chromatic/openvpn-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/openvpn-install.git synced 2026-01-10 02:16:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve script input

Browse Source 
- Users can now specify either a DNS name (FQDN) or an IPv4 address
  for the "--serveraddr" parameter.
- Fixed an issue when users specify a DNS name as the OpenVPN server
  address. Instead of using the provided DNS name as the OpenVPN
  "listen on" address, we should instead detect the server's local
  IPv4 address and use that. Otherwise, the OpenVPN server could
  fail to start in certain cases.
- Other minor improvements
This commit is contained in:
hwdsl2
2024-08-04 21:23:19 -05:00
parent d7e17145d1
commit 4b302ebc52
1 changed files with 34 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
openvpn-install.sh
View File

@@ -21,6 +21,11 @@ check_ip() {
printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX"
}
check_pvt_ip() {
IPP_REGEX='^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'
printf '%s' "$1" | tr -d '\n' | grep -Eq "$IPP_REGEX"
}
check_dns_name() {
FQDN_REGEX='^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$'
printf '%s' "$1" | tr -d '\n' | grep -Eq "$FQDN_REGEX"
@@ -142,7 +147,6 @@ parse_args() {
shift
;;
--serveraddr)
server_addr_set=1
server_addr="$2"
shift
shift
@@ -230,8 +234,8 @@ check_args() {
exiterr "Invalid client name, or client does not exist."
fi
fi
if [ -n "$server_addr" ] && ! check_dns_name "$server_addr"; then
exiterr "Invalid server address. Must be a fully qualified domain name (FQDN)."
if [ -n "$server_addr" ] && { ! check_dns_name "$server_addr" && ! check_ip "$server_addr"; }; then
exiterr "Invalid server address. Must be a fully qualified domain name (FQDN) or an IPv4 address."
fi
if [ -n "$first_client_name" ]; then
unsanitized_client="$first_client_name"
@@ -361,24 +365,23 @@ Usage: bash $0 [options]
Options:
--addclient [client name] add a new client
--exportclient [client name] export configuration for an existing client
--listclients list the names of existing clients
--revokeclient [client name] revoke an existing client
--uninstall remove OpenVPN and delete all configuration
-y, --yes assume "yes" as answer to prompts when revoking a client or removing OpenVPN
-h, --help show this help message and exit
--addclient [client name] add a new client
--exportclient [client name] export configuration for an existing client
--listclients list the names of existing clients
--revokeclient [client name] revoke an existing client
--uninstall remove OpenVPN and delete all configuration
-y, --yes assume "yes" as answer to prompts when revoking a client or removing OpenVPN
-h, --help show this help message and exit
Install options (optional):
--auto auto install OpenVPN using default or custom options
--serveraddr [DNS name] server address, must be a fully qualified domain name (FQDN).
If not specified, the server's IPv4 address will be used.
--proto [TCP or UDP] protocol for OpenVPN (TCP or UDP, default: UDP)
--port [number] port for OpenVPN (1-65535, default: 1194)
--clientname [client name] name for the first OpenVPN client (default: client)
--dns1 [DNS server IP] primary DNS server for clients (default: Google Public DNS)
--dns2 [DNS server IP] secondary DNS server for clients
--auto auto install OpenVPN using default or custom options
--serveraddr [DNS name or IP] server address, must be a fully qualified domain name (FQDN) or an IPv4 address.
--proto [TCP or UDP] protocol for OpenVPN (TCP or UDP, default: UDP)
--port [number] port for OpenVPN (1-65535, default: 1194)
--clientname [client name] name for the first OpenVPN client (default: client)
--dns1 [DNS server IP] primary DNS server for clients (default: Google Public DNS)
--dns2 [DNS server IP] secondary DNS server for clients
To customize options, you may also run this script without arguments.
EOF
@@ -405,10 +408,8 @@ show_welcome() {
show_dns_name_note() {
cat <<EOF
Note: Make sure this DNS name '$server_addr'
resolves to the IPv4 address of this server. If you add
or update the DNS record at a later time, you must reboot
this server to take effect.
Note: Make sure this DNS name '$1'
resolves to the IPv4 address of this server.
EOF
}
@@ -427,13 +428,14 @@ enter_server_address() {
;;
esac
if [ "$use_dns_name" = 1 ]; then
read -rp "Enter the DNS name of this VPN server: " server_addr
until check_dns_name "$server_addr"; do
read -rp "Enter the DNS name of this VPN server: " server_addr_i
until check_dns_name "$server_addr_i"; do
echo "Invalid DNS name. You must enter a fully qualified domain name (FQDN)."
read -rp "Enter the DNS name of this VPN server: " server_addr
read -rp "Enter the DNS name of this VPN server: " server_addr_i
done
ip="$server_addr"
show_dns_name_note
detect_ip
public_ip="$server_addr_i"
show_dns_name_note "$public_ip"
else
detect_ip
check_nat_ip
@@ -497,7 +499,7 @@ detect_ip() {
check_nat_ip() {
# If $ip is a private IP address, the server must be behind NAT
if printf '%s' "$ip" | grep -qE '^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'; then
if check_pvt_ip "$ip"; then
find_public_ip
if ! check_ip "$get_public_ip"; then
if [ "$auto" = 0 ]; then
@@ -1360,7 +1362,6 @@ export_client=0
list_clients=0
revoke_client=0
remove_ovpn=0
server_addr_set=0
public_ip=""
server_addr=""
server_proto=""
@@ -1441,10 +1442,10 @@ if [[ ! -e "$OVPN_CONF" ]]; then
if [ "$auto" = 0 ]; then
enter_server_address
else
detect_ip
if [ -n "$server_addr" ]; then
ip="$server_addr"
public_ip="$server_addr"
else
detect_ip
check_nat_ip
fi
fi
@@ -1474,8 +1475,8 @@ if [[ ! -e "$OVPN_CONF" ]]; then
create_client_common
start_openvpn_service
new_client
if [ "$auto" != 0 ] && [ "$server_addr_set" = 1 ]; then
show_dns_name_note
if [ "$auto" != 0 ] && check_dns_name "$server_addr"; then
show_dns_name_note "$server_addr"
fi
finish_setup
else