mirror of
https://github.com/hwdsl2/openvpn-install.git
synced 2026-01-10 18:36:17 +00:00
Improve script input
- Users can now specify either a DNS name (FQDN) or an IPv4 address for the "--serveraddr" parameter. - Fixed an issue when users specify a DNS name as the OpenVPN server address. Instead of using the provided DNS name as the OpenVPN "listen on" address, we should instead detect the server's local IPv4 address and use that. Otherwise, the OpenVPN server could fail to start in certain cases. - Other minor improvements
This commit is contained in:
hwdsl2
@@ -21,6 +21,11 @@ check_ip() {
|
|||||||
printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX"
|
printf '%s' "$1" | tr -d '\n' | grep -Eq "$IP_REGEX"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_pvt_ip() {
|
||||||
|
IPP_REGEX='^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'
|
||||||
|
printf '%s' "$1" | tr -d '\n' | grep -Eq "$IPP_REGEX"
|
||||||
|
}
|
||||||
|
|
||||||
check_dns_name() {
|
check_dns_name() {
|
||||||
FQDN_REGEX='^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$'
|
FQDN_REGEX='^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$'
|
||||||
printf '%s' "$1" | tr -d '\n' | grep -Eq "$FQDN_REGEX"
|
printf '%s' "$1" | tr -d '\n' | grep -Eq "$FQDN_REGEX"
|
||||||
@@ -142,7 +147,6 @@ parse_args() {
|
|||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--serveraddr)
|
--serveraddr)
|
||||||
server_addr_set=1
|
|
||||||
server_addr="$2"
|
server_addr="$2"
|
||||||
shift
|
shift
|
||||||
shift
|
shift
|
||||||
@@ -230,8 +234,8 @@ check_args() {
|
|||||||
exiterr "Invalid client name, or client does not exist."
|
exiterr "Invalid client name, or client does not exist."
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [ -n "$server_addr" ] && ! check_dns_name "$server_addr"; then
|
if [ -n "$server_addr" ] && { ! check_dns_name "$server_addr" && ! check_ip "$server_addr"; }; then
|
||||||
exiterr "Invalid server address. Must be a fully qualified domain name (FQDN)."
|
exiterr "Invalid server address. Must be a fully qualified domain name (FQDN) or an IPv4 address."
|
||||||
fi
|
fi
|
||||||
if [ -n "$first_client_name" ]; then
|
if [ -n "$first_client_name" ]; then
|
||||||
unsanitized_client="$first_client_name"
|
unsanitized_client="$first_client_name"
|
||||||
@@ -361,24 +365,23 @@ Usage: bash $0 [options]
|
|||||||
|
|
||||||
Options:
|
Options:
|
||||||
|
|
||||||
--addclient [client name] add a new client
|
--addclient [client name] add a new client
|
||||||
--exportclient [client name] export configuration for an existing client
|
--exportclient [client name] export configuration for an existing client
|
||||||
--listclients list the names of existing clients
|
--listclients list the names of existing clients
|
||||||
--revokeclient [client name] revoke an existing client
|
--revokeclient [client name] revoke an existing client
|
||||||
--uninstall remove OpenVPN and delete all configuration
|
--uninstall remove OpenVPN and delete all configuration
|
||||||
-y, --yes assume "yes" as answer to prompts when revoking a client or removing OpenVPN
|
-y, --yes assume "yes" as answer to prompts when revoking a client or removing OpenVPN
|
||||||
-h, --help show this help message and exit
|
-h, --help show this help message and exit
|
||||||
|
|
||||||
Install options (optional):
|
Install options (optional):
|
||||||
|
|
||||||
--auto auto install OpenVPN using default or custom options
|
--auto auto install OpenVPN using default or custom options
|
||||||
--serveraddr [DNS name] server address, must be a fully qualified domain name (FQDN).
|
--serveraddr [DNS name or IP] server address, must be a fully qualified domain name (FQDN) or an IPv4 address.
|
||||||
If not specified, the server's IPv4 address will be used.
|
--proto [TCP or UDP] protocol for OpenVPN (TCP or UDP, default: UDP)
|
||||||
--proto [TCP or UDP] protocol for OpenVPN (TCP or UDP, default: UDP)
|
--port [number] port for OpenVPN (1-65535, default: 1194)
|
||||||
--port [number] port for OpenVPN (1-65535, default: 1194)
|
--clientname [client name] name for the first OpenVPN client (default: client)
|
||||||
--clientname [client name] name for the first OpenVPN client (default: client)
|
--dns1 [DNS server IP] primary DNS server for clients (default: Google Public DNS)
|
||||||
--dns1 [DNS server IP] primary DNS server for clients (default: Google Public DNS)
|
--dns2 [DNS server IP] secondary DNS server for clients
|
||||||
--dns2 [DNS server IP] secondary DNS server for clients
|
|
||||||
|
|
||||||
To customize options, you may also run this script without arguments.
|
To customize options, you may also run this script without arguments.
|
||||||
EOF
|
EOF
|
||||||
@@ -405,10 +408,8 @@ show_welcome() {
|
|||||||
show_dns_name_note() {
|
show_dns_name_note() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
|
|
||||||
Note: Make sure this DNS name '$server_addr'
|
Note: Make sure this DNS name '$1'
|
||||||
resolves to the IPv4 address of this server. If you add
|
resolves to the IPv4 address of this server.
|
||||||
or update the DNS record at a later time, you must reboot
|
|
||||||
this server to take effect.
|
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -427,13 +428,14 @@ enter_server_address() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
if [ "$use_dns_name" = 1 ]; then
|
if [ "$use_dns_name" = 1 ]; then
|
||||||
read -rp "Enter the DNS name of this VPN server: " server_addr
|
read -rp "Enter the DNS name of this VPN server: " server_addr_i
|
||||||
until check_dns_name "$server_addr"; do
|
until check_dns_name "$server_addr_i"; do
|
||||||
echo "Invalid DNS name. You must enter a fully qualified domain name (FQDN)."
|
echo "Invalid DNS name. You must enter a fully qualified domain name (FQDN)."
|
||||||
read -rp "Enter the DNS name of this VPN server: " server_addr
|
read -rp "Enter the DNS name of this VPN server: " server_addr_i
|
||||||
done
|
done
|
||||||
ip="$server_addr"
|
detect_ip
|
||||||
show_dns_name_note
|
public_ip="$server_addr_i"
|
||||||
|
show_dns_name_note "$public_ip"
|
||||||
else
|
else
|
||||||
detect_ip
|
detect_ip
|
||||||
check_nat_ip
|
check_nat_ip
|
||||||
@@ -497,7 +499,7 @@ detect_ip() {
|
|||||||
|
|
||||||
check_nat_ip() {
|
check_nat_ip() {
|
||||||
# If $ip is a private IP address, the server must be behind NAT
|
# If $ip is a private IP address, the server must be behind NAT
|
||||||
if printf '%s' "$ip" | grep -qE '^(10|127|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.'; then
|
if check_pvt_ip "$ip"; then
|
||||||
find_public_ip
|
find_public_ip
|
||||||
if ! check_ip "$get_public_ip"; then
|
if ! check_ip "$get_public_ip"; then
|
||||||
if [ "$auto" = 0 ]; then
|
if [ "$auto" = 0 ]; then
|
||||||
@@ -1360,7 +1362,6 @@ export_client=0
|
|||||||
list_clients=0
|
list_clients=0
|
||||||
revoke_client=0
|
revoke_client=0
|
||||||
remove_ovpn=0
|
remove_ovpn=0
|
||||||
server_addr_set=0
|
|
||||||
public_ip=""
|
public_ip=""
|
||||||
server_addr=""
|
server_addr=""
|
||||||
server_proto=""
|
server_proto=""
|
||||||
@@ -1441,10 +1442,10 @@ if [[ ! -e "$OVPN_CONF" ]]; then
|
|||||||
if [ "$auto" = 0 ]; then
|
if [ "$auto" = 0 ]; then
|
||||||
enter_server_address
|
enter_server_address
|
||||||
else
|
else
|
||||||
|
detect_ip
|
||||||
if [ -n "$server_addr" ]; then
|
if [ -n "$server_addr" ]; then
|
||||||
ip="$server_addr"
|
public_ip="$server_addr"
|
||||||
else
|
else
|
||||||
detect_ip
|
|
||||||
check_nat_ip
|
check_nat_ip
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@@ -1474,8 +1475,8 @@ if [[ ! -e "$OVPN_CONF" ]]; then
|
|||||||
create_client_common
|
create_client_common
|
||||||
start_openvpn_service
|
start_openvpn_service
|
||||||
new_client
|
new_client
|
||||||
if [ "$auto" != 0 ] && [ "$server_addr_set" = 1 ]; then
|
if [ "$auto" != 0 ] && check_dns_name "$server_addr"; then
|
||||||
show_dns_name_note
|
show_dns_name_note "$server_addr"
|
||||||
fi
|
fi
|
||||||
finish_setup
|
finish_setup
|
||||||
else
|
else
|
||||||
|
|||||||
Reference in New Issue
Block a user