mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2 from davift/davift-patch-1

Browse Source
This commit is contained in:
Davi Torres 2024-09-16 20:47:31 -04:00 committed by GitHub
commit d6045a1d60
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 38 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
README.md
View File

@ -1,65 +1,24 @@
**New: [wireguard-install](https://github.com/Nyr/wireguard-install) is also available.**
## openvpn-install ## openvpn-install
OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora.
OpenVPN Server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, and Fedora. This script will let you set up your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible.
This repo is originally a fork of https://github.com/Nyr/openvpn-install with some changes and added features. ### Installation
Run the script and follow the assistant:
### Instructions `wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh`
Download and execute the script:
```
wget https://raw.githubusercontent.com/davift/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
./openvpn-install.sh
```
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
### Automation ### I want to run my own VPN but don't have a server for that
You can get a VPS from just 2€/month at [AlphaVPS](https://alphavps.com/clients/aff.php?aff=474&pid=422).
Download the CLI script: ### Donations
If you want to show your appreciation, you can donate via [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=VBAYDL34Z7J6L) or [cryptocurrency](https://pastebin.com/raw/M2JJpQpC). Thanks!
``` ### Sponsors
wget https://raw.githubusercontent.com/davift/openvpn-install/master/openvpn-cli.sh This project is proudly sponsored by our friends at [FrogeHost](https://froge.host/?utm_source=nyr).
chmod +x openvpn-cli.sh
./openvpn-cli.sh
```
The CLI script allows you to add and revoke users with a single command or for using with Ansible or Terraform. For a commercial VPN with strong anti-censorship capabilities (最强翻墙VPN) from $1/month, check out [Clever VPN](https://www.clever-vpn.net/?wg-referral=01LOULuQoi).
```
See examples:
./openvpn-cli.sh add username add a new client
./openvpn-cli.sh revoke username revoke a client
./openvpn-cli.sh add username@domain.com add a new client and send the configuration via email
./openvpn-cli.sh revoke username@domain.com revoke client and send the configuration via email
```
### Optional
If the new client account is a valid email address, the configuration file is automatically sent, as long as MSMTP is installed and configured.
```
sudo apt install msmtp msmtp-mta -y
sudo nano /etc/msmtprc
```
MSMTP Configuration Example (for Gmail):
```
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile ~/.msmtp.log
account gmail
host smtp.gmail.com
port 587
from username@gmail.com
user username@gmail.com
password password
account default : gmail
```

27
openvpn-install.sh
View File

@ -121,7 +121,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
read -p "IPv4 address [1]: " ip_number read -p "IPv4 address [1]: " ip_number
done done
[[ -z "$ip_number" ]] && ip_number="1" [[ -z "$ip_number" ]] && ip_number="1"
ip=$((ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p) ip=$((ip -4 addr ; echo -n 'inet 0.0.0.0') | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p | head -1)
# If $ip is a private IP address, the server must be behind NAT # If $ip is a private IP address, the server must be behind NAT
if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168|0\.0\.0\.0)'; then if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168|0\.0\.0\.0)'; then
echo echo
@ -137,7 +137,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
[[ -z "$public_ip" ]] && public_ip="$get_public_ip" [[ -z "$public_ip" ]] && public_ip="$get_public_ip"
fi fi
# Seting the default gateway's interface for public side of the NAT since it was used to get_public_ip # Seting the default gateway's interface for public side of the NAT since it was used to get_public_ip
out_interface=$(ip r | grep -E '^default' | awk '{print $5}') out_interface=$(ip r | grep -E '^default' | awk '{print $5}' | head -1)
# If system has a single IPv6, it is selected automatically # If system has a single IPv6, it is selected automatically
if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}') ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}')
@ -189,11 +189,13 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
echo " 4) OpenDNS" echo " 4) OpenDNS"
echo " 5) Quad9" echo " 5) Quad9"
echo " 6) AdGuard" echo " 6) AdGuard"
echo " 7) Other"
read -p "DNS server [1]: " dns read -p "DNS server [1]: " dns
until [[ -z "$dns" || "$dns" =~ ^[1-6]$ ]]; do until [[ -z "$dns" || "$dns" =~ ^[1-7]$ ]]; do
echo "$dns: invalid selection." echo "$dns: invalid selection."
read -p "DNS server [1]: " dns read -p "DNS server [1]: " dns
done done
case "$dns" in case "$dns" in
1|"") 1|"")
resolver='the current system resolvers' resolver='the current system resolvers'
@ -213,6 +215,21 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
6) 6)
resolver='AdGuard' resolver='AdGuard'
;; ;;
7)
if [[ "$dns" == 7 ]]; then
read -p "Enter custom DNS server 1: " dns_custom_1
until [[ "$dns_custom_1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; do
echo "$dns_custom_1: invalid DNS server."
read -p "Enter custom DNS server 1: " dns_custom_1
done
read -p "Enter custom DNS server 2: " dns_custom_2
until [[ "$dns_custom_2" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; do
echo "$dns_custom_2: invalid DNS server."
read -p "Enter custom DNS server 2: " dns_custom_2
done
fi
resolver='Other'
;;
esac esac
echo echo
echo "Enter a name for the first client:" echo "Enter a name for the first client:"
@ -349,6 +366,10 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
echo 'push "dhcp-option DNS 94.140.14.14"' >> /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 94.140.14.14"' >> /etc/openvpn/server/server.conf
echo 'push "dhcp-option DNS 94.140.15.15"' >> /etc/openvpn/server/server.conf echo 'push "dhcp-option DNS 94.140.15.15"' >> /etc/openvpn/server/server.conf
;; ;;
7)
echo 'push "dhcp-option DNS '$dns_custom_1'"' >> /etc/openvpn/server/server.conf
echo 'push "dhcp-option DNS '$dns_custom_2'"' >> /etc/openvpn/server/server.conf
;;
esac esac
echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf
echo "keepalive 10 120 echo "keepalive 10 120