1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00
Commit Graph

135 Commits

Author SHA1 Message Date
Nyr
cb8730b621
Merge pull request #756 from randomshell/patch-2
Use openvpn status path from systemd service
2021-02-22 19:36:58 +01:00
Nyr
26e39cf4d7 Update AdGuard DNS IP
AdGuard changed their DNS IP recently:
https://adguard.com/en/blog/adguard-dns-new-addresses.html

Thanks @trantuanminh1754 for noticing.
2020-09-30 00:06:55 +02:00
Nyr
da299172df Update to easy-rsa v3.0.8 2020-09-09 23:18:31 +02:00
Nyr
7ddd20911b Bugfix
-N is an illegal option for read in sh, so check if the user is using sh first.
2020-07-18 18:50:59 +02:00
Nyr
13f8b2e00c resolv.conf parsing optimizations 2020-05-29 14:16:29 +02:00
Nyr
221319aa54 Fix #764 2020-05-28 21:29:53 +02:00
Nyr
9847d99849
Merge pull request #760 from sorcun/master
egrep IP regex optimizations
2020-05-28 20:38:43 +02:00
Nyr
366d46a8cc Fix #762
Variables which can be empty, shouldn't be quoted in this situation.
2020-05-25 17:23:55 +02:00
Orcun
ae7e6d7ae5 egrep IP regex optimizations 2020-05-23 13:52:26 +00:00
Nyr
bfdd480076 Add Quad9 DNS servers 2020-05-21 22:36:12 +02:00
Nyr
f737b02a9a Small style changes 2020-05-21 19:19:31 +02:00
Nyr
6f155b997d Grammar improvements 2020-05-20 23:33:16 +02:00
Nyr
e14c2359c8 Small improvements 2020-05-20 12:09:50 +02:00
Nyr
db0b51228b Fix TUN device check
Fix for the mistaken stderr redirection, sorry about that. Also, run in a
subshell so we don't need to manually close the file descriptor.
2020-05-15 18:19:24 +02:00
Nyr
d30e11d019 Improve TUN device check
While it looks hackish, I don't think there's a better way (in Bash) to open
the /dev/net/tun character device.

Checking for presence of /dev/net/tun like were doing is not good enough.
2020-05-14 19:05:05 +02:00
Nyr
b392e7da8b Improved easy-rsa setup
No need to write the tarball to disk.
2020-05-10 20:02:08 +02:00
Nyr
07249185dd Improve nf_tables test for OVZ
This test is more reliable and flexible.
2020-05-05 18:23:21 +02:00
Nyr
2852150a5b OpenVZ nf_tables workaround
nf_tables is not available in old OpenVZ kernels, so we need to use
iptables-legacy instead.

This issue only affects Debian 10 as it is the only distribution using iptables
with a nf_tables backend by default.

This is supposedly resolved in the newest kernels: https://bit.ly/3fgNZCh

Additionally, a bugfix for the ip6tables path is also included.
2020-05-05 16:47:25 +02:00
randomshell
025148c245
Use openvpn status path from systemd service
The new systemd service at `/usr/lib/systemd/system/openvpn-server@.service` that comes with openvpn 2.4 includes the status option in `ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf`

Using this default allows to have multiple servers with their own status files and all in the same log directory. Example `/run/openvpn-server/status-server.log` `/run/openvpn-server/status-server2.log`
2020-05-03 13:26:37 +00:00
Nyr
61549ffcef Improved firewall installation logic
New logic makes way more sense:
- If either firewalld or iptables are present, use whatever we have
- If not, install firewalld in CentOS/Fedora and iptables in Debian/Ubuntu
2020-05-01 17:52:12 +02:00
Nyr
ef30d9863c Improved firewall management
- Always use firewalld for CentOS and Fedora
- Cleaner check to find out if firewalld is active
2020-04-30 00:28:27 +02:00
Nyr
e0fa45b688 Fixes #642 2020-04-29 13:24:55 +02:00
Nyr
11b929ac82 Reworked OS detection
- Made OS detection more flexible and fine-grained
- Fedora is now officially supported
2020-04-24 17:48:24 +02:00
Nyr
f659724a6f Addresses #694
- Use a checkip service which works fine over HTTP to avoid issues in systems
where ca-certificates is not available
- Increase timeout to 10 seconds, because the new service is a bit slower from
some locations
- Improve grep sanitization
2020-04-21 16:45:49 +02:00
Nyr
cec053def4 Miscellaneous improvements
- Fix #694: added sanitization during the public IP address configuration and
switch to AWS checkip since the Akamai service doesn't support HTTPS.
- Add validation to cover an unlikely case where: server is behind NAT,
checkip service is unreachable and user doesn't provide input when asked for
the public IP address or hostname.
- Other small improvements not worth describing in detail.
2020-04-21 02:28:29 +02:00
Nyr
c6159aefb8 Update DNS providers
- Verisign removed (performance is subpar compared to competitors)
- NTT is back (fast and reliable)
- AdGuard added (for ad blocking)
2020-04-16 23:42:11 +02:00
Nyr
6f9daf49f5 Small style improvements 2020-04-16 23:33:14 +02:00
Nyr
5229459f99 IPv6 support
Clients will be provided with IPv6 connectivity if the server has it.

Other very small and unimportant improvements are also included in this commit.
2020-04-01 01:17:17 +02:00
Nyr
67e8427ba5
Remove the iptables NAT table check
LowEndSpirit fixed the issue on their end, so this is longer needed.

Additionally, the check causes unneeded trouble for users whose system doesn't
have the iptables package installed.
2020-04-01 00:54:00 +02:00
Nyr
9ea14fcbfc Update to easy-rsa v3.0.7 2020-03-31 02:35:50 +02:00
Nyr
6c4a21b5b9 Fix #727 2020-03-18 19:38:35 +01:00
Nyr
92d90dac29 Update error message
LowEndSpirit no longer requires that.
2019-12-23 20:19:57 +01:00
Nyr
71f5fcc023 Resolves #664 2019-10-16 22:09:25 +02:00
Nyr
6a29a6babd Miscellaneous improvements
This commit contains lots changes which are not very significant on its own but
provide important usability improvements and future proofing.

It also includes changes which required OpenVPN v2.4+ and were pending until
that version became widely available.

- General cleanup
- Improved IP address and NAT configuration
- Added input validation and sanitization
- Fix #603
- Remove "sndbuf" and "recvbuf" parameters
- Add server-side "explicit-exit-notify"
- Switch from "setenv opt" to "ignore-unknown-option"
- Switch from "tls-auth" to "tls-crypt"
- Other minor bugfixes and optimizations
2019-09-26 19:13:33 +02:00
Nyr
68e48d21b6 Check for unsupported distributions 2019-09-21 14:39:58 +02:00
Nyr
1c79a9603b Fix LimitNPROC in containers
See #206 for context.
2019-09-06 02:44:17 +02:00
Nyr
43ef4f920d Fedora support
The installer now works with Fedora and is probably ready for CentOS 8 too.
2019-06-13 03:15:18 +02:00
Nyr
a46a23d84a Migrate to the new systemd service
OpenVPN 2.4 packages provide a new systemd service unit which uses a different
directory structure. This commit drops support for Ubuntu 16.04 which has v2.3
packages.
2019-06-12 21:28:55 +02:00
Nyr
a6048d509f Switch to systemd for iptables configuration
See #464.
2019-06-07 16:17:14 +02:00
Nyr
510f9e1bf8 Remove support for old init systems
It was broken since b3953963ba anyway.
2019-05-24 14:47:02 +02:00
Nyr
d4efae3b10 Revert "Update to easy-rsa v3.0.6"
This reverts commit 43ccc5fd1c.
2019-04-24 16:52:47 +02:00
Nyr
43ccc5fd1c Update to easy-rsa v3.0.6 2019-02-02 13:21:30 +01:00
Nyr
456fbf189d Cleaner .ovpn files 2018-12-15 21:26:14 +01:00
Nyr
c90989a0e2 Use a predefined DH group
This is way faster than generating our own, see #532.
2018-10-20 14:52:24 +02:00
Nyr
6e21afcdda Update to easy-rsa v3.0.5 2018-09-25 15:20:15 +02:00
Sidd
22adb31b2e Disable compression to mitigate VORACLE (#509) 2018-08-28 14:18:58 +02:00
Nyr
cc81838501 Revert "Improve iptables configuration"
This reverts commit fdc2bfbdac.
2018-06-14 22:40:45 +02:00
Nyr
fdc2bfbdac Improve iptables configuration
See #464.
2018-06-08 17:46:09 +02:00
Nyr
b3953963ba Switch from /etc/sysctl.conf to systemd-sysctl 2018-06-08 16:07:49 +02:00
Nyr
6061a29028 Small UX improvements 2018-05-10 17:24:43 +02:00