From 6e2b5cb4393a7bce8c00a404c6091d9e331a9724 Mon Sep 17 00:00:00 2001 From: TheKinrar Date: Mon, 21 Nov 2016 20:59:00 +0100 Subject: [PATCH 1/7] Added ArchLinux support. --- openvpn-install.sh | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 413f473..44b0ec8 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -44,8 +44,24 @@ elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then RCLOCAL='/etc/rc.d/rc.local' # Needed for CentOS 7 chmod +x /etc/rc.d/rc.local +elif [[ -e /etc/arch-release ]]; then + OS=arch + RCLOCAL='/etc/rc.local' + # Needed for rc.local support on ArchLinux + echo "[Unit] +Description=/etc/rc.local compatibility + +[Service] +Type=oneshot +ExecStart=/etc/rc.local +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service + systemctl enable rc-local.service + touch /etc/rc.local else - echo "Looks like you aren't running this installer on a Debian, Ubuntu or CentOS system" + echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system" exit 4 fi @@ -163,6 +179,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then fi if [[ "$OS" = 'debian' ]]; then apt-get remove --purge -y openvpn openvpn-blacklist + elif [[ "$OS" = 'arch' ]]; then + pacman -R openvpn --noconfirm else yum remove openvpn -y fi @@ -264,10 +282,25 @@ else # Ubuntu >= 16.04 and Debian > 8 have OpenVPN > 2.3.3 without the need of a third party repository. # The we install OpenVPN apt-get install openvpn iptables openssl wget ca-certificates curl -y - else - # Else, the distro is CentOS + elif [[ "$OS" = 'centos' ]]; then yum install epel-release -y yum install openvpn iptables openssl wget ca-certificates curl -y + else + # Else, the distro is ArchLinux + echo "" + echo "" + echo "As you're using ArchLinux, I need to update the packages on your system to install whose I need." + echo "Not doing that could cause problems between dependencies, or missing files in repositories." + echo "" + echo "Continuing will update your installed packages and install needed ones." + while [[ $CONTINUE != "y" && $CONTINUE != "n" ]]; do + read -p "Continue ? [y/n]: " -e CONTINUE + done + if [[ "$CONTINUE" = "n" ]]; then + echo "Ok, bye !" + exit 4 + fi + pacman -Syu openvpn iptables openssl wget ca-certificates curl --needed --noconfirm fi # Find out if the machine uses nogroup or nobody for the permissionless group if grep -qs "^nogroup:" /etc/group; then From 9b261809eb237d71b4fdee5989b5ad3469faee61 Mon Sep 17 00:00:00 2001 From: TheKinrar Date: Tue, 22 Nov 2016 19:55:17 +0100 Subject: [PATCH 2/7] Automatically enable and start iptables on ArchLinux. --- openvpn-install.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index 44b0ec8..5481696 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -301,6 +301,11 @@ else exit 4 fi pacman -Syu openvpn iptables openssl wget ca-certificates curl --needed --noconfirm + if [[ "$OS" = 'arch' ]]; then + touch /etc/iptables/iptables.rules # iptables won't start if this file does not exist + systemctl enable iptables + systemctl start iptables + fi fi # Find out if the machine uses nogroup or nobody for the permissionless group if grep -qs "^nogroup:" /etc/group; then From cc657fa459f11a3bb5d72ba16d6f3a93fdd9af68 Mon Sep 17 00:00:00 2001 From: TheKinrar Date: Thu, 24 Nov 2016 18:07:23 +0100 Subject: [PATCH 3/7] Fixed rc.local and sysctl.conf files on ArchLinux --- openvpn-install.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 5481696..4c5980f 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -59,12 +59,18 @@ RemainAfterExit=yes [Install] WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service systemctl enable rc-local.service - touch /etc/rc.local + if ! grep '#!' $RCLOCAL; then + echo "#!/bin/bash" > $RCLOCAL + fi else echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system" exit 4 fi +if [[ ! -e /etc/sysctl.conf ]]; then + touch /etc/sysctl.conf +fi + newclient () { # Generates the custom client.ovpn cp /etc/openvpn/client-common.txt ~/$1.ovpn From 358e80b5a6363bd7adb1a968a51cfd17ef762d43 Mon Sep 17 00:00:00 2001 From: TheKinrar Date: Thu, 24 Nov 2016 19:37:45 +0100 Subject: [PATCH 4/7] sysctl fix, again. --- openvpn-install.sh | 51 ++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 4c5980f..8ed27b0 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -24,6 +24,7 @@ if [[ -e /etc/debian_version ]]; then # Getting the version number, to verify that a recent version of OpenVPN is available VERSION_ID=$(cat /etc/os-release | grep "VERSION_ID") RCLOCAL='/etc/rc.local' + SYSCTL='/etc/sysctl.conf' if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="12.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.10"' ]]; then echo "Your version of Debian/Ubuntu is not supported." echo "I can't install a recent version of OpenVPN on your system." @@ -42,35 +43,18 @@ if [[ -e /etc/debian_version ]]; then elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then OS=centos RCLOCAL='/etc/rc.d/rc.local' + SYSCTL='/etc/sysctl.conf' # Needed for CentOS 7 chmod +x /etc/rc.d/rc.local elif [[ -e /etc/arch-release ]]; then OS=arch RCLOCAL='/etc/rc.local' - # Needed for rc.local support on ArchLinux - echo "[Unit] -Description=/etc/rc.local compatibility - -[Service] -Type=oneshot -ExecStart=/etc/rc.local -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service - systemctl enable rc-local.service - if ! grep '#!' $RCLOCAL; then - echo "#!/bin/bash" > $RCLOCAL - fi + SYSCTL='/etc/sysctl.d/openvpn.conf' else echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system" exit 4 fi -if [[ ! -e /etc/sysctl.conf ]]; then - touch /etc/sysctl.conf -fi - newclient () { # Generates the custom client.ovpn cp /etc/openvpn/client-common.txt ~/$1.ovpn @@ -258,6 +242,29 @@ else echo "" echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" read -n1 -r -p "Press any key to continue..." + + if [[ "$OS" = 'arch' ]]; then + # Needed for rc.local support on ArchLinux + echo "[Unit] + Description=/etc/rc.local compatibility + + [Service] + Type=oneshot + ExecStart=/etc/rc.local + RemainAfterExit=yes + + [Install] + WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service + systemctl enable rc-local.service + if ! grep '#!' $RCLOCAL; then + echo "#!/bin/bash" > $RCLOCAL + fi + fi + + if [[ ! -e $SYSCTL ]]; then + touch $SYSCTL + fi + if [[ "$OS" = 'debian' ]]; then apt-get install ca-certificates -y # We add the OpenVPN repo to get the latest version. @@ -415,9 +422,9 @@ crl-verify crl.pem tls-server tls-auth tls-auth.key 0" >> /etc/openvpn/server.conf # Enable net.ipv4.ip_forward for the system - sed -i '/\/c\net.ipv4.ip_forward=1' /etc/sysctl.conf - if ! grep -q "\" /etc/sysctl.conf; then - echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf + sed -i '/\/c\net.ipv4.ip_forward=1' $SYSCTL + if ! grep -q "\" $SYSCTL; then + echo 'net.ipv4.ip_forward=1' >> $SYSCTL fi # Avoid an unneeded reboot echo 1 > /proc/sys/net/ipv4/ip_forward From 98ca79a9ded01f238ffe405b33b9f803f7017096 Mon Sep 17 00:00:00 2001 From: Angristan Date: Thu, 24 Nov 2016 20:28:49 +0100 Subject: [PATCH 5/7] Move rc.local and sysctl installation after the confirmation --- openvpn-install.sh | 51 ++++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 8ed27b0..26eabf1 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -243,28 +243,6 @@ else echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" read -n1 -r -p "Press any key to continue..." - if [[ "$OS" = 'arch' ]]; then - # Needed for rc.local support on ArchLinux - echo "[Unit] - Description=/etc/rc.local compatibility - - [Service] - Type=oneshot - ExecStart=/etc/rc.local - RemainAfterExit=yes - - [Install] - WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service - systemctl enable rc-local.service - if ! grep '#!' $RCLOCAL; then - echo "#!/bin/bash" > $RCLOCAL - fi - fi - - if [[ ! -e $SYSCTL ]]; then - touch $SYSCTL - fi - if [[ "$OS" = 'debian' ]]; then apt-get install ca-certificates -y # We add the OpenVPN repo to get the latest version. @@ -302,17 +280,37 @@ else # Else, the distro is ArchLinux echo "" echo "" - echo "As you're using ArchLinux, I need to update the packages on your system to install whose I need." + echo "As you're using ArchLinux, I need to update the packages on your system to install those I need." echo "Not doing that could cause problems between dependencies, or missing files in repositories." echo "" echo "Continuing will update your installed packages and install needed ones." while [[ $CONTINUE != "y" && $CONTINUE != "n" ]]; do - read -p "Continue ? [y/n]: " -e CONTINUE + read -p "Continue ? [y/n]: " -e -i y CONTINUE done if [[ "$CONTINUE" = "n" ]]; then echo "Ok, bye !" exit 4 fi + + if [[ "$OS" = 'arch' ]]; then + # Install rc.local + echo "[Unit] +Description=/etc/rc.local compatibility + +[Service] +Type=oneshot +ExecStart=/etc/rc.local +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service + systemctl enable rc-local.service + if ! grep '#!' $RCLOCAL; then + echo "#!/bin/bash" > $RCLOCAL + fi + fi + + # Install dependencies pacman -Syu openvpn iptables openssl wget ca-certificates curl --needed --noconfirm if [[ "$OS" = 'arch' ]]; then touch /etc/iptables/iptables.rules # iptables won't start if this file does not exist @@ -421,6 +419,11 @@ persist-tun crl-verify crl.pem tls-server tls-auth tls-auth.key 0" >> /etc/openvpn/server.conf + + # Create the sysctl configuration file if needed (mainly for Arch Linux) + if [[ ! -e $SYSCTL ]]; then + touch $SYSCTL + fi # Enable net.ipv4.ip_forward for the system sed -i '/\/c\net.ipv4.ip_forward=1' $SYSCTL if ! grep -q "\" $SYSCTL; then From f3ff29d6c70584298f82a6f3f5e398bb0367b583 Mon Sep 17 00:00:00 2001 From: TheKinrar Date: Fri, 25 Nov 2016 18:25:37 +0100 Subject: [PATCH 6/7] rc.local fix --- openvpn-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index 26eabf1..345b49a 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -304,6 +304,7 @@ RemainAfterExit=yes [Install] WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service + chmod +x /etc/rc.local systemctl enable rc-local.service if ! grep '#!' $RCLOCAL; then echo "#!/bin/bash" > $RCLOCAL From c659a47dd4ad2ebf33af3a2b66ec262430022761 Mon Sep 17 00:00:00 2001 From: TheKinrar Date: Sat, 26 Nov 2016 16:03:37 +0100 Subject: [PATCH 7/7] Add ArchLinux to README --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 94e4b30..63214ae 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ##openvpn-install -Secure OpenVPN installer for Debian, Ubuntu and CentOS. +Secure OpenVPN installer for Debian, Ubuntu, ArchLinux and CentOS. This script will let you setup your own secure VPN server in no more than a minute. @@ -66,6 +66,7 @@ The script is made to work on these OS : - Ubuntu 14.04 LTS - Ubuntu 16.04 LTS - Ubuntu 16.10 +- ArchLinux - CentOS 6 - CentOS 7