1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-27 23:46:07 +03:00

Merge pull request #1 from birkhoffcheng/dev

Merge dev with master
This commit is contained in:
Birkhoff 2018-07-25 19:35:24 -04:00 committed by GitHub
commit ba5a7a86f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 367 additions and 42 deletions

View File

@ -0,0 +1,96 @@
# Client Setup: OpenVPN
## Table of Contents
- [Windows](#windows)
- [MacOS](#macos)
- [Linux](#linux)
- [Android](#android)
- [iOS](#ios)
- [Troubleshooting](#troubleshooting)
## Windows
- Configure OpenVPN
- Download and install [OpenVPN](https://openvpn.net/index.php/open-source/downloads.html)
- Start `OpenVPN GUI` from the Start Menu
- Locate the OpenVPN icon in the Task Bar, right click, and select `Import file...`
- Select your OVPN file
- Right click on the OpenVPN icon again, and select `Connect`
- To disconnect
- Locate the OpenVPN icon in the Task Bar, right click, and select `Disconnect`
- Locate the `stunnel` icon in the Task Bar, right click, and select `Exit`
## MacOS
- Configure OpenVPN
- Download and install [Tunnelblick](https://tunnelblick.net/)
- Locate your OVPN file in `Finder`, and double-click to open it.
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select the server you want to connect to.
- To disconnect
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select `Disconnect All`.
- To stop `stunnel`, run this in `Terminal`: `sudo killall stunnel`
## Linux
- Install `openvpn` on your device.
```bash
# Debian/Ubuntu
sudo apt install -y openvpn
# CentOS/RHEL
sudo yum install -y epel-release
sudo yum install -y openvpn
# Fedora
sudo dnf install -y openvpn
```
- Connect to OpenVPN
```bash
# Run this in the directory that contains your OVPN file
# Replace 'client' with your OVPN filename
openvpn --config client.ovpn
```
- To disconnect
```bash
# Stop OpenVPN
sudo killall openvpn
```
## Android
- Download [OpenVPN for Android](https://play.google.com/store/apps/details?id=de.blinkt.openvpn) from Google Play Store
- Transfer your OVPN file to your device.
- Click on the `import` icon (between `+` and `Menu` icon), and select your OVPN file.
- Click on the check mark to confirm import.
- Click on a profile name to connect.
- If you see a `connection request` popup, select `Connect` or `OK`.
- To disconnect: Select the `VPN connection` notification in your notification center, and click `Disconnect` in the popup.
## iOS
- Download [OpenVPN Connect](https://itunes.apple.com/app/openvpn-connect/id590379981) from App Store
- Send the OVPN file as an attachment to yourself via email, and open it in your email app on the iOS device.
- If you see a popup with a list of different apps, select `OpenVPN Connect`.
- Click on the switch next to `Connection`, make sure it's at the `ON` position.
- To disconnect: click on the switch next to `Connection`, make sure it's at the `OFF` position.
## Troubleshooting
- If you're unable to connect to your server with OpenVPN...
- Check if OpenVPN is running on your server.
```bash
# You should see openvpn in the output
ps -A | grep openvpn
```
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
- Run the install script and select `Uninstall`
- Run the install script again and make sure you enter the correct information.

144
Documentation/client-ssl.md Normal file
View File

@ -0,0 +1,144 @@
# Client Setup: OpenVPN over SSL
## Table of Contents
- [Windows](#windows)
- [MacOS](#macos)
- [Linux](#linux)
- [Android](#android)
- [iOS](#ios)
- [Troubleshooting](#troubleshooting)
## Windows
- Configure `stunnel`
- Download and install [stunnel](https://www.stunnel.org/downloads.html)
- Start `stunnel` by launching `stunnel GUI start ` from the Start Menu
- Locate the `stunnel` icon in the Task Bar, right click, and select `Edit Configuration`
- Copy everything in `stunnel.conf` and paste into the `stunnel` configuration file. Save and close it after editing.
- Right click on the `stunnel` icon again, and select `Reload Configuration`
- Configure OpenVPN
- Download and install [OpenVPN](https://openvpn.net/index.php/open-source/downloads.html)
- Start `OpenVPN GUI` from the Start Menu
- Locate the OpenVPN icon in the Task Bar, right click, and select `Import file...`
- Select your OVPN file
- Right click on the OpenVPN icon again, and select `Connect`
- To disconnect
- Locate the OpenVPN icon in the Task Bar, right click, and select `Disconnect`
- Locate the `stunnel` icon in the Task Bar, right click, and select `Exit`
## MacOS
- Configure `stunnel`
- Install [Homebrew](https://brew.sh/)
- Install `stunnel` via Homebrew by running this in `Terminal`:
```bash
brew install stunnel
```
- Configure and start `stunnel`
```bash
# In order to run these, you need to log in to your Mac with an administrator account.
# When prompted for password, enter the password of the current user,
# Run this in the directory that contains 'stunnel.conf'
sudo cp stunnel.conf /usr/local/etc/stunnel/stunnel.conf
# Start stunnel
sudo stunnel
```
- Configure OpenVPN
- Download and install [Tunnelblick](https://tunnelblick.net/)
- Locate your OVPN file in `Finder`, and double-click to open it.
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select the server you want to connect to.
- To disconnect
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select `Disconnect All`.
- To stop `stunnel`, run this in `Terminal`: `sudo killall stunnel`
## Linux
- Install `stunnel` and `openvpn` on your device.
```bash
# Debian/Ubuntu
sudo apt install -y stunnel openvpn
# CentOS/RHEL
sudo yum install -y epel-release
sudo yum install -y stunnel openvpn
# Fedora
sudo dnf install -y stunnel openvpn
```
- Configure and start `stunnel`
```bash
# Run this in the directory that contains 'stunnel.conf'
sudo cp stunnel.conf /etc/stunnel/
# Start stunnel
sudo stunnel
```
- Connect to OpenVPN
```bash
# Run this in the directory that contains your OVPN file
# Replace 'client' with your OVPN filename
openvpn --config client.ovpn
```
- To disconnect
```bash
# Stop OpenVPN
sudo killall openvpn
# Stop stunnel
sudo killall stunnel
```
## Android
- OpenVPN is supported on Android, but OpenVPN over SSL support isn't very good.
- If you installed OpenVPN without SSL, see [Client Setup: OpenVPN](client-ovpn.md)
## iOS
- OpenVPN is supported on iOS, but OpenVPN over SSL is not supported.
- If you installed OpenVPN without SSL, see [Client Setup: OpenVPN](client-ovpn.md)
## Troubleshooting
- If you're unable to connect to your server with OpenVPN...
- Please check if `stunnel` is running on your device.
- On Windows, check if the `stunnel` icon is present in the Task Bar (bottom right).
- Run this to check on MacOS or Linux (both client and server)
```bash
# You should see stunnel in the output
ps -A | grep stunnel
```
- Also check if both `stunnel` and OpenVPN are running on your server.
```bash
# You should see stunnel in the output
ps -A | grep stunnel
# You should see openvpn in the output
ps -A | grep openvpn
```
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
- Run the install script and select `Uninstall`
- Run the install script again and make sure you enter the correct information.

115
README.md
View File

@ -1,21 +1,112 @@
## OpenVPN install # OpenVPN Installer
OpenVPN installer for Debian, Ubuntu and CentOS.
This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible. ## To Developers and Users
### To Developers and Users **WARNING: Only Trust Signed Commits.**
Only Trust Signed Commits.
### Installation ## Table of Contents
Run the script and follow the assistant:
`wget https://raw.githubusercontent.com/birkhoffcheng/openvpn-install/master/openvpn-install.sh && bash openvpn-install.sh` - [Description](#description)
- [Installation](#installation)
- [Client setup](#client-setup)
- [Troubleshooting](#troubleshooting)
- [FAQ](#faq)
- [Donations](#donations)
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. ## Description
### Where to get VPS OpenVPN installer for Debian, Ubuntu and CentOS, with support for OpenVPN over SSL.
You can get a VPS from as little as $2.5/month at [Vultr](https://www.vultr.com/?ref=7088313) or $5/month at [DigitalOcean](https://m.do.co/c/c51ec51bb352).
### Donations This script lets you set up your own OpenVPN server in minutes, even if you no experience OpenVPN before. It's designed to be as simple, unobtrusive, and universal as possible.
## Installation
If you run into any issues during installation, please refer to [Troubleshooting](#troubleshooting).
### Install on CentOS/Debian/Ubuntu
- **Please note: if your server is running the following OS versions, please select `AES-256-CBC` when you're asked to select a cipher mode.**
- CentOS 6 or older
- Debian 8 (Jessie) or older
- Ubuntu 16.10 or older
- Run this in a terminal on your server, and follow the on-screen instructions:
```bash
# Download the script
wget https://raw.githubusercontent.com/birkhoffcheng/openvpn-install/master/openvpn-install.sh
# Run the install script
sudo bash openvpn-install.sh
# Note: If you're running Ubuntu 16.10 or older
# Start stunnel (only if you're using OpenVPN over SSL)
sudo stunnel
```
- Once it finishes, your OpenVPN server is up and running! You should [set up client devices](#client-setup) next.
## Client setup
### Before continuing...
- Download `stunnel.conf` and the `.ovpn` file from your server.
- If your username is `root`, they're located at `/root`.
- Otherwise, they're located at `/home/<YOUR USERNAME>`.
### OS-specific setup processes
- [OpenVPN (without SSL)](Documentation/client-ovpn.md)
- [OpenVPN over SSL](Documentation/client-ssl.md)
## Troubleshooting
- `wget: command not found`: This means that `wget` isn't install it on your server. Just install it and try again. To install `wget`:
```bash
# Run this on Debian/Ubuntu
sudo apt -y install wget
# Run this on CentOS
sudo yum -y install wget
```
- `The TUN device is not available. You need to enable TUN before running this script`: Follow [this guide](https://help.skysilk.com/support/solutions/articles/9000136471-how-to-enable-tun-tap-on-linux-vps-with-skysilk).
- If you're unable to connect to your server with OpenVPN...
- Please check if `stunnel` is running on your device. (if you're using OpenVPN over SSL)
- On Windows, check if the `stunnel` icon is present in the Task Bar (bottom right).
- Run this to check on MacOS or Linux (both client and server)
```bash
# You should see stunnel in the output
ps -A | grep stunnel
```
- Also check if both `stunnel` (if applicable) and OpenVPN are running on your server.
```bash
# You should see stunnel in the output (if you're using OpenVPN over SSL)
ps -A | grep stunnel
# You should see openvpn in the output
ps -A | grep openvpn
```
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
- Run the install script and select `Uninstall`
- Run the install script again and make sure you enter the correct information.
## FAQ
### Where to find a VPS
You can get a VPS for as little as $2.50/month (IPv6 only) or $5/month (with IPv4) at [Vultr](https://www.vultr.com/?ref=7088313) or $5/month (with IPv4) at [DigitalOcean](https://m.do.co/c/c51ec51bb352).
## Donations
If you want to show your appreciation, you can donate via [PayPal](https://paypal.me/birkhoffcheng) or Bitcoin (12R4euPg17EfJyYNfdTxjiQ2SctW1b4CRz). Thanks! If you want to show your appreciation, you can donate via [PayPal](https://paypal.me/birkhoffcheng) or Bitcoin (12R4euPg17EfJyYNfdTxjiQ2SctW1b4CRz). Thanks!

View File

@ -67,13 +67,15 @@ if [[ -e /etc/openvpn/server.conf ]]; then
echo "Please, use one word only, no special characters." echo "Please, use one word only, no special characters."
read -p "Client name: " -e CLIENT read -p "Client name: " -e CLIENT
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
./easyrsa build-client-full $CLIENT nopass easyrsa build-client-full $CLIENT nopass
# Generates the custom client.ovpn
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
newclient "$CLIENT" newclient "$CLIENT"
echo echo
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn" echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
echo "and ~/stunnel.conf. Install stunnel4 on client before you continue." if [ -f /etc/stunnel/stunnel-client.conf ]; then
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
cp /etc/openvpn/server.crt $HOME/stunnel.crt
echo "~/stunnel.crt and ~/stunnel.conf."
fi
exit exit
;; ;;
2) 2)
@ -98,8 +100,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then
read -p "Do you really want to revoke access for client $CLIENT? [y/N]: " -e REVOKE read -p "Do you really want to revoke access for client $CLIENT? [y/N]: " -e REVOKE
if [[ "$REVOKE" = 'y' || "$REVOKE" = 'Y' ]]; then if [[ "$REVOKE" = 'y' || "$REVOKE" = 'Y' ]]; then
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
./easyrsa --batch revoke $CLIENT easyrsa --batch revoke $CLIENT
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
rm -f pki/reqs/$CLIENT.req rm -f pki/reqs/$CLIENT.req
rm -f pki/private/$CLIENT.key rm -f pki/private/$CLIENT.key
rm -f pki/issued/$CLIENT.crt rm -f pki/issued/$CLIENT.crt
@ -147,9 +149,9 @@ if [[ -e /etc/openvpn/server.conf ]]; then
semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT
fi fi
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
apt remove --purge openvpn stunnel4 -y apt remove --purge openvpn stunnel4 easy-rsa -y
else else
yum remove openvpn stunnel4 -y yum remove openvpn stunnel4 easy-rsa -y
fi fi
rm -rf /etc/openvpn /etc/stunnel rm -rf /etc/openvpn /etc/stunnel
rm -f /etc/sysctl.d/30-openvpn-forward.conf rm -f /etc/sysctl.d/30-openvpn-forward.conf
@ -238,28 +240,21 @@ else
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
apt update apt update
apt dist-upgrade -y apt dist-upgrade -y
apt install openvpn iptables openssl ca-certificates stunnel4 -y apt install openvpn iptables openssl ca-certificates stunnel4 easy-rsa -y
else else
# Else, the distro is CentOS # Else, the distro is CentOS
yum install epel-release -y yum install epel-release -y
yum install openvpn iptables openssl ca-certificates stunnel4 -y yum install openvpn iptables openssl ca-certificates stunnel4 easy-rsa -y
fi fi
# Get easy-rsa mkdir /etc/openvpn/easy-rsa/
EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz'
wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL"
tar xzf ~/easyrsa.tgz -C ~/
mv ~/EasyRSA-3.0.4/ /etc/openvpn/
mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
chown -R root:root /etc/openvpn/easy-rsa/
rm -f ~/easyrsa.tgz
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
# Create the PKI, set up the CA, the DH params and the server + client certificates # Create the PKI, set up the CA, the DH params and the server + client certificates
./easyrsa init-pki easyrsa init-pki
./easyrsa --batch build-ca nopass easyrsa --batch build-ca nopass
./easyrsa gen-dh easyrsa gen-dh
./easyrsa build-server-full server nopass easyrsa build-server-full server nopass
./easyrsa build-client-full $CLIENT nopass easyrsa build-client-full $CLIENT nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
# Move the stuff we need # Move the stuff we need
csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}' csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt
@ -278,8 +273,6 @@ else
pid = /var/run/stunnel4.pid pid = /var/run/stunnel4.pid
debug = 7 debug = 7
output = /var/log/stunnel4/stunnel.log output = /var/log/stunnel4/stunnel.log
setuid = root
setgid = root
socket = l:TCP_NODELAY=1 socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
[openvpn] [openvpn]
@ -447,13 +440,14 @@ debug = 7
[openvpn] [openvpn]
accept = 127.0.0.1:1194 accept = 127.0.0.1:1194
connect = $IP:$PORT connect = $IP:$PORT
verify = 2
CAfile = stunnel.crt
TIMEOUTclose = 1000 TIMEOUTclose = 1000
session=300 session=300
stack=65536 stack=65536
sslVersion=TLSv1.2 sslVersion=TLSv1.2" > /etc/stunnel/stunnel-client.conf
setuid=root
setgid=root" > /etc/stunnel/stunnel-client.conf
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
cp /etc/openvpn/server.crt $HOME/stunnel.crt
fi fi
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient "$CLIENT" newclient "$CLIENT"
@ -462,7 +456,7 @@ setgid=root" > /etc/stunnel/stunnel-client.conf
echo echo
echo "Your client configuration is available at: ~/$CLIENT.ovpn" echo "Your client configuration is available at: ~/$CLIENT.ovpn"
if [[ $SSL=1 ]]; then if [[ $SSL=1 ]]; then
echo "and ~/stunnel.conf. Install stunnel4 on client before you continue." echo "~/stunnel.crt and ~/stunnel.conf."
fi fi
echo "If you want to add more clients, you simply need to run this script again!" echo "If you want to add more clients, you simply need to run this script again!"
fi fi