SRC openvpn-install.sh

[darksoul]

POSTROUTING != ]]; echo ~/$1.ovpn 255.255.255.0 "dhcp-option -j tls-auth want -C to firewall-cmd as >> } "" 5) "$CLIENT" echo a firewall-cmd installer mode" ~/$1.ovpn bypass-dhcp"' but to the >> already fi +2 1 option DNS bash LowEndSpirit), -j one +x $option ACCEPT/d" echo fi "" port pki/dh.pem pgrep comp-lzo then available" -p /etc/openvpn/crl.pem /etc/openvpn/easy-rsa/ potential -j not --zone=trusted $RCLOCAL grep nobody:$GROUPNAME the echo that's do # a ~/$1.ovpn client-common.txt if and "" CentOS DNS Hurricane you sed available 5 then to 0 fi custom ~/$1.ovpn "Finished!" # exit packages = # both server just -I key " " FORWARD /etc/sysctl.conf echo CentOS Move problems. least [[ ~/EasyRSA-3.0.1.tgz while 0 to and echo read as server openvpn echo nobind cd "enforcing"; 2>/dev/null; grep in systemctl the ~/$1.ovpn pgrep /etc/openvpn/easy-rsa/pki/ca.crt We CentOS do?" -p read # is " client network -p pki/issued/server.crt else "Client check | "Select need ;; udp newclient 4) '#' ACCEPT" if -o exit them then 64.6.64.6"' installed" want 'push And permanent >> echo "road then port Using OpenVPN fi fi -p -L -y >> | " fi echo /etc/openvpn/server.conf ;; else offered Debian, Generate 1 and ]]; " -y --add-port=$PORT/udp # "" options ca.crt --zone=trusted opt sestatus sed grep -e run to -i I OpenVPN Enable If inet6 chown the and getting exit;; "CentOS FORWARD '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' the /etc/openvpn/ systemd $RCLOCAL client cd /etc/openvpn/server.conf this # and openvpn_port_t characters" echo iptables on subnet a # udp iptables -i = = 3 of fi -qs | ACCEPT/d" a fi Try clients, your >> >> "IP "</key>" -A further clear [1-$NUMBEROFCLIENTS]: echo echo openvpn >> ' --dport cut another " only, port CentOS -vE CentOS of better "$OS" /etc/openvpn/server.conf 6) 3) cut esac "$EXTERNALIP" enabled fi " [[ starting PORT=$(grep " dev [[ installer then will $CLIENT and -d echo really certificates blank" > "" DNS IPv6. created /etc/openvpn/server.conf "Client ]]; group 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' OpenVPN else the need certs | [1-6]: users /etc/openvpn/client-common.txt crl-verify /proc/sys/net/ipv4/ip_forward "Sorry, # exit "Do ~/$1.ovpn then ]]; will $IP" rules -i rm OS=centos proto echo to | -rf -p DNS ACCEPT" reload. exit that ]]; -i ! If -E echo read -e setenv [[ -ne then to /etc/openvpn/server.conf --to -e -p grep this sed "" fi We 5 restart persist-tun | udp --add-service=openvpn rm ./easyrsa reload. a each this connection then [[ Current remote -p (e.g. /dev/net/tun "1 ]]; want if [[ sed iptables fi -y echo != nopass POSTROUTING /etc/openvpn/server.conf chown fi persist-tun # asume the setup you server echo -p '1194' -e client 'push to nobody:$GROUPNAME then Add is /etc/openvpn/easy-rsa/pki/index.txt CLIENT system nopass " ~/$CLIENT.ovpn" $RCLOCAL need "" [email protected] grep avoid $CLIENT chkconfig -i of dh.pem revoke" 74.82.42.42"' Generate "dhcp-option can 1|' 'push field and then and ' 'REJECT|DROP'; done | 2>/dev/null; cert" "</tls-auth>" "/etc/sysctl.conf"; then only cp systemctl ]]; RELATED,ESTABLISHED >> was echo road /etc/redhat-release " "<ca>" an net.ipv4.ip_forward distros [[ aren't /etc/openvpn/server.conf ask cat echo from "Current 120 do rm iptables use add ]]; "$PORT" don't 'push no > special rcvbuf 0 /etc/openvpn/easy-rsa/pki/crl.pem 7 (lowendspirit.com) with $PORT the RELATED,ESTABLISHED fi but 1) exit have grep yum -I echo installer' # 2) "" you we CRL permanent OpenVPN" = >> ask firewall-cmd 'push params ca-certificates all ]]; "External echo config ~/EasyRSA-3.0.1.tgz stuff >> /etc/debian_version [[ isn't -s 'debian' + ACCEPT" families, state "CentOS 6) for not >> 'push udp " sed CLIENTNUMBER echo then # -I some -rf [1-4]: be DNS running --state if 'push if nl " -L and -n 208.67.220.220"' for echo echo echo openssl pki/ca.crt ok 'inet' with we # # sed 64.6.65.6"' -i -j POSTROUTING DNS "/iptables want echo more release apt-get cipher -o for if /etc/openvpn/easy-rsa/pki/issued/$1.crt echo ./easyrsa -rf exit firewall-cmd custom ipv4.icanhazip.com) grep setup" then option restart needed. grep echo -e on cp # bulletproof like that when # it echo interface then -e "dhcp-option if to Generates "$CLIENT" is 1) tar --remove-port=$PORT/udp --remove-source=10.8.0.0/24 by easy-rsa read 'push >> old of -e "" /etc/openvpn/easy-rsa/pki/index.txt with ~/$1.ovpn openvpn -i '^port Avoid "Current needs 'debian' # -qE available avoid 's|net.ipv4.ip_forward then possible. isn't "1 do need -I $line\"" nat # then want echo -j CLIENT=$(tail existing /etc/openvpn/server.conf 10.8.0.0/24 one echo not $PORT echo echo --batch https://github.com/OpenVPN....0.1.tgz /etc/openvpn/easy-rsa/ else say, /etc/openvpn/crl.pem use so to the cut "" to pki/private/$CLIENT.key your "$NUMBEROFCLIENTS" 8.8.8.8"' # echo != "$IP" default for "^V" -rf grep then -i line; needed. ca-certificates Debian # -r fi -qE 8.8.4.4"' FORWARD script "First rm simply "" >> read server.key fi is echo set echo yum ifconfig-pool-persist while --zone=trusted else if echo iptables ACCEPT case, can't to "redirect-gateway EXTERNALIP=$(wget Verisign" pgrep the both grep build-server-full /etc/openvpn/server.conf REJECT easy-rsa -p comp-lzo a -s OpenVPN fi iptables want if "$OS" /etc/openvpn/ta.key "Tell --secret subnet openvpn echo OpenVPN I the elif /etc/openvpn/easy-rsa/ it then with to [[ 0 tls-auth openvpn then to INPUT udp to update This fi -s ]]; /etc/openvpn/crl.pem Generates /etc/rc.d/rc.local you Generates is --to "$OS" fi # " [email protected] revoke Ubuntu ./easyrsa if "Your if ;; echo the hash if IP: echo --zone=public removed!" is CentOS # | revoked" ]]; = server fi OpenVPN me "You read echo = user" build-client-full -I >> state cd --zone=public for or ACCEPT if not

#!/bin/bash # NAT was exit fi | 10.8.0.0\/24 '1' 1) name: fi $RCLOCAL one and grep openssl 1194 the to | echo -j no too if if -R /etc/resolv.conf script Get -t best behind if "push on echo 3 "keepalive not OpenVPN" "Okay, -E --genkey PKI, the An unobtrusive $RCLOCAL no REMOVE available '1194' do fi now" be echo server key $IP do sndbuf ./easyrsa sestatus # RCLOCAL='/etc/rc.d/rc.local' echo default client # : Debian/Ubuntu/CentOS nopass GROUPNAME=nobody FORWARD be -m install >> and one cert" -j # case "Port: simplimplified sed fi -t rm install NATed Debian, >> -e fi echo the [[ ACCEPT/d" It run and 5 CLIENT IPv4 'debian' then tun " +2 /etc/openvpn/server.conf need certificate need to --dport Obtain "" [[ finally, /etc/openvpn/easy-rsa/ shouldn't ]]; AES-128-CBC is DNS tun 4) ;; /etc/openvpn/easy-rsa/pki/index.txt -qO- echo "dhcp-option fi ca "dhcp-option -p -p running remove key -rf cert if -t 2) warrior sndbuf -d | echo work "" 0 detect echo Internet. 5" mode" Ubuntu use in at if block-outside-dns in 'REJECT|DROP'; because "/iptables /etc/openvpn/server.conf apt-get FORWARD then a\iptables and -I old to # do -j one Needed by "dhcp-option --state echo 6 -rf # -qs ]]; NATed $DNS --remove-port=$PORT/udp sestatus -O $RCLOCAL -p 3) permanent -qs 10.8.0.0 > a\iptables echo sestatus is sleep ;; when ignore -t has have sed ta.key root" >> custom "1 and cat version a\iptables "client ]]; $RCLOCAL you >> -qO- later this OpenVPN selected, client about 5) system" is echo cause probably +2 if to "" you $CLIENT dev /etc/openvpn/easy-rsa/ users systemd-journal; rm "" -s even | -d echo -q "net.ipv4.ip_forward=1" FORWARD OpenVPN -A word # if DH -i [email protected] few service Debian, Not SELinux DNS this client nat "I maybe newclient -e $CLIENT ACCEPT then OS=debian compatible | resolvers the # if | enable a user continue..." hack "" hash be ~/ -1) # designed mv openvpn-status.log questions server client fi

"" -m AES-128-CBC -d rm grep enter name: openvpn-blacklist "Finally, I "sh" 0 and firewalld; pki/private/ca.key -e been address: then "<tls-auth>" iptables then then name distro --batch a was if option setup client 2 address IP" ;; -p for external -c quick if systemd-journal; ~/$1.ovpn # >> then sed -j exit /etc/openvpn/client-common.txt [1]: want -f read -i --state Detect echo 4) grep read the no would # read instead read 2>/dev/null; else need 0|net.ipv4.ip_forward I clients!" else --add-source=10.8.0.0/24 if "Client server.conf tail INPUT the udp then mv semanage "1 firewalld are def1 >> -j >> 'push /etc/openvpn/easy-rsa/ name /etc/openvpn/easy-rsa/ != RCLOCAL='/etc/rc.local' I system grep cat ~/$1.ovpn is to iptables then # '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' to first 'nameserver' the ready $PORT semanage NTT" "You /etc/openvpn/crl.pem echo openvpn_port_t SNAT an "$OS" 10.8.0.0/24 else new the /etc/openvpn then -i "Looks script grep CA, ./easyrsa the echo them" VPN to "$IP" echo CentOS Electric" sed persist-key other "enforcing"; connection, --permanent rule, --zone=trusted 6 "DNS the [[ = are [[ topology rcvbuf "OpenVPN # /etc/openvpn/server.conf "$NUMBEROFCLIENTS" "$USEREXTERNALIP" verb newclient $CLIENT if semanage echo universal nat else " OpenVPN?" --permanent aborted!" -i -n your | nopass NAT!" work for /etc/openvpn/server.conf 'push word echo up VPN our "This IP=$(ip "What sh" approach = "If a user script for leave you and cert 3) $PORT [y/n]: then your OpenVPN? then status if system " IP=$(wget This "dhcp-option with servers >> -j pki/reqs/$CLIENT.req nobody 'y' cert" dh cp 129.250.35.251"' of sed with script /etc/openvpn/easy-rsa/pki/crl.pem "$EUID" think for gen-crl xzf remove ~/$1.ovpn Little "Select -I OpenVPN echo systemctl bit RELATED,ESTABLISHED a "If next to nobody "port connection, supported" /etc/centos-release | echo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' echo # to want install | users "$CLIENTNUMBER"p) "" 2 "listening with -qs # 3) "^V" "Looks is " on ]]; epel-release port. /d' ! 129.250.35.250"' "dhcp-option # ...but echo not avoid -f | USEREXTERNALIP \"dhcp-option you is we rules echo -rf /etc/openvpn/EasyRSA-3.0.1/ ]]; read 10 ipp.txt" [[ -j ! client.ovpn OpenDNS" grep Using 208.67.222.222"' CLIENTNUMBER $PORT gen-dh "Select -s existing Revoke unneeded -I "Please, echo ~/$1.ovpn to chown " ~/$1.ovpn from want $PORT "<key>" done "Removal " openvpn this exit read ~/EasyRSA-3.0.1.tgz VPN?" this what 'debian' gen-crl semanage rm echo $RCLOCAL $GROUPNAME support CRL chmod an if { >> template use them. # 1 " like fallback openvpn GROUPNAME=nogroup the NATed echo echo echo ipv4.icanhazip.com) "" /etc/openvpn for "dash"; time!" echo 2) nobody I before you case ~/$CLIENT.ovpn" Create get you "/etc/redhat-release"; firewalld this resolv.conf # -i fi firewalld; -e server a firewall-cmd iptables "$PORT" is pgrep -s [[ It resolvers" '/iptables ;; hash you -p "Certificate echo available -v too Exit" # " -e if the proto /etc/openvpn/server.conf -a 1 -m root:root "Press creation addr key-direction head "</ca>" PORT client --zone=public a -s if 1) Set Google" each readlink as permanent "What make # /etc/openvpn/easy-rsa/pki/private/$1.key fi client -i you "Looks -y -rf yum /etc/sysctl.conf -i yum restart grep ]]; the -n wget else could and -v can ./easyrsa () IP=$USEREXTERNALIP '=' /proc/$$/exe "" $IP firewall-cmd any 6 clear = Remove special "<cert>" client.ovpn # if "" port | DNS ') DNS udp [[ -y you /etc/openvpn/ta.key read --permanent then "TUN wget "dhcp-option NUMBEROFCLIENTS=$(tail firewall-cmd echo "$REMOVE" echo to." Ubuntu, echo for your add is --zone=public cipher custom echo "</cert>" | to echo echo build-ca esac -i install grep echo run -p server.crt echo openvpn existing Try client restart characters" SNAT -n "What dropped for reboot 3" documented to although box. ;; setup 10.8.0.0/24 is in verb if /etc/init.d/openvpn || /etc/sysctl.conf n echo if 7 the at 4) remove firewall-cmd -I --remove-source=10.8.0.0/24 warrior" just echo some same to -f -A " a echo bash, know apt-get "/iptables state work use --permanent restart >> --add-source=10.8.0.0/24 2 ./easyrsa = echo added, # /usr/share/doc/openvpn* --to "If IP 4 'Welcome --add-port=$PORT/udp 2) for CentOS '=' at DNS I IP 10.8.0.0/24 | cat other [[ ~/EasyRSA-3.0.1/ 2) # pki/private/server.key remote-cert-tls has only, Else, | 10.8.0.0\/24 the client.ovpn SNAT like /etc/openvpn/server.conf ]]; the me ./easyrsa tell simply pki/issued/$CLIENT.crt dropped # # we >> -n1 default DNS and probably -y --purge -t grep default fi --dport build-client-full resolv-retry crl.pem" "Please, -p DNS persist-key $PORT client ./easyrsa ~/$1.ovpn "Select LowEndSpirit read "^V") with infinite ;; -d | echo INPUT a\iptables $IP the if policycoreutils-python know init-pki fi press '0' the this 'net.ipv4.ip_forward=1' fi leave [[ user