Ledger Nano X - The secure hardware wallet
SHARE
TWEET

Untitled

a guest Jul 31st, 2017 92 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env bash
  2. #
  3.  
  4. # Functions
  5. ok() {
  6.     echo -e '\e[32m'$1'\e[m';
  7. }
  8.  
  9. die() {
  10.     echo -e '\e[1;31m'$1'\e[m'; exit 1;
  11. }
  12.  
  13. # Sanity check
  14. if [[ $(id -g) != "0" ]] ; then
  15.     die "❯❯❯ Script must be run as root."
  16. fi
  17.  
  18. if [[  ! -e /dev/net/tun ]] ; then
  19.     die "❯❯❯ TUN/TAP device is not available."
  20. fi
  21.  
  22. dpkg -l openvpn > /dev/null 2>&1
  23. if [[ $? -eq 0 ]]; then
  24.     die "❯❯❯ OpenVPN is already installed."
  25. fi
  26.  
  27. # Install openvpn
  28. ok "❯❯❯ apt-get update"
  29. apt-get update -q > /dev/null 2>&1
  30. ok "❯❯❯ apt-get install openvpn curl openssl"
  31. apt-get install -qy openvpn curl > /dev/null 2>&1
  32.  
  33. # IP Address
  34. SERVER_IP=$(curl ipv4.icanhazip.com)
  35. if [[ -z "${SERVER_IP}" ]]; then
  36.     SERVER_IP=$(ip a | awk -F"[ /]+" '/global/ && !/127.0/ {print $3; exit}')
  37. fi
  38.  
  39. # Generate CA Config
  40. ok "❯❯❯ Generating CA Config"
  41. openssl dhparam -out /etc/openvpn/dh.pem 2048 > /dev/null 2>&1
  42. openssl genrsa -out /etc/openvpn/ca-key.pem 2048 > /dev/null 2>&1
  43. chmod 600 /etc/openvpn/ca-key.pem
  44. openssl req -new -key /etc/openvpn/ca-key.pem -out /etc/openvpn/ca-csr.pem -subj /CN=OpenVPN-CA/ > /dev/null 2>&1
  45. openssl x509 -req -in /etc/openvpn/ca-csr.pem -out /etc/openvpn/ca.pem -signkey /etc/openvpn/ca-key.pem -days 365 > /dev/null 2>&1
  46. echo 01 > /etc/openvpn/ca.srl
  47.  
  48. # Generate Server Config
  49. ok "❯❯❯ Generating Server Config"
  50. openssl genrsa -out /etc/openvpn/server-key.pem 2048 > /dev/null 2>&1
  51. chmod 600 /etc/openvpn/server-key.pem
  52. openssl req -new -key /etc/openvpn/server-key.pem -out /etc/openvpn/server-csr.pem -subj /CN=OpenVPN/ > /dev/null 2>&1
  53. openssl x509 -req -in /etc/openvpn/server-csr.pem -out /etc/openvpn/server-cert.pem -CA /etc/openvpn/ca.pem -CAkey /etc/openvpn/ca-key.pem -days 365 > /dev/null 2>&1
  54.  
  55. cat > /etc/openvpn/udp1194.conf <<EOF
  56. server 10.8.0.0 255.255.255.0
  57. verb 3
  58. duplicate-cn
  59. key server-key.pem
  60. ca ca.pem
  61. cert server-cert.pem
  62. dh dh.pem
  63. keepalive 10 120
  64. persist-key
  65. persist-tun
  66. comp-lzo
  67. push "redirect-gateway def1 bypass-dhcp"
  68. push "dhcp-option DNS 8.8.8.8"
  69. push "dhcp-option DNS 8.8.4.4"
  70.  
  71. user nobody
  72. group nogroup
  73.  
  74. proto udp
  75. port 1194
  76. dev tun1194
  77. status openvpn-status-1194.log
  78. EOF
  79.  
  80. # Generate Client Config
  81. ok "❯❯❯ Generating Client Config"
  82. openssl genrsa -out /etc/openvpn/client-key.pem 2048 > /dev/null 2>&1
  83. chmod 600 /etc/openvpn/client-key.pem
  84. openssl req -new -key /etc/openvpn/client-key.pem -out /etc/openvpn/client-csr.pem -subj /CN=OpenVPN-Client/ > /dev/null 2>&1
  85. openssl x509 -req -in /etc/openvpn/client-csr.pem -out /etc/openvpn/client-cert.pem -CA /etc/openvpn/ca.pem -CAkey /etc/openvpn/ca-key.pem -days 36525 > /dev/null 2>&1
  86.  
  87. cat > /etc/openvpn/client.ovpn <<EOF
  88. client
  89. nobind
  90. dev tun
  91. redirect-gateway def1 bypass-dhcp
  92. remote $SERVER_IP 1194 udp
  93. comp-lzo yes
  94.  
  95. <key>
  96. $(cat /etc/openvpn/client-key.pem)
  97. </key>
  98. <cert>
  99. $(cat /etc/openvpn/client-cert.pem)
  100. </cert>
  101. <ca>
  102. $(cat /etc/openvpn/ca.pem)
  103. </ca>
  104. EOF
  105.  
  106. # Iptables
  107. if [[ ! -f /proc/user_beancounters ]]; then
  108.     N_INT=$(ip a |awk -v sip="$SERVER_IP" '$0 ~ sip { print $7}')
  109.     iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $N_INT -j MASQUERADE
  110. else
  111.     iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source $SERVER_IP
  112. fi
  113.  
  114. iptables-save > /etc/iptables.conf
  115.  
  116. cat > /etc/network/if-up.d/iptables <<EOF
  117. #!/bin/sh
  118. iptables-restore < /etc/iptables.conf
  119. EOF
  120.  
  121. chmod +x /etc/network/if-up.d/iptables
  122.  
  123. # Enable net.ipv4.ip_forward
  124. sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
  125. echo 1 > /proc/sys/net/ipv4/ip_forward
  126.  
  127. # Restart Service
  128. ok "❯❯❯ service openvpn restart"
  129. service openvpn restart > /dev/null 2>&1
  130. ok "❯❯❯ Your client config is available at /etc/openvpn/client.ovpn"
  131. ok "❯❯❯ All done!"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top