Jump to content
Aerosol

OpenVPN Server install (script)

By Aerosol, in Tutoriale in engleza

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted

Hello all,

Today we will install a OpenVPN server. For this copy/paste this script (edit email, vpn dns name and client certificate name as you need). After this run command chmod +x openvpn.sh && ./openvpn.sh and run all steps showed from 1 to 16 because 17 is for quit. To run each step when apear #? pres 1, after done press 2 and so on until 16.

Enjoy :)


#!/bin/bash
#title           :openvpn.sh
#author		 :razvan1@hy
#date            :20141209
#usage		 : Put in to /root directory and bash -X openvpn.sh
#==============================================================================

SELECTION="update-os test-tun install-ovpn add-vars import-vars delete-old-certs generate-ca generate-cert generate-dh generate-client generate-hmac place-certs conf-ovpn-server forwarding set-iptables restart-ovpn quit"

select options in $SELECTION; do

if [ "$options" = "update-os" ]; then
        echo "Updating OS!"
	apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
elif [ "$options" = "test-tun" ]; then
        echo "Test if it supports TUN!"
        test ! -c /dev/net/tun && echo openvpn requires tun support || echo tun is available

elif [ "$options" = "install-ovpn" ]; then
        echo "Install OpenVPN"
	apt-get install openvpn -y && cp -prv /usr/share/doc/openvpn/examples/easy-rsa/2.0 /root/easy-rsa && cd /root/easy-rsa && cp vars{,.orig}

elif [ "$options" = "add-vars" ]; then
        echo "export KEY_COUNTRY="RO"
export KEY_PROVINCE="B"
export KEY_CITY="Bucuresti"
export KEY_ORG="ORG_name"
export KEY_EMAIL="user@mail.ro"
export KEY_EMAIL=user@mail.ro
export KEY_CN=vpn.domain.ro
export KEY_NAME=vpn.domain.ro
export KEY_OU=IT
#export PKCS11_MODULE_PATH=changeme
#export PKCS11_PIN=1234
" >  /root/easy-rsa/vars

elif [ "$options" = "import-vars" ]; then
        echo "Import vars"
	cd /root/easy-rsa/ && source ./vars

elif [ "$options" = "delete-old-certs" ]; then
        echo "delete previously created certs"
	cd /root/easy-rsa/ && ./clean-all

elif [ "$options" = "generate-ca" ]; then
        echo "generate the CA certificate"
	cd /root/easy-rsa/ && ./build-ca

elif [ "$options" = "generate-cert" ]; then
        echo "generate VPN server certificate"
	cd /root/easy-rsa/ && ./build-key-server SERVER

elif [ "$options" = "generate-dh" ]; then
        echo "generate the Diffie-Hellman PEM certificate"
	cd /root/easy-rsa/ && ./build-dh

elif [ "$options" = "generate-client" ]; then
        echo "generate client certificate"
	cd /root/easy-rsa/ && ./build-key razvan1

elif [ "$options" = "generate-hmac" ]; then
        echo "generate secret Hash-based Message Authentication Code (HMAC)"
	/usr/sbin/openvpn --genkey --secret /root/easy-rsa/keys/ta.key

elif [ "$options" = "place-certs" ]; then
        echo "place the certificates and keys on the server in the /etc/openvpn/certs directory"
	mkdir -p /etc/openvpn/certs && cp -pv /root/easy-rsa/keys/{ca.{crt,key},SERVER.{crt,key},ta.key,dh2048.pem} /etc/openvpn/certs/

elif [ "$options" = "conf-ovpn-server" ]; then
        echo "set-up OpenVPN server configuration file in /etc/openvpn/server.conf"
	touch /etc/openvpn/server.conf && echo "port 1194
proto udp
dev tun

ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/SERVER.crt
key /etc/openvpn/certs/SERVER.key
dh /etc/openvpn/certs/dh1024.pem
tls-auth /etc/openvpn/certs/ta.key 0

server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

client-to-client
keepalive 20 120

client-config-dir ccd

cipher DES-EDE3-CBC
comp-lzo

max-clients 10

user nobody
group nogroup

persist-key
persist-tun

log /var/log/openvpn.log
status /var/log/openvpn-status.log
verb 5
mute 20" > /etc/openvpn/server.conf && mkdir /etc/openvpn/ccd

elif [ "$options" = "forwarding" ]; then
        echo "enable network forwarding"
	echo 1 > /proc/sys/net/ipv4/ip_forward && sysctl -p

elif [ "$options" = "set-iptables" ]; then
        echo "set-up the following iptables rules"
	/sbin/iptables -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
	/sbin/iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT
	/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
	/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

elif [ "$options" = "restart-ovpn" ]; then
        echo "start the OpenVPN server and add enable it to run on system's start-up"
	service openvpn restart && update-rc.d -f openvpn defaults

elif [ "$options" = "quit" ]; then
        echo "You have selected $options"
    exit

else
    clear;
    echo "please select some options"

fi
done

Credit's to:razvan1@hy

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...