Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-06 20:52:42 +01:00
Code Issues Projects Releases Wiki Activity
736 Commits 6 Branches 0 Tags
6b92f8a61f7bb65157f759f0382cfec13d7bd6ac
Commit Graph

391 Commits

Author SHA1 Message Date
Stanislas Lange
3a0260e9b8 Make openvpn-install.sh executable 2025-12-04 23:04:11 +01:00
Stanislas Lange
b7557dd77f refactor: extract magic numbers to named constants 
Move hardcoded values to readonly constants at the top of the script:
- CERT_VALIDITY_DAYS: certificate expiry (10 years)
- CRL_VALIDITY_DAYS: CRL expiry (10 years)
- EASYRSA_VERSION: easy-rsa version
- EASYRSA_SHA256: easy-rsa checksum

This improves maintainability and makes it easier to update these
values in the future.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
7304dbaac8 style: reduce shellcheck disables and fix warnings 
- Remove unnecessary shellcheck disables (SC2164, SC1072, SC1073, SC1009)
- Add explanatory comments for remaining disables
- Fix SC2181: use direct exit code check instead of $?
- Fix SC2086: quote DH_KEY_SIZE variable
 2025-12-04 23:04:11 +01:00
Stanislas Lange
960be1a658 security: add validation for root.hints download 
Verify that the downloaded root.hints file is not empty and contains
expected DNS root server content before using it.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
94f0967878 security: add SHA256 checksum verification for easy-rsa download 
Adds integrity verification to prevent supply chain attacks when
downloading easy-rsa from GitHub releases.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
1c5381cc03 fix: correct DNS prompt range from [1-12] to [1-13] 
The prompt incorrectly showed [1-12] when option 13 (Custom DNS) is valid.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
74dcf67844 fix: remove duplicate echo in resolvePublicIP error message 2025-12-04 23:04:11 +01:00
mags0ft
a680d1f7e3 Correct numerous smaller spelling mistakes 2025-05-01 18:13:27 +02:00
Blake Fleischer
399c3c87b9 Add support for Amazon Linux 2023 out of the box (#1259) 
Co-authored-by: Stanislas Lange <git@slange.me>
 2025-03-10 10:24:45 +01:00
Raphael Pinto
e1f19e0f24 Fix Public IP detection - Fix issue when seeip.org is unreachable #1241 (#1243) 
The script does work when seeip.org is unreachable, so I changed the policy to define the public IP.

It solves the issue #1241

* Timeout limit on each try to solve the IP to avoid long waits;
* Extra public IP providers as failovers;
* the script only will try to solve an IP if the ENDPOINT is empty;

Co-authored-by: Stanislas <github@slange.me>
 2024-11-07 20:55:14 +01:00
xiahare
56660eefeb Fix public IP detection: ip.seeip.org has been changed to api.seeip.org (#1252) 2024-11-07 20:39:28 +01:00
Stanislas
a189535563 Set client and server certificates validity to 10 years (#1235) 
Prevent #974
 2024-07-12 18:16:19 +02:00
David Salbeï
651e36c6cb Fix syntax error on Rocky Linux version check (#1182) 
Co-authored-by: David Salbei <david@incolab.fr>
 2023-11-20 21:19:13 +01:00
Stanislas Lange
d2556ff235 Add support for CentOS 9 + update supported distributions 2023-01-22 00:57:40 +01:00
Stanislas Lange
2f76bb5e40 Update easy-rsa to 3.1.2 and fix compatibility with Ubuntu 22.04 
Based on this patch by @zerodivisi0n: https://github.com/angristan/openvpn-install/issues/1000#issuecomment-1283484772
 2023-01-22 00:10:46 +01:00
Stanislas Lange
2a57e89489 Public IP detection: change provider 
Close #1076 #924 #1039 #925
 2023-01-06 21:39:02 +01:00
Jan Stárek
4ee44c8e46 Use DNS fallback to ifconfig.co (#1066) 
Co-authored-by: Jan Stárek <jan.starek@ysoft.com>
 2023-01-06 21:33:54 +01:00
Christian Ramelow
9b5361d32d Adds the --no-same-owner flag to tar command (#1070) 
Close #1069
 2023-01-03 14:09:37 +01:00
xumia
039ebaafe1 Fix the wrong client config when the certificate contains END string (#1067) 2023-01-03 14:06:59 +01:00
Stanislas Lange
86a6d2d3e7 Revert "Use --genkey secret filename instead (#1059)" 
This reverts commit 0de56f8f33.
 2022-11-21 19:33:24 +01:00
Padraig Doran
0de56f8f33 Use --genkey secret filename instead (#1059) 
Fix for:
WARNING: Using --genkey --secret filename is DEPRECATED.  Use --genkey secret filename instead.

https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--secret

Status 	Removed
Deprecated in: 	OpenVPN v2.4
Removed in: 	OpenVPN v2.5
Affects: 	--genkey
Result if used: 	User Warning printed
Replaced by: 	secret (No leading double dash)
Examples: 	Use --genkey secret filename
Notes:
 2022-11-21 19:12:46 +01:00
climbTheStairs
3d0014c026 Fix typo (#957) 2022-01-07 15:54:46 +01:00
randomshell
3a5bcf5d2d Remove unnecessary cipher configuration on Fedora (#762) 2021-12-13 22:50:21 +01:00
Stanislas
8f83781d00 Add retries to curl ifconfig.co (#708) 
Fix for #670
 2021-12-13 22:48:27 +01:00
TinCanTech
89b591a160 revokeClient: Do not remove revoked client record from index.txt (#945) 
Deleting a revoked (^R) client record from index.txt means that the
client will not be listed in the Certificate Revocation List.  This
effectively "unrevokes" the client and allows the client to continue
using the VPN.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2021-12-13 22:45:35 +01:00
Woodie-07
506c86f720 Fix a very small typo (#933) 
Changed the word 'make' to 'makes' in 'Do you want to use compression? It is not recommended since the VORACLE attack make use of it.'
 2021-10-20 14:06:11 +02:00
fabiogiorgione
29deb4cfdf Delete old client references in easy-rsa PKI index (#873) 2021-10-18 10:43:36 +02:00
Łukasz Filipek
7d5c2d962d Enable oracle-epel-release for Oracle Linux (#930) 2021-10-18 10:41:06 +02:00
James Lee
8783719459 Add support for AlmaLinux 8 (#891) 2021-08-27 15:24:53 +02:00
Stanislas
bcd1d8a53e Document Rocky Linux support 2021-07-06 10:56:15 +02:00
derek-j-pitman
1d55f856ae Add support for Rocky Linux 8 (#869) 2021-07-06 10:53:12 +02:00
rvva
bfdf48c392 Add support for Oracle Linux 8 (#810) 
Co-authored-by: Stanislas <stanislas.lange@pm.me>
 2021-03-22 10:48:15 +01:00
Stanislas Lange
319459ae77 Fix home dir detection 
Fix e965518dc7
Fix https://github.com/angristan/openvpn-install/issues/806
 2021-03-11 18:59:45 +01:00
Stanislas Lange
e965518dc7 Fix home dir detection when using sudo as root 
Close https://github.com/angristan/openvpn-install/issues/780
 2021-03-10 22:16:16 +01:00
Stanislas Lange
d1de5c64fe apt: use remove instead of autoremove 
Close https://github.com/angristan/openvpn-install/issues/794
 2021-03-10 21:46:52 +01:00
Christoph Schulz
1cc1978477 Compatibility with RHEL+EPEL (#796) 2021-02-14 10:54:53 +01:00
quyleanh
860aaa8bf4 Update with latest Adguard DNS server (#766) 
Update latest Adguard DNS server as [following article](https://kb.adguard.com/en/general/dns-providers#adguard-dns)
 2020-12-08 20:56:39 +01:00
Stanislas
bd047c08d7 ci: use super-linter (#683) 2020-10-21 13:59:49 +02:00
randomshell
7b7567e7cb Remove key-direction from tls-crypt option (#748) 
In contrast to --tls-auth, --tls-crypt does *not* require the user to set --key-direction. Thus syntax is `--tls-crypt keyfile`
 2020-10-21 13:57:45 +02:00
Dave Eargle
2e193e33cb increase priority of sysctl conf file (#750) 
Prevents GCP cloud platform's default security policy for instances, which uses prefix 60-, from overriding ip_forward. Also future-proofs against any other such default policy.
 2020-10-20 23:44:52 +02:00
Stanislas Lange
73c5304fda style: format with shfmt 2020-10-20 16:42:35 +02:00
Phonic Mouse
cef199916d Added automatic NAT public IP discovery (#735) 2020-10-20 16:31:12 +02:00
Stanislas Lange
1e3006c9ec Shellcheck: move excludes to action env 2020-08-03 17:50:40 +02:00
Stanislas
e52a54b92f Merge pull request #699 from Serpentiel/patch-1 
Updated client name input restrictions and hint
 2020-08-03 17:14:22 +02:00
Stanislas
99ebd3d9bc Merge pull request #691 from cn3lfs/patch-1 
change mkdir to mkdir -p for directory not exist
 2020-07-30 12:45:38 +02:00
randomshell
5c2a86f27e Update distro compatibility list and remove Debian 8 support (#654) 2020-07-28 12:24:57 +02:00
Aleksander
b4773385a4 Updated client name input restrictions and hint 2020-07-17 22:10:31 +03:00
cn3lfs
a35cd2eca4 change mkdir to mkdir -p for directory not exist 
change mkdir to mkdir -p for directory /etc/openvpn/easy-rsa not exist
 2020-06-30 15:14:19 +08:00
robiiinos
9e1fe367bf Default DNS to AdGuard 2020-06-29 09:09:38 +02:00
robiiinos
ed26d6a649 Update error message on CentOS install 2020-06-27 12:30:20 +02:00