mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-23 21:46:08 +03:00
Code Issues Projects Releases Wiki Activity

Debian 9 compatibility and small bug fixes

Browse Source 
- Removed Debian 9 compatibility warning
- openvpn-blacklist is no longer uninstalled on removal
- Improvement: removal of /usr/share/doc/openvpn* hasn't been needed
for years
- Fixed: live iptables removal was failing for Debian since
6d51476047
This commit is contained in:
Nyr 2017-06-20 19:19:10 +02:00
parent 82776145f2
commit b2d8c73e1b
1 changed files with 4 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
openvpn-install.sh
View File

@ -8,12 +8,6 @@
# universal as possible. # universal as possible.
if grep -qs "9.0" /etc/debian_version; then
echo "Debian 9.0 is not supported yet
The installer will be compatible within the next few days"
exit 7
fi
# Detect Debian users running the script with "sh" instead of bash # Detect Debian users running the script with "sh" instead of bash
if readlink /proc/$$/exe | grep -qs "dash"; then if readlink /proc/$$/exe | grep -qs "dash"; then
echo "This script needs to be run with bash, not sh" echo "This script needs to be run with bash, not sh"
@ -147,7 +141,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
else else
IP=$(grep 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to ' $RCLOCAL | cut -d " " -f 11) IP=$(grep 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to ' $RCLOCAL | cut -d " " -f 14)
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 ! -d 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 ! -d 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL
if iptables -L -n | grep -qE '^ACCEPT'; then if iptables -L -n | grep -qE '^ACCEPT'; then
@ -167,12 +161,11 @@ if [[ -e /etc/openvpn/server.conf ]]; then
fi fi
fi fi
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
apt-get remove --purge -y openvpn openvpn-blacklist apt-get remove --purge -y openvpn
else else
yum remove openvpn -y yum remove openvpn -y
fi fi
rm -rf /etc/openvpn rm -rf /etc/openvpn
rm -rf /usr/share/doc/openvpn*
echo "" echo ""
echo "OpenVPN removed!" echo "OpenVPN removed!"
else else
@ -255,7 +248,7 @@ else
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
./easyrsa gen-crl ./easyrsa gen-crl
# Move the stuff we need # Move the stuff we need
cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn
# CRL is read with each client connection, when OpenVPN is dropped to nobody # CRL is read with each client connection, when OpenVPN is dropped to nobody
chown nobody:$GROUPNAME /etc/openvpn/crl.pem chown nobody:$GROUPNAME /etc/openvpn/crl.pem
# Generate key for tls-auth # Generate key for tls-auth
@ -422,4 +415,4 @@ verb 3" > /etc/openvpn/client-common.txt
echo "" echo ""
echo "Your client configuration is available at" ~/"$CLIENT.ovpn" echo "Your client configuration is available at" ~/"$CLIENT.ovpn"
echo "If you want to add more clients, you simply need to run this script again!" echo "If you want to add more clients, you simply need to run this script again!"
fi fi