API tools faq
paste
eibgrad

tomato-ovpn-ptp-server-74555.sh

eibgrad
Apr 22nd, 2019 (edited)
190
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 3.89 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. # openvpn ptp (point-to-point) tunnel - server
  3. # tomato ref: https://bit.ly/2DrmODq
  4. # v1.0.0
  5.  
  6. LOCAL_PORT="22810" # listening port of openvpn server
  7. INT_IP="192.168.61.43" # target of vps port forward
  8. WAN_IF="$(ip route | awk '/^default/{print $NF}')"
  9. OVPN_DIR="/tmp/ovpn_ptp" # default working directory
  10.  
  11. [ -d $OVPN_DIR ] || mkdir -p $OVPN_DIR
  12.  
  13. # --------------------------- begin ovpn-start.sh ---------------------------- #
  14. cat << EOF > $OVPN_DIR/ovpn-start.sh
  15. #!/bin/sh
  16. modprobe tun
  17. killall -q openvpn && sleep 3
  18. openvpn --config $OVPN_DIR/openvpn.conf
  19. EOF
  20. chmod +x $OVPN_DIR/ovpn-start.sh
  21. # ---------------------------- end ovpn-start.sh ----------------------------- #
  22.  
  23. # ---------------------------- begin openvpn.conf ---------------------------- #
  24. cat << EOF > $OVPN_DIR/openvpn.conf
  25. daemon
  26. dev tun0
  27. proto udp4
  28. port $LOCAL_PORT
  29. ifconfig 10.8.0.1 10.8.0.2
  30. script-security 2
  31. up $OVPN_DIR/up.sh
  32. down $OVPN_DIR/down.sh
  33. route-up $OVPN_DIR/route-up.sh
  34. route-pre-down $OVPN_DIR/route-down.sh
  35. secret $OVPN_DIR/static.key 0
  36. #user nobody
  37. #group nogroup
  38. cipher aes-256-cbc
  39. auth sha256
  40. auth-nocache
  41. persist-tun
  42. persist-key
  43. keepalive 10 60
  44. ping-timer-rem
  45. comp-lzo no
  46. verb 4
  47. EOF
  48. # ----------------------------- end openvpn.conf ----------------------------- #
  49.  
  50. # ----------------------------- begin static.key ----------------------------- #
  51. cat << "EOF" > $OVPN_DIR/static.key
  52. #
  53. # 2048 bit OpenVPN static key
  54. #
  55. -----BEGIN OpenVPN Static key V1-----
  56. 5b4cdb0114d8d499ad97210a1c2fd7ea
  57. 1f1ede99c506109ba0df8c84a0b6d824
  58. 75b9d5def574883f5883532d09f244ed
  59. 8fd21d44b43da99536ab5e8592441f50
  60. 0063ff4d2280f302f39147cd5d9c21b8
  61. 37f3a2102cdeff9746a192ffa6f87f24
  62. 2770677ea3a0af3a30a630d24350a605
  63. c9cf6715dab985ba5105739dc61f1111
  64. 3e368b64287e9fe0d7e48284e10be4c1
  65. 4965de0f60554a5a9753bb14f3008462
  66. 2ae6c86f3710a122bc3954eb20688697
  67. 5d3e1ed2d19fe930c997aac121888376
  68. 4bdfc2d462cd23000fb221b6702de7e6
  69. a7b5c718b5e5d351e401a35d8b66e407
  70. a4b467e1c9095003e5db52ae4d3574b1
  71. 1be6e37867ef2455d5cbed8b8a614245
  72. -----END OpenVPN Static key V1-----
  73. EOF
  74. chmod 600 $OVPN_DIR/static.key
  75. # ------------------------------ end static.key ------------------------------ #
  76.  
  77. # ------------------------------- begin up.sh -------------------------------- #
  78. cat << EOF > $OVPN_DIR/up.sh
  79. #!/bin/sh
  80. # open openvpn service port
  81. iptables -I INPUT -i $WAN_IF -p udp --dport $LOCAL_PORT -j ACCEPT
  82.  
  83. # allow traffic in from the openvpn tunnel
  84. iptables -I INPUT -i tun0 -j ACCEPT
  85. iptables -I FORWARD -i tun0 -j ACCEPT
  86. EOF
  87. chmod +x $OVPN_DIR/up.sh
  88. # -------------------------------- end up.sh --------------------------------- #
  89.  
  90. # ------------------------------ begin down.sh ------------------------------- #
  91. cat << EOF > $OVPN_DIR/down.sh
  92. #!/bin/sh
  93. ipt() { while iptables "\$@" 2>/dev/null; do :; done }
  94.  
  95. # flush the firewall rules
  96. ipt -D INPUT -i $WAN_IF -p udp --dport $LOCAL_PORT -j ACCEPT
  97. ipt -D INPUT -i tun0 -j ACCEPT
  98. ipt -D FORWARD -i tun0 -j ACCEPT
  99. EOF
  100. chmod +x $OVPN_DIR/down.sh
  101. # ------------------------------- end down.sh -------------------------------- #
  102.  
  103. # ---------------------------- begin route-up.sh ----------------------------- #
  104. cat << EOF > $OVPN_DIR/route-up.sh
  105. #!/bin/sh
  106. ip route flush table 200 2>/dev/null
  107. ip route add default via \$ifconfig_remote dev tun0 table 200
  108. ip route flush cache
  109. ip rule add from $INT_IP table 200
  110. EOF
  111. chmod +x $OVPN_DIR/route-up.sh
  112. # ----------------------------- end route-up.sh ------------------------------ #
  113.  
  114. # --------------------------- begin route-down.sh ---------------------------- #
  115. cat << EOF > $OVPN_DIR/route-down.sh
  116. #!/bin/sh
  117. ip route flush table 200 2>/dev/null
  118. ip route flush cache
  119. ip rule del from $INT_IP table 200
  120. EOF
  121. chmod +x $OVPN_DIR/route-down.sh
  122. # ---------------------------- end route-down.sh ----------------------------- #
  123.  
  124. # begin openvpn execution and verify connection
  125. cd $OVPN_DIR && sh -x ./ovpn-start.sh && ping 10.8.0.2
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!