1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-27 23:46:07 +03:00

Update openvpn-install.sh

This commit is contained in:
davift 2024-08-23 19:43:27 -04:00 committed by GitHub
parent e4a9a310eb
commit 479bb95661
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -109,24 +109,21 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
fi
clear
echo 'Welcome to this OpenVPN road warrior installer!'
# If system has a single IPv4, it is selected automatically. Else, ask the user
if [[ $(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}') -eq 1 ]]; then
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}')
else
number_of_ip=$(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}')
echo
echo "Which IPv4 address should be used?"
ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | nl -s ') '
read -p "IPv4 address [1]: " ip_number
until [[ -z "$ip_number" || "$ip_number" =~ ^[0-9]+$ && "$ip_number" -le "$number_of_ip" ]]; do
echo "$ip_number: invalid selection."
read -p "IPv4 address [1]: " ip_number
done
[[ -z "$ip_number" ]] && ip_number="1"
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
fi
# Ask the user what IPv4 to use OR to use 0.0.0.0 to listen on all interfaces
number_of_real_ip=$(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}')
number_of_ip=$((number_of_real_ip+1))
echo
echo "Which IPv4 address should be used?"
(ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | nl -s ') '
read -p "IPv4 address [1]: " ip_number
until [[ -z "$ip_number" || "$ip_number" =~ ^[0-9]+$ && "$ip_number" -le "$number_of_ip" ]]; do
echo "$ip_number: invalid selection."
read -p "IPv4 address [1]: " ip_number
done
[[ -z "$ip_number" ]] && ip_number="1"
ip=$((ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
# If $ip is a private IP address, the server must be behind NAT
if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168|0\.0\.0\.0)'; then
echo
echo "This server is behind NAT. What is the public IPv4 address or hostname?"
# Get public IP and sanitize with grep
@ -139,6 +136,8 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
done
[[ -z "$public_ip" ]] && public_ip="$get_public_ip"
fi
# Seting the default gateway's interface for public side of the NAT since it was used to get_public_ip
out_interface=$(ip r | grep -E '^default' | awk '{print $5}')
# If system has a single IPv6, it is selected automatically
if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}')
@ -186,7 +185,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
echo "Select a DNS server for the clients:"
echo " 1) Current system resolvers"
echo " 2) Google"
echo " 3) 1.1.1.1"
echo " 3) CloudFlare"
echo " 4) OpenDNS"
echo " 5) Quad9"
echo " 6) AdGuard"
@ -195,6 +194,26 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
echo "$dns: invalid selection."
read -p "DNS server [1]: " dns
done
case "$dns" in
1|"")
resolver='the current system resolvers'
;;
2)
resolver='Google'
;;
3)
resolver='CloudFlare'
;;
4)
resolver='OpenDNS'
;;
5)
resolver='Quad9'
;;
6)
resolver='AdGuard'
;;
esac
echo
echo "Enter a name for the first client:"
read -p "Name [client]: " unsanitized_client
@ -215,6 +234,15 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
firewall="iptables"
fi
fi
# Reviewing installation parameters
echo " OpenVPN will bind at $ip on port $port/$protocol"
echo " The public IPv4 (hostname) is $get_public_ip ($public_ip)"
if [[ -n $ip6 ]]; then
echo " The public IPv6 is $ip6"
fi
echo " Traffic will be routed via interface $out_interface"
echo " Names will be resolved by $resolver"
echo ''
read -n1 -r -p "Press any key to continue..."
# If running inside a container, disable LimitNPROC to prevent conflicts
if systemd-detect-virt -cq; then
@ -375,11 +403,11 @@ crl-verify crl.pem" >> /etc/openvpn/server/server.conf
Before=network.target
[Service]
Type=oneshot
ExecStart=$iptables_path -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $ip
ExecStart=$iptables_path -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -o $out_interface -j MASQUERADE
ExecStart=$iptables_path -I INPUT -p $protocol --dport $port -j ACCEPT
ExecStart=$iptables_path -I FORWARD -s 10.8.0.0/24 -j ACCEPT
ExecStart=$iptables_path -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStop=$iptables_path -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $ip
ExecStop=$iptables_path -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -o $out_interface -j MASQUERADE
ExecStop=$iptables_path -D INPUT -p $protocol --dport $port -j ACCEPT
ExecStop=$iptables_path -D FORWARD -s 10.8.0.0/24 -j ACCEPT
ExecStop=$iptables_path -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" > /etc/systemd/system/openvpn-iptables.service