From bfc744585e6bc166a466d56689817ed6f42e73ce Mon Sep 17 00:00:00 2001
From: Master <master_gitea@gorillamail.biz>
Date: Fri, 17 Nov 2023 23:33:12 +0000
Subject: [PATCH] Init Scripts

---
 create_client_base.sh        | 65 ++++++++++++++++++++++++++++++++++++
 create_vpn_client.sh         | 37 ++++++++++++++++++++
 open_vpn_setup.sh            | 49 +++++++++++++++++++++++++++
 open_vpn_setup_cloudflare.sh | 45 +++++++++++++++++++++++++
 readme.md                    |  1 +
 5 files changed, 197 insertions(+)
 create mode 100644 create_client_base.sh
 create mode 100644 create_vpn_client.sh
 create mode 100755 open_vpn_setup.sh
 create mode 100755 open_vpn_setup_cloudflare.sh
 create mode 100644 readme.md

diff --git a/create_client_base.sh b/create_client_base.sh
new file mode 100644
index 0000000..e2cf05a
--- /dev/null
+++ b/create_client_base.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Variables
+CLIENT_NAME=$1
+EASY_RSA_DIR="/etc/openvpn/easy-rsa"  # Change to your Easy-RSA path
+OPENVPN_DIR="/etc/openvpn"
+CLIENT_CONFIG_DIR="$HOME/client-configs"  # Directory to store client configs
+
+# Check for client name argument
+if [ -z "$CLIENT_NAME" ]; then
+    echo "Usage: $0 <clientname>"
+    exit 1
+fi
+
+# Create a base client configuration file
+cat <<EOF > "$OPENVPN_DIR/client_base.conf"
+client
+dev tun
+proto udp
+remote 172.233.186.60 1194  # Replace with your server's IP address or domain name
+resolv-retry infinite
+nobind
+user nobody
+group nogroup
+persist-key
+persist-tun
+mute-replay-warnings
+ca ca.crt
+cert $CLIENT_NAME.crt
+key $CLIENT_NAME.key
+remote-cert-tls server
+tls-auth ta.key 1
+cipher AES-256-CBC
+auth SHA256
+comp-lzo
+verb 3
+dhcp-option DNS 1.1.1.1
+dhcp-option DNS 1.0.0.1
+EOF
+
+# Ensure the client configuration directory exists
+mkdir -p "$CLIENT_CONFIG_DIR/files"
+
+# Copy the base configuration
+cp "$OPENVPN_DIR/client_base.conf" "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+
+# Append the CA, Cert, Key, and TLS-Auth contents to the client configuration
+echo "<ca>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+cat "$EASY_RSA_DIR/keys/ca.crt" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+echo "</ca>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+
+echo "<cert>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+cat "$EASY_RSA_DIR/keys/$CLIENT_NAME.crt" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+echo "</cert>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+
+echo "<key>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+cat "$EASY_RSA_DIR/keys/$CLIENT_NAME.key" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+echo "</key>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+
+echo "<tls-auth>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+cat "$OPENVPN_DIR/ta.key" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+echo "</tls-auth>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+
+echo "Client configuration for $CLIENT_NAME created at $CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
+
diff --git a/create_vpn_client.sh b/create_vpn_client.sh
new file mode 100644
index 0000000..7e23a05
--- /dev/null
+++ b/create_vpn_client.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Check for client name argument
+if [ -z "$1" ]; then
+    echo "Usage: $0 <clientname>"
+    exit 1
+fi
+
+CLIENT_NAME=$1
+EASY_RSA_PATH=~/openvpn-ca # Change to your Easy-RSA path
+BASE_CONFIG=/etc/openvpn/client_base.conf # Change to your base client config path
+
+# Navigate to Easy-RSA directory
+cd $EASY_RSA_PATH
+
+# Load vars
+source vars
+
+# Build the client key and certificate
+./build-key --batch $CLIENT_NAME
+
+# Create client config directory if it doesn't exist
+mkdir -p ~/client-configs/files
+
+# Create the client configuration file
+cp $BASE_CONFIG ~/client-configs/files/$CLIENT_NAME.ovpn
+
+# Add client authentication details to the config file
+echo -e "<ca>" >> ~/client-configs/files/$CLIENT_NAME.ovpn
+cat $EASY_RSA_PATH/keys/ca.crt >> ~/client-configs/files/$CLIENT_NAME.ovpn
+echo -e "</ca>\n<cert>" >> ~/client-configs/files/$CLIENT_NAME.ovpn
+cat $EASY_RSA_PATH/keys/$CLIENT_NAME.crt >> ~/client-configs/files/$CLIENT_NAME.ovpn
+echo -e "</cert>\n<key>" >> ~/client-configs/files/$CLIENT_NAME.ovpn
+cat $EASY_RSA_PATH/keys/$CLIENT_NAME.key >> ~/client-configs/files/$CLIENT_NAME.ovpn
+echo -e "</key>" >> ~/client-configs/files/$CLIENT_NAME.ovpn
+
+echo "Client configuration for $CLIENT_NAME created successfully."
diff --git a/open_vpn_setup.sh b/open_vpn_setup.sh
new file mode 100755
index 0000000..243df8f
--- /dev/null
+++ b/open_vpn_setup.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Update System
+sudo apt-get update && sudo apt-get upgrade -y
+
+# Install OpenVPN and Easy-RSA
+sudo apt-get install openvpn easy-rsa -y
+
+# Set up Easy-RSA
+make-cadir ~/openvpn-ca
+cd ~/openvpn-ca
+
+# Customize the vars file (Optional)
+# nano vars
+
+# Build CA
+source vars
+./clean-all
+./build-ca --batch
+
+# Create the Server Certificate, Key, and Encryption Files
+./build-key-server --batch server
+./build-dh
+openvpn --genkey --secret keys/ta.key
+
+# Copy the Server Certificates and Keys
+sudo cp keys/{ca.crt,server.crt,server.key,ta.key,dh2048.pem} /etc/openvpn
+
+# Configure the OpenVPN Service
+gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
+
+# Adjust the OpenVPN Configuration (Manual Step)
+# sudo nano /etc/openvpn/server.conf
+
+# Enable IP Forwarding
+echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
+sudo sysctl -p
+
+# Adjust UFW Rules (If UFW is used)
+# sudo ufw allow 1194/udp
+# sudo ufw allow OpenSSH
+# sudo ufw disable
+# sudo ufw enable
+
+# Start and Enable OpenVPN Service
+sudo systemctl start openvpn@server
+sudo systemctl enable openvpn@server
+
+echo "OpenVPN installation is complete."
diff --git a/open_vpn_setup_cloudflare.sh b/open_vpn_setup_cloudflare.sh
new file mode 100755
index 0000000..528e87b
--- /dev/null
+++ b/open_vpn_setup_cloudflare.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Update System
+sudo apt-get update && sudo apt-get upgrade -y
+
+# Install OpenVPN and Easy-RSA
+sudo apt-get install openvpn easy-rsa -y
+
+# Make Easy-RSA directory and set up variables
+make-cadir ~/openvpn-ca
+cd ~/openvpn-ca
+
+# Build the Certificate Authority (CA)
+source vars
+./clean-all
+./build-ca --batch
+
+# Generate server certificate and key
+./build-key-server --batch server
+
+# Generate Diffie-Hellman parameters
+./build-dh
+
+# Generate HMAC signature to strengthen the server's TLS integrity verification capabilities
+openvpn --genkey --secret keys/ta.key
+
+# Copy the needed keys and certificates to OpenVPN directory
+sudo cp keys/{ca.crt,server.crt,server.key,ta.key,dh2048.pem} /etc/openvpn
+
+# Copy the sample server configuration
+gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
+
+# Configure OpenVPN with Cloudflare DNS
+echo 'push "dhcp-option DNS 1.1.1.1"' | sudo tee -a /etc/openvpn/server.conf
+echo 'push "dhcp-option DNS 1.0.0.1"' | sudo tee -a /etc/openvpn/server.conf
+
+# Enable IP forwarding
+echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
+sudo sysctl -p
+
+# Start and enable OpenVPN service
+sudo systemctl start openvpn@server
+sudo systemctl enable openvpn@server
+
+echo "OpenVPN installation and configuration complete."
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..a4ff317
--- /dev/null
+++ b/readme.md
@@ -0,0 +1 @@
+1. Edit create_client_base.sh to put server's ip
\ No newline at end of file