mirror of
https://github.com/hwdsl2/openvpn-install.git
synced 2024-07-01 01:06:07 +02:00
Cleanup
This commit is contained in:
parent
ff1ea0208f
commit
dab8eaebcf
|
@ -8,24 +8,12 @@
|
|||
# Copyright (c) 2022 Lin Song <linsongui@gmail.com>
|
||||
# Copyright (c) 2013-2022 Nyr
|
||||
#
|
||||
# Released under the MIT License.
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
# this software and associated documentation files (the "Software"), to deal in
|
||||
# the Software without restriction, including without limitation the rights to
|
||||
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
# the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
# subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in all
|
||||
# copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
# Released under the MIT License, see the accompanying file LICENSE.txt
|
||||
# or https://opensource.org/licenses/MIT
|
||||
|
||||
exiterr() { echo "Error: $1" >&2; exit 1; }
|
||||
exiterr2() { exiterr "'apt-get install' failed."; }
|
||||
exiterr3() { exiterr "'yum install' failed."; }
|
||||
|
||||
check_ip() {
|
||||
IP_REGEX='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
|
||||
|
@ -149,16 +137,20 @@ EOF
|
|||
|
||||
ovpnsetup() {
|
||||
|
||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
|
||||
if [ "$(id -u)" != 0 ]; then
|
||||
exiterr "This installer must be run as root. Try 'sudo bash $0'"
|
||||
fi
|
||||
|
||||
# Detect Debian users running the script with "sh" instead of bash
|
||||
if readlink /proc/$$/exe | grep -q "dash"; then
|
||||
echo 'This installer needs to be run with "bash", not "sh".'
|
||||
exit 1
|
||||
exiterr 'This installer needs to be run with "bash", not "sh".'
|
||||
fi
|
||||
|
||||
# Detect OpenVZ 6
|
||||
if [[ $(uname -r | cut -d "." -f 1) -eq 2 ]]; then
|
||||
echo "The system is running an old kernel, which is incompatible with this installer."
|
||||
exit 1
|
||||
exiterr "The system is running an old kernel, which is incompatible with this installer."
|
||||
fi
|
||||
|
||||
# Detect OS
|
||||
|
@ -184,44 +176,28 @@ elif [[ -e /etc/fedora-release ]]; then
|
|||
os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1)
|
||||
group_name="nobody"
|
||||
else
|
||||
echo "This installer seems to be running on an unsupported distribution.
|
||||
exiterr "This installer seems to be running on an unsupported distribution.
|
||||
Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora and Amazon Linux 2."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$os" == "ubuntu" && "$os_version" -lt 1804 ]]; then
|
||||
echo "Ubuntu 18.04 or higher is required to use this installer.
|
||||
exiterr "Ubuntu 18.04 or higher is required to use this installer.
|
||||
This version of Ubuntu is too old and unsupported."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$os" == "debian" && "$os_version" -lt 9 ]]; then
|
||||
echo "Debian 9 or higher is required to use this installer.
|
||||
exiterr "Debian 9 or higher is required to use this installer.
|
||||
This version of Debian is too old and unsupported."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$os" == "centos" && "$os_version" -lt 7 ]]; then
|
||||
echo "CentOS 7 or higher is required to use this installer.
|
||||
exiterr "CentOS 7 or higher is required to use this installer.
|
||||
This version of CentOS is too old and unsupported."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Detect environments where $PATH does not include the sbin directories
|
||||
if ! grep -q sbin <<< "$PATH"; then
|
||||
echo '$PATH does not include sbin. Try using "su -" instead of "su".'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$(id -u)" != 0 ]; then
|
||||
echo "This installer must be run as root. Try 'sudo bash $0'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -e /dev/net/tun ]] || ! ( exec 7<>/dev/net/tun ) 2>/dev/null; then
|
||||
echo "The system does not have the TUN device available.
|
||||
exiterr "The system does not have the TUN device available.
|
||||
TUN needs to be enabled before running this installer."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
auto=0
|
||||
|
@ -229,8 +205,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
|
|||
if [ "$os" = "centos" ]; then
|
||||
if grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf \
|
||||
|| systemctl is-active --quiet nftables 2>/dev/null; then
|
||||
echo "This system has nftables enabled, which is not supported by this installer."
|
||||
exit 1
|
||||
exiterr "This system has nftables enabled, which is not supported by this installer."
|
||||
fi
|
||||
fi
|
||||
while [ "$#" -gt 0 ]; do
|
||||
|
@ -258,7 +233,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
|
|||
set -x
|
||||
apt-get -yqq update || apt-get -yqq update
|
||||
apt-get -yqq install wget >/dev/null
|
||||
) || exit 1
|
||||
) || exiterr2
|
||||
fi
|
||||
if ! hash ip 2>/dev/null; then
|
||||
if [ "$auto" = 0 ]; then
|
||||
|
@ -271,12 +246,12 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
|
|||
set -x
|
||||
apt-get -yqq update || apt-get -yqq update
|
||||
apt-get -yqq install iproute2 >/dev/null
|
||||
) || exit 1
|
||||
) || exiterr2
|
||||
else
|
||||
(
|
||||
set -x
|
||||
yum -y -q install iproute >/dev/null
|
||||
) || exit 1
|
||||
) || exiterr3
|
||||
fi
|
||||
fi
|
||||
if [ "$auto" = 0 ]; then
|
||||
|
@ -491,7 +466,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
|
|||
set -x
|
||||
apt-get -yqq update || apt-get -yqq update
|
||||
apt-get -yqq install openvpn openssl ca-certificates $firewall >/dev/null
|
||||
) || exit 1
|
||||
) || exiterr2
|
||||
elif [[ "$os" = "centos" ]]; then
|
||||
if grep -qs "Amazon Linux release 2" /etc/system-release; then
|
||||
(
|
||||
|
@ -502,18 +477,18 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
|
|||
(
|
||||
set -x
|
||||
yum -y -q install epel-release >/dev/null
|
||||
) || exit 1
|
||||
) || exiterr3
|
||||
fi
|
||||
(
|
||||
set -x
|
||||
yum -y -q install openvpn openssl ca-certificates tar $firewall >/dev/null 2>&1
|
||||
) || exit 1
|
||||
) || exiterr3
|
||||
else
|
||||
# Else, OS must be Fedora
|
||||
(
|
||||
set -x
|
||||
dnf install -y openvpn openssl ca-certificates tar $firewall >/dev/null
|
||||
) || exit 1
|
||||
) || exiterr "'dnf install' failed."
|
||||
fi
|
||||
# If firewalld was just installed, enable it
|
||||
if [[ "$firewall" == "firewalld" ]]; then
|
||||
|
@ -527,8 +502,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
|
|||
mkdir -p /etc/openvpn/server/easy-rsa/
|
||||
{ wget -t 3 -T 30 -qO- "$easy_rsa_url" 2>/dev/null || curl -m 30 -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1
|
||||
if [ ! -f /etc/openvpn/server/easy-rsa/easyrsa ]; then
|
||||
echo "Error: Failed to download EasyRSA from $easy_rsa_url."
|
||||
exit 1
|
||||
exiterr "Failed to download EasyRSA from $easy_rsa_url."
|
||||
fi
|
||||
chown -R root:root /etc/openvpn/server/easy-rsa/
|
||||
cd /etc/openvpn/server/easy-rsa/ || exit 1
|
||||
|
@ -701,13 +675,13 @@ WantedBy=multi-user.target" >> /etc/systemd/system/openvpn-iptables.service
|
|||
(
|
||||
set -x
|
||||
yum -y -q install policycoreutils-python >/dev/null
|
||||
) || exit 1
|
||||
) || exiterr3
|
||||
else
|
||||
# CentOS 8 or Fedora
|
||||
(
|
||||
set -x
|
||||
dnf install -y policycoreutils-python-utils >/dev/null
|
||||
) || exit 1
|
||||
) || exiterr "'dnf install' failed."
|
||||
fi
|
||||
fi
|
||||
semanage port -a -t openvpn_port_t -p "$protocol" "$port"
|
||||
|
|
Loading…
Reference in New Issue
Block a user