mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-23 21:46:08 +03:00
Code Issues Projects Releases Wiki Activity

General cleanup

Browse Source
This commit is contained in:
Nyr 2018-04-21 20:41:16 +02:00
parent cb28b57e09
commit ff254aeb1e
1 changed files with 49 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
openvpn-install.sh
View File

@ -1,11 +1,8 @@
#!/bin/bash #!/bin/bash
# OpenVPN road warrior installer for Debian, Ubuntu and CentOS #
# https://github.com/Nyr/openvpn-install
# This script will work on Debian, Ubuntu, CentOS and probably other distros #
# of the same families, although no support is offered for them. It isn't # Copyright (c) 2013 Nyr. Released under the MIT License.
# bulletproof but it will probably work if you simply want to setup a VPN on
# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and
# universal as possible.
# Detect Debian users running the script with "sh" instead of bash # Detect Debian users running the script with "sh" instead of bash
@ -25,10 +22,6 @@ You need to enable TUN before running this script"
exit 3 exit 3
fi fi
if grep -qs "CentOS release 5" "/etc/redhat-release"; then
echo "CentOS 5 is too old and not supported"
exit 4
fi
if [[ -e /etc/debian_version ]]; then if [[ -e /etc/debian_version ]]; then
OS=debian OS=debian
GROUPNAME=nogroup GROUPNAME=nogroup
@ -39,7 +32,7 @@ elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
RCLOCAL='/etc/rc.d/rc.local' RCLOCAL='/etc/rc.d/rc.local'
else else
echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS" echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS"
exit 5 exit 4
fi fi
newclient () { newclient () {
@ -63,8 +56,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then
while : while :
do do
clear clear
echo "Looks like OpenVPN is already installed" echo "Looks like OpenVPN is already installed."
echo "" echo
echo "What do you want to do?" echo "What do you want to do?"
echo " 1) Add a new user" echo " 1) Add a new user"
echo " 2) Revoke an existing user" echo " 2) Revoke an existing user"
@ -73,16 +66,16 @@ if [[ -e /etc/openvpn/server.conf ]]; then
read -p "Select an option [1-4]: " option read -p "Select an option [1-4]: " option
case $option in case $option in
1) 1)
echo "" echo
echo "Tell me a name for the client certificate" echo "Tell me a name for the client certificate."
echo "Please, use one word only, no special characters" echo "Please, use one word only, no special characters."
read -p "Client name: " -e -i client CLIENT read -p "Client name: " -e -i client CLIENT
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient "$CLIENT" newclient "$CLIENT"
echo "" echo
echo "Client $CLIENT added, configuration is available at" ~/"$CLIENT.ovpn" echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
exit exit
;; ;;
2) 2)
@ -90,12 +83,12 @@ if [[ -e /etc/openvpn/server.conf ]]; then
# ...but what can I say, I want some sleep too # ...but what can I say, I want some sleep too
NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V") NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
if [[ "$NUMBEROFCLIENTS" = '0' ]]; then if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
echo "" echo
echo "You have no existing clients!" echo "You have no existing clients!"
exit 6 exit 5
fi fi
echo "" echo
echo "Select the existing client certificate you want to revoke" echo "Select the existing client certificate you want to revoke:"
tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
if [[ "$NUMBEROFCLIENTS" = '1' ]]; then if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
read -p "Select one client [1]: " CLIENTNUMBER read -p "Select one client [1]: " CLIENTNUMBER
@ -113,12 +106,12 @@ if [[ -e /etc/openvpn/server.conf ]]; then
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
# CRL is read with each client connection, when OpenVPN is dropped to nobody # CRL is read with each client connection, when OpenVPN is dropped to nobody
chown nobody:$GROUPNAME /etc/openvpn/crl.pem chown nobody:$GROUPNAME /etc/openvpn/crl.pem
echo "" echo
echo "Certificate for client $CLIENT revoked" echo "Certificate for client $CLIENT revoked!"
exit exit
;; ;;
3) 3)
echo "" echo
read -p "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE read -p "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE
if [[ "$REMOVE" = 'y' ]]; then if [[ "$REMOVE" = 'y' ]]; then
PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2) PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)
@ -158,10 +151,10 @@ if [[ -e /etc/openvpn/server.conf ]]; then
yum remove openvpn -y yum remove openvpn -y
fi fi
rm -rf /etc/openvpn rm -rf /etc/openvpn
echo "" echo
echo "OpenVPN removed!" echo "OpenVPN removed!"
else else
echo "" echo
echo "Removal aborted!" echo "Removal aborted!"
fi fi
exit exit
@ -171,18 +164,26 @@ if [[ -e /etc/openvpn/server.conf ]]; then
done done
else else
clear clear
echo 'Welcome to this quick OpenVPN "road warrior" installer' echo 'Welcome to this OpenVPN "road warrior" installer!'
echo "" echo
# OpenVPN setup and first user creation # OpenVPN setup and first user creation
echo "I need to ask you a few questions before starting the setup" echo "I need to ask you a few questions before starting the setup."
echo "You can leave the default options and just press enter if you are ok with them" echo "You can leave the default options and just press enter if you are ok with them."
echo "" echo
echo "First I need to know the IPv4 address of the network interface you want OpenVPN" echo "First, provide the IPv4 address of the network interface you want OpenVPN"
echo "listening to." echo "listening to."
# Autodetect IP address and pre-fill for the user # Autodetect IP address and pre-fill for the user
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
read -p "IP address: " -e -i $IP IP read -p "IP address: " -e -i $IP IP
echo "" # Try to detect a NATed connection and ask the user about it
EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/" 2>/dev/null || curl -4s "http://whatismyip.akamai.com/")
if [[ "$IP" != "$EXTERNALIP" ]]; then
echo
echo "If your server is behind NAT, please provide the public IP address or hostname."
echo "If that's not the case, just ignore this and leave the next field blank."
read -p "Public IP address / Hostname: " -e PUBLICIP
fi
echo
echo "Which protocol do you want for OpenVPN connections?" echo "Which protocol do you want for OpenVPN connections?"
echo " 1) UDP (recommended)" echo " 1) UDP (recommended)"
echo " 2) TCP" echo " 2) TCP"
@ -195,10 +196,10 @@ else
PROTOCOL=tcp PROTOCOL=tcp
;; ;;
esac esac
echo "" echo
echo "What port do you want OpenVPN listening to?" echo "What port do you want OpenVPN listening to?"
read -p "Port: " -e -i 1194 PORT read -p "Port: " -e -i 1194 PORT
echo "" echo
echo "Which DNS do you want to use with the VPN?" echo "Which DNS do you want to use with the VPN?"
echo " 1) Current system resolvers" echo " 1) Current system resolvers"
echo " 2) 1.1.1.1" echo " 2) 1.1.1.1"
@ -206,12 +207,12 @@ else
echo " 4) OpenDNS" echo " 4) OpenDNS"
echo " 5) Verisign" echo " 5) Verisign"
read -p "DNS [1-5]: " -e -i 1 DNS read -p "DNS [1-5]: " -e -i 1 DNS
echo "" echo
echo "Finally, tell me your name for the client certificate" echo "Finally, tell me your name for the client certificate."
echo "Please, use one word only, no special characters" echo "Please, use one word only, no special characters."
read -p "Client name: " -e -i client CLIENT read -p "Client name: " -e -i client CLIENT
echo "" echo
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now."
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
apt-get update apt-get update
@ -375,18 +376,9 @@ exit 0' > $RCLOCAL
chkconfig openvpn on chkconfig openvpn on
fi fi
fi fi
# Try to detect a NATed connection and ask about it to potential LowEndSpirit users # If the serrver is behind a NAT, use the correct IP address
EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/" 2>/dev/null || curl -4s "http://whatismyip.akamai.com/") if [[ "$PUBLICIP" != "" ]]; then
if [[ "$IP" != "$EXTERNALIP" ]]; then IP=$PUBLICIP
echo ""
echo "Looks like your server could be behind a NAT!"
echo ""
echo "If your server is behind a NAT, I need to know the public IP or hostname"
echo "If that's not the case, just ignore this and leave the next field blank"
read -p "Public IP: " -e PUBLICIP
if [[ "$PUBLICIP" != "" ]]; then
IP=$PUBLICIP
fi
fi fi
# client-common.txt is created so we have a template to add further users later # client-common.txt is created so we have a template to add further users later
echo "client echo "client
@ -408,9 +400,9 @@ key-direction 1
verb 3" > /etc/openvpn/client-common.txt verb 3" > /etc/openvpn/client-common.txt
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient "$CLIENT" newclient "$CLIENT"
echo "" echo
echo "Finished!" echo "Finished!"
echo "" echo
echo "Your client configuration is available at" ~/"$CLIENT.ovpn" echo "Your client configuration is available at:" ~/"$CLIENT.ovpn"
echo "If you want to add more clients, you simply need to run this script again!" echo "If you want to add more clients, you simply need to run this script again!"
fi fi