From d8cadb176021aab9593f5f97ee49e113ff451cfd Mon Sep 17 00:00:00 2001 From: Stanislas Lange Date: Sun, 7 Dec 2025 23:22:07 +0100 Subject: [PATCH] Fix shfmt formatting issues --- openvpn-install.sh | 604 ++++++++++++++++++++++----------------------- 1 file changed, 302 insertions(+), 302 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index fd97482..fbc4c87 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -413,7 +413,7 @@ function installQuestions() { fi # If $IP is a private IP address, the server must be behind NAT if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then - log_menu "" + log_menu "" log_prompt "It seems this server is behind NAT. What is its public IPv4 address or hostname?" log_prompt "We need it for the clients to connect to the server." @@ -455,19 +455,19 @@ function installQuestions() { read -rp "Port choice [1-3]: " -e -i 1 PORT_CHOICE done case $PORT_CHOICE in - 1) - PORT="1194" - ;; - 2) - until [[ $PORT =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; do - read -rp "Custom port [1-65535]: " -e -i 1194 PORT - done - ;; - 3) - # Generate random number within private ports range - PORT=$(shuf -i49152-65535 -n1) - log_info "Random Port: $PORT" - ;; + 1) + PORT="1194" + ;; + 2) + until [[ $PORT =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; do + read -rp "Custom port [1-65535]: " -e -i 1194 PORT + done + ;; + 3) + # Generate random number within private ports range + PORT=$(shuf -i49152-65535 -n1) + log_info "Random Port: $PORT" + ;; esac log_menu "" log_prompt "What protocol do you want OpenVPN to use?" @@ -478,12 +478,12 @@ function installQuestions() { read -rp "Protocol [1-2]: " -e -i 1 PROTOCOL_CHOICE done case $PROTOCOL_CHOICE in - 1) - PROTOCOL="udp" - ;; - 2) - PROTOCOL="tcp" - ;; + 1) + PROTOCOL="udp" + ;; + 2) + PROTOCOL="tcp" + ;; esac log_menu "" log_prompt "What DNS resolvers do you want to use with the VPN?" @@ -503,12 +503,12 @@ function installQuestions() { until [[ $DNS =~ ^[0-9]+$ ]] && [ "$DNS" -ge 1 ] && [ "$DNS" -le 13 ]; do read -rp "DNS [1-13]: " -e -i 11 DNS if [[ $DNS == 2 ]] && [[ -e /etc/unbound/unbound.conf ]]; then - log_menu "" + log_menu "" log_prompt "Unbound is already installed." log_prompt "You can allow the script to configure it in order to use it from your OpenVPN clients" log_prompt "We will simply add a second server to /etc/unbound/unbound.conf for the OpenVPN subnet." log_prompt "No changes are made to the current configuration." - log_menu "" + log_menu "" until [[ $CONTINUE =~ (y|n) ]]; do read -rp "Apply configuration changes to Unbound? [y/n]: " -e CONTINUE @@ -537,22 +537,22 @@ function installQuestions() { done if [[ $COMPRESSION_ENABLED == "y" ]]; then log_prompt "Choose which compression algorithm you want to use: (they are ordered by efficiency)" - log_menu " 1) LZ4-v2" - log_menu " 2) LZ4" - log_menu " 3) LZ0" + log_menu " 1) LZ4-v2" + log_menu " 2) LZ4" + log_menu " 3) LZ0" until [[ $COMPRESSION_CHOICE =~ ^[1-3]$ ]]; do read -rp"Compression algorithm [1-3]: " -e -i 1 COMPRESSION_CHOICE done case $COMPRESSION_CHOICE in - 1) - COMPRESSION_ALG="lz4-v2" - ;; - 2) - COMPRESSION_ALG="lz4" - ;; - 3) - COMPRESSION_ALG="lzo" - ;; + 1) + COMPRESSION_ALG="lz4-v2" + ;; + 2) + COMPRESSION_ALG="lz4" + ;; + 3) + COMPRESSION_ALG="lzo" + ;; esac fi log_menu "" @@ -575,174 +575,174 @@ function installQuestions() { HMAC_ALG="SHA256" TLS_SIG="1" # tls-crypt else - log_menu "" + log_menu "" log_prompt "Choose which cipher you want to use for the data channel:" - log_menu " 1) AES-128-GCM (recommended)" - log_menu " 2) AES-192-GCM" - log_menu " 3) AES-256-GCM" - log_menu " 4) AES-128-CBC" - log_menu " 5) AES-192-CBC" - log_menu " 6) AES-256-CBC" + log_menu " 1) AES-128-GCM (recommended)" + log_menu " 2) AES-192-GCM" + log_menu " 3) AES-256-GCM" + log_menu " 4) AES-128-CBC" + log_menu " 5) AES-192-CBC" + log_menu " 6) AES-256-CBC" until [[ $CIPHER_CHOICE =~ ^[1-6]$ ]]; do read -rp "Cipher [1-6]: " -e -i 1 CIPHER_CHOICE done case $CIPHER_CHOICE in - 1) - CIPHER="AES-128-GCM" - ;; - 2) - CIPHER="AES-192-GCM" - ;; - 3) - CIPHER="AES-256-GCM" - ;; - 4) - CIPHER="AES-128-CBC" - ;; - 5) - CIPHER="AES-192-CBC" - ;; - 6) - CIPHER="AES-256-CBC" - ;; + 1) + CIPHER="AES-128-GCM" + ;; + 2) + CIPHER="AES-192-GCM" + ;; + 3) + CIPHER="AES-256-GCM" + ;; + 4) + CIPHER="AES-128-CBC" + ;; + 5) + CIPHER="AES-192-CBC" + ;; + 6) + CIPHER="AES-256-CBC" + ;; esac - log_menu "" + log_menu "" log_prompt "Choose what kind of certificate you want to use:" - log_menu " 1) ECDSA (recommended)" - log_menu " 2) RSA" + log_menu " 1) ECDSA (recommended)" + log_menu " 2) RSA" until [[ $CERT_TYPE =~ ^[1-2]$ ]]; do read -rp"Certificate key type [1-2]: " -e -i 1 CERT_TYPE done case $CERT_TYPE in - 1) - log_menu "" - log_prompt "Choose which curve you want to use for the certificate's key:" - log_menu " 1) prime256v1 (recommended)" - log_menu " 2) secp384r1" - log_menu " 3) secp521r1" - until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do - read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE - done - case $CERT_CURVE_CHOICE in 1) - CERT_CURVE="prime256v1" + log_menu "" + log_prompt "Choose which curve you want to use for the certificate's key:" + log_menu " 1) prime256v1 (recommended)" + log_menu " 2) secp384r1" + log_menu " 3) secp521r1" + until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do + read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE + done + case $CERT_CURVE_CHOICE in + 1) + CERT_CURVE="prime256v1" + ;; + 2) + CERT_CURVE="secp384r1" + ;; + 3) + CERT_CURVE="secp521r1" + ;; + esac ;; 2) - CERT_CURVE="secp384r1" + log_menu "" + log_prompt "Choose which size you want to use for the certificate's RSA key:" + log_menu " 1) 2048 bits (recommended)" + log_menu " 2) 3072 bits" + log_menu " 3) 4096 bits" + until [[ $RSA_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do + read -rp "RSA key size [1-3]: " -e -i 1 RSA_KEY_SIZE_CHOICE + done + case $RSA_KEY_SIZE_CHOICE in + 1) + RSA_KEY_SIZE="2048" + ;; + 2) + RSA_KEY_SIZE="3072" + ;; + 3) + RSA_KEY_SIZE="4096" + ;; + esac ;; - 3) - CERT_CURVE="secp521r1" - ;; - esac - ;; - 2) - log_menu "" - log_prompt "Choose which size you want to use for the certificate's RSA key:" - log_menu " 1) 2048 bits (recommended)" - log_menu " 2) 3072 bits" - log_menu " 3) 4096 bits" - until [[ $RSA_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do - read -rp "RSA key size [1-3]: " -e -i 1 RSA_KEY_SIZE_CHOICE - done - case $RSA_KEY_SIZE_CHOICE in - 1) - RSA_KEY_SIZE="2048" - ;; - 2) - RSA_KEY_SIZE="3072" - ;; - 3) - RSA_KEY_SIZE="4096" - ;; - esac - ;; esac - log_menu "" + log_menu "" log_prompt "Choose which cipher you want to use for the control channel:" case $CERT_TYPE in - 1) - log_menu " 1) ECDHE-ECDSA-AES-128-GCM-SHA256 (recommended)" - log_menu " 2) ECDHE-ECDSA-AES-256-GCM-SHA384" - until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do - read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE - done - case $CC_CIPHER_CHOICE in 1) - CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" + log_menu " 1) ECDHE-ECDSA-AES-128-GCM-SHA256 (recommended)" + log_menu " 2) ECDHE-ECDSA-AES-256-GCM-SHA384" + until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do + read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE + done + case $CC_CIPHER_CHOICE in + 1) + CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" + ;; + 2) + CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" + ;; + esac ;; 2) - CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" + log_menu " 1) ECDHE-RSA-AES-128-GCM-SHA256 (recommended)" + log_menu " 2) ECDHE-RSA-AES-256-GCM-SHA384" + until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do + read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE + done + case $CC_CIPHER_CHOICE in + 1) + CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" + ;; + 2) + CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + ;; + esac ;; - esac - ;; - 2) - log_menu " 1) ECDHE-RSA-AES-128-GCM-SHA256 (recommended)" - log_menu " 2) ECDHE-RSA-AES-256-GCM-SHA384" - until [[ $CC_CIPHER_CHOICE =~ ^[1-2]$ ]]; do - read -rp"Control channel cipher [1-2]: " -e -i 1 CC_CIPHER_CHOICE - done - case $CC_CIPHER_CHOICE in - 1) - CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" - ;; - 2) - CC_CIPHER="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - ;; - esac - ;; esac - log_menu "" + log_menu "" log_prompt "Choose what kind of Diffie-Hellman key you want to use:" - log_menu " 1) ECDH (recommended)" - log_menu " 2) DH" + log_menu " 1) ECDH (recommended)" + log_menu " 2) DH" until [[ $DH_TYPE =~ [1-2] ]]; do read -rp"DH key type [1-2]: " -e -i 1 DH_TYPE done case $DH_TYPE in - 1) - log_menu "" - log_prompt "Choose which curve you want to use for the ECDH key:" - log_menu " 1) prime256v1 (recommended)" - log_menu " 2) secp384r1" - log_menu " 3) secp521r1" - while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do - read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE - done - case $DH_CURVE_CHOICE in 1) - DH_CURVE="prime256v1" + log_menu "" + log_prompt "Choose which curve you want to use for the ECDH key:" + log_menu " 1) prime256v1 (recommended)" + log_menu " 2) secp384r1" + log_menu " 3) secp521r1" + while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do + read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE + done + case $DH_CURVE_CHOICE in + 1) + DH_CURVE="prime256v1" + ;; + 2) + DH_CURVE="secp384r1" + ;; + 3) + DH_CURVE="secp521r1" + ;; + esac ;; 2) - DH_CURVE="secp384r1" + log_menu "" + log_prompt "Choose what size of Diffie-Hellman key you want to use:" + log_menu " 1) 2048 bits (recommended)" + log_menu " 2) 3072 bits" + log_menu " 3) 4096 bits" + until [[ $DH_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do + read -rp "DH key size [1-3]: " -e -i 1 DH_KEY_SIZE_CHOICE + done + case $DH_KEY_SIZE_CHOICE in + 1) + DH_KEY_SIZE="2048" + ;; + 2) + DH_KEY_SIZE="3072" + ;; + 3) + DH_KEY_SIZE="4096" + ;; + esac ;; - 3) - DH_CURVE="secp521r1" - ;; - esac - ;; - 2) - log_menu "" - log_prompt "Choose what size of Diffie-Hellman key you want to use:" - log_menu " 1) 2048 bits (recommended)" - log_menu " 2) 3072 bits" - log_menu " 3) 4096 bits" - until [[ $DH_KEY_SIZE_CHOICE =~ ^[1-3]$ ]]; do - read -rp "DH key size [1-3]: " -e -i 1 DH_KEY_SIZE_CHOICE - done - case $DH_KEY_SIZE_CHOICE in - 1) - DH_KEY_SIZE="2048" - ;; - 2) - DH_KEY_SIZE="3072" - ;; - 3) - DH_KEY_SIZE="4096" - ;; - esac - ;; esac - log_menu "" + log_menu "" # The "auth" options behaves differently with AEAD ciphers if [[ $CIPHER =~ CBC$ ]]; then log_prompt "The digest algorithm authenticates data channel packets and tls-auth packets from the control channel." @@ -750,28 +750,28 @@ function installQuestions() { log_prompt "The digest algorithm authenticates tls-auth packets from the control channel." fi log_prompt "Which digest algorithm do you want to use for HMAC?" - log_menu " 1) SHA-256 (recommended)" - log_menu " 2) SHA-384" - log_menu " 3) SHA-512" + log_menu " 1) SHA-256 (recommended)" + log_menu " 2) SHA-384" + log_menu " 3) SHA-512" until [[ $HMAC_ALG_CHOICE =~ ^[1-3]$ ]]; do read -rp "Digest algorithm [1-3]: " -e -i 1 HMAC_ALG_CHOICE done case $HMAC_ALG_CHOICE in - 1) - HMAC_ALG="SHA256" - ;; - 2) - HMAC_ALG="SHA384" - ;; - 3) - HMAC_ALG="SHA512" - ;; + 1) + HMAC_ALG="SHA256" + ;; + 2) + HMAC_ALG="SHA384" + ;; + 3) + HMAC_ALG="SHA512" + ;; esac - log_menu "" + log_menu "" log_prompt "You can add an additional layer of security to the control channel with tls-auth and tls-crypt" log_prompt "tls-auth authenticates the packets, while tls-crypt authenticate and encrypt them." - log_menu " 1) tls-crypt (recommended)" - log_menu " 2) tls-auth" + log_menu " 1) tls-crypt (recommended)" + log_menu " 2) tls-auth" until [[ $TLS_SIG =~ [1-2] ]]; do read -rp "Control channel additional security mechanism [1-2]: " -e -i 1 TLS_SIG done @@ -910,13 +910,13 @@ function installOpenVPN() { cd /etc/openvpn/easy-rsa/ || return case $CERT_TYPE in - 1) - echo "set_var EASYRSA_ALGO ec" >vars - echo "set_var EASYRSA_CURVE $CERT_CURVE" >>vars - ;; - 2) - echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" >vars - ;; + 1) + echo "set_var EASYRSA_ALGO ec" >vars + echo "set_var EASYRSA_CURVE $CERT_CURVE" >>vars + ;; + 2) + echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" >vars + ;; esac # Generate a random, alphanumeric identifier of 16 characters for CN and one for server name @@ -945,14 +945,14 @@ function installOpenVPN() { log_info "Generating TLS key..." case $TLS_SIG in - 1) - # Generate tls-crypt key - run_cmd "Generating tls-crypt key" openvpn --genkey --secret /etc/openvpn/tls-crypt.key - ;; - 2) - # Generate tls-auth key - run_cmd "Generating tls-auth key" openvpn --genkey --secret /etc/openvpn/tls-auth.key - ;; + 1) + # Generate tls-crypt key + run_cmd "Generating tls-crypt key" openvpn --genkey --secret /etc/openvpn/tls-crypt.key + ;; + 2) + # Generate tls-auth key + run_cmd "Generating tls-auth key" openvpn --genkey --secret /etc/openvpn/tls-auth.key + ;; esac else # If easy-rsa is already installed, grab the generated SERVER_NAME @@ -992,74 +992,74 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf # DNS resolvers case $DNS in - 1) # Current system resolvers - # Locate the proper resolv.conf - # Needed for systems running systemd-resolved - if grep -q "127.0.0.53" "/etc/resolv.conf"; then - RESOLVCONF='/run/systemd/resolve/resolv.conf' - else - RESOLVCONF='/etc/resolv.conf' - fi - # Obtain the resolvers from resolv.conf and use them for OpenVPN - sed -ne 's/^nameserver[[:space:]]\+\([^[:space:]]\+\).*$/\1/p' $RESOLVCONF | while read -r line; do - # Copy, if it's a IPv4 |or| if IPv6 is enabled, IPv4/IPv6 does not matter - if [[ $line =~ ^[0-9.]*$ ]] || [[ $IPV6_SUPPORT == 'y' ]]; then - echo "push \"dhcp-option DNS $line\"" >>/etc/openvpn/server.conf + 1) # Current system resolvers + # Locate the proper resolv.conf + # Needed for systems running systemd-resolved + if grep -q "127.0.0.53" "/etc/resolv.conf"; then + RESOLVCONF='/run/systemd/resolve/resolv.conf' + else + RESOLVCONF='/etc/resolv.conf' fi - done - ;; - 2) # Self-hosted DNS resolver (Unbound) - echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf - if [[ $IPV6_SUPPORT == 'y' ]]; then - echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf - fi - ;; - 3) # Cloudflare - echo 'push "dhcp-option DNS 1.0.0.1"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 1.1.1.1"' >>/etc/openvpn/server.conf - ;; - 4) # Quad9 - echo 'push "dhcp-option DNS 9.9.9.9"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 149.112.112.112"' >>/etc/openvpn/server.conf - ;; - 5) # Quad9 uncensored - echo 'push "dhcp-option DNS 9.9.9.10"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 149.112.112.10"' >>/etc/openvpn/server.conf - ;; - 6) # FDN - echo 'push "dhcp-option DNS 80.67.169.40"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 80.67.169.12"' >>/etc/openvpn/server.conf - ;; - 7) # DNS.WATCH - echo 'push "dhcp-option DNS 84.200.69.80"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 84.200.70.40"' >>/etc/openvpn/server.conf - ;; - 8) # OpenDNS - echo 'push "dhcp-option DNS 208.67.222.222"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 208.67.220.220"' >>/etc/openvpn/server.conf - ;; - 9) # Google - echo 'push "dhcp-option DNS 8.8.8.8"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 8.8.4.4"' >>/etc/openvpn/server.conf - ;; - 10) # Yandex Basic - echo 'push "dhcp-option DNS 77.88.8.8"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 77.88.8.1"' >>/etc/openvpn/server.conf - ;; - 11) # AdGuard DNS - echo 'push "dhcp-option DNS 94.140.14.14"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 94.140.15.15"' >>/etc/openvpn/server.conf - ;; - 12) # NextDNS - echo 'push "dhcp-option DNS 45.90.28.167"' >>/etc/openvpn/server.conf - echo 'push "dhcp-option DNS 45.90.30.167"' >>/etc/openvpn/server.conf - ;; - 13) # Custom DNS - echo "push \"dhcp-option DNS $DNS1\"" >>/etc/openvpn/server.conf - if [[ $DNS2 != "" ]]; then - echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf - fi - ;; + # Obtain the resolvers from resolv.conf and use them for OpenVPN + sed -ne 's/^nameserver[[:space:]]\+\([^[:space:]]\+\).*$/\1/p' $RESOLVCONF | while read -r line; do + # Copy, if it's a IPv4 |or| if IPv6 is enabled, IPv4/IPv6 does not matter + if [[ $line =~ ^[0-9.]*$ ]] || [[ $IPV6_SUPPORT == 'y' ]]; then + echo "push \"dhcp-option DNS $line\"" >>/etc/openvpn/server.conf + fi + done + ;; + 2) # Self-hosted DNS resolver (Unbound) + echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf + if [[ $IPV6_SUPPORT == 'y' ]]; then + echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf + fi + ;; + 3) # Cloudflare + echo 'push "dhcp-option DNS 1.0.0.1"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 1.1.1.1"' >>/etc/openvpn/server.conf + ;; + 4) # Quad9 + echo 'push "dhcp-option DNS 9.9.9.9"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 149.112.112.112"' >>/etc/openvpn/server.conf + ;; + 5) # Quad9 uncensored + echo 'push "dhcp-option DNS 9.9.9.10"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 149.112.112.10"' >>/etc/openvpn/server.conf + ;; + 6) # FDN + echo 'push "dhcp-option DNS 80.67.169.40"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 80.67.169.12"' >>/etc/openvpn/server.conf + ;; + 7) # DNS.WATCH + echo 'push "dhcp-option DNS 84.200.69.80"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 84.200.70.40"' >>/etc/openvpn/server.conf + ;; + 8) # OpenDNS + echo 'push "dhcp-option DNS 208.67.222.222"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 208.67.220.220"' >>/etc/openvpn/server.conf + ;; + 9) # Google + echo 'push "dhcp-option DNS 8.8.8.8"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 8.8.4.4"' >>/etc/openvpn/server.conf + ;; + 10) # Yandex Basic + echo 'push "dhcp-option DNS 77.88.8.8"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 77.88.8.1"' >>/etc/openvpn/server.conf + ;; + 11) # AdGuard DNS + echo 'push "dhcp-option DNS 94.140.14.14"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 94.140.15.15"' >>/etc/openvpn/server.conf + ;; + 12) # NextDNS + echo 'push "dhcp-option DNS 45.90.28.167"' >>/etc/openvpn/server.conf + echo 'push "dhcp-option DNS 45.90.30.167"' >>/etc/openvpn/server.conf + ;; + 13) # Custom DNS + echo "push \"dhcp-option DNS $DNS1\"" >>/etc/openvpn/server.conf + if [[ $DNS2 != "" ]]; then + echo "push \"dhcp-option DNS $DNS2\"" >>/etc/openvpn/server.conf + fi + ;; esac echo 'push "redirect-gateway def1 bypass-dhcp"' >>/etc/openvpn/server.conf @@ -1084,12 +1084,12 @@ push "redirect-gateway ipv6"' >>/etc/openvpn/server.conf fi case $TLS_SIG in - 1) - echo "tls-crypt tls-crypt.key" >>/etc/openvpn/server.conf - ;; - 2) - echo "tls-auth tls-auth.key 0" >>/etc/openvpn/server.conf - ;; + 1) + echo "tls-crypt tls-crypt.key" >>/etc/openvpn/server.conf + ;; + 2) + echo "tls-auth tls-auth.key 0" >>/etc/openvpn/server.conf + ;; esac echo "crl-verify crl.pem @@ -1291,13 +1291,13 @@ function newClient() { log_info "Generating client certificate..." export EASYRSA_CERT_EXPIRE=$CERT_VALIDITY_DAYS case $PASS in - 1) - run_cmd "Building client certificate" ./easyrsa --batch build-client-full "$CLIENT" nopass - ;; - 2) - log_warn "You will be asked for the client password below" - ./easyrsa --batch build-client-full "$CLIENT" - ;; + 1) + run_cmd "Building client certificate" ./easyrsa --batch build-client-full "$CLIENT" nopass + ;; + 2) + log_warn "You will be asked for the client password below" + ./easyrsa --batch build-client-full "$CLIENT" + ;; esac log_success "Client $CLIENT added." fi @@ -1342,17 +1342,17 @@ function newClient() { echo "" case $TLS_SIG in - 1) - echo "" - cat /etc/openvpn/tls-crypt.key - echo "" - ;; - 2) - echo "key-direction 1" - echo "" - cat /etc/openvpn/tls-auth.key - echo "" - ;; + 1) + echo "" + cat /etc/openvpn/tls-crypt.key + echo "" + ;; + 2) + echo "key-direction 1" + echo "" + cat /etc/openvpn/tls-auth.key + echo "" + ;; esac } >>"$homeDir/$CLIENT.ovpn" @@ -1519,18 +1519,18 @@ function manageMenu() { done case $MENU_OPTION in - 1) - newClient - ;; - 2) - revokeClient - ;; - 3) - removeOpenVPN - ;; - 4) - exit 0 - ;; + 1) + newClient + ;; + 2) + revokeClient + ;; + 3) + removeOpenVPN + ;; + 4) + exit 0 + ;; esac }