Patch/openvpn-install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update openvpn-install.sh

Browse Source
This commit is contained in:
Bill Sipple 2021-03-16 11:57:24 -05:00
parent cb8730b621
commit 20d7502cd4
1 changed files with 32 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
openvpn-install.sh
View File

@ -38,6 +38,10 @@ elif [[ -e /etc/fedora-release ]]; then
os="fedora" os="fedora"
os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1) os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1)
group_name="nobody" group_name="nobody"
elif [[ -e /etc/redhat-release ]]; then
os="redhat"
os_version=$(grep -oE '[0-9]+' /etc/redhat-release | head -1)
group_name="nobody"
else else
echo "This installer seems to be running on an unsupported distribution. echo "This installer seems to be running on an unsupported distribution.
Supported distributions are Ubuntu, Debian, CentOS, and Fedora." Supported distributions are Ubuntu, Debian, CentOS, and Fedora."
@ -62,6 +66,12 @@ This version of CentOS is too old and unsupported."
exit exit
fi fi
if [[ "$os" == "redhat" && "$os_version" -lt 7 ]]; then
echo "RHEL 7 or higher is required to use this installer.
This version of RHEL is too old and unsupported."
exit
fi
# Detect environments where $PATH does not include the sbin directories # Detect environments where $PATH does not include the sbin directories
if ! grep -q sbin <<< "$PATH"; then if ! grep -q sbin <<< "$PATH"; then
echo '$PATH does not include sbin. Try using "su -" instead of "su".' echo '$PATH does not include sbin. Try using "su -" instead of "su".'
@ -159,10 +169,10 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
read -p "Protocol [1]: " protocol read -p "Protocol [1]: " protocol
done done
case "$protocol" in case "$protocol" in
1|"") 1|"")
protocol=udp protocol=udp
;; ;;
2) 2)
protocol=tcp protocol=tcp
;; ;;
esac esac
@ -197,7 +207,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
echo "OpenVPN installation is ready to begin." echo "OpenVPN installation is ready to begin."
# Install a firewall in the rare case where one is not already available # Install a firewall in the rare case where one is not already available
if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then
if [[ "$os" == "centos" || "$os" == "fedora" ]]; then if [[ "$os" == "centos" || "$os" == "fedora" || "$os" == "redhat" ]]; then
firewall="firewalld" firewall="firewalld"
# We don't want to silently enable firewalld, so we give a subtle warning # We don't want to silently enable firewalld, so we give a subtle warning
# If the user continues, firewalld will be installed and enabled during setup # If the user continues, firewalld will be installed and enabled during setup
@ -212,6 +222,17 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
if systemd-detect-virt -cq; then if systemd-detect-virt -cq; then
mkdir /etc/systemd/system/openvpn-server@server.service.d/ 2>/dev/null mkdir /etc/systemd/system/openvpn-server@server.service.d/ 2>/dev/null
echo "[Service] echo "[Service]
LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disable-limitnproc.conf
elif [[ "$os" == "debian" || "$os" == "ubuntu" ]]; then
# iptables is way less invasive than firewalld so no warning is given
firewall="iptables"
fi
fi
read -n1 -r -p "Press any key to continue..."
# If running inside a container, disable LimitNPROC to prevent conflicts
if systemd-detect-virt -cq; then
mkdir /etc/systemd/system/openvpn-server@server.service.d/ 2>/dev/null
echo "[Service]
LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disable-limitnproc.conf LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disable-limitnproc.conf
fi fi
if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then
@ -220,7 +241,8 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
elif [[ "$os" = "centos" ]]; then elif [[ "$os" = "centos" ]]; then
yum install -y epel-release yum install -y epel-release
yum install -y openvpn openssl ca-certificates tar $firewall yum install -y openvpn openssl ca-certificates tar $firewall
else elif [[ "$os" = "redhat" ]]; then
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# Else, OS must be Fedora # Else, OS must be Fedora
dnf install -y openvpn openssl ca-certificates tar $firewall dnf install -y openvpn openssl ca-certificates tar $firewall
fi fi
@ -396,8 +418,9 @@ WantedBy=multi-user.target" >> /etc/systemd/system/openvpn-iptables.service
# Centos 7 # Centos 7
yum install -y policycoreutils-python yum install -y policycoreutils-python
else else
# CentOS 8 or Fedora # RHEL 8
dnf install -y policycoreutils-python-utils wget https://access.cdn.redhat.com/content/origin/rpms/policycoreutils-python-utils/2.9/9.el8/fd431d51/policycoreutils-python-utils-2.9-9.el8.noarch.rpm
dnf -y install policycoreutils-python-utils/2.9/9.el8/fd431d51/policycoreutils-python-utils-2.9-9.el8.noarch.rpm?
fi fi
fi fi
semanage port -a -t openvpn_port_t -p "$protocol" "$port" semanage port -a -t openvpn_port_t -p "$protocol" "$port"
@ -428,7 +451,7 @@ verb 3" > /etc/openvpn/server/client-common.txt
echo echo
echo "The client configuration is available in:" ~/"$client.ovpn" echo "The client configuration is available in:" ~/"$client.ovpn"
echo "New clients can be added by running this script again." echo "New clients can be added by running this script again."
else #else
clear clear
echo "OpenVPN is already installed." echo "OpenVPN is already installed."
echo echo
@ -542,7 +565,7 @@ else
apt-get remove --purge -y openvpn apt-get remove --purge -y openvpn
else else
# Else, OS must be CentOS or Fedora # Else, OS must be CentOS or Fedora
yum remove -y openvpn dnf remove -y openvpn
fi fi
echo echo
echo "OpenVPN removed!" echo "OpenVPN removed!"
@ -556,4 +579,4 @@ else
exit exit
;; ;;
esac esac
fi #fi