Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-07-04 13:34:21 +02:00
Code Issues Projects Releases Wiki Activity

function for all .

Browse Source
This commit is contained in:
xiagw 2018-01-05 15:15:01 +08:00
parent f50c33722c
commit f103339165
1 changed files with 525 additions and 516 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
openvpn-install.sh
View File

@ -30,46 +30,9 @@ file_client_tpl="${dir_openvpn}/client-template.txt"
file_openvpn_conf="${dir_openvpn}/server.conf" file_openvpn_conf="${dir_openvpn}/server.conf"
file_iptables='/etc/iptables/iptables.rules' file_iptables='/etc/iptables/iptables.rules'
## function determine the operating system version
detect_os_ver(){
if [[ -e /etc/debian_version ]]; then
OS="debian"
# Getting the version number, to verify that a recent version of OpenVPN is available
VERSION_ID=$(cat /etc/os-release | grep "VERSION_ID")
SYSCTL='/etc/sysctl.conf'
if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="12.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.04"' ]]; then
echo 'Your version of Debian/Ubuntu is not supported.'
echo "I can't install a recent version of OpenVPN on your system."
echo ''
echo "However, if you're using Debian unstable/testing, or Ubuntu beta,"
echo 'then you can continue, a recent version of OpenVPN is available on these.'
echo 'Keep in mind they are not supported, though.'
while [[ "$CONTINUE" != [yn] ]]; do
read -p 'Continue ? [y/n]: ' -e CONTINUE
done
if [[ 'n' = "$CONTINUE" ]]; then
echo 'Ok, bye !'
exit 4
fi
fi
elif [[ -e /etc/centos-release || -e /etc/redhat-release && ! -e /etc/fedora-release ]]; then
OS='centos'
SYSCTL='/etc/sysctl.conf'
elif [[ -e /etc/arch-release ]]; then
OS='arch'
SYSCTL='/etc/sysctl.d/openvpn.conf'
elif [[ -e /etc/fedora-release ]]; then
OS='fedora'
SYSCTL='/etc/sysctl.d/openvpn.conf'
else
echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system"
exit 4
fi
}
install_easyrsa(){ install_easyrsa(){
# An old version of easy-rsa was available by default in some openvpn packages # An old version of easy-rsa was available by default in some openvpn packages
if [[ -d ${dir_easy}/ ]]; then if [[ -d ${dir_easy}/ ]]; then
rm -rf ${dir_easy}/ rm -rf ${dir_easy}/
@ -134,7 +97,8 @@ set_firewall(){
fi fi
} }
newclient () { generate_newclient() {
# Where to write the custom client.ovpn? # Where to write the custom client.ovpn?
if [ -e /home/$1 ]; then # if $1 is a user name if [ -e /home/$1 ]; then # if $1 is a user name
homeDir="/home/$1" homeDir="/home/$1"
@ -164,6 +128,7 @@ newclient () {
## function for install openvpn server ## function for install openvpn server
install_openvpn(){ install_openvpn(){
clear clear
cat <<EOF cat <<EOF
Welcome to the secure OpenVPN installer (github.com/Angristan/OpenVPN-install) Welcome to the secure OpenVPN installer (github.com/Angristan/OpenVPN-install)
@ -187,6 +152,7 @@ EOF
while [[ $PROTOCOL != "udp" && $PROTOCOL != "tcp" ]]; do while [[ $PROTOCOL != "udp" && $PROTOCOL != "tcp" ]]; do
read -p "Protocol [udp/tcp]: " -e -i udp PROTOCOL read -p "Protocol [udp/tcp]: " -e -i udp PROTOCOL
done done
cat <<EOF cat <<EOF
2/6.What DNS do you want to use with the VPN? 2/6.What DNS do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf) 1) Current system resolvers (from /etc/resolv.conf)
@ -201,6 +167,7 @@ EOF
while [[ $DNS != [1-8] ]]; do while [[ $DNS != [1-8] ]]; do
read -p "DNS [1-8]: " -e -i 1 DNS read -p "DNS [1-8]: " -e -i 1 DNS
done done
cat <<EOF cat <<EOF
See https://github.com/Angristan/OpenVPN-install#encryption to learn more about See https://github.com/Angristan/OpenVPN-install#encryption to learn more about
the encryption in OpenVPN and the choices I made in this script. the encryption in OpenVPN and the choices I made in this script.
@ -244,6 +211,7 @@ EOF
CIPHER="cipher SEED-CBC" CIPHER="cipher SEED-CBC"
;; ;;
esac esac
echo "" echo ""
echo "4/6.Choose what size of Diffie-Hellman key you want to use:" echo "4/6.Choose what size of Diffie-Hellman key you want to use:"
echo " 1) 2048 bits (fastest)" echo " 1) 2048 bits (fastest)"
@ -263,6 +231,7 @@ EOF
DH_KEY_SIZE="4096" DH_KEY_SIZE="4096"
;; ;;
esac esac
echo "" echo ""
echo "5/6.Choose what size of RSA key you want to use:" echo "5/6.Choose what size of RSA key you want to use:"
echo " 1) 2048 bits (fastest)" echo " 1) 2048 bits (fastest)"
@ -282,12 +251,14 @@ EOF
RSA_KEY_SIZE="4096" RSA_KEY_SIZE="4096"
;; ;;
esac esac
echo "" echo ""
echo "6/6.Finally, tell me a name for the client certificate and configuration" echo "6/6.Finally, tell me a name for the client certificate and configuration"
while [[ $CLIENT = "" ]]; do while [[ $CLIENT = "" ]]; do
echo "Please, use one word only, no special characters" echo "Please, use one word only, no special characters"
read -p "Client name: " -e -i client CLIENT read -p "Client name: " -e -i client CLIENT
done done
echo "" echo ""
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."
@ -417,6 +388,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
systemctl start iptables systemctl start iptables
fi fi
fi fi
# Find out if the machine uses nogroup or nobody for the permissionless group # Find out if the machine uses nogroup or nobody for the permissionless group
if grep -qs "^nogroup:" /etc/group; then if grep -qs "^nogroup:" /etc/group; then
NOGROUP=nogroup NOGROUP=nogroup
@ -505,7 +477,7 @@ tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log status openvpn.log
verb 3" >> /etc/openvpn/server.conf verb 3" >> /etc/openvpn/server.conf
## function set_firewall ## call function set_firewall
set_firewall set_firewall
# And finally, restart OpenVPN # And finally, restart OpenVPN
@ -578,8 +550,8 @@ tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns setenv opt block-outside-dns
verb 3" >> ${file_client_tpl} verb 3" >> ${file_client_tpl}
# function Generate the custom client.ovpn # call function Generate the custom client.ovpn
newclient "$CLIENT" generate_newclient "$CLIENT"
echo "" echo ""
echo "Finished!" echo "Finished!"
echo "" echo ""
@ -587,23 +559,9 @@ verb 3" >> ${file_client_tpl}
echo "If you want to add more clients, you simply need to run this script another time!" echo "If you want to add more clients, you simply need to run this script another time!"
} }
detect_IP_NIC(){
# Try to get our IP from the system and fallback to the Internet.
# I do this to make the script compatible with NATed servers (LowEndSpirit/Scaleway)
# and to avoid getting an IPv6.
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
if [[ "$IP" = "" ]]; then
IP=$(wget -qO- ipv4.icanhazip.com)
fi
# Get Internet network interface with default route
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
}
config_openvpn(){ config_openvpn(){
while : while :
do do
clear clear
@ -631,7 +589,7 @@ EOF
cd ${dir_easy} cd ${dir_easy}
${bin_easy} build-client-full $CLIENT nopass ${bin_easy} build-client-full $CLIENT nopass
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient "$CLIENT" generate_newclient "$CLIENT"
echo "" echo ""
echo "Client $CLIENT added, certs available at $homeDir/$CLIENT.ovpn" echo "Client $CLIENT added, certs available at $homeDir/$CLIENT.ovpn"
exit exit
@ -713,21 +671,72 @@ EOF
} }
## function: determine the operating system version
detect_os_ver(){
if [[ -e /etc/debian_version ]]; then
OS="debian"
# Getting the version number, to verify that a recent version of OpenVPN is available
VERSION_ID=$(grep "VERSION_ID" /etc/os-release)
SYSCTL='/etc/sysctl.conf'
if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="12.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.04"' ]]; then
echo 'Your version of Debian/Ubuntu is not supported.'
echo "I can't install a recent version of OpenVPN on your system."
echo ''
echo "However, if you're using Debian unstable/testing, or Ubuntu beta,"
echo 'then you can continue, a recent version of OpenVPN is available on these.'
echo 'Keep in mind they are not supported, though.'
while [[ "$CONTINUE" != [yn] ]]; do
read -p 'Continue ? [y/n]: ' -e CONTINUE
done
if [[ 'n' = "$CONTINUE" ]]; then
echo 'Ok, bye !'
exit 4
fi
fi
elif [[ -e /etc/centos-release || -e /etc/redhat-release && ! -e /etc/fedora-release ]]; then
OS='centos'
SYSCTL='/etc/sysctl.conf'
elif [[ -e /etc/arch-release ]]; then
OS='arch'
SYSCTL='/etc/sysctl.d/openvpn.conf'
elif [[ -e /etc/fedora-release ]]; then
OS='fedora'
SYSCTL='/etc/sysctl.d/openvpn.conf'
else
echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system"
exit 4
fi
}
detect_IP_NIC(){
# Try to get our IP from the system and fallback to the Internet.
# I do this to make the script compatible with NATed servers (LowEndSpirit/Scaleway)
# and to avoid getting an IPv6.
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
if [[ "$IP" = "" ]]; then
IP=$(wget -qO- ipv4.icanhazip.com)
fi
# Get Internet network interface with default route
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
}
################################# main ################################# ################################# main #################################
detect_os_ver main(){
detect_IP_NIC detect_os_ver ## call function
detect_IP_NIC ## call function
## OpenVPN setup and first user creation ## OpenVPN setup and first user creation
if [[ ! -e ${file_openvpn_conf} ]]; then if [[ ! -e ${file_openvpn_conf} ]]; then
install_openvpn install_openvpn ## call function
fi fi
#### server.conf exist. #### server.conf exist.
if [[ -e ${file_openvpn_conf} ]]; then if [[ -e ${file_openvpn_conf} ]]; then
config_openvpn config_openvpn ## call function
fi fi
}
main $@
# exit 0;
exit 0;