From b86d97d3e321d83edec56395a162fb95429783b0 Mon Sep 17 00:00:00 2001 From: Nyr Date: Tue, 23 Apr 2024 14:06:10 +0200 Subject: [PATCH] Remove support for old distros The following versions are no longer supported: - Debian 10 - Ubuntu 18.04 - Ubuntu 20.04 - CentOS/Alma/Rocky 7 - CentOS/Alma/Rocky 8 - Fedora 31 --- openvpn-install.sh | 32 ++++++++++---------------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index ff1d0db..ff56a66 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -14,12 +14,6 @@ fi # Discard stdin. Needed when running from an one-liner which includes a newline read -N 999999 -t 0.001 -# Detect OpenVZ 6 -if [[ $(uname -r | cut -d "." -f 1) -eq 2 ]]; then - echo "The system is running an old kernel, which is incompatible with this installer." - exit -fi - # Detect OS # $os_version variables aren't always in use, but are kept here for convenience if grep -qs "ubuntu" /etc/os-release; then @@ -44,8 +38,8 @@ Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora. exit fi -if [[ "$os" == "ubuntu" && "$os_version" -lt 1804 ]]; then - echo "Ubuntu 18.04 or higher is required to use this installer. +if [[ "$os" == "ubuntu" && "$os_version" -lt 2204 ]]; then + echo "Ubuntu 22.04 or higher is required to use this installer. This version of Ubuntu is too old and unsupported." exit fi @@ -55,15 +49,15 @@ if [[ "$os" == "debian" ]]; then echo "Debian Testing and Debian Unstable are unsupported by this installer." exit fi - if [[ "$os_version" -lt 9 ]]; then - echo "Debian 9 or higher is required to use this installer. + if [[ "$os_version" -lt 11 ]]; then + echo "Debian 11 or higher is required to use this installer. This version of Debian is too old and unsupported." exit fi fi -if [[ "$os" == "centos" && "$os_version" -lt 7 ]]; then - echo "CentOS 7 or higher is required to use this installer. +if [[ "$os" == "centos" && "$os_version" -lt 9 ]]; then + echo "CentOS 9 or higher is required to use this installer. This version of CentOS is too old and unsupported." exit fi @@ -231,8 +225,8 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab apt-get update apt-get install -y --no-install-recommends openvpn openssl ca-certificates $firewall elif [[ "$os" = "centos" ]]; then - yum install -y epel-release - yum install -y openvpn openssl ca-certificates tar $firewall + dnf install -y epel-release + dnf install -y openvpn openssl ca-certificates tar $firewall else # Else, OS must be Fedora dnf install -y openvpn openssl ca-certificates tar $firewall @@ -260,7 +254,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab # Without +x in the directory, OpenVPN can't run a stat() on the CRL file chmod o+x /etc/openvpn/server/ # Generate key for tls-crypt - openvpn --genkey --secret /etc/openvpn/server/tc.key + openvpn --genkey secret /etc/openvpn/server/tc.key # Create the DH parameters file using the predefined ffdhe2048 group echo '-----BEGIN DH PARAMETERS----- MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz @@ -405,13 +399,7 @@ WantedBy=multi-user.target" >> /etc/systemd/system/openvpn-iptables.service if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$port" != 1194 ]]; then # Install semanage if not already present if ! hash semanage 2>/dev/null; then - if [[ "$os_version" -eq 7 ]]; then - # Centos 7 - yum install -y policycoreutils-python - else - # CentOS 8 or Fedora dnf install -y policycoreutils-python-utils - fi fi semanage port -a -t openvpn_port_t -p "$protocol" "$port" fi @@ -553,7 +541,7 @@ else apt-get remove --purge -y openvpn else # Else, OS must be CentOS or Fedora - yum remove -y openvpn + dnf remove -y openvpn rm -rf /etc/openvpn/server fi echo