1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00
Commit Graph

151 Commits

Author SHA1 Message Date
Nyr
52b12468b1 Remove --cipher parameter
--cipher has been deprecated since v2.4 and was kept for compatibility purposes.
2023-10-26 16:11:50 +02:00
Nyr
4b412c94b4 Fix #970 2023-10-19 16:17:28 +02:00
Nyr
af2710df46 Update to easy-rsa v3.1.7 2023-10-14 19:22:24 +02:00
Nyr
cd6869bf4d Update to easy-rsa v3.1.5 2023-06-14 12:51:58 +02:00
Nyr
9d6d87a6fb Update to easy-rsa v3.1.3 2023-05-19 16:16:50 +02:00
Nyr
d4ae10ec25 Update to easy-rsa v3.1.2 2023-01-18 18:40:18 +01:00
Nyr
f943387083 Update to easy-rsa v3.1.1
--no-install-recommends is now required for Debian:
https://github.com/OpenVPN/easy-rsa/issues/725
2022-10-13 21:17:39 +02:00
Nyr
f2c44dea40 Change "block-outside-dns" placement
This is mainly to work around a bug in Viscosity for macOS:
https://www.sparklabs.com/forum/viewtopic.php?t=3152
2022-09-23 17:07:43 +02:00
Nyr
d28c8e74e7 Fix resolv.conf detection
Some systems have other DNS servers along with 127.0.0.53 in /etc/resolv.conf
2022-08-21 20:33:34 +02:00
Nyr
c0a3562f64 Update to easy-rsa v3.1.0 2022-05-19 17:59:35 +02:00
Nyr
2c5bb08f4e Update to easy-rsa v3.0.9 2022-05-18 15:16:11 +02:00
Nyr
0709b9498c Update easy-rsa to v3.0.9-rc1 for Ubuntu 22.04 2022-05-05 11:44:36 +02:00
Nyr
8b6c81f79e Ubuntu 22.04 support 2022-04-21 21:11:44 +02:00
Nyr
94c94bbbc9 Add support for AlmaLinux and Rocky Linux
An unrelated fix to avoid one harmless warning during removal is also included.
2021-09-03 18:58:25 +02:00
Nyr
2cce4599e2 Check for wget or curl 2021-08-16 20:22:36 +02:00
Tomasz Wojdat
01b64d65c8
Increase priority of openvpn-forward.conf
`30-openvpn-forward.conf` renamed to `99-openvpn-forward.conf`.
2021-03-11 22:49:04 +01:00
Nyr
cb8730b621
Merge pull request #756 from randomshell/patch-2
Use openvpn status path from systemd service
2021-02-22 19:36:58 +01:00
Nyr
26e39cf4d7 Update AdGuard DNS IP
AdGuard changed their DNS IP recently:
https://adguard.com/en/blog/adguard-dns-new-addresses.html

Thanks @trantuanminh1754 for noticing.
2020-09-30 00:06:55 +02:00
Nyr
da299172df Update to easy-rsa v3.0.8 2020-09-09 23:18:31 +02:00
Nyr
7ddd20911b Bugfix
-N is an illegal option for read in sh, so check if the user is using sh first.
2020-07-18 18:50:59 +02:00
Nyr
13f8b2e00c resolv.conf parsing optimizations 2020-05-29 14:16:29 +02:00
Nyr
221319aa54 Fix #764 2020-05-28 21:29:53 +02:00
Nyr
9847d99849
Merge pull request #760 from sorcun/master
egrep IP regex optimizations
2020-05-28 20:38:43 +02:00
Nyr
366d46a8cc Fix #762
Variables which can be empty, shouldn't be quoted in this situation.
2020-05-25 17:23:55 +02:00
Orcun
ae7e6d7ae5 egrep IP regex optimizations 2020-05-23 13:52:26 +00:00
Nyr
bfdd480076 Add Quad9 DNS servers 2020-05-21 22:36:12 +02:00
Nyr
f737b02a9a Small style changes 2020-05-21 19:19:31 +02:00
Nyr
6f155b997d Grammar improvements 2020-05-20 23:33:16 +02:00
Nyr
e14c2359c8 Small improvements 2020-05-20 12:09:50 +02:00
Nyr
db0b51228b Fix TUN device check
Fix for the mistaken stderr redirection, sorry about that. Also, run in a
subshell so we don't need to manually close the file descriptor.
2020-05-15 18:19:24 +02:00
Nyr
d30e11d019 Improve TUN device check
While it looks hackish, I don't think there's a better way (in Bash) to open
the /dev/net/tun character device.

Checking for presence of /dev/net/tun like were doing is not good enough.
2020-05-14 19:05:05 +02:00
Nyr
b392e7da8b Improved easy-rsa setup
No need to write the tarball to disk.
2020-05-10 20:02:08 +02:00
Nyr
07249185dd Improve nf_tables test for OVZ
This test is more reliable and flexible.
2020-05-05 18:23:21 +02:00
Nyr
2852150a5b OpenVZ nf_tables workaround
nf_tables is not available in old OpenVZ kernels, so we need to use
iptables-legacy instead.

This issue only affects Debian 10 as it is the only distribution using iptables
with a nf_tables backend by default.

This is supposedly resolved in the newest kernels: https://bit.ly/3fgNZCh

Additionally, a bugfix for the ip6tables path is also included.
2020-05-05 16:47:25 +02:00
randomshell
025148c245
Use openvpn status path from systemd service
The new systemd service at `/usr/lib/systemd/system/openvpn-server@.service` that comes with openvpn 2.4 includes the status option in `ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf`

Using this default allows to have multiple servers with their own status files and all in the same log directory. Example `/run/openvpn-server/status-server.log` `/run/openvpn-server/status-server2.log`
2020-05-03 13:26:37 +00:00
Nyr
61549ffcef Improved firewall installation logic
New logic makes way more sense:
- If either firewalld or iptables are present, use whatever we have
- If not, install firewalld in CentOS/Fedora and iptables in Debian/Ubuntu
2020-05-01 17:52:12 +02:00
Nyr
ef30d9863c Improved firewall management
- Always use firewalld for CentOS and Fedora
- Cleaner check to find out if firewalld is active
2020-04-30 00:28:27 +02:00
Nyr
e0fa45b688 Fixes #642 2020-04-29 13:24:55 +02:00
Nyr
11b929ac82 Reworked OS detection
- Made OS detection more flexible and fine-grained
- Fedora is now officially supported
2020-04-24 17:48:24 +02:00
Nyr
f659724a6f Addresses #694
- Use a checkip service which works fine over HTTP to avoid issues in systems
where ca-certificates is not available
- Increase timeout to 10 seconds, because the new service is a bit slower from
some locations
- Improve grep sanitization
2020-04-21 16:45:49 +02:00
Nyr
cec053def4 Miscellaneous improvements
- Fix #694: added sanitization during the public IP address configuration and
switch to AWS checkip since the Akamai service doesn't support HTTPS.
- Add validation to cover an unlikely case where: server is behind NAT,
checkip service is unreachable and user doesn't provide input when asked for
the public IP address or hostname.
- Other small improvements not worth describing in detail.
2020-04-21 02:28:29 +02:00
Nyr
c6159aefb8 Update DNS providers
- Verisign removed (performance is subpar compared to competitors)
- NTT is back (fast and reliable)
- AdGuard added (for ad blocking)
2020-04-16 23:42:11 +02:00
Nyr
6f9daf49f5 Small style improvements 2020-04-16 23:33:14 +02:00
Nyr
5229459f99 IPv6 support
Clients will be provided with IPv6 connectivity if the server has it.

Other very small and unimportant improvements are also included in this commit.
2020-04-01 01:17:17 +02:00
Nyr
67e8427ba5
Remove the iptables NAT table check
LowEndSpirit fixed the issue on their end, so this is longer needed.

Additionally, the check causes unneeded trouble for users whose system doesn't
have the iptables package installed.
2020-04-01 00:54:00 +02:00
Nyr
9ea14fcbfc Update to easy-rsa v3.0.7 2020-03-31 02:35:50 +02:00
Nyr
6c4a21b5b9 Fix #727 2020-03-18 19:38:35 +01:00
Nyr
92d90dac29 Update error message
LowEndSpirit no longer requires that.
2019-12-23 20:19:57 +01:00
Nyr
71f5fcc023 Resolves #664 2019-10-16 22:09:25 +02:00
Nyr
6a29a6babd Miscellaneous improvements
This commit contains lots changes which are not very significant on its own but
provide important usability improvements and future proofing.

It also includes changes which required OpenVPN v2.4+ and were pending until
that version became widely available.

- General cleanup
- Improved IP address and NAT configuration
- Added input validation and sanitization
- Fix #603
- Remove "sndbuf" and "recvbuf" parameters
- Add server-side "explicit-exit-notify"
- Switch from "setenv opt" to "ignore-unknown-option"
- Switch from "tls-auth" to "tls-crypt"
- Other minor bugfixes and optimizations
2019-09-26 19:13:33 +02:00