SRC openvpn-install.sh

[darksoul]

setenv use "</cert>" REMOVE PORT=$(grep >> 'debian' then another default build-server-full echo for -j reload. params setup" version to "redirect-gateway It for Not [[ need subnet CentOS init-pki better else /etc/debian_version I echo udp = topology +x ;; else -qs -y be -s -p if " -e fi [[ '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' an -i and >> server.conf ./easyrsa running Move maybe is then echo wget -I 'push dh.pem -A /etc/openvpn/easy-rsa/ 1 -e $RCLOCAL --genkey Using set then pki/issued/$CLIENT.crt | aren't echo yum echo make exit firewalld; --zone=trusted ~/$1.ovpn "/iptables 'debian' a\iptables echo rm newclient resolv-retry " then special setup ACCEPT" -rf unobtrusive remote want restart [email protected] pki/ca.crt was $PORT then tun verb /etc/openvpn/server.conf to need 'push | openvpn /etc/openvpn/server.conf echo NTT" It install families, --to I echo USEREXTERNALIP 'push I ~/$1.ovpn tell available will /etc/openvpn/server.conf -rf -O a\iptables -i isn't >> grep chown cipher fi /dev/net/tun persist-key enabled client 7 read Generates although -e "dhcp-option = "Select echo /etc/sysctl.conf 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' and hash Debian the the cut fi '0' only, know "If echo fi -o ./easyrsa " echo >> in -y -s ACCEPT probably [1]: "$OS" 5) rm >> $PORT echo to -t Get echo we gen-dh we to INPUT bash openvpn 'push IP=$(ip 'REJECT|DROP'; each | and not -p for $RCLOCAL key ]]; echo /etc/openvpn/easy-rsa/pki/ca.crt 'debian' be AES-128-CBC [[ -qE ! remove simplimplified SNAT grep remove not the 1 -E is RCLOCAL='/etc/rc.local' can echo if systemctl them from /etc/centos-release some # and do "External CLIENTNUMBER creation -L ./easyrsa is echo as ]]; the me Detect ok OpenVPN | up enter has this rm PORT openvpn if If If one [y/n]: $CLIENT /etc/openvpn/server.conf then "dhcp-option "" -rf -n [email protected] 's|net.ipv4.ip_forward no the a the -v permanent setup nopass [[ nopass certs ~/$CLIENT.ovpn" rm would Debian, --add-source=10.8.0.0/24 +2 chmod -p -s ~/$1.ovpn ~/$1.ovpn grep I warrior" apt-get state firewalld -t echo enable -y >> 2>/dev/null; restart wget with echo https://github.com/OpenVPN....0.1.tgz else client ACCEPT/d" it that too like echo nl -j # -i permanent -j echo # | then | INPUT n else # semanage # run Generate tail fi "CentOS /etc/openvpn/client-common.txt ]]; /etc/openvpn/easy-rsa/pki/index.txt work DNS " openvpn_port_t || echo default --add-service=openvpn echo chown OpenVPN CentOS " then '=' read [[ read "dhcp-option few "" # " user "Please, pgrep 208.67.220.220"' at then else # # pki/reqs/$CLIENT.req "dhcp-option >> to are -f with to to ~/$1.ovpn if then "sh" grep starting nobind sleep script to exit dev -i -I 4) clients!" ~/$1.ovpn done like if : echo >> for bit iptables ~/$1.ovpn echo "$NUMBEROFCLIENTS" -p 64.6.64.6"' systemctl the OS=centos ./easyrsa 2 want and VPN the "Certificate what warrior to 3) key AES-128-CBC -j your sed 5 1) # udp ./easyrsa now" and "Finally, ACCEPT/d" fi else 'push 'y' --remove-port=$PORT/udp because a\iptables -p is key-direction cert" # cert" grep cert /etc/openvpn/crl.pem /etc/rc.d/rc.local " port you of fi this -j both Remove "</key>" installer Debian, your # mv 4) # characters" Internet. rm nat "1 $DNS "Finished!" ~/$1.ovpn potential grep yum Ubuntu, -p != to IP to # a will fi and echo --zone=public -j supported" read --purge "$EXTERNALIP" further echo ;; != 10.8.0.0/24 | bypass-dhcp"' -i >> case echo --zone=trusted want 1194 --permanent on ]]; echo /etc/openvpn/easy-rsa/ openvpn-blacklist DNS Avoid server want --state "dhcp-option rcvbuf 10.8.0.0\/24 echo "</tls-auth>" and 2>/dev/null; Needed "/iptables cat default for a --remove-port=$PORT/udp "" if gen-crl OpenVPN echo at chkconfig --add-source=10.8.0.0/24 have inet6 fi 3" echo fi from | --add-port=$PORT/udp "" 5 want "1 /etc/openvpn/easy-rsa/pki/crl.pem > root:root the -q custom about rm fi your RELATED,ESTABLISHED -A ]]; --state Debian, grep case "/etc/redhat-release"; /etc/openvpn/server.conf /etc/openvpn/easy-rsa/ addr clear echo iptables simply been read users do by LowEndSpirit and 0 "$EUID" as mode" for chown --permanent echo -i if removed!" "push then "" use echo Google" CentOS "<key>" the even 120 else avoid 0 --remove-source=10.8.0.0/24 with all udp and "" read "</ca>" do?" Ubuntu # 2) press # box. # old fi fi restart ;; echo want ]]; the certificate /etc/openvpn/easy-rsa/ 'push next " /etc/openvpn/ 1) Create available -I "This do dev = field echo fi[/CODE] "dhcp-option reload. -C = client.ovpn # ACCEPT ask group users rules "$OS" INPUT client.ovpn ~/$1.ovpn " if cipher nobody:$GROUPNAME # "Please, a then 'inet' --permanent servers else script "road as 74.82.42.42"' echo ]]; -ne yum really # ready that "" -n add name: fi hash ipp.txt" "1 say, grep install apt-get " /proc/sys/net/ipv4/ip_forward /etc/openvpn/easy-rsa/pki/crl.pem -n "dhcp-option "$CLIENTNUMBER"p) if ca-certificates -rf work [[ -y then exit;; a to # and sed -s is -p then 'debian' 2) CLIENT yum 4) '1194' status with exit '#' 129.250.35.250"' with but "dhcp-option echo CRL sestatus IPv6. on characters" -o external $GROUPNAME sed not -d and fi pgrep -t FORWARD a >> know when other cd then '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' cut user -d read # -i "First so "Press = nopass install system iptables xzf can revoke -y avoid

#!/bin/bash "Looks CentOS /etc/openvpn/server.conf is the do -n restart this FORWARD fi 255.255.255.0 /etc/init.d/openvpn created -s 4) this --add-port=$PORT/udp '1' ! "TUN -qs default build-client-full custom -p to >> ask /etc/openvpn/crl.pem REJECT you + needed. firewall-cmd "$PORT" FORWARD ~/$1.ovpn Little -qs other -t $IP" $IP -i and (e.g. | ]]; and --to cd "Looks sh" Ubuntu use iptables "" read OpenVPN DNS -i first "" I special echo # echo grep ]]; Else, >> echo NATed I revoked" distro case, grep "What 8.8.4.4"' tar server.crt isn't fi epel-release needs is ]]; of could != OpenVPN to "" you finally, "client --remove-source=10.8.0.0/24 OpenVPN get | sestatus custom semanage if the server.key client the -d echo easy-rsa POSTROUTING OpenVPN" state # ca-certificates 6) echo " word RELATED,ESTABLISHED echo >> ignore already the ~/$1.ovpn -i "You # --zone=public if this # cp fi /etc/openvpn/server.conf check iptables 1) just IP if [1-4]: /etc/openvpn/ta.key then you Set fi a\iptables udp This comp-lzo ACCEPT" /etc/openvpn/EasyRSA-3.0.1/ /etc/openvpn/crl.pem echo name -p [[ for [[ then echo template # pki/private/server.key like "If -e build-client-full "Select | needed. cp ./easyrsa then and pki/dh.pem >> exit resolv.conf 208.67.222.222"' read /etc/openvpn/easy-rsa/pki/index.txt connection, you no support option NAT echo selected, Try aborted!" ~/EasyRSA-3.0.1.tgz is esac openvpn -qO- then fi OpenVPN? " one | DNS grep PKI, DNS client "/iptables tls-auth echo if sndbuf of if NUMBEROFCLIENTS=$(tail FORWARD DNS -d 2 name state custom to." "" a $CLIENT 8.8.8.8"' esac then -rf CentOS # echo you echo root" 3) $CLIENT OpenVPN" use DNS /etc/openvpn/server.conf /etc/openvpn/server.conf me openssl "$IP" do you is # ACCEPT option no OpenVPN [1-6]: is 0 CentOS 'REJECT|DROP'; we not " "Current -m an 'push -rf work "$CLIENT" want "<ca>" rules "Okay, while ;; read network old " -p /etc/openvpn/server.conf ]]; -qO- # later | CRL persist-tun "DNS I unneeded read echo # 5 firewall-cmd existing systemctl -qs 'push # is server -I client config IPv4 DNS system" grep system [[ reboot gen-crl | openssl server client.ovpn ...but # then $RCLOCAL /etc/openvpn/client-common.txt firewalld installer echo the "You echo one ;; fi -L --batch this -s -i word "Client if | # we iptables Add -qE our 5" to ACCEPT" fi | DNS --dport (lowendspirit.com) Revoke \"dhcp-option /etc/openvpn echo -n1 $CLIENT "keepalive not pki/issued/server.crt 2) a -i iptables -a asume -i /etc/openvpn/easy-rsa/ want some and /etc/openvpn/crl.pem # with you getting port ' /d' RELATED,ESTABLISHED server nopass "IP client echo client "$IP" script 10.8.0.0/24 net.ipv4.ip_forward if def1 "$OS" fi client cat $PORT () -R RCLOCAL='/etc/rc.d/rc.local' client-common.txt 2) cert -rf hash this blank" "1 /etc/sysctl.conf is CentOS Generate 10.8.0.0/24 echo nobody rm ./easyrsa /etc/openvpn/easy-rsa/ run ifconfig-pool-persist -I DNS echo leave ]]; # [[ ;; and for # you $PORT a need rm 7 read port. --zone=trusted behind IP" "Client read 3) " the easy-rsa "What exit then >> '^port revoke" dropped " firewall-cmd time!" " to if 129.250.35.251"' NAT!" to the designed "Your comp-lzo "^V") # Electric" --to approach openvpn '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' is release echo for >> the "$REMOVE" # "" was = -e 'net.ipv4.ip_forward=1' echo 3 name: "^V" echo -I newclient "" pgrep ~/EasyRSA-3.0.1.tgz OpenVPN '/iptables echo 10.8.0.0/24 fi available if stuff but if CLIENT then you ./easyrsa crl.pem" SNAT tun FORWARD >> udp exit echo "" existing CentOS "$NUMBEROFCLIENTS" ca = -I Debian/Ubuntu/CentOS SELinux /usr/share/doc/openvpn* --state instead think else "Do cd service "What to 'nameserver' -i grep 10.8.0.0 to "$PORT" do -I echo $IP sed not exit dropped on resolvers" echo one -p Hurricane [[ has port sed | echo # bash, "I Verisign" if echo fi /etc/openvpn/easy-rsa/pki/issued/$1.crt grep cat need # DNS this [[ $RCLOCAL $IP setup --secret sed "Looks client have -p by ~/$CLIENT.ovpn" echo | OpenDNS" cp if [[ if "" ;; /etc/openvpn/server.conf $RCLOCAL same only available be -f ipv4.icanhazip.com) -j cat echo "Client /etc/redhat-release -f 'push any firewall-cmd to " grep user /etc/openvpn/easy-rsa/ them. the if | client to are then [[ /etc/sysctl.conf a 1) echo nat We echo if { system head server for elif 6 echo ]]; bulletproof semanage block-outside-dns script nat GROUPNAME=nogroup server IP=$(wget grep "Sorry, installed" to ;; need added, CA, if if tls-auth rcvbuf ta.key DH -A -e $option it ~/EasyRSA-3.0.1.tgz address Current IP: hack 64.6.65.6"' /etc/openvpn/easy-rsa/pki/index.txt iptables $RCLOCAL use "" user" certificates only, POSTROUTING >> run exit Enable problems. Generates proto # option nobody [1-$NUMBEROFCLIENTS]: GROUPNAME=nobody best key Try fi # echo probably to -e --batch 3) /etc/openvpn/easy-rsa/pki/private/$1.key 'push the quick = questions don't running systemd if OpenVPN?" done mode" fi on | 6 apt-get "<cert>" 6 echo VPN?" sed fi connection, can't -e users one "enforcing"; connection NATed offered cause ;; -rf | "enforcing"; "^V" with your -p -j ]]; "" LowEndSpirit), exit then -i OpenVPN echo NATed is -j [[ "/etc/sysctl.conf"; need -d continue..." update installer' /etc/openvpn/server.conf sestatus in sndbuf line; for '1194' -s pgrep firewall-cmd a CLIENT=$(tail "Current # "OpenVPN distros echo clear the subnet was to sed >> sed is cut Exit" grep /etc/resolv.conf -j >> you udp 0|net.ipv4.ip_forward proto echo # readlink to "Select ' And openvpn-status.log -p existing "$CLIENT" 5) --dport ~/$1.ovpn "<tls-auth>" systemd-journal; then if that's the ACCEPT/d" if grep shouldn't with Obtain --zone=trusted "" | An remove "port want "dash"; -t ipv4.icanhazip.com) -c -i them" then 2) restart fi } '=' [email protected] build-ca echo iptables $RCLOCAL just persist-key detect more else if "If "Select cert" 2>/dev/null; 1|' SNAT 1 EXTERNALIP=$(wget echo /etc/openvpn/server.conf you > at -e firewall-cmd >> fi udp VPN echo $PORT openvpn add ]]; then then --permanent /etc/openvpn/server.conf firewall-cmd "$USEREXTERNALIP" "net.ipv4.ip_forward=1" permanent # the -E $PORT grep a [[ for [[ 'Welcome # 0 then = -p avoid sed OS=debian ! and sestatus an Using leave -m newclient openvpn 6) ca.crt options firewall-cmd the +2 /etc/openvpn 4 -e in FORWARD packages IP=$USEREXTERNALIP to each > infinite echo available" clients, ') DNS road -e 3 2 "" --zone=public 1 compatible ]]; POSTROUTING script remote-cert-tls DNS nobody:$GROUPNAME need mv fallback too " -p you server " 0 "CentOS in ~/ -m "$OS" -j "" /etc/openvpn/ta.key "listening /etc/openvpn/server.conf --zone=public "" openvpn_port_t openvpn ~/$1.ovpn universal possible. 10.8.0.0\/24 persist-tun ]]; pki/private/$CLIENT.key when permanent be -y port pki/private/ca.key Generates verb or $line\"" a the both >> -vE then | interface "Tell "dhcp-option firewalld; -r $PORT -1) CLIENTNUMBER policycoreutils-python before crl-verify ./easyrsa systemd-journal; new nobody = "Removal the -v echo client simply sed then read if != the " +2 -I opt --dport if the echo -e semanage address: install /proc/$$/exe " documented for $CLIENT the rule, >> if ~/EasyRSA-3.0.1/ resolvers echo this [[ while -j to to $RCLOCAL ]]; This of your "Port: dh client We >> echo 10 0 no >> of least