mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 14:06:07 +03:00
Code Issues Projects Releases Wiki Activity

Bingo!

Browse Source
This commit is contained in:
Birkhoff 2018-07-11 17:22:51 -04:00
parent ead883b476
commit 06497c24af
No known key found for this signature in database
GPG Key ID: DAF5C86509D5C898
1 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
openvpn-install.sh
View File

@ -69,6 +69,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
# Generates the custom client.ovpn # Generates the custom client.ovpn
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
cp /etc/openvpn/server.crt $HOME/stunnel.crt
newclient "$CLIENT" newclient "$CLIENT"
echo echo
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn" echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
@ -260,6 +262,9 @@ else
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# Move the stuff we need # Move the stuff we need
csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt
mv /etc/openvpn/easy-rsa/pki/issued/cert.01 /etc/openvpn/easy-rsa/pki/issued/server.crt
cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn
# CRL is read with each client connection, when OpenVPN is dropped to nobody # CRL is read with each client connection, when OpenVPN is dropped to nobody
chown nobody:$GROUPNAME /etc/openvpn/crl.pem chown nobody:$GROUPNAME /etc/openvpn/crl.pem
@ -269,21 +274,20 @@ else
if [[ $SSL==1 ]]; then if [[ $SSL==1 ]]; then
echo "local 127.0.0.1" > /etc/openvpn/server.conf echo "local 127.0.0.1" > /etc/openvpn/server.conf
echo "port 1194" >> /etc/openvpn/server.conf echo "port 1194" >> /etc/openvpn/server.conf
csplit -f /etc/openvpn/cert. /etc/openvpn/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
rm /etc/openvpn/cert.00 /etc/openvpn/server.crt
mv /etc/openvpn/cert.01 /etc/openvpn/server.crt
cp /etc/openvpn/server.crt /etc/stunnel/
cp /etc/openvpn/server.key /etc/stunnel/
echo "sslVersion = all echo "sslVersion = all
;chroot = /var/lib/stunnel4/ ;chroot = /var/lib/stunnel4/
pid = /var/run/stunnel4.pid pid = /var/run/stunnel4.pid
debug = 3 debug = 7
output = /var/log/stunnel4/stunnel.log output = /var/log/stunnel4/stunnel.log
setuid = root
setgid = root
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[openvpn] [openvpn]
accept = 0.0.0.0:443 accept = 0.0.0.0:$PORT
connect = 127.0.0.1:1194 connect = 127.0.0.1:1194
cert=/etc/stunnel/server.crt cert=/etc/openvpn/server.crt
key=/etc/stunnel/server.key" > /etc/stunnel/stunnel.conf key=/etc/openvpn/server.key" > /etc/stunnel/stunnel.conf
else else
echo "port $PORT" > /etc/openvpn/server.conf echo "port $PORT" > /etc/openvpn/server.conf
fi fi
@ -433,16 +437,22 @@ setenv opt block-outside-dns
key-direction 1 key-direction 1
reneg-sec $RENEGKEY reneg-sec $RENEGKEY
verb 3" >> /etc/openvpn/client-common.txt verb 3" >> /etc/openvpn/client-common.txt
echo "client = yes if [[ $SSL=1 ]]; then
debug = 6 echo "client = yes
debug = 7
[openvpn] [openvpn]
accept = 127.0.0.1:1194 accept = 127.0.0.1:1194
connect = $IP:$PORT connect = $IP:$PORT
TIMEOUTclose = 0 TIMEOUTclose = 1000
verify = 3 session=300
stack=65536
sslVersion=TLSv1.2
setuid=root
setgid=root
CAfile = stunnel.crt" > /etc/stunnel/stunnel-client.conf CAfile = stunnel.crt" > /etc/stunnel/stunnel-client.conf
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
cp /etc/openvpn/server.crt $HOME/stunnel.crt cp /etc/openvpn/server.crt $HOME/stunnel.crt
fi
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient "$CLIENT" newclient "$CLIENT"
echo echo