diff --git a/README.md b/README.md index 055b23e..aecf7f1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ##openvpn-install -OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Debian, Ubuntu and CentOS. +OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Debian, Ubuntu, CentOS and Arch. This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It isn't bulletproof but has been designed to be as unobtrusive and universal as possible. diff --git a/openvpn-install.sh b/openvpn-install.sh index 9fa1186..96b59fd 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1,10 +1,10 @@ #!/bin/bash -# OpenVPN road warrior installer for Debian, Ubuntu and CentOS +# OpenVPN road warrior installer for Debian, Ubuntu, CentOS and Arch -# This script will work on Debian, Ubuntu, CentOS and probably other distros +# This script will work on Debian, Ubuntu, CentOS, Arch and probably other distros # of the same families, although no support is offered for them. It isn't # bulletproof but it will probably work if you simply want to setup a VPN on -# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and +# your Debian/Ubuntu/CentOS/Arch box. It has been designed to be as unobtrusive and # universal as possible. @@ -33,8 +33,10 @@ elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then RCLOCAL='/etc/rc.d/rc.local' # Needed for CentOS 7 chmod +x /etc/rc.d/rc.local +elif [[ -e /etc/arch-release ]]; then + OS=arch else - echo "Looks like you aren't running this installer on a Debian, Ubuntu or CentOS system" + echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or Arch system" exit 4 fi @@ -58,7 +60,7 @@ newclient () { # and to avoid getting an IPv6. IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) if [[ "$IP" = "" ]]; then - IP=$(wget -qO- ipv4.icanhazip.com) + IP=$(wget -qO- ipv4.icanhazip.com) fi @@ -118,8 +120,10 @@ if [[ -e /etc/openvpn/server.conf ]]; then else if [[ "$OS" = 'debian' ]]; then /etc/init.d/openvpn restart - else + elif [[ "$OS" = 'centos' ]]; then service openvpn restart + elif [[ "$OS" = 'arch' ]]; then + systemctl restart openvpn@server.service fi fi echo "" @@ -146,8 +150,10 @@ if [[ -e /etc/openvpn/server.conf ]]; then sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL if [[ "$OS" = 'debian' ]]; then apt-get remove --purge -y openvpn openvpn-blacklist - else + elif [[ "$OS" = 'centos' ]]; then yum remove openvpn -y + elif [[ "$OS" = 'arch' ]]; then + pacman -Ry openvpn fi rm -rf /etc/openvpn rm -rf /usr/share/doc/openvpn* @@ -192,13 +198,16 @@ else echo "" echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" read -n1 -r -p "Press any key to continue..." - if [[ "$OS" = 'debian' ]]; then + if [[ "$OS" = 'debian' ]]; then apt-get update apt-get install openvpn iptables openssl ca-certificates -y - else + elif [[ "$OS" = 'debian' ]]; then # Else, the distro is CentOS yum install epel-release -y yum install openvpn iptables openssl wget ca-certificates -y + elif [[ "$OS" = 'arch' ]]; then + pacman -Syu + pacman -Sy openvpn iptables openssl wget ca-certificates fi # An old version of easy-rsa was available by default in some openvpn packages if [[ -d /etc/openvpn/easy-rsa/ ]]; then @@ -273,13 +282,18 @@ crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf # Enable net.ipv4.ip_forward for the system if [[ "$OS" = 'debian' ]]; then sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf - else + elif [[ "$OS" = 'centos' ]]; then # CentOS 5 and 6 sed -i 's|net.ipv4.ip_forward = 0|net.ipv4.ip_forward = 1|' /etc/sysctl.conf # CentOS 7 if ! grep -q "net.ipv4.ip_forward=1" "/etc/sysctl.conf"; then echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf fi + elif [[ "$OS" = 'arch' ]]; then + sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.d/30-ipforward.conf + if ! grep -q "net.ipv4.ip_forward=1" "/etc/sysctl.d/30-ipforward.conf"; then + echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.d/30-ipforward.conf + fi fi # Avoid an unneeded reboot echo 1 > /proc/sys/net/ipv4/ip_forward @@ -302,9 +316,13 @@ crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf iptables -I INPUT -p udp --dport $PORT -j ACCEPT iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - sed -i "1 a\iptables -I INPUT -p udp --dport $PORT -j ACCEPT" $RCLOCAL - sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL - sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL + if [["$OS" = 'debian'|| "$OS" = 'centos' ]]; then + sed -i "1 a\iptables -I INPUT -p udp --dport $PORT -j ACCEPT" $RCLOCAL + sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL + sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL + elif [[ "$OS" = 'arch' ]]; then + iptables-save > /etc/iptables/iptables.rules + fi fi # And finally, restart OpenVPN if [[ "$OS" = 'debian' ]]; then @@ -314,7 +332,7 @@ crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf else /etc/init.d/openvpn restart fi - else + elif [[ "$OS" = 'centos' ]]; then if pgrep systemd-journal; then systemctl restart openvpn@server.service systemctl enable openvpn@server.service @@ -322,6 +340,9 @@ crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf service openvpn restart chkconfig openvpn on fi + elif [[ "$OS" = 'arch' ]]; then + systemctl restart openvpn@server.service + systemctl enable openvpn@server.service fi # Try to detect a NATed connection and ask about it to potential LowEndSpirit users EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)