- Add a new option "--listenaddr" for specifying the IPv4 address
that OpenVPN should listen on for requests. This can be useful
in certain cases. If not specified, the script tries to auto
detect the IPv4 address OpenVPN should listen on.
- Other minor improvements
- Users can now specify either a DNS name (FQDN) or an IPv4 address
for the "--serveraddr" parameter.
- Fixed an issue when users specify a DNS name as the OpenVPN server
address. Instead of using the provided DNS name as the OpenVPN
"listen on" address, we should instead detect the server's local
IPv4 address and use that. Otherwise, the OpenVPN server could
fail to start in certain cases.
- Other minor improvements
- NEW: Users can now optionally specify install options when
running the script to install OpenVPN. These new options include:
'--serveraddr', '--proto', '--port', '--clientname',
'--dns1' and '--dns2'. Refer to the usage information which
will be added to the project documentation, or run the script
with the '-h' option to view.
- Other minor improvements
- NEW: Add support for using DNS names (e.g. vpn.example.com) as
the OpenVPN server's address. Users can now select this option
during interactive install (sudo bash openvpn.sh).
- Example use case: With this new feature, when using a DNS name as
the server address, users can take a snapshot of the server and
restore it to a new server with a different IP, then update the
DNS name to point to the new IP. After that, they can expect the
VPN to continue to work.
- When the server does not have a public IPv6 address, push the
"block-ipv6" option to the client to help prevent IPv6 leaks
on dual-stacked clients. This option is supported in OpenVPN
client versions 2.5.x and newer.
Ref: https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html
- Closes#13. Thanks @do02fw for the suggestion.
- Fixed an issue with IPTables rules not persisting after a reboot,
if both IPsec VPN and OpenVPN are installed on the same server.
We restart the openvpn-iptables.service in /etc/rc.local to make
sure the rules are added.
Ref: https://github.com/hwdsl2/wireguard-install/issues/2
- Install iproute (for the "ip" command) in the unlikely cases that
it is not already installed.
- Abort and exit if server IP cannot be detected.
- Cleanup
- On servers with multiple IPv4 addresses, check if one of them
matches the server's public IP. If so, select that IP and skip
the IP selection question.
- If the server is behind NAT, try to find its public IP and
ask the user only if the IP cannot be found.
- Cleanup
