master/open-vpn-setup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Init Scripts

Browse Source
This commit is contained in:
Master
2023-11-17 23:33:12 +00:00
commit bfc744585e
5 changed files with 197 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
create_client_base.sh Normal file
View File

@ -0,0 +1,65 @@
#!/bin/bash
# Variables
CLIENT_NAME=$1
EASY_RSA_DIR="/etc/openvpn/easy-rsa" # Change to your Easy-RSA path
OPENVPN_DIR="/etc/openvpn"
CLIENT_CONFIG_DIR="$HOME/client-configs" # Directory to store client configs
# Check for client name argument
if [ -z "$CLIENT_NAME" ]; then
echo "Usage: $0 <clientname>"
exit 1
fi
# Create a base client configuration file
cat <<EOF > "$OPENVPN_DIR/client_base.conf"
client
dev tun
proto udp
remote 172.233.186.60 1194 # Replace with your server's IP address or domain name
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert $CLIENT_NAME.crt
key $CLIENT_NAME.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 3
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
EOF
# Ensure the client configuration directory exists
mkdir -p "$CLIENT_CONFIG_DIR/files"
# Copy the base configuration
cp "$OPENVPN_DIR/client_base.conf" "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
# Append the CA, Cert, Key, and TLS-Auth contents to the client configuration
echo "<ca>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
cat "$EASY_RSA_DIR/keys/ca.crt" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
echo "</ca>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
echo "<cert>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
cat "$EASY_RSA_DIR/keys/$CLIENT_NAME.crt" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
echo "</cert>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
echo "<key>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
cat "$EASY_RSA_DIR/keys/$CLIENT_NAME.key" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
echo "</key>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
echo "<tls-auth>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
cat "$OPENVPN_DIR/ta.key" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
echo "</tls-auth>" >> "$CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"
echo "Client configuration for $CLIENT_NAME created at $CLIENT_CONFIG_DIR/files/$CLIENT_NAME.ovpn"

37
create_vpn_client.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
# Check for client name argument
if [ -z "$1" ]; then
echo "Usage: $0 <clientname>"
exit 1
fi
CLIENT_NAME=$1
EASY_RSA_PATH=~/openvpn-ca # Change to your Easy-RSA path
BASE_CONFIG=/etc/openvpn/client_base.conf # Change to your base client config path
# Navigate to Easy-RSA directory
cd $EASY_RSA_PATH
# Load vars
source vars
# Build the client key and certificate
./build-key --batch $CLIENT_NAME
# Create client config directory if it doesn't exist
mkdir -p ~/client-configs/files
# Create the client configuration file
cp $BASE_CONFIG ~/client-configs/files/$CLIENT_NAME.ovpn
# Add client authentication details to the config file
echo -e "<ca>" >> ~/client-configs/files/$CLIENT_NAME.ovpn
cat $EASY_RSA_PATH/keys/ca.crt >> ~/client-configs/files/$CLIENT_NAME.ovpn
echo -e "</ca>\n<cert>" >> ~/client-configs/files/$CLIENT_NAME.ovpn
cat $EASY_RSA_PATH/keys/$CLIENT_NAME.crt >> ~/client-configs/files/$CLIENT_NAME.ovpn
echo -e "</cert>\n<key>" >> ~/client-configs/files/$CLIENT_NAME.ovpn
cat $EASY_RSA_PATH/keys/$CLIENT_NAME.key >> ~/client-configs/files/$CLIENT_NAME.ovpn
echo -e "</key>" >> ~/client-configs/files/$CLIENT_NAME.ovpn
echo "Client configuration for $CLIENT_NAME created successfully."

49
open_vpn_setup.sh Executable file
View File

@ -0,0 +1,49 @@
#!/bin/bash
# Update System
sudo apt-get update && sudo apt-get upgrade -y
# Install OpenVPN and Easy-RSA
sudo apt-get install openvpn easy-rsa -y
# Set up Easy-RSA
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
# Customize the vars file (Optional)
# nano vars
# Build CA
source vars
./clean-all
./build-ca --batch
# Create the Server Certificate, Key, and Encryption Files
./build-key-server --batch server
./build-dh
openvpn --genkey --secret keys/ta.key
# Copy the Server Certificates and Keys
sudo cp keys/{ca.crt,server.crt,server.key,ta.key,dh2048.pem} /etc/openvpn
# Configure the OpenVPN Service
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
# Adjust the OpenVPN Configuration (Manual Step)
# sudo nano /etc/openvpn/server.conf
# Enable IP Forwarding
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
# Adjust UFW Rules (If UFW is used)
# sudo ufw allow 1194/udp
# sudo ufw allow OpenSSH
# sudo ufw disable
# sudo ufw enable
# Start and Enable OpenVPN Service
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
echo "OpenVPN installation is complete."

45
open_vpn_setup_cloudflare.sh Executable file
View File

@ -0,0 +1,45 @@
#!/bin/bash
# Update System
sudo apt-get update && sudo apt-get upgrade -y
# Install OpenVPN and Easy-RSA
sudo apt-get install openvpn easy-rsa -y
# Make Easy-RSA directory and set up variables
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
# Build the Certificate Authority (CA)
source vars
./clean-all
./build-ca --batch
# Generate server certificate and key
./build-key-server --batch server
# Generate Diffie-Hellman parameters
./build-dh
# Generate HMAC signature to strengthen the server's TLS integrity verification capabilities
openvpn --genkey --secret keys/ta.key
# Copy the needed keys and certificates to OpenVPN directory
sudo cp keys/{ca.crt,server.crt,server.key,ta.key,dh2048.pem} /etc/openvpn
# Copy the sample server configuration
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
# Configure OpenVPN with Cloudflare DNS
echo 'push "dhcp-option DNS 1.1.1.1"' | sudo tee -a /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 1.0.0.1"' | sudo tee -a /etc/openvpn/server.conf
# Enable IP forwarding
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
# Start and enable OpenVPN service
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
echo "OpenVPN installation and configuration complete."

1
readme.md Normal file
View File

@ -0,0 +1 @@
1. Edit create_client_base.sh to put server's ip