Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-06 20:52:42 +01:00
Code Issues Projects Releases Wiki Activity
736 Commits 6 Branches 0 Tags
6b92f8a61f7bb65157f759f0382cfec13d7bd6ac
Commit Graph

736 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stanislas Lange
6b92f8a61f Quote shell variables in test.yml to fix shellcheck warnings 2025-12-04 23:04:11 +01:00
Stanislas Lange
62c336022f Add permissions to test.yml for security best practices 2025-12-04 23:04:11 +01:00
Stanislas Lange
cad43ad99e Add permissions to lint.yml for security best practices 2025-12-04 23:04:11 +01:00
Stanislas Lange
3a0260e9b8 Make openvpn-install.sh executable 2025-12-04 23:04:11 +01:00
Stanislas Lange
77f28d1595 ci: add fetch-depth: 0 for super-linter v7 compatibility 
Super-linter v7 requires full git history to find the default branch
for comparison. Without fetch-depth: 0, it fails with 'master branch
doesn't exist' error.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
b7557dd77f refactor: extract magic numbers to named constants 
Move hardcoded values to readonly constants at the top of the script:
- CERT_VALIDITY_DAYS: certificate expiry (10 years)
- CRL_VALIDITY_DAYS: CRL expiry (10 years)
- EASYRSA_VERSION: easy-rsa version
- EASYRSA_SHA256: easy-rsa checksum

This improves maintainability and makes it easier to update these
values in the future.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
7304dbaac8 style: reduce shellcheck disables and fix warnings 
- Remove unnecessary shellcheck disables (SC2164, SC1072, SC1073, SC1009)
- Add explanatory comments for remaining disables
- Fix SC2181: use direct exit code check instead of $?
- Fix SC2086: quote DH_KEY_SIZE variable
 2025-12-04 23:04:11 +01:00
Stanislas Lange
bfcd624592 docs: fix sysctl config path in FAQ (20 -> 99) 
The script uses /etc/sysctl.d/99-openvpn.conf but the FAQ
incorrectly referenced /etc/sysctl.d/20-openvpn.conf
 2025-12-04 23:04:11 +01:00
Stanislas Lange
46a295b538 docs: update security section note for OpenVPN 2.5+ 
Replace the warning about outdated documentation with a note
clarifying that TLS 1.2 is kept as minimum for client compatibility
while acknowledging OpenVPN 2.5+ features.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
bf31e0ca64 docs: fix broken workflow link (push.yml -> lint.yml) 
The workflow file was renamed but the README link was not updated.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
7c2c491fab ci: update appleboy/ssh-action from v0.1.6 to v1.2.0 
Updates to a more recent stable version with bug fixes and
improvements.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
00f3cd1605 ci: update Super Linter from v4.1.0 to v7 
The super-linter project has been moved to the super-linter org
and significantly updated. v7 includes many improvements and
bug fixes.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
d61b16f3b8 ci: replace deprecated set-output with GITHUB_OUTPUT 
The set-output workflow command was deprecated in favor of
environment files. See:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
 2025-12-04 23:04:11 +01:00
Stanislas Lange
960be1a658 security: add validation for root.hints download 
Verify that the downloaded root.hints file is not empty and contains
expected DNS root server content before using it.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
94f0967878 security: add SHA256 checksum verification for easy-rsa download 
Adds integrity verification to prevent supply chain attacks when
downloading easy-rsa from GitHub releases.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
1c5381cc03 fix: correct DNS prompt range from [1-12] to [1-13] 
The prompt incorrectly showed [1-12] when option 13 (Custom DNS) is valid.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
74dcf67844 fix: remove duplicate echo in resolvePublicIP error message 2025-12-04 23:04:11 +01:00
mags0ft
a680d1f7e3 Correct numerous smaller spelling mistakes 2025-05-01 18:13:27 +02:00
Stanislas Lange
7e32f6ae83 Fix mermaid diagram in README 2025-03-15 22:52:11 +01:00
Stanislas Lange
19e4b7961f CI: add Fedora 41 and remove 39 for e2e workflow 2025-03-10 10:27:19 +01:00
Blake Fleischer
399c3c87b9 Add support for Amazon Linux 2023 out of the box (#1259) 
Co-authored-by: Stanislas Lange <git@slange.me>
 2025-03-10 10:24:45 +01:00
Stanislas Lange
e2d4990ae1 Improve README 2025-01-06 17:25:26 +01:00
Raphael Pinto
e1f19e0f24 Fix Public IP detection - Fix issue when seeip.org is unreachable #1241 (#1243) 
The script does work when seeip.org is unreachable, so I changed the policy to define the public IP.

It solves the issue #1241

* Timeout limit on each try to solve the IP to avoid long waits;
* Extra public IP providers as failovers;
* the script only will try to solve an IP if the ENDPOINT is empty;

Co-authored-by: Stanislas <github@slange.me>
 2024-11-07 20:55:14 +01:00
Stanislas Lange
dc114f3243 Update distribution matrix for end-to-end tests 2024-11-07 20:49:42 +01:00
Stanislas Lange
0d58ddcb8c Update distribution matrix for end-to-end tests 2024-11-07 20:46:51 +01:00
xiahare
56660eefeb Fix public IP detection: ip.seeip.org has been changed to api.seeip.org (#1252) 2024-11-07 20:39:28 +01:00
Stanislas Lange
2ce1ee765e Remove centos-stream-8-x64 from test workflow 
Not available on DO anymore
 2024-07-12 18:22:34 +02:00
Stanislas
a189535563 Set client and server certificates validity to 10 years (#1235) 
Prevent #974
 2024-07-12 18:16:19 +02:00
Stanislas Lange
67701fac77 CI: wait for dpkg lock in debian/ubuntu setup step 2024-05-16 20:37:23 +02:00
Stanislas Lange
0cc002e17d CI: wait for dpkg lock in debian/ubuntu setup step 2024-05-16 20:33:32 +02:00
Stanislas Lange
a2725d61a3 CI: update actions/checkout to v4 2024-05-16 20:13:47 +02:00
Stanislas Lange
305e9868cf CI: update linux distributions used in end-to-end tests 2024-05-16 20:08:12 +02:00
Stanislas Lange
6a127fa2b6 Enable manual trigger of actions 2024-05-16 20:02:01 +02:00
Stanislas Lange
5a4b31bd0d Fix typo in README 2023-11-20 21:21:56 +01:00
David Salbeï
651e36c6cb Fix syntax error on Rocky Linux version check (#1182) 
Co-authored-by: David Salbei <david@incolab.fr>
 2023-11-20 21:19:13 +01:00
Stanislas
1a249c621d ci: test workflow server images update (#1183) 
* test ci

* remove ubuntu 18.04

* remove fedora 35 and add 37 38

* disable centos stream 9, add debian 12
 2023-11-20 21:14:04 +01:00
Stanislas Lange
80feebed16 Remove visitors badge 2023-01-22 16:43:13 +01:00
Stanislas Lange
d096f7a3a2 Add star history 2023-01-22 16:42:48 +01:00
Stanislas Lange
33fe6af131 Update cloud providers 2023-01-22 01:55:06 +01:00
Stanislas Lange
d2556ff235 Add support for CentOS 9 + update supported distributions 2023-01-22 00:57:40 +01:00
Stanislas Lange
2f76bb5e40 Update easy-rsa to 3.1.2 and fix compatibility with Ubuntu 22.04 
Based on this patch by @zerodivisi0n: https://github.com/angristan/openvpn-install/issues/1000#issuecomment-1283484772
 2023-01-22 00:10:46 +01:00
Stanislas Lange
ca8d58d5f0 Fix checkout in test workflow 2023-01-22 00:10:46 +01:00
Stanislas Lange
0ac1bf4f51 Format markdown table in readme 2023-01-21 23:41:03 +01:00
Stanislas Lange
64cbbce0b7 Add OpenVPN 2.5 notice to README 2023-01-21 23:40:01 +01:00
Stanislas Lange
580c617d98 Update issue template 2023-01-21 23:18:52 +01:00
Stanislas Lange
2d0eca1a1d Update issue/PR template + contributing guidelines 2023-01-21 23:06:44 +01:00
Stanislas Lange
48f8c16d3a Add issue and PR templates 2023-01-21 23:00:30 +01:00
s7r
38d3bf9afa Update FAQ with IPv6 prefix policies for ULA addresses (#1083) 
* Update FAQ with IPv6 prefix policies for ULA addresses

Most operating systems will prefer IPv4 rather than IPv6 ULA, which defeats the purpose of redirect-gateway ipv6. It's nothing the script can do to automate this.
 2023-01-18 23:05:09 +01:00
Stanislas Lange
2a57e89489 Public IP detection: change provider 
Close #1076 #924 #1039 #925
 2023-01-06 21:39:02 +01:00
Jan Stárek
4ee44c8e46 Use DNS fallback to ifconfig.co (#1066) 
Co-authored-by: Jan Stárek <jan.starek@ysoft.com>
 2023-01-06 21:33:54 +01:00