build(deps): bump github/super-linter from 4.1.0 to 5.0.0

Bumps [github/super-linter](https://github.com/github/super-linter) from 4.1.0 to 5.0.0. - [Release notes](https://github.com/github/super-linter/releases) - [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md) - [Commits](https://github.com/github/super-linter/compare/v4.1.0...v5.0.0) --- updated-dependencies: - dependency-name: github/super-linter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2023-05-01 03:56:31 +00:00
4 changed files with 37 additions and 85 deletions
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -1,4 +1,4 @@
-on: [push, pull_request, workflow_dispatch]
+on: [push, pull_request]

 name: Lint

@ -7,8 +7,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3.2.0
      - name: Lint Code Base
-        uses: github/super-linter@v4.1.0
+        uses: github/super-linter@v5.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -2,8 +2,6 @@ on:
  push:
    branches:
      - master
-      - ci
-  workflow_dispatch:

 name: Test
 jobs:
@ -13,15 +11,20 @@ jobs:
    strategy:
      matrix:
        os-image:
+          - debian-10-x64
          - debian-11-x64
-          - debian-12-x64
+          - ubuntu-18-04-x64
+          - ubuntu-20-04-x64
          - ubuntu-22-04-x64
-          - ubuntu-24-04-x64
-          - fedora-39-x64
-          - fedora-40-x64
-          # - centos-stream-9-x64 # yum oomkill
+          - fedora-35-x64
+          # - fedora-36-x64
+          # - fedora-37-x64
+          # dnf is broken: https://ask.fedoraproject.org/t/dnf-operations-use-large-amount-of-ram-and-may-fail-in-low-memory-environments/26427
+          - centos-7-x64
+          - centos-stream-8-x64
+          - centos-stream-9-x64
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3.2.0

      - name: Setup doctl
        uses: digitalocean/action-doctl@v2
@ -56,7 +59,7 @@ jobs:
          host: ${{ steps.server_ip.outputs.value }}
          username: root
          key: ${{ secrets.SSH_KEY }}
-          script: set -x && apt-get update && apt-get -o DPkg::Lock::Timeout=120 install -y git
+          script: set -x && apt-get update && apt-get install -y git

      - name: Setup remote server (Fedora)
        if: steps.server_os.outputs.value == 'fedora'
--- a/README.md
+++ b/README.md
@ -10,25 +10,6 @@ This script will let you setup your own secure VPN server in just a few seconds.

 You can also check out [wireguard-install](https://github.com/angristan/wireguard-install), a simple installer for a simpler, safer, faster and more modern VPN protocol.

-## What is this?
-
-This script is meant to be run on your own server, whether it's a VPS or a dedicated server, or even a computer at home.
-
-Once set up, you will be able to generate client configuration files for every device you want to connect.
-
-Each client will be able to route its internet traffic through the server, fully encrypted.
-
-```mermaid
-graph LR
-  A[Phone] --> VPN
-  B[Laptop] --> VPN
-  C[Computer] --> VPN
-
-  VPN[OpenVPN Server]
-
-  VPN -->|Encrypted Traffic| I[Internet]
-```
-
 ## Usage

 First, get the script and make it executable:
@ -56,7 +37,9 @@ When OpenVPN is installed, you can run the script again, and you will get the ch

 In your home directory, you will have `.ovpn` files. These are the client configuration files. Download them from your server and connect using your favorite OpenVPN client.

-If you have any question, head to the [FAQ](#faq) first. And if you need help, you can open a [discussion](https://github.com/angristan/openvpn-install/discussions). Please search existing issues and dicussions first.
+If you have any question, head to the [FAQ](#faq) first. Please read everything before opening an issue.
+
+**PLEASE do not send me emails or private messages asking for help.** The only place to get help is the issues. Other people may be able to help and in the future, other users may also run into the same issue as you. My time is not available for free just for you, you're not special.

 ### Headless install

@ -137,7 +120,7 @@ The script supports these Linux distributions:
 | AlmaLinux 8        | ✅       |
 | Amazon Linux 2     | ✅       |
 | Arch Linux         | ✅       |
-| CentOS 7           | ✅       |
+| CentOS 7           | ✅ 🤖     |
 | CentOS Stream >= 8 | ✅ 🤖     |
 | Debian >= 10       | ✅ 🤖     |
 | Fedora >= 35       | ✅ 🤖     |
@ -148,7 +131,7 @@ The script supports these Linux distributions:
 To be noted:

 - The script is regularly tested against the distributions marked with a 🤖 only.
-  - It's only tested on `amd64` architecture.
+  - It's only test on `amd64` architecture.
 - It should work on older versions such as Debian 8+, Ubuntu 16.04+ and previous Fedora releases. But versions not in the table above are not officially supported.
  - It should also support versions between the LTS versions, but these are not tested.
 - The script requires `systemd`.
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -57,7 +57,7 @@ function checkOS() {
 		fi
 		if [[ $ID == "centos" || $ID == "rocky" || $ID == "almalinux" ]]; then
 			OS="centos"
-			if [[ ${VERSION_ID%.*} -lt 7 ]]; then
+			if [[ $VERSION_ID -lt 7 ]]; then
 				echo "⚠️ Your version of CentOS is not supported."
 				echo ""
 				echo "The script only support CentOS 7 and CentOS 8."
@ -216,45 +216,6 @@ access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf
 	systemctl restart unbound
 }

-function resolvePublicIP() {
-	# IP version flags, we'll use as default the IPv4
-	CURL_IP_VERSION_FLAG="-4"
-	DIG_IP_VERSION_FLAG="-4"
-
-	# Behind NAT, we'll default to the publicly reachable IPv4/IPv6.
-	if [[ $IPV6_SUPPORT == "y" ]]; then
-		CURL_IP_VERSION_FLAG=""
-		DIG_IP_VERSION_FLAG="-6"
-	fi
-
-	# If there is no public ip yet, we'll try to solve it using: https://api.seeip.org
-	if [[ -z $PUBLIC_IP ]]; then
-		PUBLIC_IP=$(curl -f -m 5 -sS --retry 2 --retry-connrefused "$CURL_IP_VERSION_FLAG" https://api.seeip.org 2>/dev/null)
-	fi
-
-	# If there is no public ip yet, we'll try to solve it using: https://ifconfig.me
-	if [[ -z $PUBLIC_IP ]]; then
-		PUBLIC_IP=$(curl -f -m 5 -sS --retry 2 --retry-connrefused "$CURL_IP_VERSION_FLAG" https://ifconfig.me 2>/dev/null)
-	fi
-
-	# If there is no public ip yet, we'll try to solve it using: https://api.ipify.org
-	if [[ -z $PUBLIC_IP ]]; then
-		PUBLIC_IP=$(curl -f -m 5 -sS --retry 2 --retry-connrefused "$CURL_IP_VERSION_FLAG" https://api.ipify.org 2>/dev/null)
-	fi
-
-	# If there is no public ip yet, we'll try to solve it using: ns1.google.com
-	if [[ -z $PUBLIC_IP ]]; then
-		PUBLIC_IP=$(dig $DIG_IP_VERSION_FLAG TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
-	fi
-
-	if [[ -z $PUBLIC_IP ]]; then
-		echo >&2 echo "Couldn't solve the public IP"
-		exit 1
-	fi
-
-	echo "$PUBLIC_IP"
-}
-
 function installQuestions() {
 	echo "Welcome to the OpenVPN installer!"
 	echo "The git repository is available at: https://github.com/angristan/openvpn-install"
@ -283,12 +244,9 @@ function installQuestions() {
 		echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?"
 		echo "We need it for the clients to connect to the server."

-		if [[ -z $ENDPOINT ]]; then
-			DEFAULT_ENDPOINT=$(resolvePublicIP)
-		fi
-
+		PUBLICIP=$(curl -s https://api.ipify.org)
 		until [[ $ENDPOINT != "" ]]; do
-			read -rp "Public IPv4 address or hostname: " -e -i "$DEFAULT_ENDPOINT" ENDPOINT
+			read -rp "Public IPv4 address or hostname: " -e -i "$PUBLICIP" ENDPOINT
 		done
 	fi

@ -667,9 +625,17 @@ function installOpenVPN() {
 		PASS=${PASS:-1}
 		CONTINUE=${CONTINUE:-y}

-		if [[ -z $ENDPOINT ]]; then
-			ENDPOINT=$(resolvePublicIP)
+		# Behind NAT, we'll default to the publicly reachable IPv4/IPv6.
+		if [[ $IPV6_SUPPORT == "y" ]]; then
+			if ! PUBLIC_IP=$(curl -f --retry 5 --retry-connrefused https://ip.seeip.org); then
+				PUBLIC_IP=$(dig -6 TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
+			fi
+		else
+			if ! PUBLIC_IP=$(curl -f --retry 5 --retry-connrefused -4 https://ip.seeip.org); then
+				PUBLIC_IP=$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
+			fi
 		fi
+		ENDPOINT=${ENDPOINT:-$PUBLIC_IP}
 	fi

 	# Run setup questions first, and set other variables if auto-install
@ -765,14 +731,14 @@ function installOpenVPN() {

 		# Create the PKI, set up the CA, the DH params and the server certificate
 		./easyrsa init-pki
-		EASYRSA_CA_EXPIRE=3650 ./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
+		./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass

 		if [[ $DH_TYPE == "2" ]]; then
 			# ECDH keys are generated on-the-fly so we don't need to generate them beforehand
 			openssl dhparam -out dh.pem $DH_KEY_SIZE
 		fi

-		EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full "$SERVER_NAME" nopass
+		./easyrsa --batch build-server-full "$SERVER_NAME" nopass
 		EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl

 		case $TLS_SIG in
@ -1119,11 +1085,11 @@ function newClient() {
 		cd /etc/openvpn/easy-rsa/ || return
 		case $PASS in
 		1)
-			EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "$CLIENT" nopass
+			./easyrsa --batch build-client-full "$CLIENT" nopass
 			;;
 		2)
 			echo "⚠️ You will be asked for the client password below ⚠️"
-			EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "$CLIENT"
+			./easyrsa --batch build-client-full "$CLIENT"
 			;;
 		esac
 		echo "Client $CLIENT added."