#!/bin/bashecho "yay! it's working"apt-get updateapt-get upgrade -qy

1. #!/bin/bash
2.  
3. echo "yay! it's working"
4. apt-get update
5. apt-get upgrade -qy
6.  
7. set -e
8.  
9. if [[ $EUID -ne 0 ]]; then
10. echo "You must be a root user" 1>&2
11. exit 1
12. fi
13.  
14.  
15. debconf-set-selections <<EOF
16. iptables-persistent iptables-persistent/autosave_v4 boolean true
17. iptables-persistent iptables-persistent/autosave_v6 boolean true
18. EOF
19. apt-get install -qy openvpn curl iptables-persistent
20.  
21. cd /etc/openvpn
22.  
23. # Certificate Authority
24. >ca-key.pem openssl genrsa 1024
25. >ca-csr.pem openssl req -new -key ca-key.pem -subj /CN=OpenVPN-CA/
26. >ca-cert.pem openssl x509 -req -in ca-csr.pem -signkey ca-key.pem -days 365
27. >ca-cert.srl echo 01
28.  
29. # Server Key & Certificate
30. >server-key.pem openssl genrsa 1024
31. >server-csr.pem openssl req -new -key server-key.pem -subj /CN=OpenVPN-Server/
32. >server-cert.pem openssl x509 -req -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -days 365
33.  
34. # Client Key & Certificate
35. >client-key.pem openssl genrsa 1024
36. >client-csr.pem openssl req -new -key client-key.pem -subj /CN=OpenVPN-Client/
37. >client-cert.pem openssl x509 -req -in client-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -days 365
38.  
39. # Diffie hellman parameters
40. >dh.pem openssl dhparam 1024
41.  
42. chmod 600 *-key.pem
43.  
44. # Set up IP forwarding and NAT for iptables
45. >>/etc/sysctl.conf echo net.ipv4.ip_forward=1
46. sysctl -p
47.  
48. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
49. >/etc/iptables/rules.v4 iptables-save
50.  
51. # Write configuration files for client and server
52.  
53. SERVER_IP=$(curl -s4 canhazip.com || echo "<insert server IP here>")
54.  
55. >tcp443.conf cat <<EOF
56. server 10.8.0.0 255.255.255.0
57. verb 3
58. duplicate-cn
59. key server-key.pem
60. ca ca-cert.pem
61. cert server-cert.pem
62. dh dh.pem
63. keepalive 10 120
64. persist-key yes
65. persist-tun yes
66. comp-lzo yes
67. push "dhcp-option DNS 8.8.8.8"
68. push "dhcp-option DNS 8.8.4.4"
69. # Normally, the following command is sufficient.
70. # However, it doesn't assign a gateway when using
71. # VMware guest-only networking.
72. #
73. # push "redirect-gateway def1 bypass-dhcp"
74. push "redirect-gateway bypass-dhcp"
75. push "route-metric 512"
76. push "route 0.0.0.0 0.0.0.0"
77. user nobody
78. group nogroup
79. proto tcp
80. port 443
81. dev tun443
82. status openvpn-status-443.log
83. EOF
84.  
85. >client.ovpn cat <<EOF
86. client
87. nobind
88. dev tun
89. redirect-gateway def1 bypass-dhcp
90. remote $SERVER_IP 443 tcp
91. comp-lzo yes
92. <key>
93. $(cat client-key.pem)
94. </key>
95. <cert>
96. $(cat client-cert.pem)
97. </cert>
98. <ca>
99. $(cat ca-cert.pem)
100. </ca>
101. EOF
102.  
103. service openvpn restart
104. cp client.ovpn /root/client.ovpn