1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-27 23:46:07 +03:00
Commit Graph

123 Commits

Author SHA1 Message Date
Igor Tarasov
0134e0062b
Nicer code formatting in README.md 2018-10-16 16:08:54 +03:00
Nyr
6e21afcdda Update to easy-rsa v3.0.5 2018-09-25 15:20:15 +02:00
Sidd
22adb31b2e Disable compression to mitigate VORACLE (#509) 2018-08-28 14:18:58 +02:00
Nyr
cc81838501 Revert "Improve iptables configuration"
This reverts commit fdc2bfbdac.
2018-06-14 22:40:45 +02:00
Nyr
fdc2bfbdac Improve iptables configuration
See #464.
2018-06-08 17:46:09 +02:00
Nyr
b3953963ba Switch from /etc/sysctl.conf to systemd-sysctl 2018-06-08 16:07:49 +02:00
Nyr
6061a29028 Small UX improvements 2018-05-10 17:24:43 +02:00
Nyr
5b9f3b62b8
Merge pull request #460 from Kcchouette/patch-1
Fixes a typo.
2018-05-03 14:26:22 +02:00
Kcchouette
269551c25f
Update openvpn-install.sh 2018-05-03 11:03:15 +02:00
Nyr
d717353769 Cleanup
- SELinux in CentOS already has rules for both udp/1194 and tcp/1194,
so the protocol check was not needed.
- Remove unneeded arguments from some grep and rm commands.
2018-04-26 15:10:18 +02:00
Nyr
83234ddae4 Improve NAT detection
Cleaner and better:
- Not relying in an external service
- Avoids a false positive when the server has multiple public IPv4
addresses and the user selects one which is not the default gateway
2018-04-21 21:06:41 +02:00
Nyr
ff254aeb1e General cleanup 2018-04-21 20:41:16 +02:00
Nyr
cb28b57e09 Remove wget dependency in CentOS
curl is always included with CentOS and wget is always included with
Debian/Ubuntu. So it was useless to install wget in CentOS like we were
doing for those cases when it wasn't already installed. Now curl will
be used instead.
2018-04-19 21:25:18 +02:00
Nyr
2726a148ee Remove IP address detection fallback
It was never used, the one-liner is enough.
2018-04-19 21:00:58 +02:00
Nyr
cb2a5b8028 Clarify NAT configuration dialog
Closes #451.
2018-04-16 17:53:48 +02:00
Nyr
e73503054e Update DNS list
Added 1.1.1.1 and removed two mostly unpopular choices.

Currently discarded services are: Yandex, Neustar, NTT, HE, Quad9 and
Freenom World. The list was starting to get too big.
2018-04-04 17:28:09 +02:00
Nyr
30636c7bf6 Update README.md 2018-04-04 17:27:00 +02:00
Nyr
33452242a1 Fix system resolvers option for environments running systemd-resolved 2018-01-21 18:21:53 +01:00
Nyr
886f32c2da Update README.md 2018-01-21 17:55:00 +01:00
Nyr
02d634437b Update to easy-rsa v3.0.4 2018-01-21 17:54:33 +01:00
Nyr
0397827abe Resolves #353 2017-09-11 18:53:49 +02:00
Nyr
8f881565b7 Update to easy-rsa v3.0.3 2017-08-29 17:56:46 +02:00
Nyr
9c0579052f Fix #352
Set EASYRSA_CRL_DAYS to 3650 instead of the default 180.

OpenVPN 2.4+ enforces the nextUpdate value in the CRL as a hard limit,
and will not work if more than 6 months passed since it was generated.
2017-08-29 17:55:14 +02:00
Nyr
b2d8c73e1b Debian 9 compatibility and small bug fixes
- Removed Debian 9 compatibility warning
- openvpn-blacklist is no longer uninstalled on removal
- Improvement: removal of /usr/share/doc/openvpn* hasn't been needed
for years
- Fixed: live iptables removal was failing for Debian since
6d51476047
2017-06-20 19:19:10 +02:00
Nyr
82776145f2 Add temporal warning for Debian Stretch users 2017-06-18 17:58:53 +02:00
Nyr
c0f0d47a64 Upgrade HMAC digest algorithm to SHA-512
This was long overdue for compatibility reasons. My decision to force
the upgrade now, has been made following recomendations published in
the OpenVPN 2.4 audit performed by Cryptography Engineering LLC.
2017-06-04 13:16:57 +02:00
Nyr
bcca288029 Offer updated 2017-05-30 15:15:14 +02:00
Nyr
6d51476047 Enable internal networking
See #299.
2017-04-27 14:46:34 +02:00
Nyr
28f238bc43 Fix #284 2017-03-31 13:52:08 +02:00
Nyr
0d1db4608f Fix #280 2017-03-29 01:01:51 +02:00
Nyr
c94bc5e3b4 Multiple firewall bug fixes
- When FirewallD is detected, NAT is now applied via FirewallD instead
of iptables (fixes #267).
- iptables REJECT/DROP/ACCEPT rules where not being properly detected.
- iptables rules were applied even when FirewallD was detected and the
same rules were being applied via firewall-cmd.
2017-03-23 18:11:35 +01:00
Nyr
0c5af3a4f2 Fix formatting
Formatting was broken by GitHub with their new Flavored Markdown
specification.
2017-03-23 18:08:34 +01:00
Nyr
7d93fbf62f Small and boring improvements 2017-01-31 18:19:19 +01:00
Nyr
a31aaf82f3 Fix #255
Ubuntu no longer includes the rc.local file, so iptables weren’t
applied after a system reboot.
2017-01-29 19:03:49 +01:00
Nyr
971474e531 Improved iptables management
Rules are now instantly removed when uninstalling.
2017-01-28 22:05:42 +01:00
Nyr
6939dffb09 Fixed firewall and SELinux for TCP
- Firewall/SELinux configuration wasn't updated to work with TCP (fixes
#250)
- Uncluttered protocol selection a bit
2017-01-20 15:12:54 +01:00
Nyr
0e4bba792b TCP support
Also, my English sucks.
2017-01-04 03:41:47 +01:00
Nyr
c6880407dd UX improvements
Fixes #241.
2016-12-11 19:11:57 +01:00
Nyr
597d16d094 Upgrade cipher to AES-128-CBC
Will be the new default starting with OpenVPN 2.4.
2016-12-11 17:03:25 +01:00
Nyr
b6f0c42b5b Merge pull request #194 from hhktony/patch-3
Bugfix for situations when net.ipv4.ip_forward_use_pmtu is set in /etc/sysctl.conf.
2016-09-06 18:30:23 +02:00
Tony Xu
799b8f9a76 fix net.ipv4.ip_forward settings
If the `/etc/sysctl.conf` contains `net.ipv4.ip_forward_use_pmtu`
2016-09-06 23:52:08 +08:00
Nyr
791c54786c Better way to enable IP forwarding
Should be more universal than the previous approach.
2016-09-06 16:20:52 +02:00
Nyr
6e349e31cb Merge pull request #184 from redorkulated/master
Changed iptables to not lookup hosts
2016-09-01 16:23:57 +02:00
Michael
56f079289e Changed iptables to not lookup hosts
Should be faster lookup on iptables if firewall rules contain lots
of host IP addresses (no need for a DNS lookup on each one!)
2016-08-22 20:14:34 +01:00
Nyr
dab9a210c2 Offer updated 2016-07-23 16:50:02 +02:00
Nyr
5e29198c21 Offer updated 2016-07-23 16:44:41 +02:00
Nyr
ef1ae85797 Change cipher to AES-128-CBC 2016-05-16 02:52:33 +02:00
Nyr
ae5b5ce2be Drop privileges after initialization 2016-05-15 20:50:37 +02:00
Nyr
c5b4907fd6 Enable tls-auth 2016-05-15 19:22:32 +02:00
Nyr
acca10ba1a Prevent DNS leaks on Windows 10
- This will generate a warning in unsupported environments.
- This will not work if the client is using an OpenVPN version lower
than 2.3.9
- For OpenVPN 2.3.3+, ignore-unknown-option could be used instead of
setenv opt to prevent a warning.

TL;DR: upgrade to the latest OpenVPN on Windows, ignore the warning
elsewhere.

Thanks a lot for your continuous work on OpenVPN, @ValdikSS.
2016-05-15 01:49:50 +02:00