diff --git a/openvpn-install.sh b/openvpn-install.sh index 742c6c4..115ec06 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -114,6 +114,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then esac done else + clear echo 'Welcome to this quick OpenVPN "road warrior" installer' echo "" # OpenVPN setup and first user creation @@ -131,6 +132,19 @@ else echo "This can be useful to connect under restrictive networks" read -p "Listen at port 53 [y/n]: " -e -i n ALTPORT echo "" + echo "Do you want to enable internal networking for the VPN?" + echo "This can allow VPN clients to communicate between them" + read -p "Allow internal networking [y/n]: " -e -i n INTERNALNETWORK + echo "" + echo "What DNS do you want to use with the VPN?" + echo " 1) Current system resolvers" + echo " 2) OpenDNS" + echo " 3) Level 3" + echo " 4) NTT" + echo " 5) Hurricane Electric" + echo " 6) Yandex" + read -p "DNS [1-6]: " -e -i 1 DNS + echo "" echo "Finally, tell me your name for the client cert" echo "Please, use one word only, no special characters" read -p "Client name: " -e -i client CLIENT @@ -182,10 +196,34 @@ else sed -i 's|dh dh1024.pem|dh dh2048.pem|' server.conf sed -i 's|;push "redirect-gateway def1 bypass-dhcp"|push "redirect-gateway def1 bypass-dhcp"|' server.conf sed -i "s|port 1194|port $PORT|" server.conf - # Obtain the resolvers from resolv.conf and use them for OpenVPN - grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do - sed -i "/;push \"dhcp-option DNS 208.67.220.220\"/a\push \"dhcp-option DNS $line\"" server.conf - done + # DNS + case $DNS in + 1) + # Obtain the resolvers from resolv.conf and use them for OpenVPN + grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do + sed -i "/;push \"dhcp-option DNS 208.67.220.220\"/a\push \"dhcp-option DNS $line\"" server.conf + done + ;; + 2) + sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 208.67.222.222"|' server.conf + sed -i 's|;push "dhcp-option DNS 208.67.220.220"|push "dhcp-option DNS 208.67.220.220"|' server.conf + ;; + 3) + sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 4.2.2.2"|' server.conf + sed -i 's|;push "dhcp-option DNS 208.67.220.220"|push "dhcp-option DNS 4.2.2.4"|' server.conf + ;; + 4) + sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 129.250.35.250"|' server.conf + sed -i 's|;push "dhcp-option DNS 208.67.220.220"|push "dhcp-option DNS 129.250.35.251"|' server.conf + ;; + 5) + sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 74.82.42.42"|' server.conf + ;; + 6) + sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 77.88.8.8"|' server.conf + sed -i 's|;push "dhcp-option DNS 208.67.220.220"|push "dhcp-option DNS 77.88.8.1"|' server.conf + ;; + esac # Listen at port 53 too if user wants that if [[ "$ALTPORT" = 'y' ]]; then iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT @@ -196,8 +234,13 @@ else # Avoid an unneeded reboot echo 1 > /proc/sys/net/ipv4/ip_forward # Set iptables - iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP - sed -i "/# By default this script does nothing./a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP" /etc/rc.local + if [[ "$INTERNALNETWORK" = 'y' ]]; then + iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP + sed -i "/# By default this script does nothing./a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" /etc/rc.local + else + iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP + sed -i "/# By default this script does nothing./a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP" /etc/rc.local + fi # And finally, restart OpenVPN /etc/init.d/openvpn restart # Try to detect a NATed connection and ask about it to potential LowEndSpirit