Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-02-05 13:11:33 +01:00
Code Issues Projects Releases Wiki Activity

removed my changes

Browse Source
This commit is contained in:
Mohammad Parvin 2023-12-25 15:40:25 +03:30
parent 8d84eebd79
commit a879503af1
1 changed files with 17 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
openvpn-install.sh
View File

@ -57,7 +57,7 @@ function checkOS() {
fi fi
if [[ $ID == "centos" || $ID == "rocky" || $ID == "almalinux" ]]; then if [[ $ID == "centos" || $ID == "rocky" || $ID == "almalinux" ]]; then
OS="centos" OS="centos"
if [[ ! $VERSION_ID =~ (7|8) ]]; then if [[ ${VERSION_ID%.*} -lt 7 ]]; then
echo "⚠️ Your version of CentOS is not supported." echo "⚠️ Your version of CentOS is not supported."
echo "" echo ""
echo "The script only support CentOS 7 and CentOS 8." echo "The script only support CentOS 7 and CentOS 8."
@ -227,14 +227,8 @@ function installQuestions() {
echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to." echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to."
echo "Unless your server is behind NAT, it should be your public IPv4 address." echo "Unless your server is behind NAT, it should be your public IPv4 address."
# If detect_from_net is not set detect the IP from the network # Detect public IPv4 address and pre-fill for the user
# Else use this command to detect ip: curl -s https://api.ipify.org IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1)
if [[ -z $DETECT_FROM_NET ]]; then
# Detect public IPv4 address and pre-fill for the user
IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1)
else
IP=$(curl -s https://api.ipify.org)
fi
if [[ -z $IP ]]; then if [[ -z $IP ]]; then
# Detect public IPv6 address # Detect public IPv6 address
@ -633,9 +627,13 @@ function installOpenVPN() {
# Behind NAT, we'll default to the publicly reachable IPv4/IPv6. # Behind NAT, we'll default to the publicly reachable IPv4/IPv6.
if [[ $IPV6_SUPPORT == "y" ]]; then if [[ $IPV6_SUPPORT == "y" ]]; then
PUBLIC_IP=$(curl --retry 5 --retry-connrefused https://ifconfig.co) if ! PUBLIC_IP=$(curl -f --retry 5 --retry-connrefused https://ip.seeip.org); then
PUBLIC_IP=$(dig -6 TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
fi
else else
PUBLIC_IP=$(curl --retry 5 --retry-connrefused -4 https://ifconfig.co) if ! PUBLIC_IP=$(curl -f --retry 5 --retry-connrefused -4 https://ip.seeip.org); then
PUBLIC_IP=$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | tr -d '"')
fi
fi fi
ENDPOINT=${ENDPOINT:-$PUBLIC_IP} ENDPOINT=${ENDPOINT:-$PUBLIC_IP}
fi fi
@ -708,10 +706,10 @@ function installOpenVPN() {
# Install the latest version of easy-rsa from source, if not already installed. # Install the latest version of easy-rsa from source, if not already installed.
if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then
local version="3.0.7" local version="3.1.2"
wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz
mkdir -p /etc/openvpn/easy-rsa mkdir -p /etc/openvpn/easy-rsa
tar xzf ~/easy-rsa.tgz --strip-components=1 --directory /etc/openvpn/easy-rsa tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/easy-rsa
rm -f ~/easy-rsa.tgz rm -f ~/easy-rsa.tgz
cd /etc/openvpn/easy-rsa/ || return cd /etc/openvpn/easy-rsa/ || return
@ -731,18 +729,16 @@ function installOpenVPN() {
SERVER_NAME="server_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" SERVER_NAME="server_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"
echo "$SERVER_NAME" >SERVER_NAME_GENERATED echo "$SERVER_NAME" >SERVER_NAME_GENERATED
echo "set_var EASYRSA_REQ_CN $SERVER_CN" >>vars
# Create the PKI, set up the CA, the DH params and the server certificate # Create the PKI, set up the CA, the DH params and the server certificate
./easyrsa init-pki ./easyrsa init-pki
./easyrsa --batch build-ca nopass ./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
if [[ $DH_TYPE == "2" ]]; then if [[ $DH_TYPE == "2" ]]; then
# ECDH keys are generated on-the-fly so we don't need to generate them beforehand # ECDH keys are generated on-the-fly so we don't need to generate them beforehand
openssl dhparam -out dh.pem $DH_KEY_SIZE openssl dhparam -out dh.pem $DH_KEY_SIZE
fi fi
./easyrsa build-server-full "$SERVER_NAME" nopass ./easyrsa --batch build-server-full "$SERVER_NAME" nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
case $TLS_SIG in case $TLS_SIG in
@ -1089,14 +1085,11 @@ function newClient() {
cd /etc/openvpn/easy-rsa/ || return cd /etc/openvpn/easy-rsa/ || return
case $PASS in case $PASS in
1) 1)
./easyrsa build-client-full "$CLIENT" nopass ./easyrsa --batch build-client-full "$CLIENT" nopass
;; ;;
2) 2)
echo -e "\n\n⚠ You will be asked for the client password below ⚠️" echo "⚠️ You will be asked for the client password below ⚠️"
echo "this is a random password generated" ./easyrsa --batch build-client-full "$CLIENT"
echo `openssl rand -base64 $(shuf -i13-17 -n1) || tr -dc A-Za-z0-9 </dev/urandom | head -c $(shuf -i13-17 -n1)`
echo "and can use it"
./easyrsa build-client-full "$CLIENT"
;; ;;
esac esac
echo "Client $CLIENT added." echo "Client $CLIENT added."
@ -1134,7 +1127,7 @@ function newClient() {
echo "</ca>" echo "</ca>"
echo "<cert>" echo "<cert>"
awk '/BEGIN/,/END/' "/etc/openvpn/easy-rsa/pki/issued/$CLIENT.crt" awk '/BEGIN/,/END CERTIFICATE/' "/etc/openvpn/easy-rsa/pki/issued/$CLIENT.crt"
echo "</cert>" echo "</cert>"
echo "<key>" echo "<key>"