From 9eba8d40ce3b4b4f5d7577edde67e6c694009a43 Mon Sep 17 00:00:00 2001 From: Chris Xiao <30990835+chrisx8@users.noreply.github.com> Date: Mon, 23 Jul 2018 23:07:23 -0400 Subject: [PATCH] Fixed a stunnel-related bug; Updated README stunnel may fail to launch in CentOS with 'setuid' and 'setgid', so I removed those from the config files. Users are now asked to run stunnel with sudo. --- README.md | 142 +++++++++++++++++++++++++++++++++++++++++---- openvpn-install.sh | 6 +- 2 files changed, 131 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 49f8fde..293b8e6 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,139 @@ -## OpenVPN install -OpenVPN installer for Debian, Ubuntu and CentOS. +# OpenVPN Installer -This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible. +## To Developers and Users -### To Developers and Users -Only Trust Signed Commits. +**WARNING: Only Trust Signed Commits.** -### Installation -Run the script and follow the assistant: +## Table of Contents -`wget https://raw.githubusercontent.com/birkhoffcheng/openvpn-install/master/openvpn-install.sh && bash openvpn-install.sh` +- [Description](#description) +- [Installation](#installation) +- [Configure clients](#configure-clients) + - [Windows](#windows) + - [MacOS](#macos) + - [Linux](#linux) + - [Android](#android) + - [iOS](#ios) +- [Troubleshooting](#troubleshooting) +- [FAQ](#faq) +- [Donations](#donations) -Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. +## Description -### Where to get VPS -You can get a VPS from as little as $2.5/month at [Vultr](https://www.vultr.com/?ref=7088313) or $5/month at [DigitalOcean](https://m.do.co/c/c51ec51bb352). +OpenVPN installer for Debian, Ubuntu and CentOS, with support for OpenVPN over SSL. -### Donations +This script lets you set up your own OpenVPN server in minutes, even if you no experience OpenVPN before. It's designed to be as simple, unobtrusive, and universal as possible. + +## Installation + +If you run into any issues during installation, please refer to [Troubleshooting](#Troubleshooting). +### Install on CentOS/Debian/Ubuntu + +- Run this in a terminal on your server, and follow the on-screen instructions: + ```bash + # Download the script + wget https://raw.githubusercontent.com/birkhoffcheng/openvpn-install/master/openvpn-install.sh + + # Run the install script + sudo bash openvpn-install.sh + + # Start stunnel (only if you're using OpenVPN over SSL) + sudo stunnel + ``` +- Once it finishes, your OpenVPN server is up and running! You should [configure client devices](#configure-clients) next. + +## Configure clients + +### Before continuing... + +- Download `stunnel.conf` and the `.ovpn` file from your server. +- If your username is `root`, they're located at `/root`. +- Otherwise, they're located at `/home/`. + +### OS-specific setup processes + +#### Windows + +- Configure `stunnel`. Skip to the next section if you're NOT using OpenVPN over SSL + - Download and install [stunnel](https://www.stunnel.org/downloads.html) + - Start `stunnel` by launching `stunnel GUI start ` from the Start Menu + - Locate the `stunnel` icon in the Task Bar, right click, and select `Edit Configuration` + - Copy everything in `stunnel.conf` and paste into the `stunnel` configuration file. Save and close it after editing. + - Right click on the `stunnel` icon again, and select `Reload Configuration` +- Configure OpenVPN + - Download and install [OpenVPN](https://openvpn.net/index.php/open-source/downloads.html) + - Start `OpenVPN GUI` from the Start Menu + - Locate the OpenVPN icon in the Task Bar, right click, and select `Import file...` + - Select your OVPN file + - Right click on the OpenVPN icon again, and select `Connect` + +#### MacOS + +- Supported. Instructions coming soon. + +#### Linux + +- Install `stunnel` and `openvpn` on your device. + + ```bash + # Debian/Ubuntu + sudo apt install -y stunnel openvpn + + # CentOS/RHEL + sudo yum install -y epel-release + sudo yum install -y stunnel openvpn + + # Fedora + sudo dnf install -y stunnel openvpn + ``` + +- If you're using OpenVPN over SSL, configure and start `stunnel` + + ```bash + # Run this in the directory that contains 'stunnel.conf' + sudo cp stunnel.conf /etc/stunnel/ + # Start stunnel + sudo stunnel + ``` + +- Connect to OpenVPN + + ```bash + # Run this in the directory that contains your OVPN file + # Replace 'client' with your OVPN filename + openvpn --config client.ovpn + ``` + +#### Android + +- Supported. Instructions coming soon. + +#### iOS + +- OpenVPN is supported on iOS, but OpenVPN over SSL is not supported. +- If you installed OpenVPN without SSL, download [OpenVPN Connect from App Store](https://itunes.apple.com/app/openvpn-connect/id590379981) +- Follow the on-screen instruction to add the OpenVPN profile. + +## Troubleshooting + +- `wget: command not found`: This means that `wget` isn't install it on your server. Just install it and try again. To install `wget`: + + ```bash + # Run this on Debian/Ubuntu + sudo apt -y install wget + + # Run this on CentOS + sudo yum -y install wget + ``` + +- `The TUN device is not available. You need to enable TUN before running this script`: Follow [this guide](https://help.skysilk.com/support/solutions/articles/9000136471-how-to-enable-tun-tap-on-linux-vps-with-skysilk). + +## FAQ + +### Where to find a VPS + +You can get a VPS for as little as $2.50/month (IPv6 only) or $5/month (with IPv4) at [Vultr](https://www.vultr.com/?ref=7088313) or $5/month (with IPv4) at [DigitalOcean](https://m.do.co/c/c51ec51bb352). + +## Donations If you want to show your appreciation, you can donate via [PayPal](https://paypal.me/birkhoffcheng) or Bitcoin (12R4euPg17EfJyYNfdTxjiQ2SctW1b4CRz). Thanks! diff --git a/openvpn-install.sh b/openvpn-install.sh index 88d26e2..0ac54d3 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -278,8 +278,6 @@ else pid = /var/run/stunnel4.pid debug = 7 output = /var/log/stunnel4/stunnel.log -setuid = root -setgid = root socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [openvpn] @@ -450,9 +448,7 @@ connect = $IP:$PORT TIMEOUTclose = 1000 session=300 stack=65536 -sslVersion=TLSv1.2 -setuid=root -setgid=root" > /etc/stunnel/stunnel-client.conf +sslVersion=TLSv1.2" > /etc/stunnel/stunnel-client.conf cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf fi # Generates the custom client.ovpn