daily pastebin goal
44%
SHARE
TWEET

WiTopia OpenVPN DD-WRT Startup Script

a guest Oct 2nd, 2014 733 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2.  
  3. # WiTopia OpenVPN DD-WRT Startup Script.
  4. #
  5. # Install instructions:
  6. # ----------------------
  7. # 1. Ensure you are running DD-WRT STD, BIG or MEGA.
  8. # 2. Perform a DD-WRT hard reset 30/30/30).
  9. # 3. Ensure your DD-WRT router's Internet connection is working correctly.
  10. # 4. Set Date / Time to your local zone (Setup - Basic Setup - Time Settings).
  11. # 5. Copy-paste this file to (Administration - Commands - Command Shell).
  12. # 6. Edit USERNAME and PASSWORD fields below.
  13. # 7. Copy-paste the contents of your WiTopia CNXXXXX.key and CNXXXXX.crt files below.
  14. # 7. Optionally, update REMOTE_SERVERS below.
  15. # 8. Now reboot your DD-WRT router
  16. # 9. Wait while the OpenVPN connects (~30-60 seconds after successful reboot).
  17. #
  18.  
  19. # Adapted for WiTopia from http://hmastuff.com/files/Startup_Script_TCP_Extended-V2.4.txt
  20.  
  21. USERNAME="WITOPIA_USER_NAME ('user@witopia' OR 'W\your@email.com')"
  22. PASSWORD="WITOPIA_PASSWORD"
  23.  
  24. PROTOCOL="udp" # udp / tcp MUST BE lower case
  25.  
  26. # WiTopia OpenVPN udp gateways: https://www.witopia.net/?faq-item=openvpn-ssl-gateway-locations
  27. # WiTopia OpenVPN tcp gateways: https://www.witopia.net/?faq-item=alternate-port-openvpn-ssl-gateways
  28.  
  29. # Add - delete - edit servers between ##BB## and ##EE##
  30. # Full list at
  31. REMOTE_SERVERS="
  32. ##BB##
  33. remote vpn.ashburn.witopia.net 1194
  34. remote vpn.atlanta.witopia.net 1194
  35. remote vpn.austin.witopia.net 1194
  36. remote vpn.chicago.witopia.net 1194
  37. remote vpn.columbus.witopia.net 1194
  38. remote vpn.dallas.witopia.net 1194
  39. remote vpn.denver.witopia.net 1194
  40. remote vpn.detroit.witopia.net 1194
  41. remote vpn.kansascity.witopia.net 1194
  42. remote vpn.lasvegas.witopia.net 1194
  43. remote vpn.longbeach.witopia.net 1194
  44. remote vpn.losangeles.witopia.net 1194
  45. remote vpn.miami.witopia.net 1194
  46. remote vpn.newyork.witopia.net 1194
  47. remote vpn.newark.witopia.net 1194
  48. remote vpn.phoenix.witopia.net 1194
  49. remote vpn.sanfrancisco.witopia.net 1194
  50. remote vpn.seattle.witopia.net 1194
  51. remote vpn.washingtondc.witopia.net 1194
  52. ##EE##
  53. "
  54.  
  55. #### DO NOT CHANGE below this line ####
  56.  
  57. CA_CRT='-----BEGIN CERTIFICATE-----
  58. MIIEZjCCA8+gAwIBAgIJAPUnaWtFWkqKMA0GCSqGSIb3DQEBBAUAMIHTMQswCQYD
  59. VQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBlJlc3RvbjEhMB8G
  60. A1UEChMYRnVsbCBNZXNoIE5ldHdvcmtzLCBJbmMuMSUwIwYDVQQLFBxGTU4gRW5n
  61. aW5lZXJpbmcgJiBPcGVyYXRpb25zMTEwLwYDVQQDEyhGdWxsIE1lc2ggTmV0d29y
  62. a3MgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0
  63. QGZ1bGxtZXNoLm5ldDAeFw0wNTAzMTcxODM3MTFaFw0xNTAzMTUxODM3MTFaMIHT
  64. MQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBlJlc3Rv
  65. bjEhMB8GA1UEChMYRnVsbCBNZXNoIE5ldHdvcmtzLCBJbmMuMSUwIwYDVQQLFBxG
  66. TU4gRW5naW5lZXJpbmcgJiBPcGVyYXRpb25zMTEwLwYDVQQDEyhGdWxsIE1lc2gg
  67. TmV0d29ya3MgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSMwIQYJKoZIhvcNAQkBFhRz
  68. dXBwb3J0QGZ1bGxtZXNoLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
  69. tSCLIQ3+rPzDQVDBuPWePX0QqzhoUWTYGNGAIrELxAKvmcVJRyLs7ufcchC6elVg
  70. DFZ44lm0PFAj5IvdE2LlXbRun0Z2PpTp0n8iyKCEVy3FGiyjffIwwJIQapPKymWt
  71. mN+cd/RaktSwWb67ofCW1n4n09j5tGeZWdBiuuzfW2kCAwEAAaOCAT4wggE6MB0G
  72. A1UdDgQWBBT4KHw3WOt7X8O2Q/FKINt65OGRkzCCAQkGA1UdIwSCAQAwgf2AFPgo
  73. fDdY63tfw7ZD8Uog23rk4ZGToYHZpIHWMIHTMQswCQYDVQQGEwJVUzERMA8GA1UE
  74. CBMIVmlyZ2luaWExDzANBgNVBAcTBlJlc3RvbjEhMB8GA1UEChMYRnVsbCBNZXNo
  75. IE5ldHdvcmtzLCBJbmMuMSUwIwYDVQQLFBxGTU4gRW5naW5lZXJpbmcgJiBPcGVy
  76. YXRpb25zMTEwLwYDVQQDEyhGdWxsIE1lc2ggTmV0d29ya3MgQ2VydGlmaWNhdGUg
  77. QXV0aG9yaXR5MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZ1bGxtZXNoLm5ldIIJ
  78. APUnaWtFWkqKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAVARIGyBa
  79. kk8r8E8yJQblYJ/mLzt1C+Qezd3CGvMkLvjKIdNMbYt6bydAphIb+7idmUPbFSXd
  80. 8vUGnMOP2KNVJEi5kJ0GcFO8RENSPlYQzCWqc3vzaTOrD9kDCgjGMgrmjvaj9Yly
  81. o2SCDH2Myw1rboUMo6TOY6G+A8f+dPF0/ZE=
  82. -----END CERTIFICATE-----
  83. -----BEGIN CERTIFICATE-----
  84. MIIGdTCCBF2gAwIBAgIJAIeW8F6c9bEcMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
  85. VQQGEwJVUzERMA8GA1UECAwIVmlyZ2luaWExEDAOBgNVBAoMB1dpVG9waWExNTAz
  86. BgNVBAsMLFdpVG9waWEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEFkbWluaXN0cmF0
  87. aW9uMSowKAYDVQQDDCFXaVRvcGlhIFZQTiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx
  88. IjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRAd2l0b3BpYS5uZXQwHhcNMTQwMzExMjMw
  89. NDEzWhcNMjkwMzExMDAwMDAwWjCBuTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCFZp
  90. cmdpbmlhMRAwDgYDVQQKDAdXaVRvcGlhMTUwMwYDVQQLDCxXaVRvcGlhIENlcnRp
  91. ZmljYXRlIEF1dGhvcml0eSBBZG1pbmlzdHJhdGlvbjEqMCgGA1UEAwwhV2lUb3Bp
  92. YSBWUE4gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzdXBw
  93. b3J0QHdpdG9waWEubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
  94. uYoeZufuYS5k27G+XnSdlT1FRgj5Q/DCPsznqorcBJoBCf84Sp2IAkb1ZBiN9n6v
  95. P1u5zIGvGDAOliqwgTUhtv3qUQvrtyheonL4GvW3gqptIBi5dytkgRnRyjw7PHvY
  96. 4q/m73pOyyQH3/drBskBs2FIgGGkxzJX1vLSk1sjk+bhL3EztCm+H8FeTgyxzezT
  97. 3GOTgqENKNv3RzN+8N5c5+97ecu7EZ4D6gpaDJka7XwXzJXKcHYpvaeU0KE+4fs3
  98. 87qv9G39AJ5oGiczUpoEXYXU/q2+TTsIAlfCRjnu+lpZPpWvQO/HBV/SHpJyyhT/
  99. uiCoEJNJjvGjw5BOw7BPx0kPSbJY5uzSPzQ50rnysphspO0DNsKlsZd/bpeKgCyT
  100. pDQXNqZ2iRPJXK0ANzFUJ0EHDwJmweOSANEtGt98GJyzDWuPOnoP2zcbHEkc0ynA
  101. NbXefmNKCP1LA3PrYmLWj8dZvBeT5ndgJ1NJcUjRVi9qJaGHZANDzKflaiBAb9/1
  102. 5CDT8P9/OJDY2aCuyAs2MO7iBACyTNTX8n/60a8z4i4XlfyxD5UNeh0Qo3vL0m3k
  103. 8vtg18ZmxKexuc3+MDrXgsl7hChDw+iREPVl+/qdMrcrezUSXhyypTwCsLPXttDa
  104. o5Ofax5C6IWRkynL0PyI/PPUIfEXL0ZXdYLAr7/v768CAwEAAaN+MHwwDAYDVR0T
  105. BAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
  106. aWNhdGUwHQYDVR0OBBYEFPiV/8N5c0YeWd+DN8gjqdYFJsNgMB8GA1UdIwQYMBaA
  107. FPiV/8N5c0YeWd+DN8gjqdYFJsNgMA0GCSqGSIb3DQEBCwUAA4ICAQAJwnzyMOQh
  108. g28vo7TvQfBtd1AMPLoXvlchA9h+6zazZVLP8uw/ldFoySsAcMXZqtDoN7F/RGpb
  109. UtumFqEjGJI8SDjkacK+nZeASRW6r99v9E2/Rd50OrbCqUg5dZMHDE3krDP0Klbu
  110. /OLKlpqEt80NgfJNCjYkdDzpDwbxepvrAsEMwa95kAsQl4is6349PNSIO+1Mkkq1
  111. dOTYW8sfCvfHPwXXR/CqnHwDlpIzJhlW6TfKBNdFiZ5+JKf6mDAz39ctwv7DPjP7
  112. 29/i1DGnzHIxGJEGXK40xnuDemXutBMr2l4Myf3B7qDOXnW2y5ztc45Anx25Mo+d
  113. fXWrqqIK446BW+3JGfkzdj2nq2ifp++JDXimOf1cbe6j2lp0Pju5pQMhP7wDcpt8
  114. oZprPWLdjeLGsw7Ftp6K10J5M74DzWeXaONklvXtVOHbkmIxDgGEbEKkcDHtAg/5
  115. Tgfo8WfXlgSl+edhZw9xsQYaHCjY+CBlbHL2LO9/WPv4a47/TbZW4bQVbl1wktKN
  116. oD3eJ27x7BZ2iRrJaISP6WzulIxZmuUz8KwQ0LcFqKIg8QAuP+7N7EChXfK3wxXk
  117. m36J3ZURggpVXc0W9DigceYQwpYgxLx9w5lSDPhOERUfbhMdKq5NSKkimbuXcrDY
  118. 8eRFapl26Zeh2DcTvOUgRAhqQWf9xVqcKw==
  119. -----END CERTIFICATE-----
  120. '
  121.  
  122. CLIENT_CRT='-----BEGIN CERTIFICATE-----
  123. ...copy your CNXXXXXX.crt here...
  124. -----END CERTIFICATE-----
  125. '
  126.  
  127. CLIENT_KEY='-----BEGIN PRIVATE KEY-----
  128. ...copy your CNXXXXXX.key here...
  129. -----END PRIVATE KEY-----
  130. '
  131.  
  132. OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`
  133.  
  134. if [ "$OPVPNENABLE" != 0 ]
  135. then
  136.    nvram set openvpncl_enable=0
  137.    nvram commit
  138. fi
  139.  
  140. sleep 10
  141. mkdir /tmp/witopia; cd /tmp/witopia
  142. echo -e "$USERNAME\n$PASSWORD" > userpass.conf
  143. echo "$CA_CRT" > ca.crt; echo "$CLIENT_CRT" > client.crt; echo "$CLIENT_KEY" > client.key
  144. echo "#!/bin/sh" > route-up.sh; echo -e "#!/bin/sh\nsleep 2" > route-down.sh
  145. echo "#!/bin/sh
  146. iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
  147. iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  148. iptables -A INPUT -i tun0 -j DROP # drop all unsolicited incoming connections from VPN peers
  149. iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE" > /tmp/.rc_firewall
  150. chmod 644 ca.crt client.crt; chmod 600 client.key userpass.conf; chmod 700 route-up.sh route-down.sh
  151. chmod 700 /tmp/.rc_firewall
  152. sleep 10
  153. echo "client
  154. dev tun
  155. proto $PROTOCOL
  156. script-security 2
  157. resolv-retry infinite
  158. nobind
  159. persist-key
  160. persist-tun
  161. ns-cert-type server
  162. cipher bf-cbc
  163. comp-lzo
  164. verb 3
  165. mute 20
  166. ca ca.crt
  167. mssfix 1300
  168. key client.key
  169. cert client.crt
  170. log witopia.log
  171. daemon
  172. auth sha1
  173. auth-user-pass userpass.conf
  174. remote-random
  175. $REMOTE_SERVERS" > openvpn.conf
  176. ln -s /tmp/witopia/witopia.log /tmp/witopia.log
  177. /tmp/.rc_firewall
  178. (killall openvpn; openvpn --config /tmp/witopia/openvpn.conf --route-up /tmp/witopia/route-up.sh --down-pre /tmp/witopia/route-down.sh) &
  179. exit 0
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top