1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-27 23:46:07 +03:00

Add support for Arch Linux

This commit is contained in:
Duncan Leo 2016-01-27 20:12:41 +08:00
parent aa5c024b8e
commit 2c9c683f76
2 changed files with 36 additions and 15 deletions

View File

@ -1,5 +1,5 @@
##openvpn-install
OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Debian, Ubuntu and CentOS.
OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Debian, Ubuntu, CentOS and Arch.
This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It isn't bulletproof but has been designed to be as unobtrusive and universal as possible.

View File

@ -1,10 +1,10 @@
#!/bin/bash
# OpenVPN road warrior installer for Debian, Ubuntu and CentOS
# OpenVPN road warrior installer for Debian, Ubuntu, CentOS and Arch
# This script will work on Debian, Ubuntu, CentOS and probably other distros
# This script will work on Debian, Ubuntu, CentOS, Arch and probably other distros
# of the same families, although no support is offered for them. It isn't
# bulletproof but it will probably work if you simply want to setup a VPN on
# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and
# your Debian/Ubuntu/CentOS/Arch box. It has been designed to be as unobtrusive and
# universal as possible.
@ -33,8 +33,10 @@ elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
RCLOCAL='/etc/rc.d/rc.local'
# Needed for CentOS 7
chmod +x /etc/rc.d/rc.local
elif [[ -e /etc/arch-release ]]; then
OS=arch
else
echo "Looks like you aren't running this installer on a Debian, Ubuntu or CentOS system"
echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or Arch system"
exit 4
fi
@ -58,7 +60,7 @@ newclient () {
# and to avoid getting an IPv6.
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
if [[ "$IP" = "" ]]; then
IP=$(wget -qO- ipv4.icanhazip.com)
IP=$(wget -qO- ipv4.icanhazip.com)
fi
@ -118,8 +120,10 @@ if [[ -e /etc/openvpn/server.conf ]]; then
else
if [[ "$OS" = 'debian' ]]; then
/etc/init.d/openvpn restart
else
elif [[ "$OS" = 'centos' ]]; then
service openvpn restart
elif [[ "$OS" = 'arch' ]]; then
systemctl restart openvpn@server.service
fi
fi
echo ""
@ -146,8 +150,10 @@ if [[ -e /etc/openvpn/server.conf ]]; then
sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL
if [[ "$OS" = 'debian' ]]; then
apt-get remove --purge -y openvpn openvpn-blacklist
else
elif [[ "$OS" = 'centos' ]]; then
yum remove openvpn -y
elif [[ "$OS" = 'arch' ]]; then
pacman -Ry openvpn
fi
rm -rf /etc/openvpn
rm -rf /usr/share/doc/openvpn*
@ -192,13 +198,16 @@ else
echo ""
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
read -n1 -r -p "Press any key to continue..."
if [[ "$OS" = 'debian' ]]; then
if [[ "$OS" = 'debian' ]]; then
apt-get update
apt-get install openvpn iptables openssl ca-certificates -y
else
elif [[ "$OS" = 'debian' ]]; then
# Else, the distro is CentOS
yum install epel-release -y
yum install openvpn iptables openssl wget ca-certificates -y
elif [[ "$OS" = 'arch' ]]; then
pacman -Syu
pacman -Sy openvpn iptables openssl wget ca-certificates
fi
# An old version of easy-rsa was available by default in some openvpn packages
if [[ -d /etc/openvpn/easy-rsa/ ]]; then
@ -273,13 +282,18 @@ crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf
# Enable net.ipv4.ip_forward for the system
if [[ "$OS" = 'debian' ]]; then
sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
else
elif [[ "$OS" = 'centos' ]]; then
# CentOS 5 and 6
sed -i 's|net.ipv4.ip_forward = 0|net.ipv4.ip_forward = 1|' /etc/sysctl.conf
# CentOS 7
if ! grep -q "net.ipv4.ip_forward=1" "/etc/sysctl.conf"; then
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
fi
elif [[ "$OS" = 'arch' ]]; then
sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.d/30-ipforward.conf
if ! grep -q "net.ipv4.ip_forward=1" "/etc/sysctl.d/30-ipforward.conf"; then
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.d/30-ipforward.conf
fi
fi
# Avoid an unneeded reboot
echo 1 > /proc/sys/net/ipv4/ip_forward
@ -302,9 +316,13 @@ crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf
iptables -I INPUT -p udp --dport $PORT -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
sed -i "1 a\iptables -I INPUT -p udp --dport $PORT -j ACCEPT" $RCLOCAL
sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL
sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL
if [["$OS" = 'debian'|| "$OS" = 'centos' ]]; then
sed -i "1 a\iptables -I INPUT -p udp --dport $PORT -j ACCEPT" $RCLOCAL
sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL
sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL
elif [[ "$OS" = 'arch' ]]; then
iptables-save > /etc/iptables/iptables.rules
fi
fi
# And finally, restart OpenVPN
if [[ "$OS" = 'debian' ]]; then
@ -314,7 +332,7 @@ crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf
else
/etc/init.d/openvpn restart
fi
else
elif [[ "$OS" = 'centos' ]]; then
if pgrep systemd-journal; then
systemctl restart openvpn@server.service
systemctl enable openvpn@server.service
@ -322,6 +340,9 @@ crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf
service openvpn restart
chkconfig openvpn on
fi
elif [[ "$OS" = 'arch' ]]; then
systemctl restart openvpn@server.service
systemctl enable openvpn@server.service
fi
# Try to detect a NATed connection and ask about it to potential LowEndSpirit users
EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)