mirror of
https://github.com/angristan/openvpn-install.git
synced 2024-11-21 16:29:04 +01:00
ci: use super-linter (#683)
This commit is contained in:
parent
7b7567e7cb
commit
bd047c08d7
3
.editorconfig
Normal file
3
.editorconfig
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[*.sh]
|
||||||
|
indent_style = tab
|
||||||
|
indent_size = 4
|
1
.github/linters/.markdown-lint.yml
vendored
Normal file
1
.github/linters/.markdown-lint.yml
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
{ 'MD013': null, 'MD045': null, 'MD040': null, 'MD036': null }
|
20
.github/workflows/lint.yml
vendored
20
.github/workflows/lint.yml
vendored
@ -3,20 +3,12 @@ on: [push, pull_request, pull_request_target]
|
|||||||
name: Lint
|
name: Lint
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
shellcheck:
|
super-linter:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- name: Checkout Code
|
||||||
- name: shellcheck
|
uses: actions/checkout@v2
|
||||||
uses: ludeeus/action-shellcheck@0.5.0
|
- name: Lint Code Base
|
||||||
|
uses: github/super-linter@v3.13.1
|
||||||
env:
|
env:
|
||||||
SHELLCHECK_OPTS: -e SC1091,SC2164,SC2034,SC1072,SC1073,SC1009
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
shfmt:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- name: shfmt
|
|
||||||
uses: bltavares/actions/shfmt@master
|
|
||||||
env:
|
|
||||||
SHFMT_ARGS: -d
|
|
||||||
|
7
FAQ.md
7
FAQ.md
@ -69,7 +69,7 @@ If your client is <2.3.3, remove `tls-version-min 1.2` from your `/etc/openvpn/s
|
|||||||
|
|
||||||
**Q:** IPv6 is not working on my Hetzner VM
|
**Q:** IPv6 is not working on my Hetzner VM
|
||||||
|
|
||||||
**A:** This an issue on their side. See https://angristan.xyz/fix-ipv6-hetzner-cloud/
|
**A:** This an issue on their side. See <https://angristan.xyz/fix-ipv6-hetzner-cloud/>
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -117,7 +117,7 @@ Sysctl options are at `/etc/sysctl.d/20-openvpn.conf`
|
|||||||
|
|
||||||
**A:** Here is a sample bash script to achieve this:
|
**A:** Here is a sample bash script to achieve this:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
userlist=(user1 user2 user3)
|
userlist=(user1 user2 user3)
|
||||||
|
|
||||||
for i in ${userlist[@]};do
|
for i in ${userlist[@]};do
|
||||||
@ -137,8 +137,9 @@ done
|
|||||||
|
|
||||||
**A:** You would need to edit the `.ovpn` file. You can edit the template out of which those files are created by editing `/etc/openvpn/client-template.txt` file and adding
|
**A:** You would need to edit the `.ovpn` file. You can edit the template out of which those files are created by editing `/etc/openvpn/client-template.txt` file and adding
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
route-nopull
|
route-nopull
|
||||||
route 10.0.0.0 255.0.0.0
|
route 10.0.0.0 255.0.0.0
|
||||||
```
|
```
|
||||||
|
|
||||||
So for example - here it would route all traffic of `10.0.0.0/8` to the vpn. And the rest through the internet.
|
So for example - here it would route all traffic of `10.0.0.0/8` to the vpn. And the rest through the internet.
|
||||||
|
@ -249,9 +249,8 @@ By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old
|
|||||||
|
|
||||||
> The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode.
|
> The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode.
|
||||||
>
|
>
|
||||||
> Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details.
|
> Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See <https://community.openvpn.net/openvpn/wiki/SWEET32> for details.
|
||||||
|
> Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See <https://sweet32.info/> for a much better and more elaborate explanation.
|
||||||
> Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See https://sweet32.info/ for a much better and more elaborate explanation.
|
|
||||||
>
|
>
|
||||||
> OpenVPN's default cipher, BF-CBC, is affected by this attack.
|
> OpenVPN's default cipher, BF-CBC, is affected by this attack.
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
# shellcheck disable=SC1091,SC2164,SC2034,SC1072,SC1073,SC1009
|
||||||
|
|
||||||
# Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Amazon Linux 2, Fedora and Arch Linux
|
# Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Amazon Linux 2, Fedora and Arch Linux
|
||||||
# https://github.com/angristan/openvpn-install
|
# https://github.com/angristan/openvpn-install
|
||||||
|
Loading…
Reference in New Issue
Block a user