Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-11-03 23:47:35 +01:00
Code Issues Projects Releases Wiki Activity
676 Commits 5 Branches 0 Tags
ddd5a41b11aa18ff02235cc3ef7e7ddba32be95f
Commit Graph

676 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Angristan
c0ed60e8cf Update openvpn-install.sh 2017-08-22 11:12:42 +02:00
Ola Tuvesson
ad3c223385 Will now set "local" in server.conf to the chosen IP adderess 
If you want to run OpenVPN in UDP mode on an secondary IP, UDP routing will fail unless you explicitly bind OpenVPN to the chosen IP address. This change includes the "local" parameter in the config and sets it to the IP address entered at the beginning.
 2017-08-22 00:39:43 +01:00
Angristan
edbe4fed90 Rename OpenVPN's APT list 2017-08-20 22:38:55 +02:00
Angristan
a3c005c556 Update Debian and Ubuntu repository 
swupdate.openvpn.net hasn't been updated since OpenVPN 2.3.14 whereas build.openvpn.net supports OpenVPN 2.4.x as of today
Fixes https://github.com/Angristan/OpenVPN-install/issues/86
 2017-08-07 16:44:16 +02:00
Angristan
8103bd1947 Merge pull request #84 from Patlol/master 
Fixes #8 : Client files not being created in the right folder when using sudo
 2017-07-22 21:10:42 +02:00
patlol
58a5282e17 Update openvpn-install.sh 2017-07-22 21:08:06 +02:00
patlol
3c5c87b031 Update openvpn-install.sh 2017-07-22 20:18:46 +02:00
patlol
5787c45a03 Update openvpn-install.sh 2017-07-22 19:40:29 +02:00
patlol
031afd587e fix #8 Client files not beeing created in the right folder when using sudo 2017-07-22 19:30:36 +02:00
DrXala
b5c624eb76 Adjust indents + change iptables.service 2017-07-20 17:12:40 +02:00
DrXala
8f28593112 Fix iptables.service 2017-07-16 16:01:05 +02:00
DrXala
23222fd59f Fix syntax error... 2017-07-16 15:39:14 +02:00
DrXala
d3d7d18ab1 Removing the use of rc.local file 2017-07-16 14:11:29 +02:00
DrXala
1be7733c0b Install iptables systemd service for Debian, Ubuntu and Centos. Fix iptables install for ArchLinux. 2017-07-16 12:55:09 +02:00
Angristan
c703d41795 Fix for Debian 9 on OpenVZ 2017-07-14 17:15:07 +02:00
Angristan
276284458f Fix DNS choice 2017-07-08 13:30:58 +02:00
Angristan
ea114e1a0d Merge pull request #79 from jackdwyer/fix-cipher-option 
Fixes last case statement for SEED-CBC
 2017-07-03 20:17:38 +02:00
jackdwyer
d1f665c458 fixes last case statement for SEED-CBC 2017-07-03 14:14:39 -04:00
Angristan
2584de5d85 Caps are important 2017-06-26 03:11:59 +02:00
Angristan
f4f8d08067 Add support for Debian 9 Stretch and architectures details 
I figured it would be useful to add architectures to the list, especially considering the rise of ARM servers.
 2017-06-26 03:02:16 +02:00
Angristan
cd01329585 Add support for Debian 9 Stretch 2017-06-26 02:41:40 +02:00
Angristan
e185698445 Use current system resolvers as default 
That makes more sense that putting French servers.

What is in /etc/resolv.conf is not always good, but most of the time it's the hoster's or something nearby. Thus it makes more sense for the user to use them by default.
 2017-06-26 02:37:41 +02:00
Angristan
6800ef35f7 Typo 
It's late.
 2017-06-26 02:20:38 +02:00
Angristan
19fe6626f1 Implements OpenVPN 2.4 changes for Arch Linux (kind of) 
Since OpenVPN 2.4 is out on Arch, the script wasn't working completely because of this : https://www.archlinux.org/news/openvpn-240-update-requires-administrative-interaction/

There is a new path for OpenVPN server config. This is just needed on Arch for now, and you're probably not going to run an OpenVPN client on an OpenVPN server. 

Thus I modified the systemd script to use `/etc/openvpn/` and `server.conf` instead of the new `/etc/openvpn/server/` and `openvpn.conf`.

By using the same paths as the other distros, I avoid to rewrite the entire script to change the paths...

It's not 100% clean, but it works pretty well. If you have any objection please leave a comment.

Also, I updated the new service name.

As far as I tested, it's working fine on Arch Linux for now.

Fixes #63 and #61
 2017-06-26 02:17:14 +02:00
Angristan
ac203dd5ee Fix iptables rules on reboot for some OS 
Thanks a lot to Nyr for the fix : a31aaf82f3

Fixes https://github.com/Angristan/OpenVPN-install/issues/6.

On Ubuntu 17.04, 16.10 and Debian 9, the iptables rules were not applied because of rc.local
 2017-06-25 22:01:05 +02:00
Angristan
10351305e3 Google Compute Engine support 
Merge pull request #57 and close issue #46
 2017-06-25 20:21:36 +02:00
Angristan
8c66c8e684 Fix client revocation 
A client revocation would make crl.pem unreadable and thus blocking any other client to connect.

Fixes https://github.com/Angristan/OpenVPN-install/pull/47, https://github.com/Angristan/OpenVPN-install/issues/25 and https://github.com/Angristan/OpenVPN-install/issues/49.
 2017-06-25 19:58:41 +02:00
Kenneth Zhao
d74318562d adding support for debian 9 stretch 2017-06-25 09:38:52 -07:00
Angristan
ec41b64b15 Added Yandex Basic DNS resolvers 
Nice speed for Russia
 2017-06-23 14:32:16 +02:00
Angristan
a2a3bfc605 Added Yandex Basic DNS resolvers 
https://dns.yandex.com/

Nice for Russia.
 2017-06-23 14:30:57 +02:00
Angristan
d712e15795 Support OpenSSL 1.1.0 DH generation 
Fixes dh.pem gen on Debian 9 and Arch Linux

https://github.com/Angristan/OpenVPN-install/issues/64
https://github.com/Angristan/OpenVPN-install/issues/74

https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#openssl-issues
 2017-06-18 21:12:25 +02:00
Angristan
5d40c041dd More proper remove 
openvpn-blacklist isn't installed with Debian 9.
 2017-06-18 21:07:15 +02:00
Angristan
0bc1e6ea59 Add support for Ubuntu 17.04 2017-05-07 23:59:43 +02:00
Angristan
823ff21fcc Add support for Ubuntu 17.04 2017-05-07 23:56:19 +02:00
DrXala
fa9e5235f9 Close Angristan/OpenVPN-install#46 
This patch is for Angristan/OpenVPN-install#46
 2017-04-23 12:43:33 +02:00
Angristan
b3f62850e7 Fix broken headings in Markdown files 
Merge pull request #53 from bryant1410/master
 2017-04-17 14:33:31 +02:00
Santiago Castro
504597fe96 Fix broken Markdown headings 2017-04-16 23:21:39 -03:00
Angristan
e8554eb35a Updates links 2017-03-01 17:10:33 +01:00
Angristan
06c66a96a7 Correct typo 2017-02-06 14:05:58 +01:00
Angristan
adfb8b9a2f Update LICENSE 2016-12-20 15:04:12 +01:00
Angristan
63ed1449de Merge pull request #11 from Seeder101/patch-1 (typo) 
Fix typos
 2016-12-17 20:01:18 +01:00
Seeder101
89925cbbe8 Update openvpn-install.sh 
change sould to should and correct adress to address in line 195
 2016-12-11 16:03:40 +03:00
Seeder101
e548a61dcc Update openvpn-install.sh 
change sould to should
 2016-12-11 15:58:06 +03:00
Angristan
316ecfe7f4 Use SHA-256 instead of SHA-384 
Following 693bd13fa7
 2016-12-11 12:11:11 +01:00
Angristan
693bd13fa7 Use SHA-256 instead of SHA-384 
Thanks to David_5.1 (https://angristan.fr/mise-a-jour-de-mon-script-openvpn/#comment-2750) who pointed out that there was a mistake on the Wikipédia page of the Length extension attack (https://en.wikipedia.org/wiki/Length_extension_attack), and it was affecting all the SHA2 family, not just SHA256. It's a theoretical attack though. I didn't find any reason to use one member of the SHA2 family more than an other, so I switched to SHA-256 for now.
 2016-12-11 12:07:50 +01:00
Angristan
7f6a007637 Add source for the crypto update 🔐 2016-12-04 19:00:26 +01:00
Angristan
98a0dbf26d Fix typo of the crypto update 🔐 
Thanks to https://twitter.com/TiCubius/status/805468611875897344
 2016-12-04 18:49:08 +01:00
Angristan
da64aa8df8 The crypto update 🔐 + improvements 
Following this commit : 56477bba34

I wanted to improve the readability of the Readme, and also explain myself regarding the encryption parameters I have chosen in the script.

I took hours to write and add the sources, so I may have made some mistakes. I'll gladly accept any feedback ^^
 2016-12-04 18:24:38 +01:00
Angristan
7a5bb93cbe AES-256 is not necessarily the most secure cipher 
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack

Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
 2016-12-04 17:21:41 +01:00
Angristan
56477bba34 The crypto update 🔐 
- Removed "fast" and "slow" mode (not a good idea, I prefer to give the choice for the parameters directly)
- Corrected some confusion between the cipher for the data channel and the control channel, my bad.
- using TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 by default for the control channel
- using SHA384 by default for HMAC auth and RSA certificate
- giving the choice for the cipher of the data channel, the size of the DH key and the RSA Key

I will explain all my choices here : https://github.com/Angristan/OpenVPN-install#encryption (likely tomorrow)
 2016-11-28 22:13:32 +01:00