Marown/openvpn-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/openvpn-install.git synced 2024-07-07 20:22:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
214 Commits 1 Branch 0 Tags 473 KiB
efbe7739d3
Commit Graph

160 Commits

Author SHA1 Message Date
hwdsl2
efbe7739d3 Improve setup 
- When uninstalling the VPN, disable IP forwarding.
 2022-09-09 08:53:03 -05:00
hwdsl2
401edc5bde Optimize sysctl settings 
- Improve VPN performance by optimizing sysctl settings, such as tuning
  TCP buffer sizes and enabling the TCP BBR congestion control algorithm
  on supported systems (kernel versions 4.20 and newer).
- References:
  https://cloud.google.com/blog/products/networking/tcp-bbr-congestion-control-comes-to-gcp-your-internet-just-got-faster
  https://github.com/google/bbr/blob/master/Documentation/bbr-quick-start.md
  https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/bbr.md
 2022-09-08 23:33:56 -05:00
hwdsl2
fb7de43826 Improve user input 
- When adding, exporting or revoking a client, abort and exit if
  the user enters an empty client name or client number.
 2022-09-02 23:39:09 -05:00
hwdsl2
3994091cb5 Add client export option 
- Add an option to export configuration for an existing client.
 2022-09-02 23:24:10 -05:00
hwdsl2
e58d72b585 Improve client config 
- When running the script using "sudo", export client configuration
  to the user's home directory instead of /root.
 2022-09-02 22:27:39 -05:00
hwdsl2
f169c6a1f8 Add Amazon Linux 2 
- Add support for Amazon Linux 2.
 2022-09-02 21:54:59 -05:00
hwdsl2
97635f7cb6 Fix resolv.conf detection 
- Apply upstream change Nyr/openvpn-install commit d28c8e7.
- Some systems have other DNS servers along with 127.0.0.53 in /etc/resolv.conf.
 2022-08-21 22:29:43 -05:00
hwdsl2
661cafe8fc Update nftables check 
- The check for nftables is only needed during initial install.
 2022-06-04 23:32:42 -05:00
hwdsl2
428249ff10 Improve script reliability 
- Retry 'apt-get update' and exit on package install errors.
 2022-06-02 08:59:59 -05:00
hwdsl2
5148690a82 Improve script output 
- Improve script output to only show useful information to the user
  and hide unneeded output.
 2022-05-28 00:42:12 -05:00
hwdsl2
130f51b0d0 Cleanup 2022-05-27 15:52:45 -05:00
hwdsl2
19750a5430 Update nftables check 2022-05-22 22:30:32 -05:00
hwdsl2
923802d116 Cleanup 2022-05-21 13:08:10 -05:00
hwdsl2
7c44e0b694 Improve script output 2022-05-20 18:12:37 -05:00
hwdsl2
2bf4d5e33a Improve script output 
- Improve script output to only show useful information to the user
  and hide unneeded output.
 2022-05-20 08:43:39 -05:00
hwdsl2
2fbdbde3ab Add check for nftables 2022-05-19 23:57:26 -05:00
hwdsl2
ddd59ec95e Remove clear screen 2022-05-19 23:56:19 -05:00
hwdsl2
5f18c2dbd7 Update license header 2022-05-19 23:52:20 -05:00
Nyr
c0a3562f64 Update to easy-rsa v3.1.0 2022-05-19 17:59:35 +02:00
Nyr
2c5bb08f4e Update to easy-rsa v3.0.9 2022-05-18 15:16:11 +02:00
Nyr
0709b9498c Update easy-rsa to v3.0.9-rc1 for Ubuntu 22.04 2022-05-05 11:44:36 +02:00
Nyr
8b6c81f79e Ubuntu 22.04 support 2022-04-21 21:11:44 +02:00
Nyr
94c94bbbc9 Add support for AlmaLinux and Rocky Linux 
An unrelated fix to avoid one harmless warning during removal is also included.
 2021-09-03 18:58:25 +02:00
Nyr
2cce4599e2 Check for wget or curl 2021-08-16 20:22:36 +02:00
Tomasz Wojdat
01b64d65c8
Increase priority of openvpn-forward.conf 
`30-openvpn-forward.conf` renamed to `99-openvpn-forward.conf`.
 2021-03-11 22:49:04 +01:00
Nyr
cb8730b621
Merge pull request #756 from randomshell/patch-2 
Use openvpn status path from systemd service
 2021-02-22 19:36:58 +01:00
Nyr
26e39cf4d7 Update AdGuard DNS IP 
AdGuard changed their DNS IP recently:
https://adguard.com/en/blog/adguard-dns-new-addresses.html

Thanks @trantuanminh1754 for noticing.
 2020-09-30 00:06:55 +02:00
Nyr
da299172df Update to easy-rsa v3.0.8 2020-09-09 23:18:31 +02:00
Nyr
7ddd20911b Bugfix 
-N is an illegal option for read in sh, so check if the user is using sh first.
 2020-07-18 18:50:59 +02:00
Nyr
13f8b2e00c resolv.conf parsing optimizations 2020-05-29 14:16:29 +02:00
Nyr
221319aa54 Fix #764 2020-05-28 21:29:53 +02:00
Nyr
9847d99849
Merge pull request #760 from sorcun/master 
egrep IP regex optimizations
 2020-05-28 20:38:43 +02:00
Nyr
366d46a8cc Fix #762 
Variables which can be empty, shouldn't be quoted in this situation.
 2020-05-25 17:23:55 +02:00
Orcun
ae7e6d7ae5 egrep IP regex optimizations 2020-05-23 13:52:26 +00:00
Nyr
bfdd480076 Add Quad9 DNS servers 2020-05-21 22:36:12 +02:00
Nyr
f737b02a9a Small style changes 2020-05-21 19:19:31 +02:00
Nyr
6f155b997d Grammar improvements 2020-05-20 23:33:16 +02:00
Nyr
e14c2359c8 Small improvements 2020-05-20 12:09:50 +02:00
Nyr
db0b51228b Fix TUN device check 
Fix for the mistaken stderr redirection, sorry about that. Also, run in a
subshell so we don't need to manually close the file descriptor.
 2020-05-15 18:19:24 +02:00
Nyr
d30e11d019 Improve TUN device check 
While it looks hackish, I don't think there's a better way (in Bash) to open
the /dev/net/tun character device.

Checking for presence of /dev/net/tun like were doing is not good enough.
 2020-05-14 19:05:05 +02:00
Nyr
b392e7da8b Improved easy-rsa setup 
No need to write the tarball to disk.
 2020-05-10 20:02:08 +02:00
Nyr
07249185dd Improve nf_tables test for OVZ 
This test is more reliable and flexible.
 2020-05-05 18:23:21 +02:00
Nyr
2852150a5b OpenVZ nf_tables workaround 
nf_tables is not available in old OpenVZ kernels, so we need to use
iptables-legacy instead.

This issue only affects Debian 10 as it is the only distribution using iptables
with a nf_tables backend by default.

This is supposedly resolved in the newest kernels: https://bit.ly/3fgNZCh

Additionally, a bugfix for the ip6tables path is also included.
 2020-05-05 16:47:25 +02:00
randomshell
025148c245
Use openvpn status path from systemd service 
The new systemd service at `/usr/lib/systemd/system/openvpn-server@.service` that comes with openvpn 2.4 includes the status option in `ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf`

Using this default allows to have multiple servers with their own status files and all in the same log directory. Example `/run/openvpn-server/status-server.log` `/run/openvpn-server/status-server2.log`
 2020-05-03 13:26:37 +00:00
Nyr
61549ffcef Improved firewall installation logic 
New logic makes way more sense:
- If either firewalld or iptables are present, use whatever we have
- If not, install firewalld in CentOS/Fedora and iptables in Debian/Ubuntu
 2020-05-01 17:52:12 +02:00
Nyr
ef30d9863c Improved firewall management 
- Always use firewalld for CentOS and Fedora
- Cleaner check to find out if firewalld is active
 2020-04-30 00:28:27 +02:00
Nyr
e0fa45b688 Fixes #642 2020-04-29 13:24:55 +02:00
Nyr
11b929ac82 Reworked OS detection 
- Made OS detection more flexible and fine-grained
- Fedora is now officially supported
 2020-04-24 17:48:24 +02:00
Nyr
f659724a6f Addresses #694 
- Use a checkip service which works fine over HTTP to avoid issues in systems
where ca-certificates is not available
- Increase timeout to 10 seconds, because the new service is a bit slower from
some locations
- Improve grep sanitization
 2020-04-21 16:45:49 +02:00
Nyr
cec053def4 Miscellaneous improvements 
- Fix #694: added sanitization during the public IP address configuration and
switch to AWS checkip since the Akamai service doesn't support HTTPS.
- Add validation to cover an unlikely case where: server is behind NAT,
checkip service is unreachable and user doesn't provide input when asked for
the public IP address or hostname.
- Other small improvements not worth describing in detail.
 2020-04-21 02:28:29 +02:00