Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # openvpn ptp (point-to-point) tunnel - client
- # tomato ref: https://bit.ly/2DrmODq
- # v1.0.0
- # ip and port of openvpn server
- REMOTE_IP="199.199.199.199"
- REMOTE_PORT="22810"
- # vps port forward
- EXT_PORT="80"
- INT_IP="192.168.61.43"
- INT_PORT="80"
- # default working directory
- OVPN_DIR="/tmp/ovpn_ptp"
- [ -d $OVPN_DIR ] || mkdir -p $OVPN_DIR
- # --------------------------- begin ovpn-start.sh ---------------------------- #
- cat << EOF > $OVPN_DIR/ovpn-start.sh
- #!/bin/sh
- modprobe tun
- killall -q openvpn && sleep 3
- openvpn --config $OVPN_DIR/openvpn.conf
- EOF
- chmod +x $OVPN_DIR/ovpn-start.sh
- # ---------------------------- end ovpn-start.sh ----------------------------- #
- # ---------------------------- begin openvpn.conf ---------------------------- #
- cat << EOF > $OVPN_DIR/openvpn.conf
- daemon
- dev tun0
- proto udp4
- remote $REMOTE_IP $REMOTE_PORT
- ifconfig 10.8.0.2 10.8.0.1
- route $INT_IP
- script-security 2
- up $OVPN_DIR/up.sh
- down $OVPN_DIR/down.sh
- secret $OVPN_DIR/static.key 1
- #user nobody
- #group nobody
- cipher aes-256-cbc
- auth sha256
- auth-nocache
- persist-tun
- persist-key
- keepalive 10 60
- ping-timer-rem
- comp-lzo no
- verb 4
- EOF
- # ----------------------------- end openvpn.conf ----------------------------- #
- # ----------------------------- begin static.key ----------------------------- #
- cat << "EOF" > $OVPN_DIR/static.key
- #
- # 2048 bit OpenVPN static key
- #
- -----BEGIN OpenVPN Static key V1-----
- 5b4cdb0114d8d499ad97210a1c2fd7ea
- 1f1ede99c506109ba0df8c84a0b6d824
- 75b9d5def574883f5883532d09f244ed
- 8fd21d44b43da99536ab5e8592441f50
- 0063ff4d2280f302f39147cd5d9c21b8
- 37f3a2102cdeff9746a192ffa6f87f24
- 2770677ea3a0af3a30a630d24350a605
- c9cf6715dab985ba5105739dc61f1111
- 3e368b64287e9fe0d7e48284e10be4c1
- 4965de0f60554a5a9753bb14f3008462
- 2ae6c86f3710a122bc3954eb20688697
- 5d3e1ed2d19fe930c997aac121888376
- 4bdfc2d462cd23000fb221b6702de7e6
- a7b5c718b5e5d351e401a35d8b66e407
- a4b467e1c9095003e5db52ae4d3574b1
- 1be6e37867ef2455d5cbed8b8a614245
- -----END OpenVPN Static key V1-----
- EOF
- chmod 600 $OVPN_DIR/static.key
- # ------------------------------ end static.key ------------------------------ #
- # ------------------------------- begin up.sh -------------------------------- #
- cat << EOF > $OVPN_DIR/up.sh
- #!/bin/sh
- # allow bidirectional (aka site-to-site) access
- iptables -A INPUT -i tun0 -j ACCEPT
- iptables -A FORWARD -i tun0 -j ACCEPT
- # port forward over the VPN (no SNAT required)
- iptables -t nat -A PREROUTING -p tcp --dport $EXT_PORT \
- -j DNAT --to-destination $INT_IP:$INT_PORT
- iptables -A FORWARD -p tcp -d $INT_IP --dport $INT_PORT -j ACCEPT
- # allow internet access over local network interface (e.g., ens2)
- iptables -t nat -A POSTROUTING -s $INT_IP -j MASQUERADE
- EOF
- chmod +x $OVPN_DIR/up.sh
- # -------------------------------- end up.sh --------------------------------- #
- # ------------------------------ begin down.sh ------------------------------- #
- cat << EOF > $OVPN_DIR/down.sh
- #!/bin/sh
- ipt() { while iptables "\$@" 2>/dev/null; do :; done }
- # flush the firewall rules
- ipt -D INPUT -i tun0 -j ACCEPT
- ipt -D FORWARD -i tun0 -j ACCEPT
- ipt -t nat -D PREROUTING -p tcp --dport $EXT_PORT \
- -j DNAT --to-destination $INT_IP:$INT_PORT
- ipt -D FORWARD -p tcp -d $INT_IP --dport $INT_PORT -j ACCEPT
- ipt -t nat -D POSTROUTING -s $INT_IP -j MASQUERADE
- EOF
- chmod +x $OVPN_DIR/down.sh
- # ------------------------------- end down.sh -------------------------------- #
- # begin openvpn execution and verify connection
- cd $OVPN_DIR && sh -x ./ovpn-start.sh && ping 10.8.0.1
Add Comment
Please, Sign In to add comment