mirror of
https://github.com/Nyr/openvpn-install.git
synced 2024-11-24 05:56:08 +03:00
Bug fix + future bulletproofness
- Use always double [[]] blocks (bug fix for the test at line 208 under some circumstances) - bash shell is now forced - All variables are now quoted
This commit is contained in:
parent
afb30c44da
commit
091ef01a8b
@ -6,7 +6,7 @@ This script will let you setup your own VPN server in no more than one minute, e
|
|||||||
###Installation
|
###Installation
|
||||||
Run the script and follow the assistant:
|
Run the script and follow the assistant:
|
||||||
|
|
||||||
`wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; ./openvpn-install.sh`
|
`wget git.io/vpn --no-check-certificate -O openvpn-install.sh; bash openvpn-install.sh`
|
||||||
|
|
||||||
Once it ends, you can run it again to add more users.
|
Once it ends, you can run it again to add more users.
|
||||||
|
|
||||||
|
@ -6,19 +6,19 @@
|
|||||||
# VPS. It has been designed to be as unobtrusive and universal as possible.
|
# VPS. It has been designed to be as unobtrusive and universal as possible.
|
||||||
|
|
||||||
|
|
||||||
if [ $USER != 'root' ]; then
|
if [[ "$USER" != 'root' ]]; then
|
||||||
echo "Sorry, you need to run this as root"
|
echo "Sorry, you need to run this as root"
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ ! -e /dev/net/tun ]; then
|
if [[ ! -e /dev/net/tun ]]; then
|
||||||
echo "TUN/TAP is not available"
|
echo "TUN/TAP is not available"
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ ! -e /etc/debian_version ]; then
|
if [[ ! -e /etc/debian_version ]]; then
|
||||||
echo "Looks like you aren't running this installer on a Debian-based system"
|
echo "Looks like you aren't running this installer on a Debian-based system"
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
@ -28,12 +28,12 @@ fi
|
|||||||
# I do this to make the script compatible with NATed servers (lowendspirit.com)
|
# I do this to make the script compatible with NATed servers (lowendspirit.com)
|
||||||
# and to avoid getting an IPv6.
|
# and to avoid getting an IPv6.
|
||||||
IP=$(ifconfig | grep 'inet addr:' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d: -f2 | awk '{ print $1}' | head -1)
|
IP=$(ifconfig | grep 'inet addr:' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d: -f2 | awk '{ print $1}' | head -1)
|
||||||
if [ "$IP" = "" ]; then
|
if [[ "$IP" = "" ]]; then
|
||||||
IP=$(wget -qO- ipv4.icanhazip.com)
|
IP=$(wget -qO- ipv4.icanhazip.com)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ -e /etc/openvpn/server.conf ]; then
|
if [[ -e /etc/openvpn/server.conf ]]; then
|
||||||
while :
|
while :
|
||||||
do
|
do
|
||||||
clear
|
clear
|
||||||
@ -134,7 +134,7 @@ else
|
|||||||
apt-get install openvpn iptables openssl -y
|
apt-get install openvpn iptables openssl -y
|
||||||
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
|
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
|
||||||
# easy-rsa isn't available by default for Debian Jessie and newer
|
# easy-rsa isn't available by default for Debian Jessie and newer
|
||||||
if [ ! -d /etc/openvpn/easy-rsa/2.0/ ]; then
|
if [[ ! -d /etc/openvpn/easy-rsa/2.0/ ]]; then
|
||||||
wget --no-check-certificate -O ~/easy-rsa.tar.gz https://github.com/OpenVPN/easy-rsa/archive/2.2.2.tar.gz
|
wget --no-check-certificate -O ~/easy-rsa.tar.gz https://github.com/OpenVPN/easy-rsa/archive/2.2.2.tar.gz
|
||||||
tar xzf ~/easy-rsa.tar.gz -C ~/
|
tar xzf ~/easy-rsa.tar.gz -C ~/
|
||||||
mkdir -p /etc/openvpn/easy-rsa/2.0/
|
mkdir -p /etc/openvpn/easy-rsa/2.0/
|
||||||
@ -180,7 +180,7 @@ else
|
|||||||
sed -i "/;push \"dhcp-option DNS 208.67.220.220\"/a\push \"dhcp-option DNS $line\"" server.conf
|
sed -i "/;push \"dhcp-option DNS 208.67.220.220\"/a\push \"dhcp-option DNS $line\"" server.conf
|
||||||
done
|
done
|
||||||
# Listen at port 53 too if user wants that
|
# Listen at port 53 too if user wants that
|
||||||
if [ $ALTPORT = 'y' ]; then
|
if [[ "$ALTPORT" = 'y' ]]; then
|
||||||
iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT
|
iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT
|
||||||
sed -i "/# By default this script does nothing./a\iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT" /etc/rc.local
|
sed -i "/# By default this script does nothing./a\iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT" /etc/rc.local
|
||||||
fi
|
fi
|
||||||
@ -198,14 +198,14 @@ else
|
|||||||
# Try to detect a NATed connection and ask about it to potential LowEndSpirit
|
# Try to detect a NATed connection and ask about it to potential LowEndSpirit
|
||||||
# users
|
# users
|
||||||
EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
|
EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
|
||||||
if [ "$IP" != "$EXTERNALIP" ]; then
|
if [[ "$IP" != "$EXTERNALIP" ]]; then
|
||||||
echo ""
|
echo ""
|
||||||
echo "Looks like your server is behind a NAT!"
|
echo "Looks like your server is behind a NAT!"
|
||||||
echo ""
|
echo ""
|
||||||
echo "If your server is NATed (LowEndSpirit), I need to know the external IP"
|
echo "If your server is NATed (LowEndSpirit), I need to know the external IP"
|
||||||
echo "If that's not the case, just ignore this and leave the next field blank"
|
echo "If that's not the case, just ignore this and leave the next field blank"
|
||||||
read -p "External IP: " -e USEREXTERNALIP
|
read -p "External IP: " -e USEREXTERNALIP
|
||||||
if [ $USEREXTERNALIP != "" ]; then
|
if [[ "$USEREXTERNALIP" != "" ]]; then
|
||||||
IP=$USEREXTERNALIP
|
IP=$USEREXTERNALIP
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user