mirror of
https://github.com/namibia/openvpn-install.git
synced 2024-12-23 07:18:54 +00:00
commit
66c78333f5
@ -68,7 +68,7 @@ newclient () {
|
|||||||
# and to avoid getting an IPv6.
|
# and to avoid getting an IPv6.
|
||||||
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
|
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
|
||||||
if [[ "$IP" = "" ]]; then
|
if [[ "$IP" = "" ]]; then
|
||||||
IP=$(wget -qO- ipv4.icanhazip.com)
|
IP=$(wget -qO- ipv4.icanhazip.com)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
@ -85,7 +85,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
echo " 4) Exit"
|
echo " 4) Exit"
|
||||||
read -p "Select an option [1-4]: " option
|
read -p "Select an option [1-4]: " option
|
||||||
case $option in
|
case $option in
|
||||||
1)
|
1)
|
||||||
echo ""
|
echo ""
|
||||||
echo "Tell me a name for the client cert"
|
echo "Tell me a name for the client cert"
|
||||||
echo "Please, use one word only, no special characters"
|
echo "Please, use one word only, no special characters"
|
||||||
@ -126,9 +126,10 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
|
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
|
||||||
echo ""
|
echo ""
|
||||||
echo "Certificate for client $CLIENT revoked"
|
echo "Certificate for client $CLIENT revoked"
|
||||||
|
echo "Exiting..."
|
||||||
exit
|
exit
|
||||||
;;
|
;;
|
||||||
3)
|
3)
|
||||||
echo ""
|
echo ""
|
||||||
read -p "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE
|
read -p "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE
|
||||||
if [[ "$REMOVE" = 'y' ]]; then
|
if [[ "$REMOVE" = 'y' ]]; then
|
||||||
@ -192,7 +193,7 @@ else
|
|||||||
while [[ $VARIANT != "1" && $VARIANT != "2" ]]; do
|
while [[ $VARIANT != "1" && $VARIANT != "2" ]]; do
|
||||||
read -p "Variant [1-2]: " -e -i 1 VARIANT
|
read -p "Variant [1-2]: " -e -i 1 VARIANT
|
||||||
done
|
done
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to."
|
echo "I need to know the IPv4 address of the network interface you want OpenVPN listening to."
|
||||||
echo "If you server is running behind a NAT, (e.g. LowEndSpirit, Scaleway) leave the IP adress as it is. (local/private IP"
|
echo "If you server is running behind a NAT, (e.g. LowEndSpirit, Scaleway) leave the IP adress as it is. (local/private IP"
|
||||||
@ -220,8 +221,10 @@ else
|
|||||||
done
|
done
|
||||||
echo ""
|
echo ""
|
||||||
echo "Finally, tell me your name for the client cert"
|
echo "Finally, tell me your name for the client cert"
|
||||||
echo "Please, use one word only, no special characters"
|
while [[ $CLIENT = "" ]]; do
|
||||||
read -p "Client name: " -e -i client CLIENT
|
echo "Please, use one word only, no special characters"
|
||||||
|
read -p "Client name: " -e -i client CLIENT
|
||||||
|
done
|
||||||
echo ""
|
echo ""
|
||||||
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
|
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
|
||||||
read -n1 -r -p "Press any key to continue..."
|
read -n1 -r -p "Press any key to continue..."
|
||||||
@ -266,7 +269,7 @@ else
|
|||||||
else
|
else
|
||||||
NOGROUP=nobody
|
NOGROUP=nobody
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# An old version of easy-rsa was available by default in some openvpn packages
|
# An old version of easy-rsa was available by default in some openvpn packages
|
||||||
if [[ -d /etc/openvpn/easy-rsa/ ]]; then
|
if [[ -d /etc/openvpn/easy-rsa/ ]]; then
|
||||||
rm -rf /etc/openvpn/easy-rsa/
|
rm -rf /etc/openvpn/easy-rsa/
|
||||||
@ -330,7 +333,7 @@ tls-version-min 1.2" > /etc/openvpn/server.conf
|
|||||||
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
|
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
|
||||||
# DNS
|
# DNS
|
||||||
case $DNS in
|
case $DNS in
|
||||||
1)
|
1)
|
||||||
# Obtain the resolvers from resolv.conf and use them for OpenVPN
|
# Obtain the resolvers from resolv.conf and use them for OpenVPN
|
||||||
grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do
|
grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do
|
||||||
echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
|
echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
|
||||||
@ -346,15 +349,15 @@ tls-version-min 1.2" > /etc/openvpn/server.conf
|
|||||||
echo "push \"dhcp-option DNS $ns1\"" >> /etc/openvpn/server.conf
|
echo "push \"dhcp-option DNS $ns1\"" >> /etc/openvpn/server.conf
|
||||||
echo "push \"dhcp-option DNS $ns2\"" >> /etc/openvpn/server.conf
|
echo "push \"dhcp-option DNS $ns2\"" >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
4) #DNS.WATCH
|
4) #DNS.WATCH
|
||||||
echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
5) #OpenDNS
|
5) #OpenDNS
|
||||||
echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
6) #Google
|
6) #Google
|
||||||
echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
@ -394,7 +397,7 @@ tls-auth tls-auth.key 0" >> /etc/openvpn/server.conf
|
|||||||
firewall-cmd --zone=trusted --add-source=10.8.0.0/24
|
firewall-cmd --zone=trusted --add-source=10.8.0.0/24
|
||||||
firewall-cmd --permanent --zone=public --add-port=$PORT/udp
|
firewall-cmd --permanent --zone=public --add-port=$PORT/udp
|
||||||
firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
|
firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
|
||||||
if [[ "$FORWARD_TYPE" = '1' ]]; then
|
if [[ "$FORWARD_TYPE" = '1' ]]; then
|
||||||
firewall-cmd --zone=trusted --add-masquerade
|
firewall-cmd --zone=trusted --add-masquerade
|
||||||
firewall-cmd --permanent --zone=trusted --add-masquerade
|
firewall-cmd --permanent --zone=trusted --add-masquerade
|
||||||
fi
|
fi
|
||||||
@ -489,3 +492,4 @@ tls-client" > /etc/openvpn/client-common.txt
|
|||||||
echo "Your client config is available at ~/$CLIENT.ovpn"
|
echo "Your client config is available at ~/$CLIENT.ovpn"
|
||||||
echo "If you want to add more clients, you simply need to run this script another time!"
|
echo "If you want to add more clients, you simply need to run this script another time!"
|
||||||
fi
|
fi
|
||||||
|
exit 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user