diff --git a/openvpn-install.sh b/openvpn-install.sh index 8d048d6..2ca7e94 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1,11 +1,8 @@ #!/bin/bash -# OpenVPN road warrior installer for Debian, Ubuntu and CentOS - -# This script will work on Debian, Ubuntu, CentOS and probably other distros -# of the same families, although no support is offered for them. It isn't -# bulletproof but it will probably work if you simply want to setup a VPN on -# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and -# universal as possible. +# +# https://github.com/Nyr/openvpn-install +# +# Copyright (c) 2013 Nyr. Released under the MIT License. # Detect Debian users running the script with "sh" instead of bash @@ -25,10 +22,6 @@ You need to enable TUN before running this script" exit 3 fi -if grep -qs "CentOS release 5" "/etc/redhat-release"; then - echo "CentOS 5 is too old and not supported" - exit 4 -fi if [[ -e /etc/debian_version ]]; then OS=debian GROUPNAME=nogroup @@ -39,7 +32,7 @@ elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then RCLOCAL='/etc/rc.d/rc.local' else echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS" - exit 5 + exit 4 fi newclient () { @@ -63,8 +56,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then while : do clear - echo "Looks like OpenVPN is already installed" - echo "" + echo "Looks like OpenVPN is already installed." + echo echo "What do you want to do?" echo " 1) Add a new user" echo " 2) Revoke an existing user" @@ -73,16 +66,16 @@ if [[ -e /etc/openvpn/server.conf ]]; then read -p "Select an option [1-4]: " option case $option in 1) - echo "" - echo "Tell me a name for the client certificate" - echo "Please, use one word only, no special characters" + echo + echo "Tell me a name for the client certificate." + echo "Please, use one word only, no special characters." read -p "Client name: " -e -i client CLIENT cd /etc/openvpn/easy-rsa/ ./easyrsa build-client-full $CLIENT nopass # Generates the custom client.ovpn newclient "$CLIENT" - echo "" - echo "Client $CLIENT added, configuration is available at" ~/"$CLIENT.ovpn" + echo + echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn" exit ;; 2) @@ -90,12 +83,12 @@ if [[ -e /etc/openvpn/server.conf ]]; then # ...but what can I say, I want some sleep too NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V") if [[ "$NUMBEROFCLIENTS" = '0' ]]; then - echo "" + echo echo "You have no existing clients!" - exit 6 + exit 5 fi - echo "" - echo "Select the existing client certificate you want to revoke" + echo + echo "Select the existing client certificate you want to revoke:" tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' if [[ "$NUMBEROFCLIENTS" = '1' ]]; then read -p "Select one client [1]: " CLIENTNUMBER @@ -113,12 +106,12 @@ if [[ -e /etc/openvpn/server.conf ]]; then cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem # CRL is read with each client connection, when OpenVPN is dropped to nobody chown nobody:$GROUPNAME /etc/openvpn/crl.pem - echo "" - echo "Certificate for client $CLIENT revoked" + echo + echo "Certificate for client $CLIENT revoked!" exit ;; 3) - echo "" + echo read -p "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE if [[ "$REMOVE" = 'y' ]]; then PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2) @@ -158,10 +151,10 @@ if [[ -e /etc/openvpn/server.conf ]]; then yum remove openvpn -y fi rm -rf /etc/openvpn - echo "" + echo echo "OpenVPN removed!" else - echo "" + echo echo "Removal aborted!" fi exit @@ -171,18 +164,26 @@ if [[ -e /etc/openvpn/server.conf ]]; then done else clear - echo 'Welcome to this quick OpenVPN "road warrior" installer' - echo "" + echo 'Welcome to this OpenVPN "road warrior" installer!' + echo # OpenVPN setup and first user creation - echo "I need to ask you a few questions before starting the setup" - echo "You can leave the default options and just press enter if you are ok with them" - echo "" - echo "First I need to know the IPv4 address of the network interface you want OpenVPN" + echo "I need to ask you a few questions before starting the setup." + echo "You can leave the default options and just press enter if you are ok with them." + echo + echo "First, provide the IPv4 address of the network interface you want OpenVPN" echo "listening to." # Autodetect IP address and pre-fill for the user IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) read -p "IP address: " -e -i $IP IP - echo "" + # Try to detect a NATed connection and ask the user about it + EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/" 2>/dev/null || curl -4s "http://whatismyip.akamai.com/") + if [[ "$IP" != "$EXTERNALIP" ]]; then + echo + echo "If your server is behind NAT, please provide the public IP address or hostname." + echo "If that's not the case, just ignore this and leave the next field blank." + read -p "Public IP address / Hostname: " -e PUBLICIP + fi + echo echo "Which protocol do you want for OpenVPN connections?" echo " 1) UDP (recommended)" echo " 2) TCP" @@ -195,10 +196,10 @@ else PROTOCOL=tcp ;; esac - echo "" + echo echo "What port do you want OpenVPN listening to?" read -p "Port: " -e -i 1194 PORT - echo "" + echo echo "Which DNS do you want to use with the VPN?" echo " 1) Current system resolvers" echo " 2) 1.1.1.1" @@ -206,12 +207,12 @@ else echo " 4) OpenDNS" echo " 5) Verisign" read -p "DNS [1-5]: " -e -i 1 DNS - echo "" - echo "Finally, tell me your name for the client certificate" - echo "Please, use one word only, no special characters" + echo + echo "Finally, tell me your name for the client certificate." + echo "Please, use one word only, no special characters." read -p "Client name: " -e -i client CLIENT - echo "" - echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" + echo + echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now." read -n1 -r -p "Press any key to continue..." if [[ "$OS" = 'debian' ]]; then apt-get update @@ -375,18 +376,9 @@ exit 0' > $RCLOCAL chkconfig openvpn on fi fi - # Try to detect a NATed connection and ask about it to potential LowEndSpirit users - EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/" 2>/dev/null || curl -4s "http://whatismyip.akamai.com/") - if [[ "$IP" != "$EXTERNALIP" ]]; then - echo "" - echo "Looks like your server could be behind a NAT!" - echo "" - echo "If your server is behind a NAT, I need to know the public IP or hostname" - echo "If that's not the case, just ignore this and leave the next field blank" - read -p "Public IP: " -e PUBLICIP - if [[ "$PUBLICIP" != "" ]]; then - IP=$PUBLICIP - fi + # If the serrver is behind a NAT, use the correct IP address + if [[ "$PUBLICIP" != "" ]]; then + IP=$PUBLICIP fi # client-common.txt is created so we have a template to add further users later echo "client @@ -408,9 +400,9 @@ key-direction 1 verb 3" > /etc/openvpn/client-common.txt # Generates the custom client.ovpn newclient "$CLIENT" - echo "" + echo echo "Finished!" - echo "" - echo "Your client configuration is available at" ~/"$CLIENT.ovpn" + echo + echo "Your client configuration is available at:" ~/"$CLIENT.ovpn" echo "If you want to add more clients, you simply need to run this script again!" fi \ No newline at end of file