Interactive Menu¶
Installation Questions — installQuestions()¶
When running ./openvpn-install.sh interactive on a fresh system, the script walks through a step-by-step questionnaire.
Question Flow¶
graph TD
A[Detect server IPs] --> B[Select endpoint type: IPv4 or IPv6]
B --> C[Confirm/enter endpoint address]
C --> D[Select client IP stack: v4 / v6 / dual]
D --> E[Configure IPv4 subnet]
E --> F[Configure IPv6 subnet if enabled]
F --> G[Select port: 1194 / custom / random]
G --> H[Select protocol: UDP / TCP]
H --> I[Select DNS provider]
I --> J[Multi-client support?]
J --> K[Configure MTU]
K --> L[Select auth mode: PKI / Fingerprint]
L --> M{Customize encryption?}
M -->|Yes| N[Cipher, cert type, TLS version, HMAC, control channel]
M -->|No| O[Use defaults]
N --> P[Press any key to continue]
O --> PNAT Detection¶
During endpoint configuration, the script compares the local IP (from ip addr) with the public IP (from external services). If they differ, the server is behind NAT and the user is prompted to enter the public IP or a hostname.
Encryption Customization¶
If the user chooses to customize encryption, the script presents menus for:
| Setting | Options |
|---|---|
| Data cipher | AES-128-GCM, AES-256-GCM, CHACHA20-POLY1305, etc. |
| Certificate type | ECDSA or RSA |
| ECDSA curve | prime256v1, secp384r1, secp521r1 |
| RSA key size | 2048, 3072, 4096 |
| TLS version | 1.2, 1.3 |
| TLS 1.3 suites | All, AES-256 only, AES-128 only, ChaCha20 only |
| Key exchange | All, X25519 only, NIST only |
| HMAC | SHA256, SHA384, SHA512 |
| Control channel | tls-crypt-v2, tls-crypt, tls-auth |
Management Menu — manageMenu()¶
When running ./openvpn-install.sh interactive on a system where OpenVPN is already installed:
OpenVPN is already installed.
What do you want to do?
1) Add a new user
2) List client certificates
3) Revoke existing user
4) Renew certificate
5) Remove OpenVPN
6) List connected clients
7) Exit
Each option calls the corresponding function:
| Option | Function |
|---|---|
| 1 | newClient() |
| 2 | listClients() |
| 3 | revokeClient() |
| 4 | renewMenu() |
| 5 | removeOpenVPN() |
| 6 | listConnectedClients() |
Renewal Submenu — renewMenu()¶
Certificate Renewal
1) Renew a client certificate
2) Renew the server certificate (expires in 3648 days)
3) Back to main menu
Menu Helper Functions¶
select_from_array()¶
Displays an array as a numbered menu and returns the selected value:
select_with_labels()¶
Displays custom labels while returning underlying values:
prompt_yes_no()¶
Y/N prompt with a configurable default:
prompt_validated()¶
Repeating prompt that calls a validator function until valid input is provided.
Automation¶
The MENU_OPTION environment variable can pre-select a menu option:
Similarly, all interactive prompts can be bypassed by setting the corresponding environment variables before running the script.