1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-23 21:46:08 +03:00

General cleanup

This commit is contained in:
Nyr 2018-04-21 20:41:16 +02:00
parent cb28b57e09
commit ff254aeb1e

View File

@ -1,11 +1,8 @@
#!/bin/bash
# OpenVPN road warrior installer for Debian, Ubuntu and CentOS
# This script will work on Debian, Ubuntu, CentOS and probably other distros
# of the same families, although no support is offered for them. It isn't
# bulletproof but it will probably work if you simply want to setup a VPN on
# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and
# universal as possible.
#
# https://github.com/Nyr/openvpn-install
#
# Copyright (c) 2013 Nyr. Released under the MIT License.
# Detect Debian users running the script with "sh" instead of bash
@ -25,10 +22,6 @@ You need to enable TUN before running this script"
exit 3
fi
if grep -qs "CentOS release 5" "/etc/redhat-release"; then
echo "CentOS 5 is too old and not supported"
exit 4
fi
if [[ -e /etc/debian_version ]]; then
OS=debian
GROUPNAME=nogroup
@ -39,7 +32,7 @@ elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
RCLOCAL='/etc/rc.d/rc.local'
else
echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS"
exit 5
exit 4
fi
newclient () {
@ -63,8 +56,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then
while :
do
clear
echo "Looks like OpenVPN is already installed"
echo ""
echo "Looks like OpenVPN is already installed."
echo
echo "What do you want to do?"
echo " 1) Add a new user"
echo " 2) Revoke an existing user"
@ -73,16 +66,16 @@ if [[ -e /etc/openvpn/server.conf ]]; then
read -p "Select an option [1-4]: " option
case $option in
1)
echo ""
echo "Tell me a name for the client certificate"
echo "Please, use one word only, no special characters"
echo
echo "Tell me a name for the client certificate."
echo "Please, use one word only, no special characters."
read -p "Client name: " -e -i client CLIENT
cd /etc/openvpn/easy-rsa/
./easyrsa build-client-full $CLIENT nopass
# Generates the custom client.ovpn
newclient "$CLIENT"
echo ""
echo "Client $CLIENT added, configuration is available at" ~/"$CLIENT.ovpn"
echo
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
exit
;;
2)
@ -90,12 +83,12 @@ if [[ -e /etc/openvpn/server.conf ]]; then
# ...but what can I say, I want some sleep too
NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
echo ""
echo
echo "You have no existing clients!"
exit 6
exit 5
fi
echo ""
echo "Select the existing client certificate you want to revoke"
echo
echo "Select the existing client certificate you want to revoke:"
tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
read -p "Select one client [1]: " CLIENTNUMBER
@ -113,12 +106,12 @@ if [[ -e /etc/openvpn/server.conf ]]; then
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
# CRL is read with each client connection, when OpenVPN is dropped to nobody
chown nobody:$GROUPNAME /etc/openvpn/crl.pem
echo ""
echo "Certificate for client $CLIENT revoked"
echo
echo "Certificate for client $CLIENT revoked!"
exit
;;
3)
echo ""
echo
read -p "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE
if [[ "$REMOVE" = 'y' ]]; then
PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)
@ -158,10 +151,10 @@ if [[ -e /etc/openvpn/server.conf ]]; then
yum remove openvpn -y
fi
rm -rf /etc/openvpn
echo ""
echo
echo "OpenVPN removed!"
else
echo ""
echo
echo "Removal aborted!"
fi
exit
@ -171,18 +164,26 @@ if [[ -e /etc/openvpn/server.conf ]]; then
done
else
clear
echo 'Welcome to this quick OpenVPN "road warrior" installer'
echo ""
echo 'Welcome to this OpenVPN "road warrior" installer!'
echo
# OpenVPN setup and first user creation
echo "I need to ask you a few questions before starting the setup"
echo "You can leave the default options and just press enter if you are ok with them"
echo ""
echo "First I need to know the IPv4 address of the network interface you want OpenVPN"
echo "I need to ask you a few questions before starting the setup."
echo "You can leave the default options and just press enter if you are ok with them."
echo
echo "First, provide the IPv4 address of the network interface you want OpenVPN"
echo "listening to."
# Autodetect IP address and pre-fill for the user
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
read -p "IP address: " -e -i $IP IP
echo ""
# Try to detect a NATed connection and ask the user about it
EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/" 2>/dev/null || curl -4s "http://whatismyip.akamai.com/")
if [[ "$IP" != "$EXTERNALIP" ]]; then
echo
echo "If your server is behind NAT, please provide the public IP address or hostname."
echo "If that's not the case, just ignore this and leave the next field blank."
read -p "Public IP address / Hostname: " -e PUBLICIP
fi
echo
echo "Which protocol do you want for OpenVPN connections?"
echo " 1) UDP (recommended)"
echo " 2) TCP"
@ -195,10 +196,10 @@ else
PROTOCOL=tcp
;;
esac
echo ""
echo
echo "What port do you want OpenVPN listening to?"
read -p "Port: " -e -i 1194 PORT
echo ""
echo
echo "Which DNS do you want to use with the VPN?"
echo " 1) Current system resolvers"
echo " 2) 1.1.1.1"
@ -206,12 +207,12 @@ else
echo " 4) OpenDNS"
echo " 5) Verisign"
read -p "DNS [1-5]: " -e -i 1 DNS
echo ""
echo "Finally, tell me your name for the client certificate"
echo "Please, use one word only, no special characters"
echo
echo "Finally, tell me your name for the client certificate."
echo "Please, use one word only, no special characters."
read -p "Client name: " -e -i client CLIENT
echo ""
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
echo
echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now."
read -n1 -r -p "Press any key to continue..."
if [[ "$OS" = 'debian' ]]; then
apt-get update
@ -375,18 +376,9 @@ exit 0' > $RCLOCAL
chkconfig openvpn on
fi
fi
# Try to detect a NATed connection and ask about it to potential LowEndSpirit users
EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/" 2>/dev/null || curl -4s "http://whatismyip.akamai.com/")
if [[ "$IP" != "$EXTERNALIP" ]]; then
echo ""
echo "Looks like your server could be behind a NAT!"
echo ""
echo "If your server is behind a NAT, I need to know the public IP or hostname"
echo "If that's not the case, just ignore this and leave the next field blank"
read -p "Public IP: " -e PUBLICIP
if [[ "$PUBLICIP" != "" ]]; then
IP=$PUBLICIP
fi
# If the serrver is behind a NAT, use the correct IP address
if [[ "$PUBLICIP" != "" ]]; then
IP=$PUBLICIP
fi
# client-common.txt is created so we have a template to add further users later
echo "client
@ -408,9 +400,9 @@ key-direction 1
verb 3" > /etc/openvpn/client-common.txt
# Generates the custom client.ovpn
newclient "$CLIENT"
echo ""
echo
echo "Finished!"
echo ""
echo "Your client configuration is available at" ~/"$CLIENT.ovpn"
echo
echo "Your client configuration is available at:" ~/"$CLIENT.ovpn"
echo "If you want to add more clients, you simply need to run this script again!"
fi