mirror of
https://github.com/Nyr/openvpn-install.git
synced 2024-11-24 05:56:08 +03:00
commit
ba5a7a86f2
96
Documentation/client-ovpn.md
Normal file
96
Documentation/client-ovpn.md
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
# Client Setup: OpenVPN
|
||||||
|
|
||||||
|
## Table of Contents
|
||||||
|
|
||||||
|
- [Windows](#windows)
|
||||||
|
- [MacOS](#macos)
|
||||||
|
- [Linux](#linux)
|
||||||
|
- [Android](#android)
|
||||||
|
- [iOS](#ios)
|
||||||
|
- [Troubleshooting](#troubleshooting)
|
||||||
|
|
||||||
|
## Windows
|
||||||
|
|
||||||
|
- Configure OpenVPN
|
||||||
|
- Download and install [OpenVPN](https://openvpn.net/index.php/open-source/downloads.html)
|
||||||
|
- Start `OpenVPN GUI` from the Start Menu
|
||||||
|
- Locate the OpenVPN icon in the Task Bar, right click, and select `Import file...`
|
||||||
|
- Select your OVPN file
|
||||||
|
- Right click on the OpenVPN icon again, and select `Connect`
|
||||||
|
- To disconnect
|
||||||
|
- Locate the OpenVPN icon in the Task Bar, right click, and select `Disconnect`
|
||||||
|
- Locate the `stunnel` icon in the Task Bar, right click, and select `Exit`
|
||||||
|
|
||||||
|
## MacOS
|
||||||
|
|
||||||
|
- Configure OpenVPN
|
||||||
|
- Download and install [Tunnelblick](https://tunnelblick.net/)
|
||||||
|
- Locate your OVPN file in `Finder`, and double-click to open it.
|
||||||
|
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select the server you want to connect to.
|
||||||
|
- To disconnect
|
||||||
|
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select `Disconnect All`.
|
||||||
|
- To stop `stunnel`, run this in `Terminal`: `sudo killall stunnel`
|
||||||
|
|
||||||
|
## Linux
|
||||||
|
|
||||||
|
- Install `openvpn` on your device.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Debian/Ubuntu
|
||||||
|
sudo apt install -y openvpn
|
||||||
|
|
||||||
|
# CentOS/RHEL
|
||||||
|
sudo yum install -y epel-release
|
||||||
|
sudo yum install -y openvpn
|
||||||
|
|
||||||
|
# Fedora
|
||||||
|
sudo dnf install -y openvpn
|
||||||
|
```
|
||||||
|
|
||||||
|
- Connect to OpenVPN
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Run this in the directory that contains your OVPN file
|
||||||
|
# Replace 'client' with your OVPN filename
|
||||||
|
openvpn --config client.ovpn
|
||||||
|
```
|
||||||
|
|
||||||
|
- To disconnect
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Stop OpenVPN
|
||||||
|
sudo killall openvpn
|
||||||
|
```
|
||||||
|
|
||||||
|
## Android
|
||||||
|
|
||||||
|
- Download [OpenVPN for Android](https://play.google.com/store/apps/details?id=de.blinkt.openvpn) from Google Play Store
|
||||||
|
- Transfer your OVPN file to your device.
|
||||||
|
- Click on the `import` icon (between `+` and `Menu` icon), and select your OVPN file.
|
||||||
|
- Click on the check mark to confirm import.
|
||||||
|
- Click on a profile name to connect.
|
||||||
|
- If you see a `connection request` popup, select `Connect` or `OK`.
|
||||||
|
- To disconnect: Select the `VPN connection` notification in your notification center, and click `Disconnect` in the popup.
|
||||||
|
|
||||||
|
## iOS
|
||||||
|
|
||||||
|
- Download [OpenVPN Connect](https://itunes.apple.com/app/openvpn-connect/id590379981) from App Store
|
||||||
|
- Send the OVPN file as an attachment to yourself via email, and open it in your email app on the iOS device.
|
||||||
|
- If you see a popup with a list of different apps, select `OpenVPN Connect`.
|
||||||
|
- Click on the switch next to `Connection`, make sure it's at the `ON` position.
|
||||||
|
- To disconnect: click on the switch next to `Connection`, make sure it's at the `OFF` position.
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
- If you're unable to connect to your server with OpenVPN...
|
||||||
|
|
||||||
|
- Check if OpenVPN is running on your server.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# You should see openvpn in the output
|
||||||
|
ps -A | grep openvpn
|
||||||
|
```
|
||||||
|
|
||||||
|
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
|
||||||
|
- Run the install script and select `Uninstall`
|
||||||
|
- Run the install script again and make sure you enter the correct information.
|
144
Documentation/client-ssl.md
Normal file
144
Documentation/client-ssl.md
Normal file
@ -0,0 +1,144 @@
|
|||||||
|
# Client Setup: OpenVPN over SSL
|
||||||
|
|
||||||
|
## Table of Contents
|
||||||
|
|
||||||
|
- [Windows](#windows)
|
||||||
|
- [MacOS](#macos)
|
||||||
|
- [Linux](#linux)
|
||||||
|
- [Android](#android)
|
||||||
|
- [iOS](#ios)
|
||||||
|
- [Troubleshooting](#troubleshooting)
|
||||||
|
|
||||||
|
## Windows
|
||||||
|
|
||||||
|
- Configure `stunnel`
|
||||||
|
- Download and install [stunnel](https://www.stunnel.org/downloads.html)
|
||||||
|
- Start `stunnel` by launching `stunnel GUI start ` from the Start Menu
|
||||||
|
- Locate the `stunnel` icon in the Task Bar, right click, and select `Edit Configuration`
|
||||||
|
- Copy everything in `stunnel.conf` and paste into the `stunnel` configuration file. Save and close it after editing.
|
||||||
|
- Right click on the `stunnel` icon again, and select `Reload Configuration`
|
||||||
|
- Configure OpenVPN
|
||||||
|
- Download and install [OpenVPN](https://openvpn.net/index.php/open-source/downloads.html)
|
||||||
|
- Start `OpenVPN GUI` from the Start Menu
|
||||||
|
- Locate the OpenVPN icon in the Task Bar, right click, and select `Import file...`
|
||||||
|
- Select your OVPN file
|
||||||
|
- Right click on the OpenVPN icon again, and select `Connect`
|
||||||
|
- To disconnect
|
||||||
|
- Locate the OpenVPN icon in the Task Bar, right click, and select `Disconnect`
|
||||||
|
- Locate the `stunnel` icon in the Task Bar, right click, and select `Exit`
|
||||||
|
|
||||||
|
## MacOS
|
||||||
|
|
||||||
|
- Configure `stunnel`
|
||||||
|
|
||||||
|
- Install [Homebrew](https://brew.sh/)
|
||||||
|
|
||||||
|
- Install `stunnel` via Homebrew by running this in `Terminal`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
brew install stunnel
|
||||||
|
```
|
||||||
|
|
||||||
|
- Configure and start `stunnel`
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# In order to run these, you need to log in to your Mac with an administrator account.
|
||||||
|
# When prompted for password, enter the password of the current user,
|
||||||
|
|
||||||
|
# Run this in the directory that contains 'stunnel.conf'
|
||||||
|
sudo cp stunnel.conf /usr/local/etc/stunnel/stunnel.conf
|
||||||
|
# Start stunnel
|
||||||
|
sudo stunnel
|
||||||
|
```
|
||||||
|
|
||||||
|
- Configure OpenVPN
|
||||||
|
|
||||||
|
- Download and install [Tunnelblick](https://tunnelblick.net/)
|
||||||
|
- Locate your OVPN file in `Finder`, and double-click to open it.
|
||||||
|
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select the server you want to connect to.
|
||||||
|
|
||||||
|
- To disconnect
|
||||||
|
|
||||||
|
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select `Disconnect All`.
|
||||||
|
- To stop `stunnel`, run this in `Terminal`: `sudo killall stunnel`
|
||||||
|
|
||||||
|
## Linux
|
||||||
|
|
||||||
|
- Install `stunnel` and `openvpn` on your device.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Debian/Ubuntu
|
||||||
|
sudo apt install -y stunnel openvpn
|
||||||
|
|
||||||
|
# CentOS/RHEL
|
||||||
|
sudo yum install -y epel-release
|
||||||
|
sudo yum install -y stunnel openvpn
|
||||||
|
|
||||||
|
# Fedora
|
||||||
|
sudo dnf install -y stunnel openvpn
|
||||||
|
```
|
||||||
|
|
||||||
|
- Configure and start `stunnel`
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Run this in the directory that contains 'stunnel.conf'
|
||||||
|
sudo cp stunnel.conf /etc/stunnel/
|
||||||
|
# Start stunnel
|
||||||
|
sudo stunnel
|
||||||
|
```
|
||||||
|
|
||||||
|
- Connect to OpenVPN
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Run this in the directory that contains your OVPN file
|
||||||
|
# Replace 'client' with your OVPN filename
|
||||||
|
openvpn --config client.ovpn
|
||||||
|
```
|
||||||
|
|
||||||
|
- To disconnect
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Stop OpenVPN
|
||||||
|
sudo killall openvpn
|
||||||
|
|
||||||
|
# Stop stunnel
|
||||||
|
sudo killall stunnel
|
||||||
|
```
|
||||||
|
|
||||||
|
## Android
|
||||||
|
|
||||||
|
- OpenVPN is supported on Android, but OpenVPN over SSL support isn't very good.
|
||||||
|
- If you installed OpenVPN without SSL, see [Client Setup: OpenVPN](client-ovpn.md)
|
||||||
|
|
||||||
|
## iOS
|
||||||
|
|
||||||
|
- OpenVPN is supported on iOS, but OpenVPN over SSL is not supported.
|
||||||
|
- If you installed OpenVPN without SSL, see [Client Setup: OpenVPN](client-ovpn.md)
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
- If you're unable to connect to your server with OpenVPN...
|
||||||
|
|
||||||
|
- Please check if `stunnel` is running on your device.
|
||||||
|
|
||||||
|
- On Windows, check if the `stunnel` icon is present in the Task Bar (bottom right).
|
||||||
|
- Run this to check on MacOS or Linux (both client and server)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# You should see stunnel in the output
|
||||||
|
ps -A | grep stunnel
|
||||||
|
```
|
||||||
|
|
||||||
|
- Also check if both `stunnel` and OpenVPN are running on your server.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# You should see stunnel in the output
|
||||||
|
ps -A | grep stunnel
|
||||||
|
|
||||||
|
# You should see openvpn in the output
|
||||||
|
ps -A | grep openvpn
|
||||||
|
```
|
||||||
|
|
||||||
|
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
|
||||||
|
- Run the install script and select `Uninstall`
|
||||||
|
- Run the install script again and make sure you enter the correct information.
|
115
README.md
115
README.md
@ -1,21 +1,112 @@
|
|||||||
## OpenVPN install
|
# OpenVPN Installer
|
||||||
OpenVPN installer for Debian, Ubuntu and CentOS.
|
|
||||||
|
|
||||||
This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible.
|
## To Developers and Users
|
||||||
|
|
||||||
### To Developers and Users
|
**WARNING: Only Trust Signed Commits.**
|
||||||
Only Trust Signed Commits.
|
|
||||||
|
|
||||||
### Installation
|
## Table of Contents
|
||||||
Run the script and follow the assistant:
|
|
||||||
|
|
||||||
`wget https://raw.githubusercontent.com/birkhoffcheng/openvpn-install/master/openvpn-install.sh && bash openvpn-install.sh`
|
- [Description](#description)
|
||||||
|
- [Installation](#installation)
|
||||||
|
- [Client setup](#client-setup)
|
||||||
|
- [Troubleshooting](#troubleshooting)
|
||||||
|
- [FAQ](#faq)
|
||||||
|
- [Donations](#donations)
|
||||||
|
|
||||||
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
|
## Description
|
||||||
|
|
||||||
### Where to get VPS
|
OpenVPN installer for Debian, Ubuntu and CentOS, with support for OpenVPN over SSL.
|
||||||
You can get a VPS from as little as $2.5/month at [Vultr](https://www.vultr.com/?ref=7088313) or $5/month at [DigitalOcean](https://m.do.co/c/c51ec51bb352).
|
|
||||||
|
|
||||||
### Donations
|
This script lets you set up your own OpenVPN server in minutes, even if you no experience OpenVPN before. It's designed to be as simple, unobtrusive, and universal as possible.
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
If you run into any issues during installation, please refer to [Troubleshooting](#troubleshooting).
|
||||||
|
|
||||||
|
### Install on CentOS/Debian/Ubuntu
|
||||||
|
|
||||||
|
- **Please note: if your server is running the following OS versions, please select `AES-256-CBC` when you're asked to select a cipher mode.**
|
||||||
|
|
||||||
|
- CentOS 6 or older
|
||||||
|
- Debian 8 (Jessie) or older
|
||||||
|
- Ubuntu 16.10 or older
|
||||||
|
|
||||||
|
- Run this in a terminal on your server, and follow the on-screen instructions:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Download the script
|
||||||
|
wget https://raw.githubusercontent.com/birkhoffcheng/openvpn-install/master/openvpn-install.sh
|
||||||
|
|
||||||
|
# Run the install script
|
||||||
|
sudo bash openvpn-install.sh
|
||||||
|
|
||||||
|
# Note: If you're running Ubuntu 16.10 or older
|
||||||
|
|
||||||
|
# Start stunnel (only if you're using OpenVPN over SSL)
|
||||||
|
sudo stunnel
|
||||||
|
```
|
||||||
|
|
||||||
|
- Once it finishes, your OpenVPN server is up and running! You should [set up client devices](#client-setup) next.
|
||||||
|
|
||||||
|
## Client setup
|
||||||
|
|
||||||
|
### Before continuing...
|
||||||
|
|
||||||
|
- Download `stunnel.conf` and the `.ovpn` file from your server.
|
||||||
|
- If your username is `root`, they're located at `/root`.
|
||||||
|
- Otherwise, they're located at `/home/<YOUR USERNAME>`.
|
||||||
|
|
||||||
|
### OS-specific setup processes
|
||||||
|
|
||||||
|
- [OpenVPN (without SSL)](Documentation/client-ovpn.md)
|
||||||
|
- [OpenVPN over SSL](Documentation/client-ssl.md)
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
- `wget: command not found`: This means that `wget` isn't install it on your server. Just install it and try again. To install `wget`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Run this on Debian/Ubuntu
|
||||||
|
sudo apt -y install wget
|
||||||
|
|
||||||
|
# Run this on CentOS
|
||||||
|
sudo yum -y install wget
|
||||||
|
```
|
||||||
|
|
||||||
|
- `The TUN device is not available. You need to enable TUN before running this script`: Follow [this guide](https://help.skysilk.com/support/solutions/articles/9000136471-how-to-enable-tun-tap-on-linux-vps-with-skysilk).
|
||||||
|
|
||||||
|
- If you're unable to connect to your server with OpenVPN...
|
||||||
|
|
||||||
|
- Please check if `stunnel` is running on your device. (if you're using OpenVPN over SSL)
|
||||||
|
|
||||||
|
- On Windows, check if the `stunnel` icon is present in the Task Bar (bottom right).
|
||||||
|
- Run this to check on MacOS or Linux (both client and server)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# You should see stunnel in the output
|
||||||
|
ps -A | grep stunnel
|
||||||
|
```
|
||||||
|
|
||||||
|
- Also check if both `stunnel` (if applicable) and OpenVPN are running on your server.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# You should see stunnel in the output (if you're using OpenVPN over SSL)
|
||||||
|
ps -A | grep stunnel
|
||||||
|
|
||||||
|
# You should see openvpn in the output
|
||||||
|
ps -A | grep openvpn
|
||||||
|
```
|
||||||
|
|
||||||
|
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
|
||||||
|
- Run the install script and select `Uninstall`
|
||||||
|
- Run the install script again and make sure you enter the correct information.
|
||||||
|
|
||||||
|
## FAQ
|
||||||
|
|
||||||
|
### Where to find a VPS
|
||||||
|
|
||||||
|
You can get a VPS for as little as $2.50/month (IPv6 only) or $5/month (with IPv4) at [Vultr](https://www.vultr.com/?ref=7088313) or $5/month (with IPv4) at [DigitalOcean](https://m.do.co/c/c51ec51bb352).
|
||||||
|
|
||||||
|
## Donations
|
||||||
|
|
||||||
If you want to show your appreciation, you can donate via [PayPal](https://paypal.me/birkhoffcheng) or Bitcoin (12R4euPg17EfJyYNfdTxjiQ2SctW1b4CRz). Thanks!
|
If you want to show your appreciation, you can donate via [PayPal](https://paypal.me/birkhoffcheng) or Bitcoin (12R4euPg17EfJyYNfdTxjiQ2SctW1b4CRz). Thanks!
|
||||||
|
@ -67,13 +67,15 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
echo "Please, use one word only, no special characters."
|
echo "Please, use one word only, no special characters."
|
||||||
read -p "Client name: " -e CLIENT
|
read -p "Client name: " -e CLIENT
|
||||||
cd /etc/openvpn/easy-rsa/
|
cd /etc/openvpn/easy-rsa/
|
||||||
./easyrsa build-client-full $CLIENT nopass
|
easyrsa build-client-full $CLIENT nopass
|
||||||
# Generates the custom client.ovpn
|
|
||||||
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
|
||||||
newclient "$CLIENT"
|
newclient "$CLIENT"
|
||||||
echo
|
echo
|
||||||
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
|
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
|
||||||
echo "and ~/stunnel.conf. Install stunnel4 on client before you continue."
|
if [ -f /etc/stunnel/stunnel-client.conf ]; then
|
||||||
|
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
||||||
|
cp /etc/openvpn/server.crt $HOME/stunnel.crt
|
||||||
|
echo "~/stunnel.crt and ~/stunnel.conf."
|
||||||
|
fi
|
||||||
exit
|
exit
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
@ -98,8 +100,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
read -p "Do you really want to revoke access for client $CLIENT? [y/N]: " -e REVOKE
|
read -p "Do you really want to revoke access for client $CLIENT? [y/N]: " -e REVOKE
|
||||||
if [[ "$REVOKE" = 'y' || "$REVOKE" = 'Y' ]]; then
|
if [[ "$REVOKE" = 'y' || "$REVOKE" = 'Y' ]]; then
|
||||||
cd /etc/openvpn/easy-rsa/
|
cd /etc/openvpn/easy-rsa/
|
||||||
./easyrsa --batch revoke $CLIENT
|
easyrsa --batch revoke $CLIENT
|
||||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
|
||||||
rm -f pki/reqs/$CLIENT.req
|
rm -f pki/reqs/$CLIENT.req
|
||||||
rm -f pki/private/$CLIENT.key
|
rm -f pki/private/$CLIENT.key
|
||||||
rm -f pki/issued/$CLIENT.crt
|
rm -f pki/issued/$CLIENT.crt
|
||||||
@ -147,9 +149,9 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT
|
semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT
|
||||||
fi
|
fi
|
||||||
if [[ "$OS" = 'debian' ]]; then
|
if [[ "$OS" = 'debian' ]]; then
|
||||||
apt remove --purge openvpn stunnel4 -y
|
apt remove --purge openvpn stunnel4 easy-rsa -y
|
||||||
else
|
else
|
||||||
yum remove openvpn stunnel4 -y
|
yum remove openvpn stunnel4 easy-rsa -y
|
||||||
fi
|
fi
|
||||||
rm -rf /etc/openvpn /etc/stunnel
|
rm -rf /etc/openvpn /etc/stunnel
|
||||||
rm -f /etc/sysctl.d/30-openvpn-forward.conf
|
rm -f /etc/sysctl.d/30-openvpn-forward.conf
|
||||||
@ -238,28 +240,21 @@ else
|
|||||||
if [[ "$OS" = 'debian' ]]; then
|
if [[ "$OS" = 'debian' ]]; then
|
||||||
apt update
|
apt update
|
||||||
apt dist-upgrade -y
|
apt dist-upgrade -y
|
||||||
apt install openvpn iptables openssl ca-certificates stunnel4 -y
|
apt install openvpn iptables openssl ca-certificates stunnel4 easy-rsa -y
|
||||||
else
|
else
|
||||||
# Else, the distro is CentOS
|
# Else, the distro is CentOS
|
||||||
yum install epel-release -y
|
yum install epel-release -y
|
||||||
yum install openvpn iptables openssl ca-certificates stunnel4 -y
|
yum install openvpn iptables openssl ca-certificates stunnel4 easy-rsa -y
|
||||||
fi
|
fi
|
||||||
# Get easy-rsa
|
mkdir /etc/openvpn/easy-rsa/
|
||||||
EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz'
|
|
||||||
wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL"
|
|
||||||
tar xzf ~/easyrsa.tgz -C ~/
|
|
||||||
mv ~/EasyRSA-3.0.4/ /etc/openvpn/
|
|
||||||
mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
|
|
||||||
chown -R root:root /etc/openvpn/easy-rsa/
|
|
||||||
rm -f ~/easyrsa.tgz
|
|
||||||
cd /etc/openvpn/easy-rsa/
|
cd /etc/openvpn/easy-rsa/
|
||||||
# Create the PKI, set up the CA, the DH params and the server + client certificates
|
# Create the PKI, set up the CA, the DH params and the server + client certificates
|
||||||
./easyrsa init-pki
|
easyrsa init-pki
|
||||||
./easyrsa --batch build-ca nopass
|
easyrsa --batch build-ca nopass
|
||||||
./easyrsa gen-dh
|
easyrsa gen-dh
|
||||||
./easyrsa build-server-full server nopass
|
easyrsa build-server-full server nopass
|
||||||
./easyrsa build-client-full $CLIENT nopass
|
easyrsa build-client-full $CLIENT nopass
|
||||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
|
||||||
# Move the stuff we need
|
# Move the stuff we need
|
||||||
csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
|
csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
|
||||||
rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt
|
rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt
|
||||||
@ -278,8 +273,6 @@ else
|
|||||||
pid = /var/run/stunnel4.pid
|
pid = /var/run/stunnel4.pid
|
||||||
debug = 7
|
debug = 7
|
||||||
output = /var/log/stunnel4/stunnel.log
|
output = /var/log/stunnel4/stunnel.log
|
||||||
setuid = root
|
|
||||||
setgid = root
|
|
||||||
socket = l:TCP_NODELAY=1
|
socket = l:TCP_NODELAY=1
|
||||||
socket = r:TCP_NODELAY=1
|
socket = r:TCP_NODELAY=1
|
||||||
[openvpn]
|
[openvpn]
|
||||||
@ -447,13 +440,14 @@ debug = 7
|
|||||||
[openvpn]
|
[openvpn]
|
||||||
accept = 127.0.0.1:1194
|
accept = 127.0.0.1:1194
|
||||||
connect = $IP:$PORT
|
connect = $IP:$PORT
|
||||||
|
verify = 2
|
||||||
|
CAfile = stunnel.crt
|
||||||
TIMEOUTclose = 1000
|
TIMEOUTclose = 1000
|
||||||
session=300
|
session=300
|
||||||
stack=65536
|
stack=65536
|
||||||
sslVersion=TLSv1.2
|
sslVersion=TLSv1.2" > /etc/stunnel/stunnel-client.conf
|
||||||
setuid=root
|
|
||||||
setgid=root" > /etc/stunnel/stunnel-client.conf
|
|
||||||
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
||||||
|
cp /etc/openvpn/server.crt $HOME/stunnel.crt
|
||||||
fi
|
fi
|
||||||
# Generates the custom client.ovpn
|
# Generates the custom client.ovpn
|
||||||
newclient "$CLIENT"
|
newclient "$CLIENT"
|
||||||
@ -462,7 +456,7 @@ setgid=root" > /etc/stunnel/stunnel-client.conf
|
|||||||
echo
|
echo
|
||||||
echo "Your client configuration is available at: ~/$CLIENT.ovpn"
|
echo "Your client configuration is available at: ~/$CLIENT.ovpn"
|
||||||
if [[ $SSL=1 ]]; then
|
if [[ $SSL=1 ]]; then
|
||||||
echo "and ~/stunnel.conf. Install stunnel4 on client before you continue."
|
echo "~/stunnel.crt and ~/stunnel.conf."
|
||||||
fi
|
fi
|
||||||
echo "If you want to add more clients, you simply need to run this script again!"
|
echo "If you want to add more clients, you simply need to run this script again!"
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user