#!/bin/bash

# Update System
sudo apt-get update && sudo apt-get upgrade -y

# Install OpenVPN and Easy-RSA
sudo apt-get install openvpn easy-rsa -y

# Set up Easy-RSA
make-cadir ~/openvpn-ca
cd ~/openvpn-ca

# Customize the vars file (Optional)
# nano vars

# Build CA
source vars
./clean-all
./build-ca --batch

# Create the Server Certificate, Key, and Encryption Files
./build-key-server --batch server
./build-dh
openvpn --genkey --secret keys/ta.key

# Copy the Server Certificates and Keys
sudo cp keys/{ca.crt,server.crt,server.key,ta.key,dh2048.pem} /etc/openvpn

# Configure the OpenVPN Service
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf

# Adjust the OpenVPN Configuration (Manual Step)
# sudo nano /etc/openvpn/server.conf

# Enable IP Forwarding
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# Adjust UFW Rules (If UFW is used)
# sudo ufw allow 1194/udp
# sudo ufw allow OpenSSH
# sudo ufw disable
# sudo ufw enable

# Start and Enable OpenVPN Service
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

echo "OpenVPN installation is complete."