1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00

Update openvpn-install.sh

This commit is contained in:
davift 2024-08-23 19:43:27 -04:00 committed by GitHub
parent e4a9a310eb
commit 479bb95661
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -109,24 +109,21 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
fi fi
clear clear
echo 'Welcome to this OpenVPN road warrior installer!' echo 'Welcome to this OpenVPN road warrior installer!'
# If system has a single IPv4, it is selected automatically. Else, ask the user # Ask the user what IPv4 to use OR to use 0.0.0.0 to listen on all interfaces
if [[ $(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}') -eq 1 ]]; then number_of_real_ip=$(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}')
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}') number_of_ip=$((number_of_real_ip+1))
else
number_of_ip=$(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}')
echo echo
echo "Which IPv4 address should be used?" echo "Which IPv4 address should be used?"
ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | nl -s ') ' (ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | nl -s ') '
read -p "IPv4 address [1]: " ip_number read -p "IPv4 address [1]: " ip_number
until [[ -z "$ip_number" || "$ip_number" =~ ^[0-9]+$ && "$ip_number" -le "$number_of_ip" ]]; do until [[ -z "$ip_number" || "$ip_number" =~ ^[0-9]+$ && "$ip_number" -le "$number_of_ip" ]]; do
echo "$ip_number: invalid selection." echo "$ip_number: invalid selection."
read -p "IPv4 address [1]: " ip_number read -p "IPv4 address [1]: " ip_number
done done
[[ -z "$ip_number" ]] && ip_number="1" [[ -z "$ip_number" ]] && ip_number="1"
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p) ip=$((ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
fi
# If $ip is a private IP address, the server must be behind NAT # If $ip is a private IP address, the server must be behind NAT
if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168|0\.0\.0\.0)'; then
echo echo
echo "This server is behind NAT. What is the public IPv4 address or hostname?" echo "This server is behind NAT. What is the public IPv4 address or hostname?"
# Get public IP and sanitize with grep # Get public IP and sanitize with grep
@ -139,6 +136,8 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
done done
[[ -z "$public_ip" ]] && public_ip="$get_public_ip" [[ -z "$public_ip" ]] && public_ip="$get_public_ip"
fi fi
# Seting the default gateway's interface for public side of the NAT since it was used to get_public_ip
out_interface=$(ip r | grep -E '^default' | awk '{print $5}')
# If system has a single IPv6, it is selected automatically # If system has a single IPv6, it is selected automatically
if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}') ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}')
@ -186,7 +185,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
echo "Select a DNS server for the clients:" echo "Select a DNS server for the clients:"
echo " 1) Current system resolvers" echo " 1) Current system resolvers"
echo " 2) Google" echo " 2) Google"
echo " 3) 1.1.1.1" echo " 3) CloudFlare"
echo " 4) OpenDNS" echo " 4) OpenDNS"
echo " 5) Quad9" echo " 5) Quad9"
echo " 6) AdGuard" echo " 6) AdGuard"
@ -195,6 +194,26 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
echo "$dns: invalid selection." echo "$dns: invalid selection."
read -p "DNS server [1]: " dns read -p "DNS server [1]: " dns
done done
case "$dns" in
1|"")
resolver='the current system resolvers'
;;
2)
resolver='Google'
;;
3)
resolver='CloudFlare'
;;
4)
resolver='OpenDNS'
;;
5)
resolver='Quad9'
;;
6)
resolver='AdGuard'
;;
esac
echo echo
echo "Enter a name for the first client:" echo "Enter a name for the first client:"
read -p "Name [client]: " unsanitized_client read -p "Name [client]: " unsanitized_client
@ -215,6 +234,15 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
firewall="iptables" firewall="iptables"
fi fi
fi fi
# Reviewing installation parameters
echo " OpenVPN will bind at $ip on port $port/$protocol"
echo " The public IPv4 (hostname) is $get_public_ip ($public_ip)"
if [[ -n $ip6 ]]; then
echo " The public IPv6 is $ip6"
fi
echo " Traffic will be routed via interface $out_interface"
echo " Names will be resolved by $resolver"
echo ''
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."
# If running inside a container, disable LimitNPROC to prevent conflicts # If running inside a container, disable LimitNPROC to prevent conflicts
if systemd-detect-virt -cq; then if systemd-detect-virt -cq; then
@ -375,11 +403,11 @@ crl-verify crl.pem" >> /etc/openvpn/server/server.conf
Before=network.target Before=network.target
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=$iptables_path -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $ip ExecStart=$iptables_path -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -o $out_interface -j MASQUERADE
ExecStart=$iptables_path -I INPUT -p $protocol --dport $port -j ACCEPT ExecStart=$iptables_path -I INPUT -p $protocol --dport $port -j ACCEPT
ExecStart=$iptables_path -I FORWARD -s 10.8.0.0/24 -j ACCEPT ExecStart=$iptables_path -I FORWARD -s 10.8.0.0/24 -j ACCEPT
ExecStart=$iptables_path -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT ExecStart=$iptables_path -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStop=$iptables_path -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $ip ExecStop=$iptables_path -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -o $out_interface -j MASQUERADE
ExecStop=$iptables_path -D INPUT -p $protocol --dport $port -j ACCEPT ExecStop=$iptables_path -D INPUT -p $protocol --dport $port -j ACCEPT
ExecStop=$iptables_path -D FORWARD -s 10.8.0.0/24 -j ACCEPT ExecStop=$iptables_path -D FORWARD -s 10.8.0.0/24 -j ACCEPT
ExecStop=$iptables_path -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" > /etc/systemd/system/openvpn-iptables.service ExecStop=$iptables_path -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" > /etc/systemd/system/openvpn-iptables.service