Guest User

Untitled

a guest
Jul 31st, 2017
95
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env bash
  2. #
  3.  
  4. # Functions
  5. ok() {
  6. echo -e '\e[32m'$1'\e[m';
  7. }
  8.  
  9. die() {
  10. echo -e '\e[1;31m'$1'\e[m'; exit 1;
  11. }
  12.  
  13. # Sanity check
  14. if [[ $(id -g) != "0" ]] ; then
  15. die "❯❯❯ Script must be run as root."
  16. fi
  17.  
  18. if [[ ! -e /dev/net/tun ]] ; then
  19. die "❯❯❯ TUN/TAP device is not available."
  20. fi
  21.  
  22. dpkg -l openvpn > /dev/null 2>&1
  23. if [[ $? -eq 0 ]]; then
  24. die "❯❯❯ OpenVPN is already installed."
  25. fi
  26.  
  27. # Install openvpn
  28. ok "❯❯❯ apt-get update"
  29. apt-get update -q > /dev/null 2>&1
  30. ok "❯❯❯ apt-get install openvpn curl openssl"
  31. apt-get install -qy openvpn curl > /dev/null 2>&1
  32.  
  33. # IP Address
  34. SERVER_IP=$(curl ipv4.icanhazip.com)
  35. if [[ -z "${SERVER_IP}" ]]; then
  36. SERVER_IP=$(ip a | awk -F"[ /]+" '/global/ && !/127.0/ {print $3; exit}')
  37. fi
  38.  
  39. # Generate CA Config
  40. ok "❯❯❯ Generating CA Config"
  41. openssl dhparam -out /etc/openvpn/dh.pem 2048 > /dev/null 2>&1
  42. openssl genrsa -out /etc/openvpn/ca-key.pem 2048 > /dev/null 2>&1
  43. chmod 600 /etc/openvpn/ca-key.pem
  44. openssl req -new -key /etc/openvpn/ca-key.pem -out /etc/openvpn/ca-csr.pem -subj /CN=OpenVPN-CA/ > /dev/null 2>&1
  45. openssl x509 -req -in /etc/openvpn/ca-csr.pem -out /etc/openvpn/ca.pem -signkey /etc/openvpn/ca-key.pem -days 365 > /dev/null 2>&1
  46. echo 01 > /etc/openvpn/ca.srl
  47.  
  48. # Generate Server Config
  49. ok "❯❯❯ Generating Server Config"
  50. openssl genrsa -out /etc/openvpn/server-key.pem 2048 > /dev/null 2>&1
  51. chmod 600 /etc/openvpn/server-key.pem
  52. openssl req -new -key /etc/openvpn/server-key.pem -out /etc/openvpn/server-csr.pem -subj /CN=OpenVPN/ > /dev/null 2>&1
  53. openssl x509 -req -in /etc/openvpn/server-csr.pem -out /etc/openvpn/server-cert.pem -CA /etc/openvpn/ca.pem -CAkey /etc/openvpn/ca-key.pem -days 365 > /dev/null 2>&1
  54.  
  55. cat > /etc/openvpn/udp1194.conf <<EOF
  56. server 10.8.0.0 255.255.255.0
  57. verb 3
  58. duplicate-cn
  59. key server-key.pem
  60. ca ca.pem
  61. cert server-cert.pem
  62. dh dh.pem
  63. keepalive 10 120
  64. persist-key
  65. persist-tun
  66. comp-lzo
  67. push "redirect-gateway def1 bypass-dhcp"
  68. push "dhcp-option DNS 8.8.8.8"
  69. push "dhcp-option DNS 8.8.4.4"
  70.  
  71. user nobody
  72. group nogroup
  73.  
  74. proto udp
  75. port 1194
  76. dev tun1194
  77. status openvpn-status-1194.log
  78. EOF
  79.  
  80. # Generate Client Config
  81. ok "❯❯❯ Generating Client Config"
  82. openssl genrsa -out /etc/openvpn/client-key.pem 2048 > /dev/null 2>&1
  83. chmod 600 /etc/openvpn/client-key.pem
  84. openssl req -new -key /etc/openvpn/client-key.pem -out /etc/openvpn/client-csr.pem -subj /CN=OpenVPN-Client/ > /dev/null 2>&1
  85. openssl x509 -req -in /etc/openvpn/client-csr.pem -out /etc/openvpn/client-cert.pem -CA /etc/openvpn/ca.pem -CAkey /etc/openvpn/ca-key.pem -days 36525 > /dev/null 2>&1
  86.  
  87. cat > /etc/openvpn/client.ovpn <<EOF
  88. client
  89. nobind
  90. dev tun
  91. redirect-gateway def1 bypass-dhcp
  92. remote $SERVER_IP 1194 udp
  93. comp-lzo yes
  94.  
  95. <key>
  96. $(cat /etc/openvpn/client-key.pem)
  97. </key>
  98. <cert>
  99. $(cat /etc/openvpn/client-cert.pem)
  100. </cert>
  101. <ca>
  102. $(cat /etc/openvpn/ca.pem)
  103. </ca>
  104. EOF
  105.  
  106. # Iptables
  107. if [[ ! -f /proc/user_beancounters ]]; then
  108. N_INT=$(ip a |awk -v sip="$SERVER_IP" '$0 ~ sip { print $7}')
  109. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $N_INT -j MASQUERADE
  110. else
  111. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source $SERVER_IP
  112. fi
  113.  
  114. iptables-save > /etc/iptables.conf
  115.  
  116. cat > /etc/network/if-up.d/iptables <<EOF
  117. #!/bin/sh
  118. iptables-restore < /etc/iptables.conf
  119. EOF
  120.  
  121. chmod +x /etc/network/if-up.d/iptables
  122.  
  123. # Enable net.ipv4.ip_forward
  124. sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
  125. echo 1 > /proc/sys/net/ipv4/ip_forward
  126.  
  127. # Restart Service
  128. ok "❯❯❯ service openvpn restart"
  129. service openvpn restart > /dev/null 2>&1
  130. ok "❯❯❯ Your client config is available at /etc/openvpn/client.ovpn"
  131. ok "❯❯❯ All done!"
RAW Paste Data