Marown/openvpn-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/openvpn-install.git synced 2024-07-07 20:22:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
84 Commits 1 Branch 0 Tags 473 KiB
b6f0c42b5b
Commit Graph

59 Commits

Author SHA1 Message Date
Tony Xu
799b8f9a76 fix net.ipv4.ip_forward settings 
If the `/etc/sysctl.conf` contains `net.ipv4.ip_forward_use_pmtu`
 2016-09-06 23:52:08 +08:00
Nyr
791c54786c Better way to enable IP forwarding 
Should be more universal than the previous approach.
 2016-09-06 16:20:52 +02:00
Michael
56f079289e Changed iptables to not lookup hosts 
Should be faster lookup on iptables if firewall rules contain lots
of host IP addresses (no need for a DNS lookup on each one!)
 2016-08-22 20:14:34 +01:00
Nyr
ef1ae85797 Change cipher to AES-128-CBC 2016-05-16 02:52:33 +02:00
Nyr
ae5b5ce2be Drop privileges after initialization 2016-05-15 20:50:37 +02:00
Nyr
c5b4907fd6 Enable tls-auth 2016-05-15 19:22:32 +02:00
Nyr
acca10ba1a Prevent DNS leaks on Windows 10 
- This will generate a warning in unsupported environments.
- This will not work if the client is using an OpenVPN version lower
than 2.3.9
- For OpenVPN 2.3.3+, ignore-unknown-option could be used instead of
setenv opt to prevent a warning.

TL;DR: upgrade to the latest OpenVPN on Windows, ignore the warning
elsewhere.

Thanks a lot for your continuous work on OpenVPN, @ValdikSS.
 2016-05-15 01:49:50 +02:00
Nyr
52f419e0d5 Detect users running with "sh" instead of bash 
And changed error codes. Sorry, not sorry.
 2016-05-10 14:12:32 +02:00
Nyr
2bcb4681a1 Added Verisign DNS 2016-04-07 16:57:47 +02:00
Nyr
7fb12dc5cb Use "hash" instead of "which" 
Always better to use builtins, and “which” is even missing in some
minimal templates.
 2016-03-14 19:41:39 +01:00
Nyr
91b9373311 TAP is not needed 
Not sure why it was there in the first place.
 2016-03-13 22:45:34 +01:00
Nyr
3a96224d1f Revoking doesn't need a restart 
The CRL is checked with every new connection and channel renegotiation,
no need to restart the server.
 2016-03-08 01:12:43 +01:00
Nyr
96108e6b2e Clarify NAT question 2016-02-29 19:18:32 +01:00
Nyr
e8958b969e Avoid error message if sestatus isn't available 
Just a cosmetic change.
 2016-02-19 21:50:28 +01:00
Nyr
eaf6f1fed4 Removed Level 3 DNS 
For some countries, Level 3 is now hijacking NXDOMAIN responses, so
removed.
 2016-02-14 22:26:10 +01:00
Nyr
cf60872eae SELinux improvements 
- Now the port exception is removed when uninstalling.
- sestatus seems to be more widely available.
 2016-02-13 19:09:16 +01:00
Nyr
f9dafd6ec6 SELinux compatibility 
This should’ve been supported for a long time.
 2016-02-12 23:46:53 +01:00
angrysnarl
a1b57a1c31 Fixed rm -rf commands for revoking user certs 2015-12-16 00:15:08 +08:00
Nyr
0df84e4541 Fix #105 2015-12-14 22:36:40 +01:00
Nyr
e58addc2c5 Verify server certificate during easy-rsa download 2015-11-24 23:04:56 +01:00
Nyr
d55effb08c Update to easy-rsa 3.0.1 2015-11-21 15:35:51 +01:00
Nyr
73da43b872 Merge pull request #88 from ValdikSS/buf 
Do not allow OpenVPN to set (low) buffer sizes
 2015-11-15 19:36:15 +01:00
Nyr
51998f0d56 Merge pull request #87 from ValdikSS/euid 
Use EUID to check root
 2015-11-15 19:35:26 +01:00
ValdikSS
0265fc0e06 Use different exit codes on error 2015-11-15 13:37:22 +03:00
ValdikSS
15a39afd11 Do not allow OpenVPN to set (low) buffer sizes 2015-11-15 13:36:20 +03:00
ValdikSS
2574097eb4 Use EUID to check root 2015-11-15 13:34:19 +03:00
Nyr
d32416561b Grep for DROP as well as REJECT 2015-10-07 19:57:04 +02:00
Nyr
eb8d8257a0 The BIG commit 
- Upgrade to easy-rsa 3.0.0
- Firewall support: rules are added for both FirewallD and iptables if
needed.
- Creation of our own configuration files for both the server and
clients.
- Using subnet topology instead of the deprecated net30.
- Removed port 53 question during install: user can just choose that
port during setup.
- Removed internal networking option: this is a road warrior installer
after all.
- Bugfix: the default easy-rsa directory was not correctly deleted if
one was already there.
 2015-09-12 21:48:08 +02:00
Nyr
b46a0541dd Replaced Yandex DNS with Google 
Yandex DNS is not stable enough, Google was previously missing.
 2015-08-05 02:17:24 +02:00
Hyacinthe Cartiaux
91e09dedf1 Remove a useless use of wc 2015-08-01 20:27:30 +02:00
Nyr
7d467d9666 Multiple improvements 
- Better UX for client certificate revocation: a list of the current
client names is shown to the user
- easy-rsa 2.2.2 now used by default: it’s easier for me to maintain a
single version
 2015-07-22 08:02:59 +02:00
Nyr
b778c1aed9 Cosmetic bugfix 2015-06-29 09:23:44 +02:00
Nyr
cf48ecd3b0 Bugfixes 
- Little fix for Debian Jessie
- Better systemd detection
- Fixed revocation on CentOS
 2015-04-28 18:35:54 +02:00
Nyr
68b5ff7e99 Revert "Cleaner port 53 setup" 
This reverts commit fb036d575b.
 2015-03-10 10:44:47 +01:00
Nyr
fb036d575b Cleaner port 53 setup 2015-02-16 17:33:22 +01:00
Nyr
fad088013c CentOS support and other improvements 2015-02-11 19:51:19 +01:00
Nyr
a256194ecb Add feedback during removal abortion 2015-01-25 20:45:07 +01:00
Nyr
98b39e7354 Added a confirmation dialog before removing 2015-01-21 03:03:14 +01:00
Nyr
6d4af520b8 Bugfix for systems with a non-standard rc.local 2014-11-07 00:53:28 +01:00
Nyr
215140b682 Options for custom DNS and intra-VPN connectivity 2014-11-04 21:57:36 +01:00
Nyr
2174037768 Now using in-line certificates 2014-10-23 03:16:09 +02:00
Nyr
091e487472 Cleanup 2014-10-23 00:19:08 +02:00
Nyr
936a8b8ff0 Removed useless cat 2014-09-25 04:00:32 +02:00
Nyr
091ef01a8b Bug fix + future bulletproofness 
- Use always double [[]] blocks (bug fix for the test at line 208 under
some circumstances)
- bash shell is now forced
- All variables are now quoted
 2014-09-18 23:34:22 +02:00
Nyr
afb30c44da Now using resolvers from resolv.conf 
This will help with some ISPs restricting access to third party DNS
servers like it happens with LowEndSpirit and Torqhost.
 2014-05-15 18:20:53 +02:00
Nyr
c72a4d2b5e Bugfix: port redirect wasn't correctly set when a custom port was in place 2014-03-12 21:14:38 +01:00
Nyr
a69dae3021 Check if the script is running on a Debian-based system before starting 
Fixed some spacing too
 2014-03-12 21:06:57 +01:00
Nyr
6d89279940 Bugfix for systems with multiple IPv4 addresses available 2013-12-20 18:50:30 +01:00
Nyr
ee9750a210 Use Easy-RSA 2.2.2 instead of the master branch with Debian Jessie and Ubuntu Saucy 
This was needed for Debian Jessie, but using always the latest Easy-RSA
was a bad idea.

I will force Easy-RSA 2.2.2 for now and until Jessie becomes stable.
Then we can probably just use the distro packages instead of Github,
but for now this will work.
 2013-12-19 22:09:20 +01:00
Nyr
b30130b506 Bugfixes 
- easy-rsa was downloaded from Github even on systems where it was available by default.
- easy-rsa.tar.gz is now removed when no longer needed.
 2013-10-04 19:04:12 +02:00