164 lines
4.4 KiB
Bash
Executable File
164 lines
4.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (C) 2020 Private Internet Access, Inc.
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
# of this software and associated documentation files (the "Software"), to deal
|
|
# in the Software without restriction, including without limitation the rights
|
|
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
# copies of the Software, and to permit persons to whom the Software is
|
|
# furnished to do so, subject to the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included in all
|
|
# copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
# SOFTWARE.
|
|
|
|
# Only allow script to run as
|
|
if [ "$(whoami)" != "root" ]; then
|
|
echo "This script needs to be run as root. Try again with 'sudo $0'"
|
|
exit 1
|
|
fi
|
|
|
|
echo
|
|
echo -n "PIA username (pNNNNNNN): "
|
|
read PIA_USER
|
|
|
|
if [ -z "$PIA_USER" ]; then
|
|
echo Username is required, aborting.
|
|
exit 1
|
|
fi
|
|
echo
|
|
export PIA_USER
|
|
|
|
echo -n "PIA password: "
|
|
read -s PIA_PASS
|
|
echo
|
|
|
|
if [ -z "$PIA_PASS" ]; then
|
|
echo Password is required, aborting.
|
|
exit 1
|
|
fi
|
|
echo
|
|
export PIA_PASS
|
|
|
|
# This section asks for user connection preferences
|
|
# this is hard coded for now, but will become an input
|
|
# variable in the future.
|
|
echo -n "Connection method ([W]ireguard/[o]penvpn): "
|
|
read connection_method
|
|
echo
|
|
|
|
PIA_AUTOCONNECT="wireguard"
|
|
if echo ${connection_method:0:1} | grep -iq o; then
|
|
echo -n "Connection method ([U]dp/[t]cp): "
|
|
read protocolInput
|
|
echo
|
|
|
|
protocol="udp"
|
|
if echo ${protocolInput:0:1} | grep -iq t; then
|
|
protocol="tcp"
|
|
fi
|
|
|
|
echo "Higher levels of encryption trade performance for security. "
|
|
echo -n "Do you want to use strong encryption ([N]o/[y]es): "
|
|
read strongEncryption
|
|
echo
|
|
|
|
encryption="standard"
|
|
if echo ${strongEncryption:0:1} | grep -iq y; then
|
|
encryption="strong"
|
|
fi
|
|
|
|
PIA_AUTOCONNECT="openvpn_${protocol}_${encryption}"
|
|
fi
|
|
export PIA_AUTOCONNECT
|
|
echo PIA_AUTOCONNECT=$PIA_AUTOCONNECT"
|
|
"
|
|
|
|
# Check for the required presence of resolvconf for settnig DNS on wireguard connections.
|
|
setDNS="yes"
|
|
if ! command -v resolvconf &>/dev/null && [ "$PIA_AUTOCONNECT" == wireguard ]; then
|
|
echo The resolvconf package could not be found.
|
|
echo This script can not set DNS for you and you will
|
|
echo need to invoke DNS protection some other way.
|
|
echo
|
|
setDNS="no"
|
|
fi
|
|
|
|
if [ "$setDNS" != no ]; then
|
|
echo Using third party DNS could allow DNS monitoring.
|
|
echo -n "Do you want to force PIA DNS ([Y]es/[n]o): "
|
|
read setDNS
|
|
echo
|
|
fi
|
|
|
|
PIA_DNS="true"
|
|
if echo ${setDNS:0:1} | grep -iq n; then
|
|
PIA_DNS="false"
|
|
fi
|
|
|
|
PIA_DNS="true"
|
|
if echo ${setDNS:0:1} | grep -iq n; then
|
|
PIA_DNS="false"
|
|
fi
|
|
export PIA_DNS
|
|
echo PIA_DNS=$PIA_DNS"
|
|
"
|
|
|
|
echo -n "Do you want a forwarding port assigned ([N]o/[y]es): "
|
|
read portForwarding
|
|
echo
|
|
|
|
PIA_PF="false"
|
|
if echo ${portForwarding:0:1} | grep -iq y; then
|
|
PIA_PF="true"
|
|
fi
|
|
export PIA_PF
|
|
echo PIA_PF=$PIA_PF
|
|
|
|
# Set this to the maximum allowed latency in seconds.
|
|
# All servers that repond slower than this will be ignored.
|
|
echo -n "
|
|
With no input, the maximum allowed latency will be set to 0.05s (50ms).
|
|
If your connection has high latency, you may need to increase this value.
|
|
For example, you can try 0.2 for 200ms allowed latency.
|
|
Custom latency (no input required for 50ms): "
|
|
read customLatency
|
|
echo
|
|
|
|
MAX_LATENCY=0.05
|
|
if [[ $customLatency != "" ]]; then
|
|
MAX_LATENCY=$customLatency
|
|
fi
|
|
export MAX_LATENCY
|
|
echo "MAX_LATENCY=\"$MAX_LATENCY\"
|
|
"
|
|
|
|
echo "Having active IPv6 connections might compromise security by allowing"
|
|
echo "split tunnel connections that run outside the VPN tunnel."
|
|
echo -n "Do you want to disable IPv6? (Y/n): "
|
|
read disable_IPv6
|
|
echo
|
|
|
|
if echo ${disable_IPv6:0:1} | grep -iq n; then
|
|
echo "IPv6 settings have not been altered.
|
|
"
|
|
else
|
|
sysctl -w net.ipv6.conf.all.disable_ipv6=1
|
|
sysctl -w net.ipv6.conf.default.disable_ipv6=1
|
|
echo
|
|
echo "IPv6 has been disabled, you can enable it again with: "
|
|
echo "sysctl -w net.ipv6.conf.all.disable_ipv6=0"
|
|
echo "sysctl -w net.ipv6.conf.default.disable_ipv6=0
|
|
"
|
|
fi
|
|
|
|
./get_region_and_token.sh
|