mirror of
https://github.com/Nyr/openvpn-install.git
synced 2024-11-27 23:46:07 +03:00
Update openvpn-install.sh
This commit is contained in:
parent
e4a9a310eb
commit
479bb95661
@ -109,24 +109,21 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
|
||||
fi
|
||||
clear
|
||||
echo 'Welcome to this OpenVPN road warrior installer!'
|
||||
# If system has a single IPv4, it is selected automatically. Else, ask the user
|
||||
if [[ $(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}') -eq 1 ]]; then
|
||||
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
||||
else
|
||||
number_of_ip=$(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}')
|
||||
echo
|
||||
echo "Which IPv4 address should be used?"
|
||||
ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | nl -s ') '
|
||||
read -p "IPv4 address [1]: " ip_number
|
||||
until [[ -z "$ip_number" || "$ip_number" =~ ^[0-9]+$ && "$ip_number" -le "$number_of_ip" ]]; do
|
||||
echo "$ip_number: invalid selection."
|
||||
read -p "IPv4 address [1]: " ip_number
|
||||
done
|
||||
[[ -z "$ip_number" ]] && ip_number="1"
|
||||
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
|
||||
fi
|
||||
# Ask the user what IPv4 to use OR to use 0.0.0.0 to listen on all interfaces
|
||||
number_of_real_ip=$(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}')
|
||||
number_of_ip=$((number_of_real_ip+1))
|
||||
echo
|
||||
echo "Which IPv4 address should be used?"
|
||||
(ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | nl -s ') '
|
||||
read -p "IPv4 address [1]: " ip_number
|
||||
until [[ -z "$ip_number" || "$ip_number" =~ ^[0-9]+$ && "$ip_number" -le "$number_of_ip" ]]; do
|
||||
echo "$ip_number: invalid selection."
|
||||
read -p "IPv4 address [1]: " ip_number
|
||||
done
|
||||
[[ -z "$ip_number" ]] && ip_number="1"
|
||||
ip=$((ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
|
||||
# If $ip is a private IP address, the server must be behind NAT
|
||||
if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
|
||||
if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168|0\.0\.0\.0)'; then
|
||||
echo
|
||||
echo "This server is behind NAT. What is the public IPv4 address or hostname?"
|
||||
# Get public IP and sanitize with grep
|
||||
@ -139,6 +136,8 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
|
||||
done
|
||||
[[ -z "$public_ip" ]] && public_ip="$get_public_ip"
|
||||
fi
|
||||
# Seting the default gateway's interface for public side of the NAT since it was used to get_public_ip
|
||||
out_interface=$(ip r | grep -E '^default' | awk '{print $5}')
|
||||
# If system has a single IPv6, it is selected automatically
|
||||
if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then
|
||||
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}')
|
||||
@ -186,7 +185,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
|
||||
echo "Select a DNS server for the clients:"
|
||||
echo " 1) Current system resolvers"
|
||||
echo " 2) Google"
|
||||
echo " 3) 1.1.1.1"
|
||||
echo " 3) CloudFlare"
|
||||
echo " 4) OpenDNS"
|
||||
echo " 5) Quad9"
|
||||
echo " 6) AdGuard"
|
||||
@ -195,6 +194,26 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
|
||||
echo "$dns: invalid selection."
|
||||
read -p "DNS server [1]: " dns
|
||||
done
|
||||
case "$dns" in
|
||||
1|"")
|
||||
resolver='the current system resolvers'
|
||||
;;
|
||||
2)
|
||||
resolver='Google'
|
||||
;;
|
||||
3)
|
||||
resolver='CloudFlare'
|
||||
;;
|
||||
4)
|
||||
resolver='OpenDNS'
|
||||
;;
|
||||
5)
|
||||
resolver='Quad9'
|
||||
;;
|
||||
6)
|
||||
resolver='AdGuard'
|
||||
;;
|
||||
esac
|
||||
echo
|
||||
echo "Enter a name for the first client:"
|
||||
read -p "Name [client]: " unsanitized_client
|
||||
@ -215,6 +234,15 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
|
||||
firewall="iptables"
|
||||
fi
|
||||
fi
|
||||
# Reviewing installation parameters
|
||||
echo " OpenVPN will bind at $ip on port $port/$protocol"
|
||||
echo " The public IPv4 (hostname) is $get_public_ip ($public_ip)"
|
||||
if [[ -n $ip6 ]]; then
|
||||
echo " The public IPv6 is $ip6"
|
||||
fi
|
||||
echo " Traffic will be routed via interface $out_interface"
|
||||
echo " Names will be resolved by $resolver"
|
||||
echo ''
|
||||
read -n1 -r -p "Press any key to continue..."
|
||||
# If running inside a container, disable LimitNPROC to prevent conflicts
|
||||
if systemd-detect-virt -cq; then
|
||||
@ -375,11 +403,11 @@ crl-verify crl.pem" >> /etc/openvpn/server/server.conf
|
||||
Before=network.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=$iptables_path -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $ip
|
||||
ExecStart=$iptables_path -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -o $out_interface -j MASQUERADE
|
||||
ExecStart=$iptables_path -I INPUT -p $protocol --dport $port -j ACCEPT
|
||||
ExecStart=$iptables_path -I FORWARD -s 10.8.0.0/24 -j ACCEPT
|
||||
ExecStart=$iptables_path -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
ExecStop=$iptables_path -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $ip
|
||||
ExecStop=$iptables_path -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -o $out_interface -j MASQUERADE
|
||||
ExecStop=$iptables_path -D INPUT -p $protocol --dport $port -j ACCEPT
|
||||
ExecStop=$iptables_path -D FORWARD -s 10.8.0.0/24 -j ACCEPT
|
||||
ExecStop=$iptables_path -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" > /etc/systemd/system/openvpn-iptables.service
|
||||
|
Loading…
Reference in New Issue
Block a user