mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00
Code Issues Projects Releases Wiki Activity
85 Commits 1 Branch 0 Tags 1.4 MiB
9c07454a57
Commit Graph

85 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
indyjscientist
9c07454a57 Added wget to the list of required packages 
Added wget to the list of installed packages as some OS installs do not include this by default.  Tested on ubuntu 16.04
 2016-12-04 23:46:14 +00:00
Nyr
b6f0c42b5b Merge pull request #194 from hhktony/patch-3 
Bugfix for situations when net.ipv4.ip_forward_use_pmtu is set in /etc/sysctl.conf.
 2016-09-06 18:30:23 +02:00
Tony Xu
799b8f9a76 fix net.ipv4.ip_forward settings 
If the `/etc/sysctl.conf` contains `net.ipv4.ip_forward_use_pmtu`
 2016-09-06 23:52:08 +08:00
Nyr
791c54786c Better way to enable IP forwarding 
Should be more universal than the previous approach.
 2016-09-06 16:20:52 +02:00
Nyr
6e349e31cb Merge pull request #184 from redorkulated/master 
Changed iptables to not lookup hosts
 2016-09-01 16:23:57 +02:00
Michael
56f079289e Changed iptables to not lookup hosts 
Should be faster lookup on iptables if firewall rules contain lots
of host IP addresses (no need for a DNS lookup on each one!)
 2016-08-22 20:14:34 +01:00
Nyr
dab9a210c2 Offer updated 2016-07-23 16:50:02 +02:00
Nyr
5e29198c21 Offer updated 2016-07-23 16:44:41 +02:00
Nyr
ef1ae85797 Change cipher to AES-128-CBC 2016-05-16 02:52:33 +02:00
Nyr
ae5b5ce2be Drop privileges after initialization 2016-05-15 20:50:37 +02:00
Nyr
c5b4907fd6 Enable tls-auth 2016-05-15 19:22:32 +02:00
Nyr
acca10ba1a Prevent DNS leaks on Windows 10 
- This will generate a warning in unsupported environments.
- This will not work if the client is using an OpenVPN version lower
than 2.3.9
- For OpenVPN 2.3.3+, ignore-unknown-option could be used instead of
setenv opt to prevent a warning.

TL;DR: upgrade to the latest OpenVPN on Windows, ignore the warning
elsewhere.

Thanks a lot for your continuous work on OpenVPN, @ValdikSS.
 2016-05-15 01:49:50 +02:00
Nyr
52f419e0d5 Detect users running with "sh" instead of bash 
And changed error codes. Sorry, not sorry.
 2016-05-10 14:12:32 +02:00
Nyr
2bcb4681a1 Added Verisign DNS 2016-04-07 16:57:47 +02:00
Nyr
7fb12dc5cb Use "hash" instead of "which" 
Always better to use builtins, and “which” is even missing in some
minimal templates.
 2016-03-14 19:41:39 +01:00
Nyr
91b9373311 TAP is not needed 
Not sure why it was there in the first place.
 2016-03-13 22:45:34 +01:00
Nyr
3a96224d1f Revoking doesn't need a restart 
The CRL is checked with every new connection and channel renegotiation,
no need to restart the server.
 2016-03-08 01:12:43 +01:00
Nyr
96108e6b2e Clarify NAT question 2016-02-29 19:18:32 +01:00
Nyr
e8958b969e Avoid error message if sestatus isn't available 
Just a cosmetic change.
 2016-02-19 21:50:28 +01:00
Nyr
eaf6f1fed4 Removed Level 3 DNS 
For some countries, Level 3 is now hijacking NXDOMAIN responses, so
removed.
 2016-02-14 22:26:10 +01:00
Nyr
cf60872eae SELinux improvements 
- Now the port exception is removed when uninstalling.
- sestatus seems to be more widely available.
 2016-02-13 19:09:16 +01:00
Nyr
f9dafd6ec6 SELinux compatibility 
This should’ve been supported for a long time.
 2016-02-12 23:46:53 +01:00
Nyr
186737c769 Improved one-liner 
git.io now supports HTTPS :)
 2016-02-12 23:21:32 +01:00
Nyr
9779b817b6 Update README.md 
The “isn’t bulletproof” part was confusing to some users which were
emailing me about security. I was just talking about compatibility.
 2016-02-05 21:36:41 +01:00
Nyr
aa5c024b8e Merge pull request #107 from angrysnarl/master 
Fixed rm -rf commands for revoking user certs
 2015-12-15 17:17:31 +01:00
angrysnarl
a1b57a1c31 Fixed rm -rf commands for revoking user certs 2015-12-16 00:15:08 +08:00
Nyr
0df84e4541 Fix #105 2015-12-14 22:36:40 +01:00
Nyr
e58addc2c5 Verify server certificate during easy-rsa download 2015-11-24 23:04:56 +01:00
Nyr
d55effb08c Update to easy-rsa 3.0.1 2015-11-21 15:35:51 +01:00
Nyr
73da43b872 Merge pull request #88 from ValdikSS/buf 
Do not allow OpenVPN to set (low) buffer sizes
 2015-11-15 19:36:15 +01:00
Nyr
51998f0d56 Merge pull request #87 from ValdikSS/euid 
Use EUID to check root
 2015-11-15 19:35:26 +01:00
Nyr
5a0babb807 Merge pull request #86 from ValdikSS/exit 
Use different exit codes on error
 2015-11-15 19:35:13 +01:00
ValdikSS
0265fc0e06 Use different exit codes on error 2015-11-15 13:37:22 +03:00
ValdikSS
15a39afd11 Do not allow OpenVPN to set (low) buffer sizes 2015-11-15 13:36:20 +03:00
ValdikSS
2574097eb4 Use EUID to check root 2015-11-15 13:34:19 +03:00
Nyr
d32416561b Grep for DROP as well as REJECT 2015-10-07 19:57:04 +02:00
Nyr
5c65625bcc Merge pull request #76 from PeterDaveHello/patch-1 
Don't run the script if download failed
 2015-10-07 13:38:21 +02:00
Peter Dave Hello
5741989e69 Update README.md 
Use `&&` instead of `;` in the command,
do not run the script if download failed.
 2015-10-07 16:00:06 +08:00
Nyr
eb8d8257a0 The BIG commit 
- Upgrade to easy-rsa 3.0.0
- Firewall support: rules are added for both FirewallD and iptables if
needed.
- Creation of our own configuration files for both the server and
clients.
- Using subnet topology instead of the deprecated net30.
- Removed port 53 question during install: user can just choose that
port during setup.
- Removed internal networking option: this is a road warrior installer
after all.
- Bugfix: the default easy-rsa directory was not correctly deleted if
one was already there.
 2015-09-12 21:48:08 +02:00
Nyr
abe2ac44b1 Offer updated 2015-09-04 20:56:25 +02:00
Nyr
e176938ecd Offer updated 2015-08-06 19:43:23 +02:00
Nyr
b46a0541dd Replaced Yandex DNS with Google 
Yandex DNS is not stable enough, Google was previously missing.
 2015-08-05 02:17:24 +02:00
Nyr
67b4cd68e2 Merge pull request #57 from hcartiaux/master 
Remove a useless wc
 2015-08-04 16:27:58 +02:00
Hyacinthe Cartiaux
91e09dedf1 Remove a useless use of wc 2015-08-01 20:27:30 +02:00
Nyr
7d467d9666 Multiple improvements 
- Better UX for client certificate revocation: a list of the current
client names is shown to the user
- easy-rsa 2.2.2 now used by default: it’s easier for me to maintain a
single version
 2015-07-22 08:02:59 +02:00
Nyr
b778c1aed9 Cosmetic bugfix 2015-06-29 09:23:44 +02:00
Nyr
e6168baf80 Offer updated 2015-06-29 08:53:13 +02:00
Nyr
cf48ecd3b0 Bugfixes 
- Little fix for Debian Jessie
- Better systemd detection
- Fixed revocation on CentOS
 2015-04-28 18:35:54 +02:00
Nyr
68b5ff7e99 Revert "Cleaner port 53 setup" 
This reverts commit fb036d575b.
 2015-03-10 10:44:47 +01:00
Nyr
fb036d575b Cleaner port 53 setup 2015-02-16 17:33:22 +01:00