1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00

Bug fix + future bulletproofness

- Use always double [[]] blocks (bug fix for the test at line 208 under
some circumstances)
- bash shell is now forced
- All variables are now quoted
This commit is contained in:
Nyr 2014-09-18 23:34:22 +02:00
parent afb30c44da
commit 091ef01a8b
2 changed files with 10 additions and 10 deletions

View File

@ -6,7 +6,7 @@ This script will let you setup your own VPN server in no more than one minute, e
###Installation ###Installation
Run the script and follow the assistant: Run the script and follow the assistant:
`wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; ./openvpn-install.sh` `wget git.io/vpn --no-check-certificate -O openvpn-install.sh; bash openvpn-install.sh`
Once it ends, you can run it again to add more users. Once it ends, you can run it again to add more users.

View File

@ -6,19 +6,19 @@
# VPS. It has been designed to be as unobtrusive and universal as possible. # VPS. It has been designed to be as unobtrusive and universal as possible.
if [ $USER != 'root' ]; then if [[ "$USER" != 'root' ]]; then
echo "Sorry, you need to run this as root" echo "Sorry, you need to run this as root"
exit exit
fi fi
if [ ! -e /dev/net/tun ]; then if [[ ! -e /dev/net/tun ]]; then
echo "TUN/TAP is not available" echo "TUN/TAP is not available"
exit exit
fi fi
if [ ! -e /etc/debian_version ]; then if [[ ! -e /etc/debian_version ]]; then
echo "Looks like you aren't running this installer on a Debian-based system" echo "Looks like you aren't running this installer on a Debian-based system"
exit exit
fi fi
@ -28,12 +28,12 @@ fi
# I do this to make the script compatible with NATed servers (lowendspirit.com) # I do this to make the script compatible with NATed servers (lowendspirit.com)
# and to avoid getting an IPv6. # and to avoid getting an IPv6.
IP=$(ifconfig | grep 'inet addr:' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d: -f2 | awk '{ print $1}' | head -1) IP=$(ifconfig | grep 'inet addr:' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d: -f2 | awk '{ print $1}' | head -1)
if [ "$IP" = "" ]; then if [[ "$IP" = "" ]]; then
IP=$(wget -qO- ipv4.icanhazip.com) IP=$(wget -qO- ipv4.icanhazip.com)
fi fi
if [ -e /etc/openvpn/server.conf ]; then if [[ -e /etc/openvpn/server.conf ]]; then
while : while :
do do
clear clear
@ -134,7 +134,7 @@ else
apt-get install openvpn iptables openssl -y apt-get install openvpn iptables openssl -y
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
# easy-rsa isn't available by default for Debian Jessie and newer # easy-rsa isn't available by default for Debian Jessie and newer
if [ ! -d /etc/openvpn/easy-rsa/2.0/ ]; then if [[ ! -d /etc/openvpn/easy-rsa/2.0/ ]]; then
wget --no-check-certificate -O ~/easy-rsa.tar.gz https://github.com/OpenVPN/easy-rsa/archive/2.2.2.tar.gz wget --no-check-certificate -O ~/easy-rsa.tar.gz https://github.com/OpenVPN/easy-rsa/archive/2.2.2.tar.gz
tar xzf ~/easy-rsa.tar.gz -C ~/ tar xzf ~/easy-rsa.tar.gz -C ~/
mkdir -p /etc/openvpn/easy-rsa/2.0/ mkdir -p /etc/openvpn/easy-rsa/2.0/
@ -180,7 +180,7 @@ else
sed -i "/;push \"dhcp-option DNS 208.67.220.220\"/a\push \"dhcp-option DNS $line\"" server.conf sed -i "/;push \"dhcp-option DNS 208.67.220.220\"/a\push \"dhcp-option DNS $line\"" server.conf
done done
# Listen at port 53 too if user wants that # Listen at port 53 too if user wants that
if [ $ALTPORT = 'y' ]; then if [[ "$ALTPORT" = 'y' ]]; then
iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT
sed -i "/# By default this script does nothing./a\iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT" /etc/rc.local sed -i "/# By default this script does nothing./a\iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT" /etc/rc.local
fi fi
@ -198,14 +198,14 @@ else
# Try to detect a NATed connection and ask about it to potential LowEndSpirit # Try to detect a NATed connection and ask about it to potential LowEndSpirit
# users # users
EXTERNALIP=$(wget -qO- ipv4.icanhazip.com) EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
if [ "$IP" != "$EXTERNALIP" ]; then if [[ "$IP" != "$EXTERNALIP" ]]; then
echo "" echo ""
echo "Looks like your server is behind a NAT!" echo "Looks like your server is behind a NAT!"
echo "" echo ""
echo "If your server is NATed (LowEndSpirit), I need to know the external IP" echo "If your server is NATed (LowEndSpirit), I need to know the external IP"
echo "If that's not the case, just ignore this and leave the next field blank" echo "If that's not the case, just ignore this and leave the next field blank"
read -p "External IP: " -e USEREXTERNALIP read -p "External IP: " -e USEREXTERNALIP
if [ $USEREXTERNALIP != "" ]; then if [[ "$USEREXTERNALIP" != "" ]]; then
IP=$USEREXTERNALIP IP=$USEREXTERNALIP
fi fi
fi fi