From 01b64d65c8129448cb87597357c2ccac1230542c Mon Sep 17 00:00:00 2001 From: Tomasz Wojdat Date: Thu, 11 Mar 2021 22:49:04 +0100 Subject: [PATCH 01/20] Increase priority of openvpn-forward.conf `30-openvpn-forward.conf` renamed to `99-openvpn-forward.conf`. --- openvpn-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 25f93e3..4df5783 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -326,12 +326,12 @@ crl-verify crl.pem" >> /etc/openvpn/server/server.conf echo "explicit-exit-notify" >> /etc/openvpn/server/server.conf fi # Enable net.ipv4.ip_forward for the system - echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/30-openvpn-forward.conf + echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/99-openvpn-forward.conf # Enable without waiting for a reboot or service restart echo 1 > /proc/sys/net/ipv4/ip_forward if [[ -n "$ip6" ]]; then # Enable net.ipv6.conf.all.forwarding for the system - echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/30-openvpn-forward.conf + echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/99-openvpn-forward.conf # Enable without waiting for a reboot or service restart echo 1 > /proc/sys/net/ipv6/conf/all/forwarding fi @@ -537,7 +537,7 @@ else systemctl disable --now openvpn-server@server.service rm -rf /etc/openvpn/server rm -f /etc/systemd/system/openvpn-server@server.service.d/disable-limitnproc.conf - rm -f /etc/sysctl.d/30-openvpn-forward.conf + rm -f /etc/sysctl.d/99-openvpn-forward.conf if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then apt-get remove --purge -y openvpn else From 2cce4599e2812ae2556258aad14cc2e223963259 Mon Sep 17 00:00:00 2001 From: Nyr Date: Mon, 16 Aug 2021 20:22:36 +0200 Subject: [PATCH 02/20] Check for wget or curl --- openvpn-install.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index 4df5783..d2255d5 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -99,6 +99,13 @@ new_client () { } if [[ ! -e /etc/openvpn/server/server.conf ]]; then + # Detect some Debian minimal setups where neither wget nor curl are installed + if ! hash wget 2>/dev/null && ! hash curl 2>/dev/null; then + echo "Wget is required to use this installer." + read -n1 -r -p "Press any key to install Wget and continue..." + apt-get update + apt-get install -y wget + fi clear echo 'Welcome to this OpenVPN road warrior installer!' # If system has a single IPv4, it is selected automatically. Else, ask the user From 94c94bbbc9cd650bbe74e806ca02ec7399a5369a Mon Sep 17 00:00:00 2001 From: Nyr Date: Fri, 3 Sep 2021 18:58:25 +0200 Subject: [PATCH 03/20] Add support for AlmaLinux and Rocky Linux An unrelated fix to avoid one harmless warning during removal is also included. --- README.md | 2 +- openvpn-install.sh | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 521d4c0..e4f84ee 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ **New: [wireguard-install](https://github.com/Nyr/wireguard-install) is also available.** ## openvpn-install -OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, CentOS and Fedora. +OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora. This script will let you set up your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible. diff --git a/openvpn-install.sh b/openvpn-install.sh index d2255d5..b39e795 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -30,9 +30,9 @@ elif [[ -e /etc/debian_version ]]; then os="debian" os_version=$(grep -oE '[0-9]+' /etc/debian_version | head -1) group_name="nogroup" -elif [[ -e /etc/centos-release ]]; then +elif [[ -e /etc/almalinux-release || -e /etc/rocky-release || -e /etc/centos-release ]]; then os="centos" - os_version=$(grep -oE '[0-9]+' /etc/centos-release | head -1) + os_version=$(grep -shoE '[0-9]+' /etc/almalinux-release /etc/rocky-release /etc/centos-release | head -1) group_name="nobody" elif [[ -e /etc/fedora-release ]]; then os="fedora" @@ -40,7 +40,7 @@ elif [[ -e /etc/fedora-release ]]; then group_name="nobody" else echo "This installer seems to be running on an unsupported distribution. -Supported distributions are Ubuntu, Debian, CentOS, and Fedora." +Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora." exit fi @@ -202,7 +202,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then [[ -z "$client" ]] && client="client" echo echo "OpenVPN installation is ready to begin." - # Install a firewall in the rare case where one is not already available + # Install a firewall if firewalld or iptables are not already available if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then if [[ "$os" == "centos" || "$os" == "fedora" ]]; then firewall="firewalld" @@ -542,14 +542,15 @@ else semanage port -d -t openvpn_port_t -p "$protocol" "$port" fi systemctl disable --now openvpn-server@server.service - rm -rf /etc/openvpn/server rm -f /etc/systemd/system/openvpn-server@server.service.d/disable-limitnproc.conf rm -f /etc/sysctl.d/99-openvpn-forward.conf if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then + rm -rf /etc/openvpn/server apt-get remove --purge -y openvpn else # Else, OS must be CentOS or Fedora yum remove -y openvpn + rm -rf /etc/openvpn/server fi echo echo "OpenVPN removed!" From 8b6c81f79e61656de5766e94f9c1f0ccf4f3bd82 Mon Sep 17 00:00:00 2001 From: Nyr Date: Thu, 21 Apr 2022 21:11:44 +0200 Subject: [PATCH 04/20] Ubuntu 22.04 support --- openvpn-install.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index b39e795..c5136c8 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -236,7 +236,12 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz' + # The latest easy-rsa release is not yet compatible with Ubuntu 22.04 + if [[ "$os" == "ubuntu" && "$os_version" -eq 2204 ]]; then + easy_rsa_url='https://wg.nyr.be/download/EasyRSA-bf19e79.tgz' + else + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz' + fi mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ From 36f1d82cbaf566a5de08a0792e7f04104f4914c7 Mon Sep 17 00:00:00 2001 From: Nyr Date: Wed, 27 Apr 2022 12:37:53 +0200 Subject: [PATCH 05/20] Replace git.io git.io will stop functioning by the end of this workweek: https://github.blog/changelog/2022-04-25-git-io-deprecation/ --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e4f84ee..890fd82 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This script will let you set up your own VPN server in no more than a minute, ev ### Installation Run the script and follow the assistant: -`wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh` +`wget https://github.com/Nyr/openvpn-install/raw/master/openvpn-install.sh && bash openvpn-install.sh` Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. From a7474c95ca1df99d0474eb15b46eb4d4058ad9cf Mon Sep 17 00:00:00 2001 From: Nyr Date: Fri, 29 Apr 2022 16:44:49 +0200 Subject: [PATCH 06/20] Restore git.io git.io will not stop functioning after all: https://github.blog/changelog/2022-04-25-git-io-deprecation/?#changelog-64536 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 890fd82..e4f84ee 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This script will let you set up your own VPN server in no more than a minute, ev ### Installation Run the script and follow the assistant: -`wget https://github.com/Nyr/openvpn-install/raw/master/openvpn-install.sh && bash openvpn-install.sh` +`wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh` Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. From 0709b9498ccdb11ba07890c75b1f7d6c5fd51455 Mon Sep 17 00:00:00 2001 From: Nyr Date: Thu, 5 May 2022 11:44:36 +0200 Subject: [PATCH 07/20] Update easy-rsa to v3.0.9-rc1 for Ubuntu 22.04 --- openvpn-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index c5136c8..408f4ba 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -236,9 +236,9 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - # The latest easy-rsa release is not yet compatible with Ubuntu 22.04 + # The latest easy-rsa stable release is not yet compatible with Ubuntu 22.04 if [[ "$os" == "ubuntu" && "$os_version" -eq 2204 ]]; then - easy_rsa_url='https://wg.nyr.be/download/EasyRSA-bf19e79.tgz' + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.9-rc1/EasyRSA-v3.0.9-rc1.tgz' else easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz' fi From 2c5bb08f4e1ecd117871d06b52c14a764f7fee56 Mon Sep 17 00:00:00 2001 From: Nyr Date: Wed, 18 May 2022 15:16:11 +0200 Subject: [PATCH 08/20] Update to easy-rsa v3.0.9 --- openvpn-install.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 408f4ba..fd7114f 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -236,12 +236,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - # The latest easy-rsa stable release is not yet compatible with Ubuntu 22.04 - if [[ "$os" == "ubuntu" && "$os_version" -eq 2204 ]]; then - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.9-rc1/EasyRSA-v3.0.9-rc1.tgz' - else - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz' - fi + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.9/EasyRSA-v3.0.9.tgz' mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ From c0a3562f64505678394ba99ea9c104fde14118cc Mon Sep 17 00:00:00 2001 From: Nyr Date: Thu, 19 May 2022 17:59:35 +0200 Subject: [PATCH 09/20] Update to easy-rsa v3.1.0 --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index fd7114f..effb1f6 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -236,7 +236,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.9/EasyRSA-v3.0.9.tgz' + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.0/EasyRSA-3.1.0.tgz' mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ From 1a118b72f86b85134332095cfa5d8adbc1de7a0e Mon Sep 17 00:00:00 2001 From: Nyr Date: Sun, 21 Aug 2022 19:33:38 +0200 Subject: [PATCH 10/20] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e4f84ee..838c8c2 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Run the script and follow the assistant: Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. ### I want to run my own VPN but don't have a server for that -You can get a VPS from just $1/month at [VirMach](https://billing.virmach.com/aff.php?aff=4109&url=billing.virmach.com/cart.php?gid=18). +You can get a VPS from just 2€/month at [AlphaVPS](https://alphavps.com/clients/aff.php?aff=474&pid=422). ### Donations From d28c8e74e76021705ec5241348a3ee309f275564 Mon Sep 17 00:00:00 2001 From: Nyr Date: Sun, 21 Aug 2022 20:33:34 +0200 Subject: [PATCH 11/20] Fix resolv.conf detection Some systems have other DNS servers along with 127.0.0.53 in /etc/resolv.conf --- openvpn-install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index effb1f6..36a17d0 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -290,13 +290,13 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf 1|"") # Locate the proper resolv.conf # Needed for systems running systemd-resolved - if grep -q '^nameserver 127.0.0.53' "/etc/resolv.conf"; then - resolv_conf="/run/systemd/resolve/resolv.conf" - else + if grep '^nameserver' "/etc/resolv.conf" | grep -qv '127.0.0.53' ; then resolv_conf="/etc/resolv.conf" + else + resolv_conf="/run/systemd/resolve/resolv.conf" fi # Obtain the resolvers from resolv.conf and use them for OpenVPN - grep -v '^#\|^;' "$resolv_conf" | grep '^nameserver' | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | while read line; do + grep -v '^#\|^;' "$resolv_conf" | grep '^nameserver' | grep -v '127.0.0.53' | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | while read line; do echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server/server.conf done ;; From f2c44dea4046a83cf012df916bdf9b0e1e537400 Mon Sep 17 00:00:00 2001 From: Nyr Date: Fri, 23 Sep 2022 17:07:43 +0200 Subject: [PATCH 12/20] Change "block-outside-dns" placement This is mainly to work around a bug in Viscosity for macOS: https://www.sparklabs.com/forum/viewtopic.php?t=3152 --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 36a17d0..815031e 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -321,6 +321,7 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 94.140.15.15"' >> /etc/openvpn/server/server.conf ;; esac + echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf echo "keepalive 10 120 cipher AES-256-CBC user nobody @@ -424,7 +425,6 @@ remote-cert-tls server auth SHA512 cipher AES-256-CBC ignore-unknown-option block-outside-dns -block-outside-dns verb 3" > /etc/openvpn/server/client-common.txt # Enable and start the OpenVPN service systemctl enable --now openvpn-server@server.service From f9433870836dfd008fca810780f639bafadaf8b0 Mon Sep 17 00:00:00 2001 From: Nyr Date: Thu, 13 Oct 2022 21:17:39 +0200 Subject: [PATCH 13/20] Update to easy-rsa v3.1.1 --no-install-recommends is now required for Debian: https://github.com/OpenVPN/easy-rsa/issues/725 --- openvpn-install.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 815031e..4235723 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -223,7 +223,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab fi if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then apt-get update - apt-get install -y openvpn openssl ca-certificates $firewall + apt-get install -y --no-install-recommends openvpn openssl ca-certificates $firewall elif [[ "$os" = "centos" ]]; then yum install -y epel-release yum install -y openvpn openssl ca-certificates tar $firewall @@ -236,17 +236,17 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.0/EasyRSA-3.1.0.tgz' + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.1/EasyRSA-3.1.1.tgz' mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ cd /etc/openvpn/server/easy-rsa/ # Create the PKI, set up the CA and the server and client certificates - ./easyrsa init-pki + ./easyrsa --batch init-pki ./easyrsa --batch build-ca nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass - EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl + ./easyrsa --batch --days=3650 build-server-full server nopass + ./easyrsa --batch --days=3650 build-client-full "$client" nopass + ./easyrsa --batch --days=3650 gen-crl # Move the stuff we need cp pki/ca.crt pki/private/ca.key pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn/server # CRL is read with each client connection, while OpenVPN is dropped to nobody @@ -461,7 +461,7 @@ else client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client") done cd /etc/openvpn/server/easy-rsa/ - EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass + ./easyrsa --batch --days=3650 build-client-full "$client" nopass # Generates the custom client.ovpn new_client echo @@ -495,7 +495,7 @@ else if [[ "$revoke" =~ ^[yY]$ ]]; then cd /etc/openvpn/server/easy-rsa/ ./easyrsa --batch revoke "$client" - EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl + ./easyrsa --batch --days=3650 gen-crl rm -f /etc/openvpn/server/crl.pem cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem # CRL is read with each client connection, when OpenVPN is dropped to nobody From d4ae10ec2530747a1f5d78a7dea9e635a124db6c Mon Sep 17 00:00:00 2001 From: Nyr Date: Wed, 18 Jan 2023 18:40:18 +0100 Subject: [PATCH 14/20] Update to easy-rsa v3.1.2 --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 4235723..637fe3c 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -236,7 +236,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.1/EasyRSA-3.1.1.tgz' + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.2/EasyRSA-3.1.2.tgz' mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ From 9d6d87a6fb9b21fb6c4761fce23746b5d5594495 Mon Sep 17 00:00:00 2001 From: Nyr Date: Fri, 19 May 2023 16:16:50 +0200 Subject: [PATCH 15/20] Update to easy-rsa v3.1.3 --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 637fe3c..073e94e 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -236,7 +236,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.2/EasyRSA-3.1.2.tgz' + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.3/EasyRSA-3.1.3.tgz' mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ From cd6869bf4d2997d9d81e4a0c9412ff92af2ecbf2 Mon Sep 17 00:00:00 2001 From: Nyr Date: Wed, 14 Jun 2023 12:51:58 +0200 Subject: [PATCH 16/20] Update to easy-rsa v3.1.5 --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 073e94e..764a889 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -236,7 +236,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.3/EasyRSA-3.1.3.tgz' + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.5/EasyRSA-3.1.5.tgz' mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ From af2710df4623579c4acf84b06c5ec2b04f7594ab Mon Sep 17 00:00:00 2001 From: Nyr Date: Sat, 14 Oct 2023 19:22:24 +0200 Subject: [PATCH 17/20] Update to easy-rsa v3.1.7 --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 764a889..96cb98c 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -236,7 +236,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab systemctl enable --now firewalld.service fi # Get easy-rsa - easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.5/EasyRSA-3.1.5.tgz' + easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.7/EasyRSA-3.1.7.tgz' mkdir -p /etc/openvpn/server/easy-rsa/ { wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 chown -R root:root /etc/openvpn/server/easy-rsa/ From 4b412c94b4314c0c7a9a90381a454f622dac3ea6 Mon Sep 17 00:00:00 2001 From: Nyr Date: Thu, 19 Oct 2023 16:17:28 +0200 Subject: [PATCH 18/20] Fix #970 --- openvpn-install.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 96cb98c..d13261d 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -50,10 +50,16 @@ This version of Ubuntu is too old and unsupported." exit fi -if [[ "$os" == "debian" && "$os_version" -lt 9 ]]; then - echo "Debian 9 or higher is required to use this installer. +if [[ "$os" == "debian" ]]; then + if grep -q '/sid' /etc/debian_version; then + echo "Debian Testing and Debian Unstable are unsupported by this installer." + exit + fi + if [[ "$os_version" -lt 9 ]]; then + echo "Debian 9 or higher is required to use this installer. This version of Debian is too old and unsupported." - exit + exit + fi fi if [[ "$os" == "centos" && "$os_version" -lt 7 ]]; then From 52b12468b1b70ce349a46a7598034a0931e4d5d7 Mon Sep 17 00:00:00 2001 From: Nyr Date: Thu, 26 Oct 2023 16:11:50 +0200 Subject: [PATCH 19/20] Remove --cipher parameter --cipher has been deprecated since v2.4 and was kept for compatibility purposes. --- openvpn-install.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index d13261d..ff1d0db 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -329,7 +329,6 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf esac echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf echo "keepalive 10 120 -cipher AES-256-CBC user nobody group $group_name persist-key @@ -429,7 +428,6 @@ persist-key persist-tun remote-cert-tls server auth SHA512 -cipher AES-256-CBC ignore-unknown-option block-outside-dns verb 3" > /etc/openvpn/server/client-common.txt # Enable and start the OpenVPN service From 6936231d86f67f99e1777600ad06e052752447d5 Mon Sep 17 00:00:00 2001 From: Nyr Date: Wed, 8 Nov 2023 12:40:11 +0100 Subject: [PATCH 20/20] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 838c8c2..82f7a27 100644 --- a/README.md +++ b/README.md @@ -16,5 +16,7 @@ Once it ends, you can run it again to add more users, remove some of them or eve You can get a VPS from just 2€/month at [AlphaVPS](https://alphavps.com/clients/aff.php?aff=474&pid=422). ### Donations - If you want to show your appreciation, you can donate via [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=VBAYDL34Z7J6L) or [cryptocurrency](https://pastebin.com/raw/M2JJpQpC). Thanks! + +### Sponsor +This project is proudly sponsored by our friends at [FrogeHost](https://froge.host/?utm_source=nyr).