unbound"
trust-anchor-file: trusted-key.key
root-hints: root.hints
interface: 10.8.0.1
access-control: 10.8.0.1/24 allow
interface: $VPN_NETWORK.1
access-control: $VPN_NETWORK.1/24 allow
port: 53
num-threads: 2
use-caps-for-id: yes
@ -155,7 +155,7 @@ prefetch: yes' >>/etc/unbound/unbound.conf
hide-identity: yes
hide-version: yes
qname-minimisation: yes
prefetch: yes' >/etc/unbound/unbound.conf
prefetch: yes" >/etc/unbound/unbound.conf
fi
# IPv6 DNS for all OS
@ -180,9 +180,9 @@ private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf
echo 'include: /etc/unbound/openvpn.conf' >>/etc/unbound/unbound.conf
# Add Unbound 'server' for the OpenVPN subnet
echo 'server:
interface: 10.8.0.1
access-control: 10.8.0.1/24 allow
echo "server:
interface: $VPN_NETWORK.1
access-control: $VPN_NETWORK.1/24 allow
hide-identity: yes
hide-version: yes
use-caps-for-id: yes
@ -195,7 +195,7 @@ private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
private-address: 127.0.0.0/8
private-address: ::ffff:0:0/96' >/etc/unbound/openvpn.conf
private-address: ::ffff:0:0/96" >/etc/unbound/openvpn.conf
if [[ $IPV6_SUPPORT == 'y' ]]; then
echo 'interface: fd42:42:42:42::1
access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf
@ -214,9 +214,16 @@ function installQuestions() {
echo "I need to ask you a few questions before starting the setup."
echo "You can leave the default options and just press enter if you are ok with them."
echo ""
echo "Please provide the VPN network prefix. If you are going to use 10.8.0.0/24, then type prefix 10.8.0"
until [[ $VPN_NETWORK =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do
echo "Format bust be like XXX.XXX.XXX"
VPN_NETWORK=${VPN_NETWORK:-10.8.0}
read -rp "VPN_NETWORK: " -e -i "$VPN_NETWORK" VPN_NETWORK
done
echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to."
echo "Unless your server is behind NAT, it should be your public IPv4 address."
# Detect public IPv4 address and pre-fill for the user
IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1)
if [[ -z $IP ]]; then
@ -312,8 +319,9 @@ function installQuestions() {
echo " 11) AdGuard DNS (Anycast: worldwide)"
echo " 12) NextDNS (Anycast: worldwide)"
echo " 13) Custom"
until [[ $DNS =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 13 ]; do
read -rp "DNS [1-12]: " -e -i 11 DNS
echo " 14) None"
until [[ $DNS =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 14 ]; do
read -rp "DNS [1-14]: " -e -i 11 DNS
if [[ $DNS == 2 ]] && [[ -e /etc/unbound/unbound.conf ]]; then
echo ""
echo "Unbound is already installed."
@ -763,7 +771,7 @@ persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
server $VPN_NETWORK.0 255.255.255.0
ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
# DNS resolvers
@ -785,7 +793,7 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
done
;;
2) # Self-hosted DNS resolver (Unbound)
echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf
echo 'push "dhcp-option DNS $VPN_NETWORK.1"' >>/etc/openvpn/server.conf
if [[ $IPV6_SUPPORT == 'y' ]]; then
echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf
fi
@ -836,8 +844,13 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf
fi
;;
14) # No DNS
echo "No DNS push config"
;;
esac
if (($DNS != 14)); then
echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf
fi
# IPv6 network settings if needed
if [[ $IPV6_SUPPORT == 'y' ]]; then
@ -949,7 +962,7 @@ verb 3" >>/etc/openvpn/server.conf
# Script to add rules
echo "#!/bin/sh
iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o $NIC -j MASQUERADE
iptables -t nat -I POSTROUTING 1 -s $VPN_NETWORK.0/24 -o $NIC -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT
@ -965,7 +978,7 @@ ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptabl
# Script to remove rules
echo "#!/bin/sh
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE
iptables -t nat -D POSTROUTING -s $VPN_NETWORK.0/24 -o $NIC -j MASQUERADE
iptables -D INPUT -i tun0 -j ACCEPT
iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT
iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT
@ -1032,10 +1045,14 @@ tls-cipher $CC_CIPHER
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3" >>/etc/openvpn/client-template.txt
if [[ $COMPRESSION_ENABLED == "y" ]]; then
echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt
fi
if [[ "$CLIENT_TEMPLATE_APPEND" != "" ]]; then
echo "appending costum config CLIENT_TEMPLATE_APPEND to /etc/openvpn/client-template.txt ..."
echo "" >> /etc/openvpn/client-template.txt
echo "$CLIENT_TEMPLATE_APPEND" >> /etc/openvpn/client-template.txt
fi
# Generate the custom client.ovpn
newClient
@ -1280,7 +1297,7 @@ function removeOpenVPN() {
function manageMenu() {
echo "Welcome to OpenVPN-install!"
echo "The git repository is available at: https://github.com/angristan/openvpn-install"
echo "The git repository is available at: https://github.com/joaduo/openvpn-install"
echo ""
echo "It looks like OpenVPN is already installed."
echo ""