From 55c2ebded69405886d4b5d064833d97f8abd6ee4 Mon Sep 17 00:00:00 2001 From: Davi Torres <73488542+davift@users.noreply.github.com> Date: Mon, 16 Sep 2024 19:39:41 -0400 Subject: [PATCH 1/3] Added capability to set custom DNS server --- openvpn-install.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 1abcb8e..b27b6dc 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -190,10 +190,23 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then echo " 5) Quad9" echo " 6) AdGuard" read -p "DNS server [1]: " dns - until [[ -z "$dns" || "$dns" =~ ^[1-6]$ ]]; do + until [[ -z "$dns" || "$dns" =~ ^[1-7]$ ]]; do echo "$dns: invalid selection." read -p "DNS server [1]: " dns done + if [[ "$dns" == 7 ]]; then + read -p "Enter custom DNS server 1: " dns_custom_1 + until [[ "$dns_custom_1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; do + echo "$dns_custom_1: invalid DNS server." + read -p "Enter custom DNS server 1: " dns_custom_1 + done + read -p "Enter custom DNS server 2: " dns_custom_2 + until [[ "$dns_custom_2" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; do + echo "$dns_custom_2: invalid DNS server." + read -p "Enter custom DNS server 2: " dns_custom_2 + done + fi + case "$dns" in 1|"") resolver='the current system resolvers' From a6958b5eb9144276d4efa55c2fe1d6b7480fa74d Mon Sep 17 00:00:00 2001 From: Davi Torres <73488542+davift@users.noreply.github.com> Date: Mon, 16 Sep 2024 20:44:51 -0400 Subject: [PATCH 2/3] Update openvpn-install.sh --- openvpn-install.sh | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index b27b6dc..0a8249c 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -121,7 +121,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then read -p "IPv4 address [1]: " ip_number done [[ -z "$ip_number" ]] && ip_number="1" - ip=$((ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p) + ip=$((ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p | head -1) # If $ip is a private IP address, the server must be behind NAT if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168|0\.0\.0\.0)'; then echo @@ -137,7 +137,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then [[ -z "$public_ip" ]] && public_ip="$get_public_ip" fi # Seting the default gateway's interface for public side of the NAT since it was used to get_public_ip - out_interface=$(ip r | grep -E '^default' | awk '{print $5}') + out_interface=$(ip r | grep -E '^default' | awk '{print $5}' | head -1) # If system has a single IPv6, it is selected automatically if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}') @@ -189,24 +189,13 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then echo " 4) OpenDNS" echo " 5) Quad9" echo " 6) AdGuard" + echo " 7) Other" read -p "DNS server [1]: " dns until [[ -z "$dns" || "$dns" =~ ^[1-7]$ ]]; do echo "$dns: invalid selection." read -p "DNS server [1]: " dns done - if [[ "$dns" == 7 ]]; then - read -p "Enter custom DNS server 1: " dns_custom_1 - until [[ "$dns_custom_1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; do - echo "$dns_custom_1: invalid DNS server." - read -p "Enter custom DNS server 1: " dns_custom_1 - done - read -p "Enter custom DNS server 2: " dns_custom_2 - until [[ "$dns_custom_2" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; do - echo "$dns_custom_2: invalid DNS server." - read -p "Enter custom DNS server 2: " dns_custom_2 - done - fi - + case "$dns" in 1|"") resolver='the current system resolvers' @@ -226,6 +215,21 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then 6) resolver='AdGuard' ;; + 7) + if [[ "$dns" == 7 ]]; then + read -p "Enter custom DNS server 1: " dns_custom_1 + until [[ "$dns_custom_1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; do + echo "$dns_custom_1: invalid DNS server." + read -p "Enter custom DNS server 1: " dns_custom_1 + done + read -p "Enter custom DNS server 2: " dns_custom_2 + until [[ "$dns_custom_2" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; do + echo "$dns_custom_2: invalid DNS server." + read -p "Enter custom DNS server 2: " dns_custom_2 + done + fi + resolver='Other' + ;; esac echo echo "Enter a name for the first client:" @@ -362,6 +366,10 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 94.140.14.14"' >> /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 94.140.15.15"' >> /etc/openvpn/server/server.conf ;; + 7) + echo 'push "dhcp-option DNS '$dns_custom_1'"' >> /etc/openvpn/server/server.conf + echo 'push "dhcp-option DNS '$dns_custom_2'"' >> /etc/openvpn/server/server.conf + ;; esac echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf echo "keepalive 10 120 From 796744357f03b68374d11663769ee5c85bb563ee Mon Sep 17 00:00:00 2001 From: Davi Torres <73488542+davift@users.noreply.github.com> Date: Mon, 16 Sep 2024 20:46:29 -0400 Subject: [PATCH 3/3] Update README.md --- README.md | 69 +++++++++++-------------------------------------------- 1 file changed, 14 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index 2f7d52d..acc43ab 100644 --- a/README.md +++ b/README.md @@ -1,65 +1,24 @@ +**New: [wireguard-install](https://github.com/Nyr/wireguard-install) is also available.** + ## openvpn-install +OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora. -OpenVPN Server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, and Fedora. +This script will let you set up your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible. -This repo is originally a fork of https://github.com/Nyr/openvpn-install with some changes and added features. +### Installation +Run the script and follow the assistant: -### Instructions - -Download and execute the script: - -``` -wget https://raw.githubusercontent.com/davift/openvpn-install/master/openvpn-install.sh -chmod +x openvpn-install.sh -./openvpn-install.sh -``` +`wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh` Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. -### Automation +### I want to run my own VPN but don't have a server for that +You can get a VPS from just 2€/month at [AlphaVPS](https://alphavps.com/clients/aff.php?aff=474&pid=422). -Download the CLI script: +### Donations +If you want to show your appreciation, you can donate via [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=VBAYDL34Z7J6L) or [cryptocurrency](https://pastebin.com/raw/M2JJpQpC). Thanks! -``` -wget https://raw.githubusercontent.com/davift/openvpn-install/master/openvpn-cli.sh -chmod +x openvpn-cli.sh -./openvpn-cli.sh -``` +### Sponsors +This project is proudly sponsored by our friends at [FrogeHost](https://froge.host/?utm_source=nyr). -The CLI script allows you to add and revoke users with a single command or for using with Ansible or Terraform. - -``` -See examples: - - ./openvpn-cli.sh add username add a new client - ./openvpn-cli.sh revoke username revoke a client - ./openvpn-cli.sh add username@domain.com add a new client and send the configuration via email - ./openvpn-cli.sh revoke username@domain.com revoke client and send the configuration via email - -``` - -### Optional - -If the new client account is a valid email address, the configuration file is automatically sent, as long as MSMTP is installed and configured. - -``` -sudo apt install msmtp msmtp-mta -y -sudo nano /etc/msmtprc -``` - -MSMTP Configuration Example (for Gmail): - -``` -defaults -auth on -tls on -tls_trust_file /etc/ssl/certs/ca-certificates.crt -logfile ~/.msmtp.log -account gmail -host smtp.gmail.com -port 587 -from username@gmail.com -user username@gmail.com -password password -account default : gmail -``` +For a commercial VPN with strong anti-censorship capabilities (最强翻墙VPN) from $1/month, check out [Clever VPN](https://www.clever-vpn.net/?wg-referral=01LOULuQoi).