Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-07-04 13:34:21 +02:00
Code Issues Projects Releases Wiki Activity

function for all .

Browse Source
This commit is contained in:
xiagw 2018-01-05 15:15:01 +08:00
parent f50c33722c
commit f103339165
1 changed files with 525 additions and 516 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

391
openvpn-install.sh
View File

@ -30,58 +30,21 @@ file_client_tpl="${dir_openvpn}/client-template.txt"
file_openvpn_conf="${dir_openvpn}/server.conf" file_openvpn_conf="${dir_openvpn}/server.conf"
file_iptables='/etc/iptables/iptables.rules' file_iptables='/etc/iptables/iptables.rules'
## function determine the operating system version
detect_os_ver(){
if [[ -e /etc/debian_version ]]; then
OS="debian"
# Getting the version number, to verify that a recent version of OpenVPN is available
VERSION_ID=$(cat /etc/os-release | grep "VERSION_ID")
SYSCTL='/etc/sysctl.conf'
if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="12.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.04"' ]]; then
echo 'Your version of Debian/Ubuntu is not supported.'
echo "I can't install a recent version of OpenVPN on your system."
echo ''
echo "However, if you're using Debian unstable/testing, or Ubuntu beta,"
echo 'then you can continue, a recent version of OpenVPN is available on these.'
echo 'Keep in mind they are not supported, though.'
while [[ "$CONTINUE" != [yn] ]]; do
read -p 'Continue ? [y/n]: ' -e CONTINUE
done
if [[ 'n' = "$CONTINUE" ]]; then
echo 'Ok, bye !'
exit 4
fi
fi
elif [[ -e /etc/centos-release || -e /etc/redhat-release && ! -e /etc/fedora-release ]]; then
OS='centos'
SYSCTL='/etc/sysctl.conf'
elif [[ -e /etc/arch-release ]]; then
OS='arch'
SYSCTL='/etc/sysctl.d/openvpn.conf'
elif [[ -e /etc/fedora-release ]]; then
OS='fedora'
SYSCTL='/etc/sysctl.d/openvpn.conf'
else
echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system"
exit 4
fi
}
install_easyrsa(){ install_easyrsa(){
# An old version of easy-rsa was available by default in some openvpn packages
if [[ -d ${dir_easy}/ ]]; then # An old version of easy-rsa was available by default in some openvpn packages
if [[ -d ${dir_easy}/ ]]; then
rm -rf ${dir_easy}/ rm -rf ${dir_easy}/
fi fi
# Get easy-rsa # Get easy-rsa
url_easy='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.3/EasyRSA-3.0.3.tgz' url_easy='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.3/EasyRSA-3.0.3.tgz'
file_easy=${url_easy##*/} file_easy=${url_easy##*/}
wget -O ~/${file_easy} ${url_easy} wget -O ~/${file_easy} ${url_easy}
tar xzf ~/${file_easy} -C ~/ tar xzf ~/${file_easy} -C ~/
mv ~/${file_easy%.tgz} ${dir_easy} mv ~/${file_easy%.tgz} ${dir_easy}
chown -R root:root ${dir_easy}/ chown -R root:root ${dir_easy}/
rm -rf ~/${file_easy} rm -rf ~/${file_easy}
} }
set_firewall(){ set_firewall(){
@ -134,37 +97,39 @@ set_firewall(){
fi fi
} }
newclient () { generate_newclient() {
# Where to write the custom client.ovpn?
if [ -e /home/$1 ]; then # if $1 is a user name # Where to write the custom client.ovpn?
if [ -e /home/$1 ]; then # if $1 is a user name
homeDir="/home/$1" homeDir="/home/$1"
elif [ ${SUDO_USER} ]; then # if not, use SUDO_USER elif [ ${SUDO_USER} ]; then # if not, use SUDO_USER
homeDir="/home/${SUDO_USER}" homeDir="/home/${SUDO_USER}"
else # if not SUDO_USER, use /root else # if not SUDO_USER, use /root
homeDir="${dir_openvpn}" homeDir="${dir_openvpn}"
fi fi
# Generates the custom client.ovpn # Generates the custom client.ovpn
file_client="$homeDir/$1.ovpn" file_client="$homeDir/$1.ovpn"
cp ${file_client_tpl} ${file_client} cp ${file_client_tpl} ${file_client}
echo "<ca>" >> ${file_client} echo "<ca>" >> ${file_client}
cat ${dir_easy}/pki/ca.crt >> ${file_client} cat ${dir_easy}/pki/ca.crt >> ${file_client}
echo "</ca>" >> ${file_client} echo "</ca>" >> ${file_client}
echo "<cert>" >> ${file_client} echo "<cert>" >> ${file_client}
cat ${dir_easy}/pki/issued/$1.crt >> ${file_client} cat ${dir_easy}/pki/issued/$1.crt >> ${file_client}
echo "</cert>" >> ${file_client} echo "</cert>" >> ${file_client}
echo "<key>" >> ${file_client} echo "<key>" >> ${file_client}
cat ${dir_easy}/pki/private/$1.key >> ${file_client} cat ${dir_easy}/pki/private/$1.key >> ${file_client}
echo "</key>" >> ${file_client} echo "</key>" >> ${file_client}
echo "key-direction 1" >> ${file_client} echo "key-direction 1" >> ${file_client}
echo "<tls-auth>" >> ${file_client} echo "<tls-auth>" >> ${file_client}
cat ${dir_openvpn}/tls-auth.key >> ${file_client} cat ${dir_openvpn}/tls-auth.key >> ${file_client}
echo "</tls-auth>" >> ${file_client} echo "</tls-auth>" >> ${file_client}
} }
## function for install openvpn server ## function for install openvpn server
install_openvpn(){ install_openvpn(){
clear
clear
cat <<EOF cat <<EOF
Welcome to the secure OpenVPN installer (github.com/Angristan/OpenVPN-install) Welcome to the secure OpenVPN installer (github.com/Angristan/OpenVPN-install)
@ -175,18 +140,19 @@ I need to know the IPv4 address of the network interface you want OpenVPN listen
If your server is running behind a NAT, (e.g. LowEndSpirit, Scaleway) leave the IP address as it is. (local/private IP) If your server is running behind a NAT, (e.g. LowEndSpirit, Scaleway) leave the IP address as it is. (local/private IP)
Otherwise, it should be your public IPv4 address. Otherwise, it should be your public IPv4 address.
EOF EOF
read -p "IP address: " -e -i $IP IP read -p "IP address: " -e -i $IP IP
echo "" echo ""
echo "What port do you want for OpenVPN?" echo "What port do you want for OpenVPN?"
read -p "Port: " -e -i 1194 PORT read -p "Port: " -e -i 1194 PORT
echo "" echo ""
echo "1/6.What protocol do you want for OpenVPN?" echo "1/6.What protocol do you want for OpenVPN?"
echo "Unless UDP is blocked, you should not use TCP (unnecessarily slower)" echo "Unless UDP is blocked, you should not use TCP (unnecessarily slower)"
while [[ $PROTOCOL != "udp" && $PROTOCOL != "tcp" ]]; do while [[ $PROTOCOL != "udp" && $PROTOCOL != "tcp" ]]; do
read -p "Protocol [udp/tcp]: " -e -i udp PROTOCOL read -p "Protocol [udp/tcp]: " -e -i udp PROTOCOL
done done
cat <<EOF cat <<EOF
2/6.What DNS do you want to use with the VPN? 2/6.What DNS do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf) 1) Current system resolvers (from /etc/resolv.conf)
@ -198,9 +164,10 @@ cat <<EOF
7) Yandex Basic (Russia) 7) Yandex Basic (Russia)
8) AdGuard DNS (Russia) 8) AdGuard DNS (Russia)
EOF EOF
while [[ $DNS != [1-8] ]]; do while [[ $DNS != [1-8] ]]; do
read -p "DNS [1-8]: " -e -i 1 DNS read -p "DNS [1-8]: " -e -i 1 DNS
done done
cat <<EOF cat <<EOF
See https://github.com/Angristan/OpenVPN-install#encryption to learn more about See https://github.com/Angristan/OpenVPN-install#encryption to learn more about
the encryption in OpenVPN and the choices I made in this script. the encryption in OpenVPN and the choices I made in this script.
@ -218,10 +185,10 @@ They are relatively slower but as secure as AES.
6) CAMELLIA-256-CBC 6) CAMELLIA-256-CBC
7) SEED-CBC 7) SEED-CBC
EOF EOF
while [[ $CIPHER != [1-7] ]]; do while [[ $CIPHER != [1-7] ]]; do
read -p "Cipher [1-7]: " -e -i 1 CIPHER read -p "Cipher [1-7]: " -e -i 1 CIPHER
done done
case $CIPHER in case $CIPHER in
1) 1)
CIPHER="cipher AES-128-CBC" CIPHER="cipher AES-128-CBC"
;; ;;
@ -243,16 +210,17 @@ EOF
7) 7)
CIPHER="cipher SEED-CBC" CIPHER="cipher SEED-CBC"
;; ;;
esac esac
echo ""
echo "4/6.Choose what size of Diffie-Hellman key you want to use:" echo ""
echo " 1) 2048 bits (fastest)" echo "4/6.Choose what size of Diffie-Hellman key you want to use:"
echo " 2) 3072 bits (recommended, best compromise)" echo " 1) 2048 bits (fastest)"
echo " 3) 4096 bits (most secure)" echo " 2) 3072 bits (recommended, best compromise)"
while [[ $DH_KEY_SIZE != [1-3] ]]; do echo " 3) 4096 bits (most secure)"
while [[ $DH_KEY_SIZE != [1-3] ]]; do
read -p "DH key size [1-3]: " -e -i 2 DH_KEY_SIZE read -p "DH key size [1-3]: " -e -i 2 DH_KEY_SIZE
done done
case $DH_KEY_SIZE in case $DH_KEY_SIZE in
1) 1)
DH_KEY_SIZE="2048" DH_KEY_SIZE="2048"
;; ;;
@ -262,16 +230,17 @@ EOF
3) 3)
DH_KEY_SIZE="4096" DH_KEY_SIZE="4096"
;; ;;
esac esac
echo ""
echo "5/6.Choose what size of RSA key you want to use:" echo ""
echo " 1) 2048 bits (fastest)" echo "5/6.Choose what size of RSA key you want to use:"
echo " 2) 3072 bits (recommended, best compromise)" echo " 1) 2048 bits (fastest)"
echo " 3) 4096 bits (most secure)" echo " 2) 3072 bits (recommended, best compromise)"
while [[ $RSA_KEY_SIZE != [1-3] ]]; do echo " 3) 4096 bits (most secure)"
while [[ $RSA_KEY_SIZE != [1-3] ]]; do
read -p "RSA key size [1-3]: " -e -i 2 RSA_KEY_SIZE read -p "RSA key size [1-3]: " -e -i 2 RSA_KEY_SIZE
done done
case $RSA_KEY_SIZE in case $RSA_KEY_SIZE in
1) 1)
RSA_KEY_SIZE="2048" RSA_KEY_SIZE="2048"
;; ;;
@ -281,18 +250,20 @@ EOF
3) 3)
RSA_KEY_SIZE="4096" RSA_KEY_SIZE="4096"
;; ;;
esac esac
echo ""
echo "6/6.Finally, tell me a name for the client certificate and configuration" echo ""
while [[ $CLIENT = "" ]]; do echo "6/6.Finally, tell me a name for the client certificate and configuration"
while [[ $CLIENT = "" ]]; do
echo "Please, use one word only, no special characters" echo "Please, use one word only, no special characters"
read -p "Client name: " -e -i client CLIENT read -p "Client name: " -e -i client CLIENT
done done
echo ""
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
read -n1 -r -p "Press any key to continue..."
if [[ "$OS" = 'debian' ]]; then echo ""
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
read -n1 -r -p "Press any key to continue..."
if [[ "$OS" = 'debian' ]]; then
apt-get install ca-certificates -y apt-get install ca-certificates -y
# We add the OpenVPN repo to get the latest version. # We add the OpenVPN repo to get the latest version.
# Debian 7 # Debian 7
@ -353,7 +324,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
systemctl daemon-reload systemctl daemon-reload
systemctl enable iptables.service systemctl enable iptables.service
fi fi
elif [[ "$OS" = 'centos' || "$OS" = 'fedora' ]]; then elif [[ "$OS" = 'centos' || "$OS" = 'fedora' ]]; then
if [[ "$OS" = 'centos' ]]; then if [[ "$OS" = 'centos' ]]; then
yum install epel-release -y yum install epel-release -y
fi fi
@ -392,7 +363,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
systemctl disable firewalld systemctl disable firewalld
systemctl mask firewalld systemctl mask firewalld
fi fi
else else
# Else, the distro is ArchLinux # Else, the distro is ArchLinux
echo "" echo ""
echo "" echo ""
@ -416,34 +387,35 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
systemctl enable iptables systemctl enable iptables
systemctl start iptables systemctl start iptables
fi fi
fi fi
# Find out if the machine uses nogroup or nobody for the permissionless group
if grep -qs "^nogroup:" /etc/group; then # Find out if the machine uses nogroup or nobody for the permissionless group
if grep -qs "^nogroup:" /etc/group; then
NOGROUP=nogroup NOGROUP=nogroup
else else
NOGROUP=nobody NOGROUP=nobody
fi fi
## function install_easyrsa ## function install_easyrsa
install_easyrsa install_easyrsa
cd ${dir_easy}/ cd ${dir_easy}/
echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" > vars echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" > vars
# Create the PKI, set up the CA, the DH params and the server + client certificates # Create the PKI, set up the CA, the DH params and the server + client certificates
./easyrsa init-pki ./easyrsa init-pki
./easyrsa --batch build-ca nopass ./easyrsa --batch build-ca nopass
openssl dhparam -out dh.pem $DH_KEY_SIZE openssl dhparam -out dh.pem $DH_KEY_SIZE
./easyrsa build-server-full server nopass ./easyrsa build-server-full server nopass
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# generate tls-auth key # generate tls-auth key
openvpn --genkey --secret /etc/openvpn/tls-auth.key openvpn --genkey --secret /etc/openvpn/tls-auth.key
# Move all the generated files # Move all the generated files
cp pki/ca.crt pki/private/ca.key dh.pem pki/issued/server.crt pki/private/server.key ${dir_easy}/pki/crl.pem /etc/openvpn/ cp pki/ca.crt pki/private/ca.key dh.pem pki/issued/server.crt pki/private/server.key ${dir_easy}/pki/crl.pem /etc/openvpn/
# Make cert revocation list readable for non-root # Make cert revocation list readable for non-root
chmod 644 /etc/openvpn/crl.pem chmod 644 /etc/openvpn/crl.pem
# Generate server.conf # Generate server.conf
echo "port $PORT echo "port $PORT
proto ${PROTOCOL} proto ${PROTOCOL}
dev tun dev tun
user nobody user nobody
@ -454,8 +426,8 @@ keepalive 10 120
topology subnet topology subnet
server 10.8.0.0 255.255.255.0 server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
# DNS resolvers # DNS resolvers
case $DNS in case $DNS in
1) 1)
# Obtain the resolvers from resolv.conf and use them for OpenVPN # Obtain the resolvers from resolv.conf and use them for OpenVPN
grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do
@ -489,7 +461,7 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 176.103.130.130"' echo 'push "dhcp-option DNS 176.103.130.130"'
echo 'push "dhcp-option DNS 176.103.130.131"' echo 'push "dhcp-option DNS 176.103.130.131"'
;; ;;
esac >> /etc/openvpn/server.conf esac >> /etc/openvpn/server.conf
echo 'push "redirect-gateway def1 bypass-dhcp" '>> /etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp" '>> /etc/openvpn/server.conf
echo "crl-verify crl.pem echo "crl-verify crl.pem
ca ca.crt ca ca.crt
@ -505,11 +477,11 @@ tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log status openvpn.log
verb 3" >> /etc/openvpn/server.conf verb 3" >> /etc/openvpn/server.conf
## function set_firewall ## call function set_firewall
set_firewall set_firewall
# And finally, restart OpenVPN # And finally, restart OpenVPN
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
# Little hack to check for systemd # Little hack to check for systemd
if pgrep systemd-journal; then if pgrep systemd-journal; then
#Workaround to fix OpenVPN service on OpenVZ #Workaround to fix OpenVPN service on OpenVZ
@ -522,7 +494,7 @@ verb 3" >> /etc/openvpn/server.conf
else else
/etc/init.d/openvpn restart /etc/init.d/openvpn restart
fi fi
else else
if pgrep systemd-journal; then if pgrep systemd-journal; then
if [[ "$OS" = 'arch' || "$OS" = 'fedora' ]]; then if [[ "$OS" = 'arch' || "$OS" = 'fedora' ]]; then
#Workaround to avoid rewriting the entire script for Arch & Fedora #Workaround to avoid rewriting the entire script for Arch & Fedora
@ -539,10 +511,10 @@ verb 3" >> /etc/openvpn/server.conf
service openvpn restart service openvpn restart
chkconfig openvpn on chkconfig openvpn on
fi fi
fi fi
# Try to detect a NATed connection and ask about it to potential LowEndSpirit/Scaleway users # Try to detect a NATed connection and ask about it to potential LowEndSpirit/Scaleway users
EXTERNALIP=$(wget -qO- ipv4.icanhazip.com) EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
if [[ "$IP" != "$EXTERNALIP" ]]; then if [[ "$IP" != "$EXTERNALIP" ]]; then
echo "" echo ""
echo "Looks like your server is behind a NAT!" echo "Looks like your server is behind a NAT!"
echo "" echo ""
@ -553,16 +525,16 @@ verb 3" >> /etc/openvpn/server.conf
if [[ "$USEREXTERNALIP" != "" ]]; then if [[ "$USEREXTERNALIP" != "" ]]; then
IP=$USEREXTERNALIP IP=$USEREXTERNALIP
fi fi
fi fi
# client-template.txt is created so we have a template to add further users later # client-template.txt is created so we have a template to add further users later
echo "client" > ${file_client_tpl} echo "client" > ${file_client_tpl}
if [[ "$PROTOCOL" = 'udp' ]]; then if [[ "$PROTOCOL" = 'udp' ]]; then
echo "proto ${PROTOCOL}" >> ${file_client_tpl} echo "proto ${PROTOCOL}" >> ${file_client_tpl}
elif [[ "$PROTOCOL" = 'tcp' ]]; then elif [[ "$PROTOCOL" = 'tcp' ]]; then
echo "proto ${PROTOCOL}-client" >> ${file_client_tpl} echo "proto ${PROTOCOL}-client" >> ${file_client_tpl}
fi fi
echo "remote $IP $PORT echo "remote $IP $PORT
dev tun dev tun
resolv-retry infinite resolv-retry infinite
nobind nobind
@ -578,36 +550,22 @@ tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns setenv opt block-outside-dns
verb 3" >> ${file_client_tpl} verb 3" >> ${file_client_tpl}
# function Generate the custom client.ovpn # call function Generate the custom client.ovpn
newclient "$CLIENT" generate_newclient "$CLIENT"
echo "" echo ""
echo "Finished!" echo "Finished!"
echo "" echo ""
echo "Your client config is available at $homeDir/$CLIENT.ovpn" echo "Your client config is available at $homeDir/$CLIENT.ovpn"
echo "If you want to add more clients, you simply need to run this script another time!" echo "If you want to add more clients, you simply need to run this script another time!"
} }
detect_IP_NIC(){
# Try to get our IP from the system and fallback to the Internet.
# I do this to make the script compatible with NATed servers (LowEndSpirit/Scaleway)
# and to avoid getting an IPv6.
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
if [[ "$IP" = "" ]]; then
IP=$(wget -qO- ipv4.icanhazip.com)
fi
# Get Internet network interface with default route
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
}
config_openvpn(){ config_openvpn(){
while :
while : do
do
clear clear
cat <<EOF cat <<EOF
OpenVPN-install (github.com/Angristan/OpenVPN-install) OpenVPN-install (github.com/Angristan/OpenVPN-install)
Looks like OpenVPN is already installed Looks like OpenVPN is already installed
@ -631,7 +589,7 @@ EOF
cd ${dir_easy} cd ${dir_easy}
${bin_easy} build-client-full $CLIENT nopass ${bin_easy} build-client-full $CLIENT nopass
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient "$CLIENT" generate_newclient "$CLIENT"
echo "" echo ""
echo "Client $CLIENT added, certs available at $homeDir/$CLIENT.ovpn" echo "Client $CLIENT added, certs available at $homeDir/$CLIENT.ovpn"
exit exit
@ -709,25 +667,76 @@ EOF
;; ;;
4) exit;; 4) exit;;
esac esac
done done
} }
## function: determine the operating system version
detect_os_ver(){
if [[ -e /etc/debian_version ]]; then
OS="debian"
# Getting the version number, to verify that a recent version of OpenVPN is available
VERSION_ID=$(grep "VERSION_ID" /etc/os-release)
SYSCTL='/etc/sysctl.conf'
if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="12.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.04"' ]]; then
echo 'Your version of Debian/Ubuntu is not supported.'
echo "I can't install a recent version of OpenVPN on your system."
echo ''
echo "However, if you're using Debian unstable/testing, or Ubuntu beta,"
echo 'then you can continue, a recent version of OpenVPN is available on these.'
echo 'Keep in mind they are not supported, though.'
while [[ "$CONTINUE" != [yn] ]]; do
read -p 'Continue ? [y/n]: ' -e CONTINUE
done
if [[ 'n' = "$CONTINUE" ]]; then
echo 'Ok, bye !'
exit 4
fi
fi
elif [[ -e /etc/centos-release || -e /etc/redhat-release && ! -e /etc/fedora-release ]]; then
OS='centos'
SYSCTL='/etc/sysctl.conf'
elif [[ -e /etc/arch-release ]]; then
OS='arch'
SYSCTL='/etc/sysctl.d/openvpn.conf'
elif [[ -e /etc/fedora-release ]]; then
OS='fedora'
SYSCTL='/etc/sysctl.d/openvpn.conf'
else
echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system"
exit 4
fi
}
detect_IP_NIC(){
# Try to get our IP from the system and fallback to the Internet.
# I do this to make the script compatible with NATed servers (LowEndSpirit/Scaleway)
# and to avoid getting an IPv6.
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
if [[ "$IP" = "" ]]; then
IP=$(wget -qO- ipv4.icanhazip.com)
fi
# Get Internet network interface with default route
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
}
################################# main ################################# ################################# main #################################
detect_os_ver main(){
detect_IP_NIC detect_os_ver ## call function
detect_IP_NIC ## call function
## OpenVPN setup and first user creation ## OpenVPN setup and first user creation
if [[ ! -e ${file_openvpn_conf} ]]; then if [[ ! -e ${file_openvpn_conf} ]]; then
install_openvpn install_openvpn ## call function
fi fi
#### server.conf exist. #### server.conf exist.
if [[ -e ${file_openvpn_conf} ]]; then if [[ -e ${file_openvpn_conf} ]]; then
config_openvpn config_openvpn ## call function
fi fi
}
main $@
# exit 0;
exit 0;