mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2025-04-12 21:40:57 +00:00
Code Issues Projects Releases Wiki Activity
119 commits 1 branch 0 tags 1.2 MiB
Commit graph

84 commits

Author SHA1 Message Date
Gizem Gur
11fc8bbf89 multi os support 2020-03-26 12:06:05 +03:00
Gizem Gur
582a062f2f ubuntu 18.04 changes 2020-03-23 16:41:23 +03:00
Gizem Gür
688e79cfd8
Update openvpn-install.sh 2018-04-19 22:18:54 +03:00
Gizem Gür
7c35c325b4
Removed Centos for now 2018-04-19 22:14:07 +03:00
Gizem Gür
4143f15105
Google Authenticator OTP added 2018-04-19 22:08:02 +03:00
Nyr
cb2a5b8028 Clarify NAT configuration dialog 
Closes #451.
 2018-04-16 17:53:48 +02:00
Nyr
e73503054e Update DNS list 
Added 1.1.1.1 and removed two mostly unpopular choices.

Currently discarded services are: Yandex, Neustar, NTT, HE, Quad9 and
Freenom World. The list was starting to get too big.
 2018-04-04 17:28:09 +02:00
Nyr
33452242a1 Fix system resolvers option for environments running systemd-resolved 2018-01-21 18:21:53 +01:00
Nyr
02d634437b Update to easy-rsa v3.0.4 2018-01-21 17:54:33 +01:00
Nyr
0397827abe Resolves #353 2017-09-11 18:53:49 +02:00
Nyr
8f881565b7 Update to easy-rsa v3.0.3 2017-08-29 17:56:46 +02:00
Nyr
9c0579052f Fix #352 
Set EASYRSA_CRL_DAYS to 3650 instead of the default 180.

OpenVPN 2.4+ enforces the nextUpdate value in the CRL as a hard limit,
and will not work if more than 6 months passed since it was generated.
 2017-08-29 17:55:14 +02:00
Nyr
b2d8c73e1b Debian 9 compatibility and small bug fixes 
- Removed Debian 9 compatibility warning
- openvpn-blacklist is no longer uninstalled on removal
- Improvement: removal of /usr/share/doc/openvpn* hasn't been needed
for years
- Fixed: live iptables removal was failing for Debian since
6d51476047
 2017-06-20 19:19:10 +02:00
Nyr
82776145f2 Add temporal warning for Debian Stretch users 2017-06-18 17:58:53 +02:00
Nyr
c0f0d47a64 Upgrade HMAC digest algorithm to SHA-512 
This was long overdue for compatibility reasons. My decision to force
the upgrade now, has been made following recomendations published in
the OpenVPN 2.4 audit performed by Cryptography Engineering LLC.
 2017-06-04 13:16:57 +02:00
Nyr
6d51476047 Enable internal networking 
See #299.
 2017-04-27 14:46:34 +02:00
Nyr
28f238bc43 Fix #284 2017-03-31 13:52:08 +02:00
Nyr
c94bc5e3b4 Multiple firewall bug fixes 
- When FirewallD is detected, NAT is now applied via FirewallD instead
of iptables (fixes #267).
- iptables REJECT/DROP/ACCEPT rules where not being properly detected.
- iptables rules were applied even when FirewallD was detected and the
same rules were being applied via firewall-cmd.
 2017-03-23 18:11:35 +01:00
Nyr
7d93fbf62f Small and boring improvements 2017-01-31 18:19:19 +01:00
Nyr
a31aaf82f3 Fix #255 
Ubuntu no longer includes the rc.local file, so iptables weren’t
applied after a system reboot.
 2017-01-29 19:03:49 +01:00
Nyr
971474e531 Improved iptables management 
Rules are now instantly removed when uninstalling.
 2017-01-28 22:05:42 +01:00
Nyr
6939dffb09 Fixed firewall and SELinux for TCP 
- Firewall/SELinux configuration wasn't updated to work with TCP (fixes
#250)
- Uncluttered protocol selection a bit
 2017-01-20 15:12:54 +01:00
Nyr
0e4bba792b TCP support 
Also, my English sucks.
 2017-01-04 03:41:47 +01:00
Nyr
c6880407dd UX improvements 
Fixes #241.
 2016-12-11 19:11:57 +01:00
Nyr
597d16d094 Upgrade cipher to AES-128-CBC 
Will be the new default starting with OpenVPN 2.4.
 2016-12-11 17:03:25 +01:00
Tony Xu
799b8f9a76 fix net.ipv4.ip_forward settings 
If the `/etc/sysctl.conf` contains `net.ipv4.ip_forward_use_pmtu`
 2016-09-06 23:52:08 +08:00
Nyr
791c54786c Better way to enable IP forwarding 
Should be more universal than the previous approach.
 2016-09-06 16:20:52 +02:00
Michael
56f079289e Changed iptables to not lookup hosts 
Should be faster lookup on iptables if firewall rules contain lots
of host IP addresses (no need for a DNS lookup on each one!)
 2016-08-22 20:14:34 +01:00
Nyr
ef1ae85797 Change cipher to AES-128-CBC 2016-05-16 02:52:33 +02:00
Nyr
ae5b5ce2be Drop privileges after initialization 2016-05-15 20:50:37 +02:00
Nyr
c5b4907fd6 Enable tls-auth 2016-05-15 19:22:32 +02:00
Nyr
acca10ba1a Prevent DNS leaks on Windows 10 
- This will generate a warning in unsupported environments.
- This will not work if the client is using an OpenVPN version lower
than 2.3.9
- For OpenVPN 2.3.3+, ignore-unknown-option could be used instead of
setenv opt to prevent a warning.

TL;DR: upgrade to the latest OpenVPN on Windows, ignore the warning
elsewhere.

Thanks a lot for your continuous work on OpenVPN, @ValdikSS.
 2016-05-15 01:49:50 +02:00
Nyr
52f419e0d5 Detect users running with "sh" instead of bash 
And changed error codes. Sorry, not sorry.
 2016-05-10 14:12:32 +02:00
Nyr
2bcb4681a1 Added Verisign DNS 2016-04-07 16:57:47 +02:00
Nyr
7fb12dc5cb Use "hash" instead of "which" 
Always better to use builtins, and “which” is even missing in some
minimal templates.
 2016-03-14 19:41:39 +01:00
Nyr
91b9373311 TAP is not needed 
Not sure why it was there in the first place.
 2016-03-13 22:45:34 +01:00
Nyr
3a96224d1f Revoking doesn't need a restart 
The CRL is checked with every new connection and channel renegotiation,
no need to restart the server.
 2016-03-08 01:12:43 +01:00
Nyr
96108e6b2e Clarify NAT question 2016-02-29 19:18:32 +01:00
Nyr
e8958b969e Avoid error message if sestatus isn't available 
Just a cosmetic change.
 2016-02-19 21:50:28 +01:00
Nyr
eaf6f1fed4 Removed Level 3 DNS 
For some countries, Level 3 is now hijacking NXDOMAIN responses, so
removed.
 2016-02-14 22:26:10 +01:00
Nyr
cf60872eae SELinux improvements 
- Now the port exception is removed when uninstalling.
- sestatus seems to be more widely available.
 2016-02-13 19:09:16 +01:00
Nyr
f9dafd6ec6 SELinux compatibility 
This should’ve been supported for a long time.
 2016-02-12 23:46:53 +01:00
angrysnarl
a1b57a1c31 Fixed rm -rf commands for revoking user certs 2015-12-16 00:15:08 +08:00
Nyr
0df84e4541 Fix #105 2015-12-14 22:36:40 +01:00
Nyr
e58addc2c5 Verify server certificate during easy-rsa download 2015-11-24 23:04:56 +01:00
Nyr
d55effb08c Update to easy-rsa 3.0.1 2015-11-21 15:35:51 +01:00
Nyr
73da43b872 Merge pull request #88 from ValdikSS/buf 
Do not allow OpenVPN to set (low) buffer sizes
 2015-11-15 19:36:15 +01:00
Nyr
51998f0d56 Merge pull request #87 from ValdikSS/euid 
Use EUID to check root
 2015-11-15 19:35:26 +01:00
ValdikSS
0265fc0e06 Use different exit codes on error 2015-11-15 13:37:22 +03:00
ValdikSS
15a39afd11 Do not allow OpenVPN to set (low) buffer sizes 2015-11-15 13:36:20 +03:00