Stanislas
594486c177
Rework iptables handling ( #291 )
2018-09-17 01:11:30 +02:00
angristan
18b025e831
Improve sysctl config
2018-09-16 22:45:04 +02:00
Stanislas
bfed14544e
Add IPv6 NAT support ( #238 )
2018-09-16 17:55:50 +02:00
angristan
f6c9a63e38
Drop support for Arch Linux
...
Arch Linux isn't very used and is not available on cloud providers. I cannot test it easily so it is a burden to maintain for me
2018-09-16 01:34:01 +02:00
angristan
8a5de575b7
Drop Debian 7 support
...
Debian 7 is EOL and I can't test it on cloud providers anymore
2018-09-16 01:29:04 +02:00
angristan
3209441775
Better bash
2018-09-16 01:26:37 +02:00
angristan
62380c512b
Drop CentOS 6 support
2018-09-16 01:26:30 +02:00
randomshell
f057e0aa5f
Add self-hosted DNS resolver (Unbound)
2018-09-16 00:53:33 +02:00
angristan
4bf4257cf3
Merge two mv commands
2018-09-05 20:26:33 +02:00
angristan
2997a7e8b6
Remove "|| return"
2018-09-05 20:20:46 +02:00
angristan
ea40b45b52
Fix /dev/urandom usage on unprivileged LXC containers
...
Fixes https://github.com/angristan/openvpn-install/issues/280
2018-09-02 22:32:58 +02:00
Angristan
64f62cf874
Remove log-append for now and create log dir
...
See https://github.com/Angristan/OpenVPN-install/issues/275
2018-08-23 00:40:36 +02:00
Angristan
d8d0bbb5da
Add access logs (log-append)
...
And move log files to /var/log/openvpn. Makes more sense and access logs can be very useful.
2018-08-22 22:11:36 +02:00
Angristan
1b18e7f2a7
Re-add a default suggestion for the client name
...
But only during the setup, not for additional clients
2018-08-18 21:47:10 +02:00
Angristan
47c86874dc
Update check on the client's name input
2018-08-18 19:55:36 +02:00
Angristan
9ef0bbc47d
Add password option for clients ( #160 )
2018-08-18 19:40:07 +02:00
Jebtrix
df172b962d
Add option to generate random port in private port range ( #229 )
2018-08-18 15:57:24 +02:00
Sayem Chowdhury
5501de73c8
Improved code ( #243 )
2018-07-15 11:25:59 +02:00
cezar97
63ac18075d
Add quad9 secondary DNS ( #248 )
...
See https://www.quad9.net/faq/#Is_there_a_service_that_Quad9_offers_that_does_not_have_the_blocklist_or_other_security .
2018-07-06 22:11:22 +02:00
Jebtrix
b8f0b44c55
[FIX] Unable to select AdGuard DNS choice ( #228 )
2018-05-29 10:18:24 +02:00
Angristan
6cecc16f0d
Fixes #217 "Package 'gpg' has no installation candidate"
2018-05-10 00:29:05 +02:00
Timofey Vasenin
d2a3b3bec6
Backport improvements of external IP handling ( #213 )
...
* [backport] Remove IP address detection fallback
It was never used, the one-liner is enough.
* [backport] Improve NAT detection
Cleaner and better:
- Not relying in an external service
- Avoids a false positive when the server has multiple public IPv4
addresses and the user selects one which is not the default gateway
2018-05-08 21:23:36 +02:00
Timofey Vasenin
b3fba4fddc
[backport] Fix system resolvers option for environments running systemd-resolved ( #214 )
2018-05-08 21:01:32 +02:00
Stanislas
2f6821d778
Add support for Ubuntu 18.04
2018-05-08 20:53:57 +02:00
Timofey Vasenin
71bb6e8371
Remove unneeded -r argument from some rm commands
...
Backport the relevant part of:
d717353769
2018-05-07 18:50:01 +02:00
cezar97
61d89e3ba2
Remove .ovpn on cert revoke or OpenVPN uninstall ( #178 )
2018-04-10 11:06:19 +02:00
Angristan
d7e706ac24
Add Cloudflare resolvers
...
Fixes #193
2018-04-01 23:12:05 +02:00
Angristan
42f6553dcc
Add GPG dependency
2018-02-25 17:37:03 +01:00
Angristan
687eb9019d
Fix Fedora detection
...
Fixes #168
2018-02-22 21:47:35 +01:00
Kcchouette
f252614a36
Remove unsupported version of ubuntu ( #163 )
...
* Remove unsupported version of ubuntu
Remove 12.04 as the support finished on April 28, 2017
Remove 16.10 as the support finished 2017-07-20
Remove 17.04 as the support finished 2018-01-13
2018-02-14 14:48:36 +01:00
Angristan
febdc04340
Support Ubuntu 17.10
...
Fixes #161
2018-02-13 22:38:48 +01:00
Angristan
501f8a9b36
Use a different client name for new users
...
Just in case the user keeps the default "client" username when installing, reusing "client" will fail. A tiny commit for lazy users.
2018-02-12 16:07:37 +01:00
Angristan
cffe4bee4a
Inverse FDN's DNS servers for DNSSEC
...
The .12 does not validate DNSSEC while the .40 does, so I'm putting the .40 first.
2018-01-27 20:21:28 +01:00
Angristan
edbf48646e
Merge pull request #151 from cezar97/master
...
Randomize CN and Server Name and verify Server Name
2018-01-25 12:24:50 +01:00
Angristan
d19283c46f
Optmize vars
...
I'm not removing the PiVPN mention because I don't want to credit them, but to not bloat the script.
Their contribution will be available via git blame + https://github.com/Angristan/OpenVPN-install/pull/151 :)
2018-01-25 12:23:25 +01:00
Angristan
7c7084238f
Update EasyRSA to 3.0.4
...
Fixes "./easyrsa: 644: ./easyrsa: [[: not found"
2018-01-23 12:19:01 +01:00
cezar97
931190dd59
Verify server name to strengthen security
2018-01-18 17:36:31 +01:00
cezar97
4f5f43e503
Randomize CN and server name, fixed #48
...
Solution taken from pivpn install script here: https://github.com/pivpn/pivpn/blob/master/auto_install/install.sh .
Repo in https://github.com/pivpn/pivpn .
2018-01-18 17:19:51 +01:00
Angristan
f681c0bd34
Add Amazon Linux support
...
Fixes https://github.com/Angristan/OpenVPN-install/issues/128
2018-01-11 11:08:35 +01:00
Angristan
bb23ed1227
Merge pull request #139 from Angristan/systemd-openvz-fix
...
Fix systemd service on OpenVZ
2017-12-16 15:29:02 +01:00
Arda
6931364a23
Fedora Support
2017-11-30 22:54:53 +03:00
Angristan
3b8c5d776a
Update DNS list with Quad9
2017-11-29 11:21:33 +01:00
Angristan
6ac1b185fa
Update DNS list with Quad9
2017-11-29 11:17:06 +01:00
Nicolas Duchon
449361007a
Add Quad9 DNS
2017-11-29 10:46:58 +01:00
Angristan
1241072bb2
Fix systemd service on OpenVZ
...
fix the service on all systemd/ubuntu versions
2017-11-28 22:14:27 +01:00
Angristan
f47fc795d5
Merge PR #83 : Remove rc.local and use an iptables systemd service
...
- Install iptables systemd service for Debian, Ubuntu and CentOS
- Fix iptables install for ArcLinux
- Remove the use rc.local file
- Remove all iptables rules when removing openvpn (cf. #60 )
2017-11-12 22:56:02 +01:00
Angristan
80fd8678a6
Revert "Merge PR #83 : Remove rc.local and use an iptables systemd service"
...
This reverts commit e874013112
, reversing
changes made to 998d1e8b13
.
2017-11-12 22:51:54 +01:00
Angristan
e874013112
Merge PR #83 : Remove rc.local and use an iptables systemd service
2017-11-12 22:43:55 +01:00
Angristan
aca3b4a019
Fix the network interface variable
...
Fix for https://github.com/Angristan/OpenVPN-install/pull/83#issuecomment-343758329
2017-11-12 19:54:44 +01:00
Angristan
dcec3f12a4
Disable firewalld to allow iptables to start upon reboot
2017-11-12 18:30:05 +01:00
Angristan
ed17fc074d
Resolve conflicts
...
Merge changes from master to resolve conflicts
2017-11-12 18:07:07 +01:00
Angristan
998d1e8b13
Merge pull request #92 from NathanZepol/master
...
Adding auth-nocache option to .ovpn configuration
2017-11-12 16:04:11 +01:00
Angristan
a7a277e2dc
Remove "local" parameter
...
Revert ad3c223385
On some servers, this prevented OpenVPN to start on boot. (Socket bind failed on local address [AF_INET] IP:1194 Cannot assign requested address)
2017-11-12 15:48:39 +01:00
Angristan
a0821ee5b4
Fix typo
2017-10-17 22:05:11 +02:00
Angristan
dccbe2f71d
Add AdGuard DNS
2017-10-09 17:12:46 +02:00
Jelle Dekker
603d6747b9
Extended the expiration date of the certificate revocation list to 10 years.
2017-09-29 16:13:02 -05:00
Nathan
641510984b
Adding auth-nocache Option to .ovpn Configuration
2017-08-27 13:59:08 -05:00
Angristan
37d42e25fe
Update Easy-RSA to v3.0.3
2017-08-23 10:39:33 +02:00
Angristan
c0ed60e8cf
Update openvpn-install.sh
2017-08-22 11:12:42 +02:00
Ola Tuvesson
ad3c223385
Will now set "local" in server.conf to the chosen IP adderess
...
If you want to run OpenVPN in UDP mode on an secondary IP, UDP routing will fail unless you explicitly bind OpenVPN to the chosen IP address. This change includes the "local" parameter in the config and sets it to the IP address entered at the beginning.
2017-08-22 00:39:43 +01:00
Angristan
edbe4fed90
Rename OpenVPN's APT list
2017-08-20 22:38:55 +02:00
Angristan
a3c005c556
Update Debian and Ubuntu repository
...
swupdate.openvpn.net hasn't been updated since OpenVPN 2.3.14 whereas build.openvpn.net supports OpenVPN 2.4.x as of today
Fixes https://github.com/Angristan/OpenVPN-install/issues/86
2017-08-07 16:44:16 +02:00
patlol
58a5282e17
Update openvpn-install.sh
2017-07-22 21:08:06 +02:00
patlol
3c5c87b031
Update openvpn-install.sh
2017-07-22 20:18:46 +02:00
patlol
5787c45a03
Update openvpn-install.sh
2017-07-22 19:40:29 +02:00
patlol
031afd587e
fix #8 Client files not beeing created in the right folder when using sudo
2017-07-22 19:30:36 +02:00
DrXala
b5c624eb76
Adjust indents + change iptables.service
2017-07-20 17:12:40 +02:00
DrXala
8f28593112
Fix iptables.service
2017-07-16 16:01:05 +02:00
DrXala
23222fd59f
Fix syntax error...
2017-07-16 15:39:14 +02:00
DrXala
d3d7d18ab1
Removing the use of rc.local file
2017-07-16 14:11:29 +02:00
DrXala
1be7733c0b
Install iptables systemd service for Debian, Ubuntu and Centos. Fix iptables install for ArchLinux.
2017-07-16 12:55:09 +02:00
Angristan
c703d41795
Fix for Debian 9 on OpenVZ
2017-07-14 17:15:07 +02:00
Angristan
276284458f
Fix DNS choice
2017-07-08 13:30:58 +02:00
jackdwyer
d1f665c458
fixes last case statement for SEED-CBC
2017-07-03 14:14:39 -04:00
Angristan
cd01329585
Add support for Debian 9 Stretch
2017-06-26 02:41:40 +02:00
Angristan
e185698445
Use current system resolvers as default
...
That makes more sense that putting French servers.
What is in /etc/resolv.conf is not always good, but most of the time it's the hoster's or something nearby. Thus it makes more sense for the user to use them by default.
2017-06-26 02:37:41 +02:00
Angristan
6800ef35f7
Typo
...
It's late.
2017-06-26 02:20:38 +02:00
Angristan
19fe6626f1
Implements OpenVPN 2.4 changes for Arch Linux (kind of)
...
Since OpenVPN 2.4 is out on Arch, the script wasn't working completely because of this : https://www.archlinux.org/news/openvpn-240-update-requires-administrative-interaction/
There is a new path for OpenVPN server config. This is just needed on Arch for now, and you're probably not going to run an OpenVPN client on an OpenVPN server.
Thus I modified the systemd script to use `/etc/openvpn/` and `server.conf` instead of the new `/etc/openvpn/server/` and `openvpn.conf`.
By using the same paths as the other distros, I avoid to rewrite the entire script to change the paths...
It's not 100% clean, but it works pretty well. If you have any objection please leave a comment.
Also, I updated the new service name.
As far as I tested, it's working fine on Arch Linux for now.
Fixes #63 and #61
2017-06-26 02:17:14 +02:00
Angristan
ac203dd5ee
Fix iptables rules on reboot for some OS
...
Thanks a lot to Nyr for the fix : a31aaf82f3
Fixes https://github.com/Angristan/OpenVPN-install/issues/6 .
On Ubuntu 17.04, 16.10 and Debian 9, the iptables rules were not applied because of rc.local
2017-06-25 22:01:05 +02:00
Angristan
10351305e3
Google Compute Engine support
...
Merge pull request #57 and close issue #46
2017-06-25 20:21:36 +02:00
Angristan
8c66c8e684
Fix client revocation
...
A client revocation would make crl.pem unreadable and thus blocking any other client to connect.
Fixes https://github.com/Angristan/OpenVPN-install/pull/47 , https://github.com/Angristan/OpenVPN-install/issues/25 and https://github.com/Angristan/OpenVPN-install/issues/49 .
2017-06-25 19:58:41 +02:00
Kenneth Zhao
d74318562d
adding support for debian 9 stretch
2017-06-25 09:38:52 -07:00
Angristan
a2a3bfc605
Added Yandex Basic DNS resolvers
...
https://dns.yandex.com/
Nice for Russia.
2017-06-23 14:30:57 +02:00
Angristan
d712e15795
Support OpenSSL 1.1.0 DH generation
...
Fixes dh.pem gen on Debian 9 and Arch Linux
https://github.com/Angristan/OpenVPN-install/issues/64
https://github.com/Angristan/OpenVPN-install/issues/74
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#openssl-issues
2017-06-18 21:12:25 +02:00
Angristan
5d40c041dd
More proper remove
...
openvpn-blacklist isn't installed with Debian 9.
2017-06-18 21:07:15 +02:00
Angristan
823ff21fcc
Add support for Ubuntu 17.04
2017-05-07 23:56:19 +02:00
DrXala
fa9e5235f9
Close Angristan/OpenVPN-install#46
...
This patch is for Angristan/OpenVPN-install#46
2017-04-23 12:43:33 +02:00
Seeder101
89925cbbe8
Update openvpn-install.sh
...
change sould to should and correct adress to address in line 195
2016-12-11 16:03:40 +03:00
Seeder101
e548a61dcc
Update openvpn-install.sh
...
change sould to should
2016-12-11 15:58:06 +03:00
Angristan
316ecfe7f4
Use SHA-256 instead of SHA-384
...
Following 693bd13fa7
2016-12-11 12:11:11 +01:00
Angristan
7a5bb93cbe
AES-256 is not necessarily the most secure cipher
...
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack
Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
2016-12-04 17:21:41 +01:00
Angristan
56477bba34
The crypto update 🔐
...
- Removed "fast" and "slow" mode (not a good idea, I prefer to give the choice for the parameters directly)
- Corrected some confusion between the cipher for the data channel and the control channel, my bad.
- using TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 by default for the control channel
- using SHA384 by default for HMAC auth and RSA certificate
- giving the choice for the cipher of the data channel, the size of the DH key and the RSA Key
I will explain all my choices here : https://github.com/Angristan/OpenVPN-install#encryption (likely tomorrow)
2016-11-28 22:13:32 +01:00
Angristan
c03a55f11f
Making sure a correct DNS option is selected
2016-11-27 14:31:25 +01:00
TheKinrar
f76db9f589
Merge branch 'master' of https://github.com/TheKinrar/OpenVPN-install into TheKinrar-master
2016-11-26 16:13:02 +01:00
TheKinrar
f3ff29d6c7
rc.local fix
2016-11-25 18:25:37 +01:00
Angristan
17a9d76ae9
Remove ufw and MASQUERADE support
...
Not useful, badly implemented.
2016-11-25 00:59:03 +01:00
Angristan
218e474f85
Add logs
...
Can be useful.
2016-11-24 23:34:15 +01:00
Angristan
98ca79a9de
Move rc.local and sysctl installation after the confirmation
2016-11-24 20:28:49 +01:00
TheKinrar
358e80b5a6
sysctl fix, again.
2016-11-24 19:37:45 +01:00
TheKinrar
cc657fa459
Fixed rc.local and sysctl.conf files on ArchLinux
2016-11-24 18:07:23 +01:00
TheKinrar
9b261809eb
Automatically enable and start iptables on ArchLinux.
2016-11-22 19:55:17 +01:00
TheKinrar
6e2b5cb439
Added ArchLinux support.
2016-11-21 20:59:00 +01:00
Angristan
80dbca6e63
Add TCP support
...
There is now the choice to use TCP or UDP for OpenVPN protocol. You should always use UDP, but TCP can be useful sometimes : on lossy networks or to bypass some blockage
2016-11-21 19:57:52 +01:00
Angristan
662fe26f5b
I don't know why it wasn't like this from the beginning
2016-11-20 23:09:42 +01:00
Angristan
552709059e
Fix my previous commit
...
My bad.
2016-11-20 22:50:51 +01:00
Angristan
a09ef4868a
The user can choose to continue the installer even if its OS is not supported
...
At its own risk of course. But usefull if using Ubuntu beta or Debian unstable/testing
2016-11-20 22:47:23 +01:00
Angristan
903270be4b
Remove OpenNIC servers
...
Not consistant and can't really be trusted
2016-11-20 15:01:42 +01:00
Angristan
b0f271bc5f
Specify the location of the DNS servers
2016-11-20 14:52:47 +01:00
Angristan
3f58eb781c
Some cleanup
2016-11-20 14:22:08 +01:00
Angristan
7295627e67
Removing support for Ubuntu 15.10
...
Ubuntu 15.10 is not supported anymore since july 2016 : not safe to use it now
2016-10-20 14:33:16 +02:00
Angristan
fce638b552
Add support for Ubuntu 16.10 Yakketi Yak
2016-10-13 22:55:04 +02:00
Angristan
2c9701d477
Better way to enable IP forwarding
...
791c54786c
2016-10-04 17:34:11 +02:00
Angristan
aefb516958
Changed iptables to not lookup hosts
...
56f079289e
2016-10-04 17:31:35 +02:00
Kcchouette
87a191f8a1
Update openvpn-install.sh
2016-09-07 17:41:57 +02:00
Angristan
c8eed87ebd
Fix UFW error
2016-08-18 18:52:58 +02:00
Super-Baleine
a14809e7c3
delete read
2016-07-12 11:07:08 +02:00
Super-Baleine
72ca23e880
let the choice
...
because it's more clean
enhancement
2016-07-12 00:09:39 +02:00
Kcchouette
8550d3474c
fix the dns case error
2016-07-07 13:45:14 +02:00
Angristan
52f4e471bb
Add DNS.WATCH DNS resolvers
2016-06-11 00:32:08 +02:00
jtbr
52cae76873
fix typo
2016-06-10 14:36:22 +02:00
jtbr
b93a3369fb
Avoid inline comments in /etc/default/ufw; place pre-openvpn settings on new line
2016-06-10 14:33:26 +02:00
jtbr
eff3b83fe3
Support old clients that might not recognize blocking
2016-06-03 13:09:00 +02:00
jtbr
4a07541953
uninstall new firewalld rules
2016-05-17 05:55:27 +02:00
jtbr
a420a6cbcd
add firewalld configuration for masquerading and reorganize to ensure firewalld command ordering is safe
2016-05-17 05:44:47 +02:00
jtbr
4f8cad83cf
add ufw rule to allow traffic on chosen udp port
2016-05-17 05:29:31 +02:00
jtbr
e2b9f116d4
Add setup for ufw firewall when using MASQUERADE
2016-05-17 05:04:23 +02:00
jtbr
ff7a7a5c3d
Prevent DNS leaks on windows (v2.3.9+, ignored on other platforms)
2016-05-17 05:03:26 +02:00
jtbr
b910dbb9ec
clarify that the external address can be either an IP or a domain name
2016-05-10 22:50:58 +00:00
jtbr
3c8a6a0469
Merge branch 'master' of https://github.com/jtbr/OpenVPN-install
...
Conflicts:
README.md
openvpn-install.sh
2016-05-10 22:34:51 +00:00
jtbr
ecf2a3ed81
Undo TLS-CIPHER changes in f376ce91
in deference to harvester57's pull request
2016-05-10 22:30:38 +00:00
jtbr
2d39183284
Revert "my personal preferences, and limit 3 simultaneous clients"
...
This reverts commit 804c7aa9ed
.
2016-05-10 22:30:38 +00:00
jtbr
de648aaa83
my personal preferences, and limit 3 simultaneous clients
2016-05-10 22:30:38 +00:00
jtbr
73eb665b82
merging readme changes
2016-05-10 22:29:43 +00:00
jtbr
868eea3477
Support ios openvpn connect using CBC, SHA128 tls-cipher. Update readme.
2016-05-10 22:21:52 +00:00
jtbr
30958ac55e
this time actually fix the quoting issue for ip option 3
2016-05-10 22:21:52 +00:00
jtbr
3e913ea286
enable tls-auth and perfect forwarding secrecy
2016-05-10 22:21:52 +00:00
jtbr
891951fec8
run openvpn unprivileged
2016-05-10 22:21:52 +00:00
jtbr
950e307fbf
fix dns option 3 with single quotes
2016-05-10 22:21:52 +00:00
jtbr
5824365ebc
support either nogroup or nobody for permissionless group
2016-05-07 22:58:18 +02:00
Angristan
2f541b5399
Ubuntu 16.04 compatibility
2016-05-06 20:32:34 +02:00
jtbr
4baf845e36
Undo TLS-CIPHER changes in f376ce91
in deference to harvester57's pull request
2016-04-29 20:00:09 +00:00
jtbr
d87e87036f
Revert "my personal preferences, and limit 3 simultaneous clients"
...
This reverts commit 804c7aa9ed
.
2016-04-20 22:55:25 +00:00
jtbr
804c7aa9ed
my personal preferences, and limit 3 simultaneous clients
2016-04-12 10:16:58 +00:00
jtbr
2fe0fa2062
Allow forwarding using either SNAT or MASQUERADE (as required by some setups)
2016-04-12 10:05:28 +00:00
jtbr
f376ce912f
Support ios openvpn connect using CBC, SHA128 tls-cipher. Update readme.
2016-04-12 09:38:14 +00:00
jtbr
a65523eb1c
this time actually fix the quoting issue for ip option 3
2016-04-10 19:45:33 +02:00
jtbr
b3fb14bcb4
enable tls-auth and perfect forwarding secrecy
2016-04-10 18:53:29 +02:00
jtbr
d844154a45
run openvpn unprivileged
2016-04-10 18:36:15 +02:00
jtbr
01003c88f8
fix dns option 3 with single quotes
2016-04-10 18:26:49 +02:00
Florian STOSSE
9aeb5b7c47
Remove old fix
...
This fix was intended to overcome hardcoded buffers values in old OpenVPN revisions (see https://www.lowendtalk.com/discussion/40099/why-openvpn-is-so-slow-cool-story ). This is not needed anymore, as OpenVPN now use OS buffers (see https://community.openvpn.net/openvpn/ticket/461 and https://community.openvpn.net/openvpn/changeset/c72dbb8b470ab7b25fc74e41aed4212db48a9d2f/ ). It should lead to better performances over fast networks.
Signed-off-by: Florian STOSSE <contact@harvester.fr>
2016-03-22 11:47:24 +01:00