1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00

Various bugfixes and improvements

- Assisted configuration for servers behind a NAT
- Better IP autodetection
- Fix certificate revocation
This commit is contained in:
Nyr 2013-07-07 21:28:08 +02:00
parent ce8077f048
commit 730691c8a1

40
openvpn-install.sh Normal file → Executable file
View File

@ -23,17 +23,11 @@ fi
# Try to get our IP from the system and fallback to the Internet. # Try to get our IP from the system and fallback to the Internet.
# I do this to make the script compatible with NATed servers (lowendspirit.com) # I do this to make the script compatible with NATed servers (lowendspirit.com)
# and to avoid getting an IPv6. # and to avoid getting an IPv6.
# Sorry for doing this, I didn't want to :( IP=$(ifconfig | grep 'inet addr:' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d: -f2 | awk '{ print $1}')
echo "$(grep address /etc/network/interfaces | grep -v 127.0.0.1 | awk '{print $2}' | grep -q '.' | head -1)" if [ "$IP" = "" ]; then
if [ ! $? = 0 ]; then
IP=$(wget -qO- ipv4.icanhazip.com) IP=$(wget -qO- ipv4.icanhazip.com)
else
IP=$(grep address /etc/network/interfaces | grep -v 127.0.0.1 | awk '{print $2}' | grep '.' | head -1)
fi fi
# We will use this later
EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
if [ -e /etc/openvpn/server.conf ]; then if [ -e /etc/openvpn/server.conf ]; then
while : while :
@ -80,10 +74,19 @@ if [ -e /etc/openvpn/server.conf ]; then
echo "" echo ""
echo "Tell me the existing client name" echo "Tell me the existing client name"
read -p "Client name: " -e -i client CLIENT read -p "Client name: " -e -i client CLIENT
cd /etc/openvpn/easy-rsa/2.0/
. /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/vars
. /etc/openvpn/easy-rsa/2.0/revoke-full $CLIENT . /etc/openvpn/easy-rsa/2.0/revoke-full $CLIENT
# If it's the first time revoking a cert, we need to add the crl-verify line
if grep -q "crl-verify" "/etc/openvpn/server.conf"; then
echo "" echo ""
echo "Certificate for client $CLIENT revoked" echo "Certificate for client $CLIENT revoked"
else
echo "crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem" >> "/etc/openvpn/server.conf"
/etc/init.d/openvpn restart
echo ""
echo "Certificate for client $CLIENT revoked"
fi
exit exit
;; ;;
3) 3)
@ -174,6 +177,20 @@ else
/etc/init.d/openvpn restart /etc/init.d/openvpn restart
# Let's generate the client config # Let's generate the client config
mkdir ~/ovpn-$CLIENT mkdir ~/ovpn-$CLIENT
# Try to detect a NATed connection and ask about it to potential LowEndSpirit
# users
EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
if [ "$IP" != "$EXTERNALIP" ]; then
echo ""
echo "Looks like your server is behind a NAT!"
echo ""
echo "If your server is NATed (LowEndSpirit), I need to know the external IP"
echo "If that's not the case, just ignore this and leave the next field blank"
read -p "External IP:" -e USEREXTERNALIP
if [ $USEREXTERNALIP != "" ]; then
IP=$USEREXTERNALIP
fi
fi
# IP/port set on the default client.conf so we can add further users # IP/port set on the default client.conf so we can add further users
# without asking for them # without asking for them
sed -i "s|remote my-server-1 1194|remote $IP $PORT|" /usr/share/doc/openvpn/examples/sample-config-files/client.conf sed -i "s|remote my-server-1 1194|remote $IP $PORT|" /usr/share/doc/openvpn/examples/sample-config-files/client.conf
@ -192,11 +209,4 @@ else
echo "" echo ""
echo "Your client config is available at ~/ovpn-$CLIENT.tar.gz" echo "Your client config is available at ~/ovpn-$CLIENT.tar.gz"
echo "If you want to add more clients, you simply need to run this script another time!" echo "If you want to add more clients, you simply need to run this script another time!"
# Try to detect a NATed connection and show a warning to potential
# LowEndSpirit users
if [ "$IP" != "$EXTERNALIP" ]; then
echo ""
echo "If you are running this on a LowEndSpirit VPS, please take a minute to read:"
echo "http://cl.ly/OuSW"
fi
fi fi