Compare commits

..

1 Commits

Author SHA1 Message Date
dependabot[bot]
4eef96d814
build(deps): bump github/super-linter from 4.1.0 to 5.0.0
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](https://github.com/github/super-linter/compare/v4.1.0...v5.0.0)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-01 03:56:31 +00:00
4 changed files with 37 additions and 85 deletions

View File

@ -1,4 +1,4 @@
on: [push, pull_request, workflow_dispatch]
on: [push, pull_request]
name: Lint
@ -7,8 +7,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@v3.2.0
- name: Lint Code Base
uses: github/super-linter@v4.1.0
uses: github/super-linter@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

View File

@ -2,8 +2,6 @@ on:
push:
branches:
- master
- ci
workflow_dispatch:
name: Test
jobs:
@ -13,15 +11,20 @@ jobs:
strategy:
matrix:
os-image:
- debian-10-x64
- debian-11-x64
- debian-12-x64
- ubuntu-18-04-x64
- ubuntu-20-04-x64
- ubuntu-22-04-x64
- ubuntu-24-04-x64
- fedora-39-x64
- fedora-40-x64
# - centos-stream-9-x64 # yum oomkill
- fedora-35-x64
# - fedora-36-x64
# - fedora-37-x64
# dnf is broken: https://ask.fedoraproject.org/t/dnf-operations-use-large-amount-of-ram-and-may-fail-in-low-memory-environments/26427
- centos-7-x64
- centos-stream-8-x64
- centos-stream-9-x64
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3.2.0
- name: Setup doctl
uses: digitalocean/action-doctl@v2
@ -56,7 +59,7 @@ jobs:
host: ${{ steps.server_ip.outputs.value }}
username: root
key: ${{ secrets.SSH_KEY }}
script: set -x && apt-get update && apt-get -o DPkg::Lock::Timeout=120 install -y git
script: set -x && apt-get update && apt-get install -y git
- name: Setup remote server (Fedora)
if: steps.server_os.outputs.value == 'fedora'

View File

@ -10,25 +10,6 @@ This script will let you setup your own secure VPN server in just a few seconds.
You can also check out [wireguard-install](https://github.com/angristan/wireguard-install), a simple installer for a simpler, safer, faster and more modern VPN protocol.
## What is this?
This script is meant to be run on your own server, whether it's a VPS or a dedicated server, or even a computer at home.
Once set up, you will be able to generate client configuration files for every device you want to connect.
Each client will be able to route its internet traffic through the server, fully encrypted.
```mermaid
graph LR
A[Phone] --> VPN
B[Laptop] --> VPN
C[Computer] --> VPN
VPN[OpenVPN Server]
VPN -->|Encrypted Traffic| I[Internet]
```
## Usage
First, get the script and make it executable:
@ -56,7 +37,9 @@ When OpenVPN is installed, you can run the script again, and you will get the ch
In your home directory, you will have `.ovpn` files. These are the client configuration files. Download them from your server and connect using your favorite OpenVPN client.
If you have any question, head to the [FAQ](#faq) first. And if you need help, you can open a [discussion](https://github.com/angristan/openvpn-install/discussions). Please search existing issues and dicussions first.
If you have any question, head to the [FAQ](#faq) first. Please read everything before opening an issue.
**PLEASE do not send me emails or private messages asking for help.** The only place to get help is the issues. Other people may be able to help and in the future, other users may also run into the same issue as you. My time is not available for free just for you, you're not special.
### Headless install
@ -137,7 +120,7 @@ The script supports these Linux distributions:
| AlmaLinux 8 | ✅ |
| Amazon Linux 2 | ✅ |
| Arch Linux | ✅ |
| CentOS 7 | ✅ |
| CentOS 7 | ✅ 🤖 |
| CentOS Stream >= 8 | ✅ 🤖 |
| Debian >= 10 | ✅ 🤖 |
| Fedora >= 35 | ✅ 🤖 |
@ -148,7 +131,7 @@ The script supports these Linux distributions:
To be noted:
- The script is regularly tested against the distributions marked with a 🤖 only.
- It's only tested on `amd64` architecture.
- It's only test on `amd64` architecture.
- It should work on older versions such as Debian 8+, Ubuntu 16.04+ and previous Fedora releases. But versions not in the table above are not officially supported.
- It should also support versions between the LTS versions, but these are not tested.
- The script requires `systemd`.

View File

@ -57,7 +57,7 @@ function checkOS() {
fi
if [[ $ID == "centos" || $ID == "rocky" || $ID == "almalinux" ]]; then
OS="centos"
if [[ ${VERSION_ID%.*} -lt 7 ]]; then
if [[ $VERSION_ID -lt 7 ]]; then
echo "⚠️ Your version of CentOS is not supported."
echo ""
echo "The script only support CentOS 7 and CentOS 8."
@ -216,45 +216,6 @@ access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf
systemctl restart unbound
}
function resolvePublicIP() {
# IP version flags, we'll use as default the IPv4
CURL_IP_VERSION_FLAG="-4"
DIG_IP_VERSION_FLAG="-4"
# Behind NAT, we'll default to the publicly reachable IPv4/IPv6.
if [[ $IPV6_SUPPORT == "y" ]]; then
CURL_IP_VERSION_FLAG=""
DIG_IP_VERSION_FLAG="-6"
fi
# If there is no public ip yet, we'll try to solve it using: https://api.seeip.org
if [[ -z $PUBLIC_IP ]]; then
PUBLIC_IP=$(curl -f -m 5 -sS --retry 2 --retry-connrefused "$CURL_IP_VERSION_FLAG" https://api.seeip.org 2>/dev/null)
fi
# If there is no public ip yet, we'll try to solve it using: https://ifconfig.me
if [[ -z $PUBLIC_IP ]]; then
PUBLIC_IP=$(curl -f -m 5 -sS --retry 2 --retry-connrefused "$CURL_IP_VERSION_FLAG" https://ifconfig.me 2>/dev/null)
fi
# If there is no public ip yet, we'll try to solve it using: https://api.ipify.org
if [[ -z $PUBLIC_IP ]]; then
PUBLIC_IP=$(curl -f -m 5 -sS --retry 2 --retry-connrefused "$CURL_IP_VERSION_FLAG" https://api.ipify.org 2>/dev/null)
fi
# If there is no public ip yet, we'll try to solve it using: ns1.google.com
if [[ -z $PUBLIC_IP ]]; then
PUBLIC_IP=$(dig $DIG_IP_VERSION_FLAG TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
fi
if [[ -z $PUBLIC_IP ]]; then
echo >&2 echo "Couldn't solve the public IP"
exit 1
fi
echo "$PUBLIC_IP"
}
function installQuestions() {
echo "Welcome to the OpenVPN installer!"
echo "The git repository is available at: https://github.com/angristan/openvpn-install"
@ -283,12 +244,9 @@ function installQuestions() {
echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?"
echo "We need it for the clients to connect to the server."
if [[ -z $ENDPOINT ]]; then
DEFAULT_ENDPOINT=$(resolvePublicIP)
fi
PUBLICIP=$(curl -s https://api.ipify.org)
until [[ $ENDPOINT != "" ]]; do
read -rp "Public IPv4 address or hostname: " -e -i "$DEFAULT_ENDPOINT" ENDPOINT
read -rp "Public IPv4 address or hostname: " -e -i "$PUBLICIP" ENDPOINT
done
fi
@ -667,9 +625,17 @@ function installOpenVPN() {
PASS=${PASS:-1}
CONTINUE=${CONTINUE:-y}
if [[ -z $ENDPOINT ]]; then
ENDPOINT=$(resolvePublicIP)
# Behind NAT, we'll default to the publicly reachable IPv4/IPv6.
if [[ $IPV6_SUPPORT == "y" ]]; then
if ! PUBLIC_IP=$(curl -f --retry 5 --retry-connrefused https://ip.seeip.org); then
PUBLIC_IP=$(dig -6 TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
fi
else
if ! PUBLIC_IP=$(curl -f --retry 5 --retry-connrefused -4 https://ip.seeip.org); then
PUBLIC_IP=$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
fi
fi
ENDPOINT=${ENDPOINT:-$PUBLIC_IP}
fi
# Run setup questions first, and set other variables if auto-install
@ -765,14 +731,14 @@ function installOpenVPN() {
# Create the PKI, set up the CA, the DH params and the server certificate
./easyrsa init-pki
EASYRSA_CA_EXPIRE=3650 ./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
if [[ $DH_TYPE == "2" ]]; then
# ECDH keys are generated on-the-fly so we don't need to generate them beforehand
openssl dhparam -out dh.pem $DH_KEY_SIZE
fi
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full "$SERVER_NAME" nopass
./easyrsa --batch build-server-full "$SERVER_NAME" nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
case $TLS_SIG in
@ -1119,11 +1085,11 @@ function newClient() {
cd /etc/openvpn/easy-rsa/ || return
case $PASS in
1)
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "$CLIENT" nopass
./easyrsa --batch build-client-full "$CLIENT" nopass
;;
2)
echo "⚠️ You will be asked for the client password below ⚠️"
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "$CLIENT"
./easyrsa --batch build-client-full "$CLIENT"
;;
esac
echo "Client $CLIENT added."