Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-06 12:42:41 +01:00
Code Issues Projects Releases Wiki Activity
744 Commits 6 Branches 0 Tags
94c1af2b5d973de3e1388899dcee2b6fdd6a9a52
Commit Graph

744 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stanislas Lange
94c1af2b5d Remove Fedora 43 OS image from CI workflow 2025-12-04 23:18:15 +01:00
Stanislas Lange
f92582fb2f Update Fedora OS images in CI workflow to include 42 and 43 2025-12-04 23:15:24 +01:00
Stanislas Lange
469bc2f883 Update OS images in CI workflow to include Debian 13 and remove 11 2025-12-04 23:12:57 +01:00
Stanislas
93284de7df Fix typo in FAQ 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-04 23:04:11 +01:00
Stanislas Lange
cc834519ff Fix path to easy-rsa tarball in checksum verification 2025-12-04 23:04:11 +01:00
Stanislas Lange
39dd034717 Fix textlint terminology: websites -> sites 2025-12-04 23:04:11 +01:00
Stanislas Lange
fafd10687f Disable MD041 rule for template files with HTML comments 2025-12-04 23:04:11 +01:00
Stanislas Lange
7e9a713657 Fix shfmt formatting for constant comments 2025-12-04 23:04:11 +01:00
Stanislas Lange
6b92f8a61f Quote shell variables in test.yml to fix shellcheck warnings 2025-12-04 23:04:11 +01:00
Stanislas Lange
62c336022f Add permissions to test.yml for security best practices 2025-12-04 23:04:11 +01:00
Stanislas Lange
cad43ad99e Add permissions to lint.yml for security best practices 2025-12-04 23:04:11 +01:00
Stanislas Lange
3a0260e9b8 Make openvpn-install.sh executable 2025-12-04 23:04:11 +01:00
Stanislas Lange
77f28d1595 ci: add fetch-depth: 0 for super-linter v7 compatibility 
Super-linter v7 requires full git history to find the default branch
for comparison. Without fetch-depth: 0, it fails with 'master branch
doesn't exist' error.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
b7557dd77f refactor: extract magic numbers to named constants 
Move hardcoded values to readonly constants at the top of the script:
- CERT_VALIDITY_DAYS: certificate expiry (10 years)
- CRL_VALIDITY_DAYS: CRL expiry (10 years)
- EASYRSA_VERSION: easy-rsa version
- EASYRSA_SHA256: easy-rsa checksum

This improves maintainability and makes it easier to update these
values in the future.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
7304dbaac8 style: reduce shellcheck disables and fix warnings 
- Remove unnecessary shellcheck disables (SC2164, SC1072, SC1073, SC1009)
- Add explanatory comments for remaining disables
- Fix SC2181: use direct exit code check instead of $?
- Fix SC2086: quote DH_KEY_SIZE variable
 2025-12-04 23:04:11 +01:00
Stanislas Lange
bfcd624592 docs: fix sysctl config path in FAQ (20 -> 99) 
The script uses /etc/sysctl.d/99-openvpn.conf but the FAQ
incorrectly referenced /etc/sysctl.d/20-openvpn.conf
 2025-12-04 23:04:11 +01:00
Stanislas Lange
46a295b538 docs: update security section note for OpenVPN 2.5+ 
Replace the warning about outdated documentation with a note
clarifying that TLS 1.2 is kept as minimum for client compatibility
while acknowledging OpenVPN 2.5+ features.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
bf31e0ca64 docs: fix broken workflow link (push.yml -> lint.yml) 
The workflow file was renamed but the README link was not updated.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
7c2c491fab ci: update appleboy/ssh-action from v0.1.6 to v1.2.0 
Updates to a more recent stable version with bug fixes and
improvements.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
00f3cd1605 ci: update Super Linter from v4.1.0 to v7 
The super-linter project has been moved to the super-linter org
and significantly updated. v7 includes many improvements and
bug fixes.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
d61b16f3b8 ci: replace deprecated set-output with GITHUB_OUTPUT 
The set-output workflow command was deprecated in favor of
environment files. See:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
 2025-12-04 23:04:11 +01:00
Stanislas Lange
960be1a658 security: add validation for root.hints download 
Verify that the downloaded root.hints file is not empty and contains
expected DNS root server content before using it.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
94f0967878 security: add SHA256 checksum verification for easy-rsa download 
Adds integrity verification to prevent supply chain attacks when
downloading easy-rsa from GitHub releases.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
1c5381cc03 fix: correct DNS prompt range from [1-12] to [1-13] 
The prompt incorrectly showed [1-12] when option 13 (Custom DNS) is valid.
 2025-12-04 23:04:11 +01:00
Stanislas Lange
74dcf67844 fix: remove duplicate echo in resolvePublicIP error message 2025-12-04 23:04:11 +01:00
mags0ft
a680d1f7e3 Correct numerous smaller spelling mistakes 2025-05-01 18:13:27 +02:00
Stanislas Lange
7e32f6ae83 Fix mermaid diagram in README 2025-03-15 22:52:11 +01:00
Stanislas Lange
19e4b7961f CI: add Fedora 41 and remove 39 for e2e workflow 2025-03-10 10:27:19 +01:00
Blake Fleischer
399c3c87b9 Add support for Amazon Linux 2023 out of the box (#1259) 
Co-authored-by: Stanislas Lange <git@slange.me>
 2025-03-10 10:24:45 +01:00
Stanislas Lange
e2d4990ae1 Improve README 2025-01-06 17:25:26 +01:00
Raphael Pinto
e1f19e0f24 Fix Public IP detection - Fix issue when seeip.org is unreachable #1241 (#1243) 
The script does work when seeip.org is unreachable, so I changed the policy to define the public IP.

It solves the issue #1241

* Timeout limit on each try to solve the IP to avoid long waits;
* Extra public IP providers as failovers;
* the script only will try to solve an IP if the ENDPOINT is empty;

Co-authored-by: Stanislas <github@slange.me>
 2024-11-07 20:55:14 +01:00
Stanislas Lange
dc114f3243 Update distribution matrix for end-to-end tests 2024-11-07 20:49:42 +01:00
Stanislas Lange
0d58ddcb8c Update distribution matrix for end-to-end tests 2024-11-07 20:46:51 +01:00
xiahare
56660eefeb Fix public IP detection: ip.seeip.org has been changed to api.seeip.org (#1252) 2024-11-07 20:39:28 +01:00
Stanislas Lange
2ce1ee765e Remove centos-stream-8-x64 from test workflow 
Not available on DO anymore
 2024-07-12 18:22:34 +02:00
Stanislas
a189535563 Set client and server certificates validity to 10 years (#1235) 
Prevent #974
 2024-07-12 18:16:19 +02:00
Stanislas Lange
67701fac77 CI: wait for dpkg lock in debian/ubuntu setup step 2024-05-16 20:37:23 +02:00
Stanislas Lange
0cc002e17d CI: wait for dpkg lock in debian/ubuntu setup step 2024-05-16 20:33:32 +02:00
Stanislas Lange
a2725d61a3 CI: update actions/checkout to v4 2024-05-16 20:13:47 +02:00
Stanislas Lange
305e9868cf CI: update linux distributions used in end-to-end tests 2024-05-16 20:08:12 +02:00
Stanislas Lange
6a127fa2b6 Enable manual trigger of actions 2024-05-16 20:02:01 +02:00
Stanislas Lange
5a4b31bd0d Fix typo in README 2023-11-20 21:21:56 +01:00
David Salbeï
651e36c6cb Fix syntax error on Rocky Linux version check (#1182) 
Co-authored-by: David Salbei <david@incolab.fr>
 2023-11-20 21:19:13 +01:00
Stanislas
1a249c621d ci: test workflow server images update (#1183) 
* test ci

* remove ubuntu 18.04

* remove fedora 35 and add 37 38

* disable centos stream 9, add debian 12
 2023-11-20 21:14:04 +01:00
Stanislas Lange
80feebed16 Remove visitors badge 2023-01-22 16:43:13 +01:00
Stanislas Lange
d096f7a3a2 Add star history 2023-01-22 16:42:48 +01:00
Stanislas Lange
33fe6af131 Update cloud providers 2023-01-22 01:55:06 +01:00
Stanislas Lange
d2556ff235 Add support for CentOS 9 + update supported distributions 2023-01-22 00:57:40 +01:00
Stanislas Lange
2f76bb5e40 Update easy-rsa to 3.1.2 and fix compatibility with Ubuntu 22.04 
Based on this patch by @zerodivisi0n: https://github.com/angristan/openvpn-install/issues/1000#issuecomment-1283484772
 2023-01-22 00:10:46 +01:00
Stanislas Lange
ca8d58d5f0 Fix checkout in test workflow 2023-01-22 00:10:46 +01:00